Class: Belt::CLI::SetupCommand

Inherits:
Object
  • Object
show all
Includes:
AppDetection, BucketSecurity
Defined in:
lib/belt/cli/setup_command.rb

Constant Summary collapse

SUBCOMMANDS = 
%w[state tables frontend].freeze
SECURITY_CHECKS = 
%i[versioning encryption public_access_block tls_policy].freeze

Class Method Summary collapse

Instance Method Summary collapse

Methods included from BucketSecurity

#audit_bucket_security, #check_encryption, #check_public_access_block, #check_tls_policy, #check_versioning, #harden_bucket, #print_security_audit

Methods included from AppDetection

#detect_app_name

Constructor Details

#initialize(args = []) ⇒ SetupCommand

Returns a new instance of SetupCommand.



41
42
43
44
45
46
47
48
49
50
51
 
# File 'lib/belt/cli/setup_command.rb', line 41

def initialize(args = [])
  @app_name = detect_app_name
  @env_name = nil
  @custom_bucket = nil
  @select_mode = false

  parse_args(args)

  @region = detect_region
  @bucket_name = resolve_bucket_name
end

Class Method Details

.run(args) ⇒ Object 



21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/belt/cli/setup_command.rb', line 21

def self.run(args)
  subcommand = args.shift

  case subcommand
  when 'state'
    new(args).run_state_setup
  when 'tables'
    Belt::CLI::TablesCommand.run(args)
  when 'frontend'
    Belt::CLI::FrontendSetupCommand.run(args)
  else
    puts 'Usage: belt setup <state|tables|frontend> [options]'
    puts "\nSubcommands:"
    puts '  state     Set up S3 bucket for Terraform state'
    puts '  tables    Generate DynamoDB table definitions from schema.tf.rb'
    puts '  frontend  Generate S3 + CloudFront infrastructure for frontend hosting'
    exit 1
  end
end

Instance Method Details

#create_new_bucketObject 



99
100
101
102
103
104
 
# File 'lib/belt/cli/setup_command.rb', line 99

def create_new_bucket
  puts "Creating state bucket: #{@bucket_name} (#{@region})"
  create_bucket(@bucket_name)
  puts "  create  s3://#{@bucket_name}"
  harden_bucket(@bucket_name, {})
end

#print_success_messageObject 



106
107
108
109
110
111
112
113
 
# File 'lib/belt/cli/setup_command.rb', line 106

def print_success_message
  puts "\n✓ State bucket '#{@bucket_name}' is ready!"
  if @env_name
    puts "\n  cd infrastructure/#{@env_name} && terraform init"
  else
    puts "\n  cd infrastructure/<env> && terraform init"
  end
end

#prompt_and_harden(audit) ⇒ Object 



87
88
89
90
91
92
93
94
95
96
97
 
# File 'lib/belt/cli/setup_command.rb', line 87

def prompt_and_harden(audit)
  puts "\n⚠ Bucket '#{@bucket_name}' has security issues."
  print "\nApply security hardening? [Y/n] "
  response = $stdin.gets&.strip&.downcase
  if response.nil? || response.empty? || response == 'y'
    harden_bucket(@bucket_name, audit)
  else
    puts '✗ Refusing to use insecure bucket. Fix manually or choose a different bucket.'
    exit 1
  end
end

#run_state_setupObject 



53
54
55
56
57
58
59
60
61
62
63
64
65
 
# File 'lib/belt/cli/setup_command.rb', line 53

def run_state_setup
  unless aws_configured?
    puts '✗ AWS credentials not configured. Set AWS_PROFILE or configure aws sso login.'
    exit 1
  end

  @bucket_name = interactive_bucket_selection if @select_mode
  setup_or_verify_bucket
  apply_lifecycle(@bucket_name)
  puts '  ensure  lifecycle rules (90-day noncurrent expiration)'
  update_backend_config
  print_success_message
end

#setup_or_verify_bucketObject 



67
68
69
70
71
72
73
 
# File 'lib/belt/cli/setup_command.rb', line 67

def setup_or_verify_bucket
  if bucket_exists?(@bucket_name)
    verify_existing_bucket
  else
    create_new_bucket
  end
end

#verify_existing_bucketObject 



75
76
77
78
79
80
81
82
83
84
85
 
# File 'lib/belt/cli/setup_command.rb', line 75

def verify_existing_bucket
  puts "Found existing bucket: #{@bucket_name}"
  audit = audit_bucket_security(@bucket_name)
  print_security_audit(audit)

  if audit.values.all?
    puts "\n✓ Bucket '#{@bucket_name}' passes all security checks"
  else
    prompt_and_harden(audit)
  end
end