@iacmp/cli 1.1.0

package/dist/commands/audit-dr.js

@@ -0,0 +1,351 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/commands/audit-dr.ts
+var audit_dr_exports = {};
+__export(audit_dr_exports, {
+  default: () => AuditDR
+});
+module.exports = __toCommonJS(audit_dr_exports);
+var import_core = require("@oclif/core");
+var import_chalk = __toESM(require("chalk"));
+
+// src/audit.ts
+var fs2 = __toESM(require("fs"));
+var path = __toESM(require("path"));
+
+// src/utils.ts
+var fs = __toESM(require("fs"));
+function readJsonFile(filePath) {
+  let content;
+  try {
+    content = fs.readFileSync(filePath, "utf-8");
+  } catch (e) {
+    throw new Error(`Falha ao ler '${filePath}': ${errMessage(e)}`);
+  }
+  try {
+    return JSON.parse(content);
+  } catch (e) {
+    throw new Error(`JSON inv\xE1lido em '${filePath}': ${errMessage(e)}`);
+  }
+}
+function errMessage(e) {
+  if (e instanceof Error) return e.message;
+  if (typeof e === "string") return e;
+  try {
+    return JSON.stringify(e);
+  } catch {
+    return String(e);
+  }
+}
+
+// src/audit.ts
+function readConfig(cwd) {
+  const configPath = path.join(cwd, "iacmp.json");
+  if (!fs2.existsSync(configPath)) throw new Error("iacmp.json n\xE3o encontrado. Rode: iacmp init");
+  const config = readJsonFile(configPath);
+  return {
+    name: config.name ?? path.basename(cwd),
+    provider: config.provider ?? "aws"
+  };
+}
+function resolveTsNode(projectDir) {
+  const dirs = [];
+  let dir = projectDir;
+  for (let i = 0; i < 5; i++) {
+    dirs.push(dir);
+    const parent = path.dirname(dir);
+    if (parent === dir) break;
+    dir = parent;
+  }
+  for (const d of dirs) {
+    const tsNodePath = path.join(d, "node_modules", "ts-node");
+    if (fs2.existsSync(tsNodePath)) return tsNodePath;
+  }
+  return null;
+}
+function findStackFiles(dir) {
+  const entries = fs2.readdirSync(dir, { withFileTypes: true });
+  const files = [];
+  for (const entry of entries) {
+    const full = path.join(dir, entry.name);
+    if (entry.isDirectory()) {
+      files.push(...findStackFiles(full));
+    } else if (entry.name.endsWith(".ts") || entry.name.endsWith(".js")) {
+      files.push(full);
+    }
+  }
+  return files;
+}
+function loadStacks(cwd) {
+  const stacksDir = path.join(cwd, "stacks");
+  if (!fs2.existsSync(stacksDir)) throw new Error("Diret\xF3rio stacks/ n\xE3o encontrado.");
+  const stackFiles = findStackFiles(stacksDir);
+  if (stackFiles.length === 0) throw new Error("Nenhuma stack encontrada em stacks/");
+  const tsNodePath = resolveTsNode(cwd);
+  if (tsNodePath) {
+    require(tsNodePath).register({
+      transpileOnly: true,
+      skipProject: true,
+      compilerOptions: {
+        target: "ES2022",
+        module: "commonjs",
+        moduleResolution: "node",
+        esModuleInterop: true,
+        strict: false,
+        skipLibCheck: true
+      }
+    });
+  }
+  const result = [];
+  for (const stackPath of stackFiles) {
+    const stackName = path.basename(stackPath).replace(/\.(ts|js)$/, "");
+    try {
+      const mod = require(stackPath);
+      const raw = mod.default ?? mod.stack ?? mod;
+      if (!raw || typeof raw !== "object" || !("constructs" in raw)) {
+        console.warn(`[audit] ${path.basename(stackPath)} n\xE3o exporta uma Stack v\xE1lida \u2014 ignorado.`);
+        continue;
+      }
+      result.push({ name: stackName, stack: raw });
+    } catch (err) {
+      console.warn(`[audit] falha ao carregar ${path.basename(stackPath)}: ${errMessage(err)}`);
+    }
+  }
+  return result;
+}
+function saveReport(cwd, commandName, content) {
+  const auditDir = path.join(cwd, "audit");
+  if (!fs2.existsSync(auditDir)) fs2.mkdirSync(auditDir, { recursive: true });
+  const date = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
+  const fileName = `${commandName}-${date}.md`;
+  const filePath = path.join(auditDir, fileName);
+  fs2.writeFileSync(filePath, content, "utf-8");
+  return path.join("audit", fileName);
+}
+function today() {
+  return (/* @__PURE__ */ new Date()).toLocaleDateString("pt-BR");
+}
+
+// src/commands/audit-dr.ts
+function shouldFail(failOn, critical, warnings) {
+  if (failOn === "critical") return critical > 0;
+  if (failOn === "warning") return critical > 0 || warnings > 0;
+  return false;
+}
+function analyzeStack(stackName, stack) {
+  const constructs = stack.constructs;
+  const checks = [];
+  const details = [];
+  const buckets = constructs.filter((c) => c.type === "Storage.Bucket");
+  const dbs = constructs.filter((c) => c.type === "Database.SQL");
+  const vpcs = constructs.filter((c) => c.type === "Network.VPC");
+  const instances = constructs.filter((c) => c.type === "Compute.Instance");
+  const bucketsWithVersioning = buckets.filter((c) => c.props.versioning === true);
+  checks.push({
+    label: "Buckets with versioning enabled",
+    passed: buckets.length === 0 || bucketsWithVersioning.length === buckets.length
+  });
+  for (const b of buckets) {
+    if (b.props.versioning !== true) {
+      details.push({
+        level: "no-dr",
+        title: `Storage.Bucket '${b.id}' \u2014 no versioning`,
+        detail: "Without versioning there is no object history. Deletions or overwrites are unrecoverable.",
+        recommendation: "Set `versioning: true`."
+      });
+    }
+  }
+  const dbsMultiAz = dbs.filter((c) => c.props.multiAz === true);
+  checks.push({
+    label: "Multi-AZ database",
+    passed: dbs.length === 0 || dbsMultiAz.length === dbs.length
+  });
+  for (const db of dbs) {
+    if (db.props.multiAz !== true) {
+      details.push({
+        level: "no-dr",
+        title: `Database.SQL '${db.id}' \u2014 Single-AZ`,
+        detail: "Single-AZ database. In case of AZ failure, restore may take hours.",
+        recommendation: "Set `multiAz: true` for automatic failover."
+      });
+    }
+    if (db.props.instanceType === void 0 || db.props.instanceType === null) {
+      details.push({
+        level: "warning",
+        title: `Database.SQL '${db.id}' \u2014 instanceType not defined`,
+        detail: "Default instance type may be insufficient for fast restore in DR scenarios.",
+        recommendation: "Set `instanceType` explicitly to ensure adequate performance."
+      });
+    }
+  }
+  const vpcsMultiAz = vpcs.filter((c) => {
+    const maxAzs = c.props.maxAzs;
+    return maxAzs !== void 0 && maxAzs >= 2;
+  });
+  checks.push({
+    label: "Network with multiple AZs",
+    passed: vpcs.length === 0 || vpcsMultiAz.length === vpcs.length
+  });
+  for (const vpc of vpcs) {
+    const maxAzs = vpc.props.maxAzs;
+    if (maxAzs === void 0 || maxAzs < 2) {
+      details.push({
+        level: "no-dr",
+        title: `Network.VPC '${vpc.id}' \u2014 single AZ`,
+        detail: `maxAzs is ${maxAzs ?? "not defined"}. Single-AZ network compromises DR.`,
+        recommendation: "Set `maxAzs: 2` or more."
+      });
+    }
+  }
+  if (dbs.length === 0 && buckets.length === 0) {
+    details.push({
+      level: "info",
+      title: "No persistent state detected",
+      detail: "No Database.SQL or Storage.Bucket found. The stack may be stateless."
+    });
+  }
+  if (instances.length > 0 && buckets.length === 0) {
+    details.push({
+      level: "warning",
+      title: "Compute without storage detected",
+      detail: "Compute instances found but no storage bucket. Where will data be stored in a DR event?",
+      recommendation: "Consider adding a Storage.Bucket for persistent data."
+    });
+  }
+  const passed = checks.filter((c) => c.passed).length;
+  const total = checks.length;
+  const score = total > 0 ? Math.round(passed / total * 10) : 10;
+  return { stackName, checks, details, score };
+}
+function scoreLabel(score) {
+  if (score <= 3) return "Critical";
+  if (score <= 5) return "Below expectations";
+  if (score <= 7) return "Adequate";
+  return "Excellent";
+}
+var AuditDR = class _AuditDR extends import_core.Command {
+  static description = "Audit stacks for disaster recovery (DR) readiness";
+  static examples = [
+    "$ iacmp audit-dr",
+    "$ iacmp audit-dr --fail-on=critical"
+  ];
+  static flags = {
+    "fail-on": import_core.Flags.string({
+      description: "Sai com exit 1 quando h\xE1 achados no n\xEDvel indicado",
+      options: ["critical", "warning", "none"],
+      default: "none"
+    })
+  };
+  async run() {
+    const { flags } = await this.parse(_AuditDR);
+    const failOn = flags["fail-on"];
+    const cwd = process.cwd();
+    let config;
+    try {
+      config = readConfig(cwd);
+    } catch (err) {
+      this.error(err.message);
+    }
+    let stacks;
+    try {
+      stacks = loadStacks(cwd);
+    } catch (err) {
+      this.error(err.message);
+    }
+    const results = [];
+    for (const { name, stack } of stacks) {
+      results.push(analyzeStack(name, stack));
+    }
+    const globalScore = results.length > 0 ? Math.round(results.reduce((sum, r) => sum + r.score, 0) / results.length) : 10;
+    const scoreColor = globalScore <= 5 ? import_chalk.default.red : globalScore <= 7 ? import_chalk.default.yellow : import_chalk.default.green;
+    this.log(import_chalk.default.bold("\nDisaster Recovery (DR) Audit"));
+    this.log("\u2500".repeat(40));
+    this.log(`DR Score: ${scoreColor(`${globalScore}/10`)} \u2014 ${scoreLabel(globalScore)}`);
+    this.log("");
+    for (const r of results) {
+      for (const d of r.details) {
+        if (d.level === "no-dr") this.log(`${import_chalk.default.red("\u2717 [NO DR]")} ${d.title}`);
+        else if (d.level === "warning") this.log(`${import_chalk.default.yellow("\u26A0 [WARNING]")} ${d.title}`);
+        else if (d.level === "info") this.log(`${import_chalk.default.cyan("\u2139 [INFO]")} ${d.title}`);
+        else this.log(`${import_chalk.default.green("\u2713")} ${d.title}`);
+      }
+    }
+    let md = `# Disaster Recovery (DR) Audit Report \u2014 ${config.name}
+`;
+    md += `Date: ${today()}
+
+`;
+    md += `## DR Score
+`;
+    md += `${globalScore}/10 \u2014 ${scoreLabel(globalScore)}
+
+`;
+    for (const r of results) {
+      md += `## DR Checklist \u2014 Stack: ${r.stackName}
+`;
+      for (const ch of r.checks) {
+        md += `- [${ch.passed ? "x" : " "}] ${ch.label}
+`;
+      }
+      md += "\n";
+    }
+    md += `## Findings
+
+`;
+    for (const r of results) {
+      for (const d of r.details) {
+        const label = d.level === "no-dr" ? "NO DR" : d.level === "warning" ? "WARNING" : d.level === "info" ? "INFO" : "OK";
+        md += `### [${label}] ${d.title}
+`;
+        md += `Stack: ${r.stackName}
+`;
+        md += `${d.detail}
+`;
+        if (d.recommendation) md += `Recommendation: ${d.recommendation}
+`;
+        md += "\n";
+      }
+    }
+    const relPath = saveReport(cwd, "dr", md);
+    this.log(`
+Report saved to ${relPath}`);
+    let noDr = 0;
+    let warnings = 0;
+    for (const r of results) {
+      for (const d of r.details) {
+        if (d.level === "no-dr") noDr++;
+        else if (d.level === "warning") warnings++;
+      }
+    }
+    if (shouldFail(failOn, noDr, warnings)) {
+      this.exit(1);
+    }
+  }
+};