@pagopa/dx-savemoney 0.1.5 → 0.2.0

package/src/azure/__tests__/report.test.ts

@@ -0,0 +1,138 @@
+/**
+ * Tests for generateReport() with the "lint" format.
+ *
+ * Since process.stdout.isTTY is false/undefined in test environments,
+ * ANSI color codes are empty strings (~no-ops), making the output
+ * easy to assert on plain text.
+ */
+
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+
+import type { AzureDetailedResourceReport } from "../types.js";
+
+import { generateReport } from "../report.js";
+
+// ── test fixtures ──────────────────────────────────────────────────────────
+
+function makeEntry(
+  id: string,
+  costRisk: "high" | "low" | "medium",
+  reason: string,
+  suspectedUnused = true,
+): AzureDetailedResourceReport {
+  return {
+    analysis: { costRisk, reason, suspectedUnused },
+    resource: {
+      id,
+      name: id.split("/").pop() ?? "unknown",
+      type: "Microsoft.Compute/virtualMachines",
+    },
+  };
+}
+
+const HIGH_ENTRY = makeEntry(
+  "/subscriptions/sub1/resourceGroups/rg1/providers/Microsoft.Compute/virtualMachines/vm-high",
+  "high",
+  "VM is deallocated. No disk activity detected.",
+);
+
+const MEDIUM_ENTRY = makeEntry(
+  "/subscriptions/sub1/resourceGroups/rg1/providers/Microsoft.Compute/virtualMachines/vm-medium",
+  "medium",
+  "Low CPU usage.",
+);
+
+const LOW_ENTRY = makeEntry(
+  "/subscriptions/sub1/resourceGroups/rg1/providers/Microsoft.Compute/virtualMachines/vm-low",
+  "low",
+  "Possible idle resource.",
+  false,
+);
+
+// ── helpers ────────────────────────────────────────────────────────────────
+
+function allLogs(spy: ReturnType<typeof vi.spyOn>) {
+  return spy.mock.calls.map((c) => c[0] as string).join("\n");
+}
+
+// ── tests ──────────────────────────────────────────────────────────────────
+
+describe("generateReport — lint format", () => {
+  let logSpy: ReturnType<typeof vi.spyOn>;
+
+  beforeEach(() => {
+    logSpy = vi.spyOn(console, "log").mockImplementation(() => undefined);
+  });
+
+  afterEach(() => {
+    vi.restoreAllMocks();
+  });
+
+  it("prints the resource ID for each entry", async () => {
+    await generateReport([HIGH_ENTRY], "lint");
+    const output = allLogs(logSpy);
+    expect(output).toContain(HIGH_ENTRY.resource.id);
+  });
+
+  it("uses ✖ icon for high-risk resources", async () => {
+    await generateReport([HIGH_ENTRY], "lint");
+    const output = allLogs(logSpy);
+    expect(output).toContain("✖");
+  });
+
+  it("uses ⚠ icon for medium-risk resources", async () => {
+    await generateReport([MEDIUM_ENTRY], "lint");
+    const output = allLogs(logSpy);
+    expect(output).toContain("⚠");
+  });
+
+  it("uses ℹ icon for low-risk resources", async () => {
+    await generateReport([LOW_ENTRY], "lint");
+    const output = allLogs(logSpy);
+    expect(output).toContain("ℹ");
+  });
+
+  it("splits a multi-sentence reason into separate findings", async () => {
+    // Reason has two sentences separated by '. '
+    await generateReport([HIGH_ENTRY], "lint");
+    const calls = logSpy.mock.calls.map(
+      (c) => (c[0] as string | undefined) ?? "",
+    );
+    const findingLines = calls.filter((l) => l.startsWith("  "));
+    // "VM is deallocated." and "No disk activity detected." → 2 findings
+    expect(findingLines.length).toBe(2);
+  });
+
+  it("prints a Summary line at the end", async () => {
+    await generateReport([HIGH_ENTRY, MEDIUM_ENTRY, LOW_ENTRY], "lint");
+    const output = allLogs(logSpy);
+    expect(output).toContain("Summary:");
+  });
+
+  it("summary reports correct total issue count", async () => {
+    await generateReport([HIGH_ENTRY, MEDIUM_ENTRY, LOW_ENTRY], "lint");
+    const output = allLogs(logSpy);
+    // HIGH has 2 findings (split reason), MEDIUM and LOW have 1 each → total 4
+    expect(output).toContain("4 issues found");
+  });
+
+  it("summary reports correctly with a single issue (no plural)", async () => {
+    await generateReport([MEDIUM_ENTRY], "lint");
+    const output = allLogs(logSpy);
+    // "1 issue found" (not "1 issues found")
+    expect(output).toContain("1 issue found");
+  });
+
+  it("shows risk level label in uppercase for each finding", async () => {
+    await generateReport([HIGH_ENTRY], "lint");
+    const output = allLogs(logSpy);
+    expect(output).toContain("HIGH");
+  });
+
+  it("prints nothing but the summary for an empty report", async () => {
+    await generateReport([], "lint");
+    const calls = logSpy.mock.calls.map((c) => c[0] as string);
+    expect(calls).toHaveLength(1);
+    expect(calls[0]).toContain("0 issues found");
+  });
+});

package/src/azure/__tests__/utils.test.ts

@@ -0,0 +1,124 @@
+/**
+ * Tests for matchesTags() — verifies AND-logic tag filtering:
+ * 1. No filter (undefined/empty) → always include the resource.
+ * 2. Exact key-value match → include.
+ * 3. Key missing on resource → exclude.
+ * 4. Key present but wrong value → exclude.
+ * 5. Multiple tags: all match → include; any mismatch → exclude.
+ */
+
+import type { GenericResource } from "@azure/arm-resources";
+
+import { describe, expect, it } from "vitest";
+
+import { matchesTags } from "../utils.js";
+
+function makeResource(tags?: Record<string, string>): GenericResource {
+  return { id: "r1", name: "res", tags };
+}
+
+describe("matchesTags", () => {
+  describe("when no filter is provided", () => {
+    it("returns true for undefined filterTags", () => {
+      expect(matchesTags(makeResource({ env: "prod" }), undefined)).toBe(true);
+    });
+
+    it("returns true for empty Map", () => {
+      expect(matchesTags(makeResource({ env: "prod" }), new Map())).toBe(true);
+    });
+
+    it("returns true even when resource has no tags", () => {
+      expect(matchesTags(makeResource(), undefined)).toBe(true);
+    });
+  });
+
+  describe("single tag filter", () => {
+    it("returns true when tag key and value match exactly", () => {
+      expect(
+        matchesTags(makeResource({ env: "prod" }), new Map([["env", "prod"]])),
+      ).toBe(true);
+    });
+
+    it("returns false when tag key is missing from resource", () => {
+      expect(
+        matchesTags(makeResource({ app: "myapp" }), new Map([["env", "prod"]])),
+      ).toBe(false);
+    });
+
+    it("returns false when tag key exists but value differs", () => {
+      expect(
+        matchesTags(makeResource({ env: "dev" }), new Map([["env", "prod"]])),
+      ).toBe(false);
+    });
+
+    it("returns false when resource has no tags at all", () => {
+      expect(matchesTags(makeResource(), new Map([["env", "prod"]]))).toBe(
+        false,
+      );
+    });
+
+    it("is case-sensitive for tag values", () => {
+      expect(
+        matchesTags(makeResource({ env: "Prod" }), new Map([["env", "prod"]])),
+      ).toBe(false);
+    });
+  });
+
+  describe("multiple tag filters (AND logic)", () => {
+    it("returns true when all filter tags match", () => {
+      const resource = makeResource({
+        env: "prod",
+        region: "italy",
+        team: "dx",
+      });
+      expect(
+        matchesTags(
+          resource,
+          new Map([
+            ["env", "prod"],
+            ["team", "dx"],
+          ]),
+        ),
+      ).toBe(true);
+    });
+
+    it("returns false when one of the filter tags is missing", () => {
+      const resource = makeResource({ env: "prod" });
+      expect(
+        matchesTags(
+          resource,
+          new Map([
+            ["env", "prod"],
+            ["team", "dx"],
+          ]),
+        ),
+      ).toBe(false);
+    });
+
+    it("returns false when one of the filter tags has the wrong value", () => {
+      const resource = makeResource({ env: "prod", team: "backend" });
+      expect(
+        matchesTags(
+          resource,
+          new Map([
+            ["env", "prod"],
+            ["team", "dx"],
+          ]),
+        ),
+      ).toBe(false);
+    });
+
+    it("returns false when both filter tags have wrong values", () => {
+      const resource = makeResource({ env: "dev", team: "backend" });
+      expect(
+        matchesTags(
+          resource,
+          new Map([
+            ["env", "prod"],
+            ["team", "dx"],
+          ]),
+        ),
+      ).toBe(false);
+    });
+  });
+});

package/src/azure/analyzer.ts

@@ -13,7 +13,12 @@ import { getLogger } from "@logtape/logtape";
 
 import type { AzureConfig, AzureDetailedResourceReport } from "./types.js";
 
-import { type AnalysisResult, mergeResults } from "../types.js";
+import {
+  type AnalysisResult,
+  DEFAULT_THRESHOLDS,
+  mergeResults,
+  type Thresholds,
+} from "../types.js";
 import { generateReport } from "./report.js";
 import {
   analyzeAppServicePlan,
@@ -26,16 +31,17 @@ import {
   analyzeStorageAccount,
   analyzeVM,
 } from "./resources/index.js";
+import { matchesTags } from "./utils.js";
 
 /**
  * Analyzes resources in multiple Azure subscriptions and generates a report.
  *
  * @param config - Azure configuration with subscription IDs and settings
- * @param format - Output format (table, json, or detailed-json)
+ * @param format - Output format (table, json, detailed-json, or lint)
  */
 export async function analyzeAzureResources(
   config: AzureConfig,
-  format: "detailed-json" | "json" | "table",
+  format: "detailed-json" | "json" | "lint" | "table",
 ) {
   const logger = getLogger(["savemoney", "azure"]);
   const credential = new DefaultAzureCredential();
@@ -66,8 +72,15 @@ export async function analyzeAzureResources(
       subscriptionId.trim(),
     );
 
+    const thresholds: Thresholds = config.thresholds ?? DEFAULT_THRESHOLDS;
+
     // Use the async iterator to avoid memory explosion for large environments
     for await (const resource of resourceClient.resources.list()) {
+      // Skip resources that don't match the requested tag filter
+      if (!matchesTags(resource, config.filterTags)) {
+        continue;
+      }
+
       const { costRisk, reason, suspectedUnused } = await analyzeResource(
         resource,
         monitorClient,
@@ -77,6 +90,7 @@ export async function analyzeAzureResources(
         containerAppsClient,
         config.preferredLocation,
         config.timespanDays,
+        thresholds,
         config.verbose || false,
       );
 
@@ -127,6 +141,7 @@ export async function analyzeResource(
   containerAppsClient: ContainerAppsAPIClient,
   preferredLocation: string,
   timespanDays: number,
+  thresholds: Thresholds,
   verbose = false,
 ): Promise<AnalysisResult> {
   const type = resource.type?.toLowerCase() || "";
@@ -150,6 +165,7 @@ export async function analyzeResource(
         containerAppsClient,
         monitorClient,
         timespanDays,
+        thresholds,
         verbose,
       );
       result = mergeResults(result, containerAppResult);
@@ -166,6 +182,7 @@ export async function analyzeResource(
         monitorClient,
         computeClient,
         timespanDays,
+        thresholds,
         verbose,
       );
       result = mergeResults(result, vmResult);
@@ -191,6 +208,7 @@ export async function analyzeResource(
         networkClient,
         monitorClient,
         timespanDays,
+        thresholds,
         verbose,
       );
       result = mergeResults(result, pipResult);
@@ -201,6 +219,7 @@ export async function analyzeResource(
         resource,
         monitorClient,
         timespanDays,
+        thresholds,
         verbose,
       );
       result = mergeResults(result, storageResult);
@@ -212,6 +231,7 @@ export async function analyzeResource(
         webSiteClient,
         monitorClient,
         timespanDays,
+        thresholds,
         verbose,
       );
       result = mergeResults(result, aspResult);
@@ -222,6 +242,7 @@ export async function analyzeResource(
         resource,
         monitorClient,
         timespanDays,
+        thresholds,
         verbose,
       );
       result = mergeResults(result, staticSiteResult);

package/src/azure/config.ts

@@ -4,38 +4,53 @@
 
 import { getLogger } from "@logtape/logtape";
 import * as fs from "fs";
+import * as yaml from "js-yaml";
 import * as readline from "readline";
+import { z } from "zod";
 
 import type { AzureConfig } from "./types.js";
 
+import { ConfigSchema } from "../schema.js";
+
 /**
- * Loads Azure configuration from file, environment variables, or interactive prompts.
+ * Loads Azure configuration from a YAML file, environment variables, or interactive prompts.
+ *
+ * The YAML file must have an `azure` top-level key:
+ * ```yaml
+ * azure:
+ *   subscriptionIds:
+ *     - xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+ *   preferredLocation: italynorth
+ *   timespanDays: 30
+ *   thresholds:
+ *     vm:
+ *       cpuPercent: 5
+ * ```
  *
- * @param configPath - Optional path to JSON configuration file
- * @returns Azure configuration object with subscription IDs and settings
+ * @param configPath - Optional path to a YAML configuration file
+ * @returns Azure configuration object with subscription IDs, settings and thresholds
  */
 export async function loadAzureConfig(
   configPath?: string,
 ): Promise<AzureConfig> {
-  if (configPath && fs.existsSync(configPath)) {
+  if (configPath) {
+    if (!fs.existsSync(configPath)) {
+      throw new Error(`Config file not found: ${configPath}`);
+    }
     try {
-      const configContent = fs.readFileSync(configPath, "utf-8");
-      const config = JSON.parse(configContent) as Partial<AzureConfig>;
-
-      if (!config.tenantId || !config.subscriptionIds) {
-        throw new Error(
-          "Config file must contain 'tenantId' and 'subscriptionIds'",
-        );
-      }
-
+      const raw = fs.readFileSync(configPath, "utf-8");
+      const rawYaml = yaml.load(raw);
+      const parsed = ConfigSchema.parse(rawYaml);
       return {
-        ...config,
-        preferredLocation: config.preferredLocation || "italynorth",
-        subscriptionIds: config.subscriptionIds,
-        tenantId: config.tenantId,
-        timespanDays: config.timespanDays || 30,
+        preferredLocation: parsed.azure.preferredLocation,
+        subscriptionIds: parsed.azure.subscriptionIds,
+        thresholds: parsed.azure.thresholds,
+        timespanDays: parsed.azure.timespanDays,
       };
     } catch (error) {
+      if (error instanceof z.ZodError) {
+        throw new Error(`Invalid config file:\n${z.prettifyError(error)}`);
+      }
       throw new Error(
         `Failed to load config file: ${error instanceof Error ? error.message : error}`,
       );
@@ -47,8 +62,6 @@ export async function loadAzureConfig(
     "Configuration file not found. Checking environment variables...",
   );
 
-  const tenantId =
-    process.env.ARM_TENANT_ID || (await prompt("Enter Tenant ID: "));
   const subscriptionIds = process.env.ARM_SUBSCRIPTION_ID
     ? process.env.ARM_SUBSCRIPTION_ID.split(",")
     : (await prompt("Enter Subscription IDs (comma-separated): ")).split(",");
@@ -56,7 +69,6 @@ export async function loadAzureConfig(
   return {
     preferredLocation: "italynorth",
     subscriptionIds,
-    tenantId,
     timespanDays: 30,
   };
 }

package/src/azure/report.ts

@@ -7,15 +7,36 @@ import type {
   AzureResourceReport,
 } from "./types.js";
 
+// ANSI color codes — only applied when stdout is a TTY to avoid cluttering redirected output
+const isTTY = process.stdout.isTTY ?? false;
+const RED = isTTY ? "\x1b[31m" : "";
+const YELLOW = isTTY ? "\x1b[33m" : "";
+const BLUE = isTTY ? "\x1b[34m" : "";
+const BOLD = isTTY ? "\x1b[1m" : "";
+const RESET = isTTY ? "\x1b[0m" : "";
+const DIM = isTTY ? "\x1b[2m" : "";
+
+const RISK_ICON = {
+  high: `${RED}✖${RESET}`,
+  low: `${BLUE}ℹ${RESET}`,
+  medium: `${YELLOW}⚠${RESET}`,
+} as const;
+
+const RISK_COLOR = {
+  high: RED,
+  low: BLUE,
+  medium: YELLOW,
+} as const;
+
 /**
  * Generates a report from Azure resource analysis in the specified format.
  *
  * @param report - Array of detailed resource reports
- * @param format - Output format (table, json, or detailed-json)
+ * @param format - Output format (table, json, detailed-json, or lint)
  */
 export async function generateReport(
   report: AzureDetailedResourceReport[],
-  format: "detailed-json" | "json" | "table",
+  format: "detailed-json" | "json" | "lint" | "table",
 ) {
   if (format === "detailed-json") {
     console.log(JSON.stringify(report, null, 2));
@@ -36,6 +57,8 @@ export async function generateReport(
 
   if (format === "json") {
     console.log(JSON.stringify(summaryReport, null, 2));
+  } else if (format === "lint") {
+    generateLintReport(report);
   } else {
     console.table(
       summaryReport.map((r) => ({
@@ -44,9 +67,63 @@ export async function generateReport(
         "Resource Group": r.resourceGroup || "N/A",
         Risk: r.costRisk,
         Type: r.type,
-        Unused: r.suspectedUnused ? "Yes" : "No",
       })),
-      ["Name", "Type", "Resource Group", "Risk", "Unused", "Reason"],
+      ["Name", "Type", "Resource Group", "Risk", "Reason"],
     );
   }
 }
+
+/**
+ * Renders a linter-style report to stdout, grouping findings by resource.
+ *
+ * Example output:
+ *
+ *   /subscriptions/.../virtualMachines/my-vm
+ *     ✖ HIGH    VM is deallocated.
+ *     ✖ HIGH    No tags found.
+ *
+ *   Summary: 3 issues found  (2 high, 0 medium, 1 low)
+ */
+function generateLintReport(report: AzureDetailedResourceReport[]): void {
+  const counts = { high: 0, low: 0, medium: 0 };
+
+  for (const entry of report) {
+    const resourceId =
+      entry.resource.id ?? `unknown/${entry.resource.name ?? "unknown"}`;
+    const risk = entry.analysis.costRisk;
+    const findings = splitReasons(entry.analysis.reason);
+
+    console.log(`${BOLD}${resourceId}${RESET}`);
+
+    for (const finding of findings) {
+      const icon = RISK_ICON[risk];
+      const color = RISK_COLOR[risk];
+      const label = `${color}${risk.toUpperCase().padEnd(6)}${RESET}`;
+      console.log(`  ${icon} ${label}  ${DIM}${finding}${RESET}`);
+      counts[risk]++;
+    }
+
+    console.log();
+  }
+
+  const total = counts.high + counts.medium + counts.low;
+  const summaryLine =
+    `${BOLD}Summary:${RESET} ${total} issue${total !== 1 ? "s" : ""} found` +
+    `  ${RED}(${counts.high} high${RESET}` +
+    `, ${YELLOW}${counts.medium} medium${RESET}` +
+    `, ${BLUE}${counts.low} low${RESET})`;
+
+  console.log(summaryLine);
+}
+
+/**
+ * Splits a concatenated reason string (sentences separated by ". ") into
+ * individual finding strings, stripping trailing whitespace.
+ */
+function splitReasons(reason: string): string[] {
+  return reason
+    .split(/\.\s+/)
+    .map((s) => s.trim())
+    .filter((s) => s.length > 0)
+    .map((s) => (s.endsWith(".") ? s : `${s}.`));
+}