@pagopa/dx-savemoney 0.1.1

package/src/azure/config.ts

@@ -0,0 +1,81 @@
+/**
+ * Azure configuration loading utilities
+ */
+
+import { getLogger } from "@logtape/logtape";
+import * as fs from "fs";
+import * as readline from "readline";
+
+import type { AzureConfig } from "./types.js";
+
+/**
+ * Loads Azure configuration from file, environment variables, or interactive prompts.
+ *
+ * @param configPath - Optional path to JSON configuration file
+ * @returns Azure configuration object with subscription IDs and settings
+ */
+export async function loadAzureConfig(
+  configPath?: string,
+): Promise<AzureConfig> {
+  if (configPath && fs.existsSync(configPath)) {
+    try {
+      const configContent = fs.readFileSync(configPath, "utf-8");
+      const config = JSON.parse(configContent) as Partial<AzureConfig>;
+
+      if (!config.tenantId || !config.subscriptionIds) {
+        throw new Error(
+          "Config file must contain 'tenantId' and 'subscriptionIds'",
+        );
+      }
+
+      return {
+        ...config,
+        preferredLocation: config.preferredLocation || "italynorth",
+        subscriptionIds: config.subscriptionIds,
+        tenantId: config.tenantId,
+        timespanDays: config.timespanDays || 30,
+      };
+    } catch (error) {
+      throw new Error(
+        `Failed to load config file: ${error instanceof Error ? error.message : error}`,
+      );
+    }
+  }
+
+  const logger = getLogger(["savemoney", "azure", "config"]);
+  logger.info(
+    "Configuration file not found. Checking environment variables...",
+  );
+
+  const tenantId =
+    process.env.ARM_TENANT_ID || (await prompt("Enter Tenant ID: "));
+  const subscriptionIds = process.env.ARM_SUBSCRIPTION_ID
+    ? process.env.ARM_SUBSCRIPTION_ID.split(",")
+    : (await prompt("Enter Subscription IDs (comma-separated): ")).split(",");
+
+  return {
+    preferredLocation: "italynorth",
+    subscriptionIds,
+    tenantId,
+    timespanDays: 30,
+  };
+}
+
+/**
+ * Prompts user for input via stdin.
+ *
+ * @param question - The question to display to the user
+ * @returns User's input as a string
+ */
+export async function prompt(question: string): Promise<string> {
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout,
+  });
+  return new Promise((resolve) =>
+    rl.question(question, (answer) => {
+      rl.close();
+      resolve(answer);
+    }),
+  );
+}

package/src/azure/index.ts

@@ -0,0 +1,9 @@
+/**
+ * Azure module - Entry point
+ *
+ * This module contains all Azure-specific logic for analyzing resources.
+ */
+
+export * from "./analyzer.js";
+export * from "./config.js";
+export * from "./types.js";

package/src/azure/report.ts

@@ -0,0 +1,52 @@
+/**
+ * Azure report generation
+ */
+
+import type {
+  AzureDetailedResourceReport,
+  AzureResourceReport,
+} from "./types.js";
+
+/**
+ * Generates a report from Azure resource analysis in the specified format.
+ *
+ * @param report - Array of detailed resource reports
+ * @param format - Output format (table, json, or detailed-json)
+ */
+export async function generateReport(
+  report: AzureDetailedResourceReport[],
+  format: "detailed-json" | "json" | "table",
+) {
+  if (format === "detailed-json") {
+    console.log(JSON.stringify(report, null, 2));
+    return;
+  }
+
+  // For other formats, we extract the summary data.
+  const summaryReport: AzureResourceReport[] = report.map((r) => ({
+    costRisk: r.analysis.costRisk,
+    location: r.resource.location ?? "",
+    name: r.resource.name ?? "unknown",
+    reason: r.analysis.reason,
+    resourceGroup: r.resource.id?.split("/")[4],
+    subscriptionId: r.resource.id?.split("/")[2] ?? "unknown",
+    suspectedUnused: r.analysis.suspectedUnused,
+    type: r.resource.type ?? "unknown",
+  }));
+
+  if (format === "json") {
+    console.log(JSON.stringify(summaryReport, null, 2));
+  } else {
+    console.table(
+      summaryReport.map((r) => ({
+        Name: r.name,
+        Reason: r.reason,
+        "Resource Group": r.resourceGroup || "N/A",
+        Risk: r.costRisk,
+        Type: r.type,
+        Unused: r.suspectedUnused ? "Yes" : "No",
+      })),
+      ["Name", "Type", "Resource Group", "Risk", "Unused", "Reason"],
+    );
+  }
+}

package/src/azure/resources/app-service.ts

@@ -0,0 +1,118 @@
+/**
+ * Azure App Service Plan analysis
+ */
+
+import type { WebSiteManagementClient } from "@azure/arm-appservice";
+import type { MonitorClient } from "@azure/arm-monitor";
+
+import * as armResources from "@azure/arm-resources";
+import { getLogger } from "@logtape/logtape";
+
+import type { AnalysisResult } from "../../types.js";
+
+import {
+  getMetric,
+  verboseLog,
+  verboseLogAnalysisResult,
+  verboseLogResourceStart,
+} from "../utils.js";
+
+/**
+ * Analyzes an Azure App Service Plan for potential cost optimization.
+ *
+ * @param resource - The Azure resource object
+ * @param webSiteClient - Azure Web Site client for App Service Plan details
+ * @param monitorClient - Azure Monitor client for metrics
+ * @param timespanDays - Number of days to analyze metrics
+ * @returns Analysis result with cost risk and reason
+ */
+export async function analyzeAppServicePlan(
+  resource: armResources.GenericResource,
+  webSiteClient: WebSiteManagementClient,
+  monitorClient: MonitorClient,
+  timespanDays: number,
+  verbose = false,
+): Promise<AnalysisResult> {
+  verboseLogResourceStart(
+    verbose,
+    resource.name || "unknown",
+    "App Service Plan (microsoft.web/serverfarms)",
+  );
+  verboseLog(verbose, "Resource details:", resource);
+
+  const costRisk: "high" | "low" | "medium" = "high";
+  let reason = "";
+
+  if (!resource.id) {
+    return {
+      costRisk,
+      reason: "Resource ID is missing.",
+      suspectedUnused: false,
+    };
+  }
+
+  // Extract resource group and App Service Plan name from resource ID
+  const resourceParts = resource.id.split("/");
+  const resourceGroupName = resourceParts[4];
+  const planName = resourceParts[8];
+
+  try {
+    // Get detailed App Service Plan information
+    const planDetails = await webSiteClient.appServicePlans.get(
+      resourceGroupName,
+      planName,
+    );
+
+    verboseLog(verbose, "App Service Plan API details:", planDetails);
+
+    // Check if the plan has no apps
+    if (!planDetails.numberOfSites || planDetails.numberOfSites === 0) {
+      reason += "App Service Plan has no apps deployed. ";
+    }
+
+    // Check CPU and Memory metrics
+    const cpuPercentage = await getMetric(
+      monitorClient,
+      resource.id,
+      "CpuPercentage",
+      "Average",
+      timespanDays,
+    );
+
+    const memoryPercentage = await getMetric(
+      monitorClient,
+      resource.id,
+      "MemoryPercentage",
+      "Average",
+      timespanDays,
+    );
+
+    if (cpuPercentage !== null && cpuPercentage < 5) {
+      reason += `Very low CPU usage (${cpuPercentage.toFixed(2)}%). `;
+    }
+
+    if (memoryPercentage !== null && memoryPercentage < 10) {
+      reason += `Very low memory usage (${memoryPercentage.toFixed(2)}%). `;
+    }
+
+    // Check if it's an oversized plan (Premium tier with low usage)
+    if (
+      planDetails.sku?.tier?.includes("Premium") &&
+      cpuPercentage &&
+      cpuPercentage < 10
+    ) {
+      reason += "Premium tier with low resource utilization. ";
+    }
+  } catch (error) {
+    const logger = getLogger(["savemoney", "azure"]);
+    logger.warn(
+      `Failed to get App Service Plan details for ${planName}: ${error instanceof Error ? error.message : error}`,
+    );
+    reason += "Could not retrieve detailed App Service Plan information. ";
+  }
+
+  const suspectedUnused = reason.length > 0;
+  const result = { costRisk, reason: reason.trim(), suspectedUnused };
+  verboseLogAnalysisResult(verbose, result);
+  return result;
+}

package/src/azure/resources/disk.ts

@@ -0,0 +1,88 @@
+/**
+ * Azure Managed Disk analysis
+ */
+
+import type { ComputeManagementClient } from "@azure/arm-compute";
+
+import * as armResources from "@azure/arm-resources";
+import { getLogger } from "@logtape/logtape";
+
+import type { AnalysisResult } from "../../types.js";
+
+import {
+  verboseLog,
+  verboseLogAnalysisResult,
+  verboseLogResourceStart,
+} from "../utils.js";
+
+/**
+ * Analyzes an Azure Managed Disk for potential cost optimization.
+ *
+ * @param resource - The Azure resource object
+ * @param computeClient - Azure Compute client for disk details
+ * @param verbose - Whether verbose logging is enabled
+ * @returns Analysis result with cost risk and reason
+ */
+export async function analyzeDisk(
+  resource: armResources.GenericResource,
+  computeClient: ComputeManagementClient,
+  verbose = false,
+): Promise<AnalysisResult> {
+  verboseLogResourceStart(
+    verbose,
+    resource.name || "unknown",
+    "Managed Disk (microsoft.compute/disks)",
+  );
+  verboseLog(verbose, "Resource details:", resource);
+
+  const costRisk: "high" | "low" | "medium" = "medium";
+
+  if (!resource.id) {
+    return {
+      costRisk,
+      reason: "Resource ID is missing.",
+      suspectedUnused: false,
+    };
+  }
+
+  // Extract resource group and disk name from resource ID
+  const resourceParts = resource.id.split("/");
+  const resourceGroupName = resourceParts[4];
+  const diskName = resourceParts[8];
+
+  try {
+    // Get the actual disk details to check attachment state
+    const diskDetails = await computeClient.disks.get(
+      resourceGroupName,
+      diskName,
+    );
+
+    verboseLog(verbose, "Disk API details:", diskDetails);
+
+    // Check if disk is unattached
+    if (
+      diskDetails.diskState?.toLowerCase() === "unattached" ||
+      !diskDetails.managedBy
+    ) {
+      const result = {
+        costRisk,
+        reason: "Disk is unattached. ",
+        suspectedUnused: true,
+      };
+      verboseLogAnalysisResult(verbose, result);
+      return result;
+    }
+  } catch (error) {
+    const logger = getLogger(["savemoney", "azure"]);
+    logger.warn(
+      `Failed to get disk details for ${diskName}: ${error instanceof Error ? error.message : error}`,
+    );
+    // Fallback to checking properties if API call fails
+    // Note: GenericResource doesn't have diskState property
+    // Without API access, we can't determine if disk is unattached
+  }
+
+  const result = { costRisk, reason: "", suspectedUnused: false };
+  verboseLogAnalysisResult(verbose, result);
+  return result;
+}

package/src/azure/resources/index.ts

@@ -0,0 +1,11 @@
+/**
+ * Azure resource-specific analysis functions
+ */
+
+export { analyzeAppServicePlan } from "./app-service.js";
+export { analyzeDisk } from "./disk.js";
+export { analyzeNic } from "./nic.js";
+export { analyzePrivateEndpoint } from "./private-endpoint.js";
+export { analyzePublicIp } from "./public-ip.js";
+export { analyzeStorageAccount } from "./storage.js";
+export { analyzeVM } from "./vm.js";

package/src/azure/resources/nic.ts

@@ -0,0 +1,90 @@
+/**
+ * Azure Network Interface analysis
+ */
+
+import type { NetworkManagementClient } from "@azure/arm-network";
+
+import * as armResources from "@azure/arm-resources";
+import { getLogger } from "@logtape/logtape";
+
+import type { AnalysisResult } from "../../types.js";
+
+import {
+  verboseLog,
+  verboseLogAnalysisResult,
+  verboseLogResourceStart,
+} from "../utils.js";
+
+/**
+ * Analyzes an Azure Network Interface for potential cost optimization.
+ *
+ * @param resource - The Azure resource object
+ * @param networkClient - Azure Network client for NIC details
+ * @returns Analysis result with cost risk and reason
+ */
+export async function analyzeNic(
+  resource: armResources.GenericResource,
+  networkClient: NetworkManagementClient,
+  verbose = false,
+): Promise<AnalysisResult> {
+  verboseLogResourceStart(
+    verbose,
+    resource.name || "unknown",
+    "Network Interface (microsoft.network/networkinterfaces)",
+  );
+  verboseLog(verbose, "Resource details:", resource);
+
+  const costRisk: "high" | "low" | "medium" = "medium";
+  let reason = "";
+
+  if (!resource.id) {
+    return {
+      costRisk,
+      reason: "Resource ID is missing.",
+      suspectedUnused: false,
+    };
+  }
+
+  // Extract resource group and NIC name from resource ID
+  const resourceParts = resource.id.split("/");
+  const resourceGroupName = resourceParts[4];
+  const nicName = resourceParts[8];
+
+  try {
+    // Get detailed NIC information
+    const nicDetails = await networkClient.networkInterfaces.get(
+      resourceGroupName,
+      nicName,
+    );
+
+    verboseLog(verbose, "NIC API details:", nicDetails);
+
+    // Check if NIC is not attached to any VM or private endpoint
+    if (!nicDetails.virtualMachine && !nicDetails.privateEndpoint) {
+      reason += "NIC not attached to any VM or private endpoint. ";
+    }
+
+    // Check if NIC has no public IP
+    const hasPublicIP = nicDetails.ipConfigurations?.some(
+      (config) => config.publicIPAddress,
+    );
+    if (!hasPublicIP) {
+      reason += "No public IP assigned. ";
+    }
+
+    // Note: Network Interface metrics are not available for Private Endpoint NICs
+    // and most Azure NICs don't expose standard traffic metrics through Azure Monitor
+    // The primary checks (attachment to VM and public IP assignment) are sufficient
+  } catch (error) {
+    const logger = getLogger(["savemoney", "azure"]);
+    logger.warn(
+      `Failed to get NIC details for ${nicName}: ${error instanceof Error ? error.message : error}`,
+    );
+    reason += "Could not retrieve detailed NIC information. ";
+  }
+
+  const suspectedUnused = reason.length > 0;
+  const result = { costRisk, reason: reason.trim(), suspectedUnused };
+  verboseLogAnalysisResult(verbose, result);
+  return result;
+}

package/src/azure/resources/private-endpoint.ts

@@ -0,0 +1,112 @@
+/**
+ * Azure Private Endpoint analysis
+ */
+
+import type { NetworkManagementClient } from "@azure/arm-network";
+
+import * as armResources from "@azure/arm-resources";
+import { getLogger } from "@logtape/logtape";
+
+import type { AnalysisResult } from "../../types.js";
+
+import {
+  verboseLog,
+  verboseLogAnalysisResult,
+  verboseLogResourceStart,
+} from "../utils.js";
+
+/**
+ * Analyzes an Azure Private Endpoint for potential cost optimization.
+ *
+ * @param resource - The Azure resource object
+ * @param networkClient - Azure Network client for Private Endpoint details
+ * @returns Analysis result with cost risk and reason
+ */
+export async function analyzePrivateEndpoint(
+  resource: armResources.GenericResource,
+  networkClient: NetworkManagementClient,
+  verbose = false,
+): Promise<AnalysisResult> {
+  verboseLogResourceStart(
+    verbose,
+    resource.name || "unknown",
+    "Private Endpoint (microsoft.network/privateendpoints)",
+  );
+  verboseLog(verbose, "Resource details:", resource);
+
+  const costRisk: "high" | "low" | "medium" = "medium";
+  let reason = "";
+
+  if (!resource.id) {
+    return {
+      costRisk,
+      reason: "Resource ID is missing.",
+      suspectedUnused: false,
+    };
+  }
+
+  // Extract resource group and private endpoint name from resource ID
+  const resourceParts = resource.id.split("/");
+  const resourceGroupName = resourceParts[4];
+  const privateEndpointName = resourceParts[8];
+
+  try {
+    // Get detailed Private Endpoint information
+    const privateEndpointDetails = await networkClient.privateEndpoints.get(
+      resourceGroupName,
+      privateEndpointName,
+    );
+
+    verboseLog(
+      verbose,
+      "Private Endpoint API details:",
+      privateEndpointDetails,
+    );
+
+    // Check if Private Endpoint has no private link service connection
+    if (
+      !privateEndpointDetails.privateLinkServiceConnections ||
+      privateEndpointDetails.privateLinkServiceConnections.length === 0
+    ) {
+      reason +=
+        "Private Endpoint has no private link service connections configured. ";
+    }
+
+    // Check connection state
+    const hasFailedConnection =
+      privateEndpointDetails.privateLinkServiceConnections?.some(
+        (connection) =>
+          connection.privateLinkServiceConnectionState?.status === "Rejected" ||
+          connection.privateLinkServiceConnectionState?.status ===
+            "Disconnected",
+      );
+
+    if (hasFailedConnection) {
+      reason += "Private Endpoint has rejected or disconnected connections. ";
+    }
+
+    // Check if Private Endpoint has network interfaces
+    if (
+      !privateEndpointDetails.networkInterfaces ||
+      privateEndpointDetails.networkInterfaces.length === 0
+    ) {
+      reason += "Private Endpoint has no network interfaces attached. ";
+    }
+
+    // Check subnet configuration
+    if (!privateEndpointDetails.subnet) {
+      reason += "Private Endpoint is not associated with a subnet. ";
+    }
+  } catch (error) {
+    const logger = getLogger(["savemoney", "azure"]);
+    logger.warn(
+      `Failed to get Private Endpoint details for ${privateEndpointName}: ${error instanceof Error ? error.message : error}`,
+    );
+    reason += "Could not retrieve detailed Private Endpoint information. ";
+  }
+
+  const suspectedUnused = reason.length > 0;
+  const result = { costRisk, reason: reason.trim(), suspectedUnused };
+  verboseLogAnalysisResult(verbose, result);
+  return result;
+}

package/src/azure/resources/public-ip.ts

@@ -0,0 +1,106 @@
+/**
+ * Azure Public IP analysis
+ */
+
+import type { MonitorClient } from "@azure/arm-monitor";
+import type { NetworkManagementClient } from "@azure/arm-network";
+
+import * as armResources from "@azure/arm-resources";
+import { getLogger } from "@logtape/logtape";
+
+import type { AnalysisResult } from "../../types.js";
+
+import {
+  getMetric,
+  verboseLog,
+  verboseLogAnalysisResult,
+  verboseLogResourceStart,
+} from "../utils.js";
+
+/**
+ * Analyzes an Azure Public IP for potential cost optimization.
+ *
+ * @param resource - The Azure resource object
+ * @param networkClient - Azure Network client for Public IP details
+ * @param monitorClient - Azure Monitor client for metrics
+ * @param timespanDays - Number of days to analyze metrics
+ * @returns Analysis result with cost risk and reason
+ */
+export async function analyzePublicIp(
+  resource: armResources.GenericResource,
+  networkClient: NetworkManagementClient,
+  monitorClient: MonitorClient,
+  timespanDays: number,
+  verbose = false,
+): Promise<AnalysisResult> {
+  verboseLogResourceStart(
+    verbose,
+    resource.name || "unknown",
+    "Public IP (microsoft.network/publicipaddresses)",
+  );
+  verboseLog(verbose, "Resource details:", resource);
+
+  const costRisk: "high" | "low" | "medium" = "medium";
+  let reason = "";
+
+  if (!resource.id) {
+    return {
+      costRisk,
+      reason: "Resource ID is missing.",
+      suspectedUnused: false,
+    };
+  }
+
+  // Extract resource group and public IP name from resource ID
+  const resourceParts = resource.id.split("/");
+  const resourceGroupName = resourceParts[4];
+  const publicIpName = resourceParts[8];
+
+  try {
+    // Get detailed Public IP information
+    const publicIpDetails = await networkClient.publicIPAddresses.get(
+      resourceGroupName,
+      publicIpName,
+    );
+
+    verboseLog(verbose, "Public IP API details:", publicIpDetails);
+
+    // Check if Public IP is not associated with any resource
+    if (!publicIpDetails.ipConfiguration && !publicIpDetails.natGateway) {
+      reason += "Public IP not associated with any resource. ";
+    }
+
+    // Check if it's a static IP that might be unused
+    if (
+      publicIpDetails.publicIPAllocationMethod === "Static" &&
+      !publicIpDetails.ipConfiguration
+    ) {
+      reason += "Static IP not in use. ";
+    }
+
+    // Check network metrics for low usage
+    const bytesInDDoS = await getMetric(
+      monitorClient,
+      resource.id,
+      "BytesInDDoS",
+      "Total",
+      timespanDays,
+    );
+
+    if (bytesInDDoS !== null && bytesInDDoS < 1000000) {
+      // Less than 1MB total in 30 days
+      reason += `Very low network traffic (${(bytesInDDoS / 1024 / 1024).toFixed(2)} MB). `;
+    }
+  } catch (error) {
+    const logger = getLogger(["savemoney", "azure"]);
+    logger.warn(
+      `Failed to get Public IP details for ${publicIpName}: ${error instanceof Error ? error.message : error}`,
+    );
+    reason += "Could not retrieve detailed Public IP information. ";
+  }
+
+  const suspectedUnused = reason.length > 0;
+  const result = { costRisk, reason: reason.trim(), suspectedUnused };
+  verboseLogAnalysisResult(verbose, result);
+  return result;
+}