Class: Belt::CLI::SetupCommand

Inherits:
Object
  • Object
show all
Includes:
AppDetection, BucketSecurity
Defined in:
lib/belt/cli/setup_command.rb

Constant Summary collapse

SUBCOMMANDS =
%w[state tables frontend].freeze
SECURITY_CHECKS =
%i[versioning encryption public_access_block tls_policy].freeze

Class Method Summary collapse

Instance Method Summary collapse

Methods included from BucketSecurity

#audit_bucket_security, #check_encryption, #check_public_access_block, #check_tls_policy, #check_versioning, #harden_bucket, #print_security_audit

Methods included from AppDetection

#detect_app_name, #detect_environments, #detect_namespace, #s3_safe_name

Constructor Details

#initialize(args = []) ⇒ SetupCommand

Returns a new instance of SetupCommand.



41
42
43
44
45
46
47
48
49
50
51
# File 'lib/belt/cli/setup_command.rb', line 41

def initialize(args = [])
  @app_name = detect_app_name
  @env_name = nil
  @custom_bucket = nil
  @select_mode = false

  parse_args(args)

  @region = detect_region
  @bucket_name = resolve_bucket_name
end

Class Method Details

.run(args) ⇒ Object



21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# File 'lib/belt/cli/setup_command.rb', line 21

def self.run(args)
  subcommand = args.shift

  case subcommand
  when 'state'
    new(args).run_state_setup
  when 'tables'
    Belt::CLI::TablesCommand.run(args)
  when 'frontend'
    Belt::CLI::FrontendSetupCommand.run(args)
  else
    puts 'Usage: belt setup <state|tables|frontend> [options]'
    puts "\nSubcommands:"
    puts '  state     Set up S3 bucket for Terraform state'
    puts '  tables    Generate DynamoDB table definitions from schema.tf.rb'
    puts '  frontend  Generate S3 + CloudFront infrastructure for frontend hosting'
    exit 1
  end
end

Instance Method Details

#create_new_bucketObject



107
108
109
110
111
112
# File 'lib/belt/cli/setup_command.rb', line 107

def create_new_bucket
  puts "Creating state bucket: #{@bucket_name} (#{@region})"
  create_bucket(@bucket_name)
  puts "  create  s3://#{@bucket_name}"
  harden_bucket(@bucket_name, {})
end


114
115
116
117
118
119
120
121
# File 'lib/belt/cli/setup_command.rb', line 114

def print_success_message
  puts "\n✓ State bucket '#{@bucket_name}' is ready!"
  if @env_name
    puts "\n  cd infrastructure/#{@env_name} && terraform init"
  else
    puts "\n  cd infrastructure/<env> && terraform init"
  end
end

#prompt_and_harden(audit) ⇒ Object



95
96
97
98
99
100
101
102
103
104
105
# File 'lib/belt/cli/setup_command.rb', line 95

def prompt_and_harden(audit)
  puts "\n⚠ Bucket '#{@bucket_name}' has security issues."
  print "\nApply security hardening? [Y/n] "
  response = $stdin.gets&.strip&.downcase
  if response.nil? || response.empty? || response == 'y'
    harden_bucket(@bucket_name, audit)
  else
    puts '✗ Refusing to use insecure bucket. Fix manually or choose a different bucket.'
    exit 1
  end
end

#run_state_setupObject



53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# File 'lib/belt/cli/setup_command.rb', line 53

def run_state_setup
  unless aws_configured?
    if @aws_error&.include?('ForbiddenException') || @aws_error&.include?('AccessDenied')
      puts "✗ AWS credentials found but access denied — check your profile/role configuration."
      puts "  #{@aws_error}"
    else
      puts '✗ AWS credentials not configured. Set AWS_PROFILE or configure aws sso login.'
    end
    exit 1
  end

  # Re-resolve bucket name with account ID suffix now that we have credentials
  @bucket_name = resolve_bucket_name unless @custom_bucket

  @bucket_name = interactive_bucket_selection if @select_mode
  setup_or_verify_bucket
  apply_lifecycle(@bucket_name)
  puts '  ensure  lifecycle rules (90-day noncurrent expiration)'
  update_backend_config
  print_success_message
end

#setup_or_verify_bucketObject



75
76
77
78
79
80
81
# File 'lib/belt/cli/setup_command.rb', line 75

def setup_or_verify_bucket
  if bucket_exists?(@bucket_name)
    verify_existing_bucket
  else
    create_new_bucket
  end
end

#verify_existing_bucketObject



83
84
85
86
87
88
89
90
91
92
93
# File 'lib/belt/cli/setup_command.rb', line 83

def verify_existing_bucket
  puts "Found existing bucket: #{@bucket_name}"
  audit = audit_bucket_security(@bucket_name)
  print_security_audit(audit)

  if audit.values.all?
    puts "\n✓ Bucket '#{@bucket_name}' passes all security checks"
  else
    prompt_and_harden(audit)
  end
end