aws-inventory-manager 0.13.2__py3-none-any.whl → 0.16.0__py3-none-any.whl

{aws_inventory_manager-0.13.2.dist-info → aws_inventory_manager-0.16.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: aws-inventory-manager
-Version: 0.13.2
+Version: 0.16.0
 Summary: AWS Resource Inventory Management & Delta Tracking CLI tool
 Author-email: Troy Larson <troy@calvinware.com>
 License: MIT

{aws_inventory_manager-0.13.2.dist-info → aws_inventory_manager-0.16.0.dist-info}/RECORD

@@ -5,7 +5,9 @@ src/aws/credentials.py,sha256=mxj8lQf7TRG5dznQJ37rGQqfB-viHh_5VCt1C4xgqG0,6374
 src/aws/rate_limiter.py,sha256=b3dV4A9ftUsGgVMOQmv3IVO0Fkym2o1QDHKpFOdSYbg,5464
 src/cli/__init__.py,sha256=zstPcm000JdpuUuMRuqL2TkC-bnCpm0syHjAyu8ELcY,387
 src/cli/config.py,sha256=to_hVDxQh0WNANPDQKYlnZzCsFS6_bnrE745wZgRQe4,4286
-src/cli/main.py,sha256=7g1AFowwBXZQj0PrShQxq3FlLTRwUp6e7U-CiezMPFY,147763
+src/cli/main.py,sha256=VUF4os0G-ACS4TE9GN61PyAjgKUVkl833_ulL13uFNY,155571
+src/cloudtrail/__init__.py,sha256=lFrH6WLbeJQ5fCfVdyxQrta3Mr_RYQAM4N-IwyazdZI,179
+src/cloudtrail/query.py,sha256=0uq3j9HQL7uHXyZlTB9CJqQ754fbEjwdpCipIhexMz0,13687
 src/config_service/__init__.py,sha256=fqYfceBP_kPnp8PjYW9D_FqsWqrrOzsQTftBgp7-aTE,585
 src/config_service/collector.py,sha256=uW6m1feceYCOgANGWvxhbw23etcaqSQpmdIu-DTsWuk,12254
 src/config_service/detector.py,sha256=BoJC32DXN2f8x8U8RiOmjkGtnrTQrRuO568FHcMt_xU,8531
@@ -20,6 +22,10 @@ src/delta/differ.py,sha256=-7MESqWyO8srPhs9OlsLJjYx57qPwQRh93GsatqnoW8,6692
 src/delta/formatters.py,sha256=xhzph_iLGLD8yyflYCMTFZqWPmW9tB7hZsVHsgQDrzM,9209
 src/delta/models.py,sha256=_biiC136e-C2GljlIeW7ql5vC47Ss1M8a-jgw9K9rFg,5103
 src/delta/reporter.py,sha256=yqzof9snkJyJiOeGoLAla2pmnFNIPlR3brg7xrstpNA,8775
+src/matching/__init__.py,sha256=cidLzXlQo29bV0OXX7AC5A9OLcEStB0NHb61WeatDDo,239
+src/matching/config.py,sha256=eUACdOEUMyEjFzEuKxx4TevcpTIyey555Oq11yV9_6U,1703
+src/matching/normalizer.py,sha256=D_ZNU9U43byVtpLsTF7B6K6CayKjtQ4TKxkSpNzDwTs,15846
+src/matching/prompts.py,sha256=2sqsWktMcygvgOLoHpMeNO1I7_JqprhmGlwzV9S-vz4,1678
 src/models/__init__.py,sha256=5DFL_8ZgLE28EG8ORumMT3EfhFAxXrFa3yzQpQBSQxc,533
 src/models/config_diff.py,sha256=elh4oUgoln_sDC6lmkqfSd8k1pX9oqBPqTEgTksw5f8,4237
 src/models/cost_report.py,sha256=BzyWrMewHau7EpQyLm4WoesVY3WDPBOtGVdk_H8USuM,3079
@@ -57,7 +63,7 @@ src/security/checks/s3_checks.py,sha256=usHrGBmmIZc4PEDSMRRE1H8A_NwUxV2kiIVeLaPC
 src/security/checks/secrets_checks.py,sha256=2bJY0Hqb1PwUYid5XZCC6y4hgWle3sRtwYNVh4jmUBw,3631
 src/security/checks/sg_checks.py,sha256=BmipY31beybajxSbS_HoDkSXFYTQFhjXWNxuYYPEP2U,4731
 src/snapshot/__init__.py,sha256=trHfRe_8jxjQVb48cDLVH3gs2Y7YQtsX2gFL4OB9qRc,237
-src/snapshot/capturer.py,sha256=DZqDnyeum9m4AzSH-jj6wrz5I3QpHcdAHWRAE-LL4qc,17975
+src/snapshot/capturer.py,sha256=5Pg3vITpsvr1r0J-wesUb7KnMLsAbxttd0EKsnF3K3Q,18046
 src/snapshot/filter.py,sha256=UPVTi23NHJYKFTD4ss8PazDHh-NIC2lWLvjJnr9Y7QY,9158
 src/snapshot/inventory_storage.py,sha256=eOwGzYhUrvnv_usgEaUF-0_cDGGf21k-vjRRKP7Z5Hs,7739
 src/snapshot/report_formatter.py,sha256=WR7Adqq5FjJqu3iIWAnOZ9yp6AuJH1kA6uKKpT7jrT4,8266
@@ -79,6 +85,7 @@ src/snapshot/resource_collectors/eks.py,sha256=T7Rh4ij3frxYgIfAcZNk0xNpoahwBfsQW
 src/snapshot/resource_collectors/elasticache_collector.py,sha256=g7mVa9ZlE0DBITnA-i565REZRpumWMnqZuLVHcVO0Gw,2830
 src/snapshot/resource_collectors/elb.py,sha256=af3IeKUv_FUfcLwYcnDajh4_4eSWtelvoazKCptehnQ,5125
 src/snapshot/resource_collectors/eventbridge.py,sha256=abHxh0Iob6YrumdzmFugpRGWFqE0uVRVt89gajdq5q4,6062
+src/snapshot/resource_collectors/glue.py,sha256=InEzfjcTDfVeKlM_XATEHKuOimle0QvaNBkbAYmPDto,7779
 src/snapshot/resource_collectors/iam.py,sha256=N5QQO7E5opV-3CiOuoW_W0x-m_2alOjYs0-Q_loS-rQ,6732
 src/snapshot/resource_collectors/kms.py,sha256=ioJUO2C7XawrGGnvpNA1pVT0GdHDI4pmbeqpACgf7Dc,4524
 src/snapshot/resource_collectors/lambda_func.py,sha256=bjlWj_orHlU7vVT91c9ZcEAsXSPB7f4jgUWAMfa3C1w,5289
@@ -95,11 +102,11 @@ src/snapshot/resource_collectors/waf.py,sha256=HUNshQ_WHbIK3nAyNwhb21uHkMC7ywSOk
 src/storage/__init__.py,sha256=4LrT-bm45zLK6VUyKsx3jyK_L270A48t-w2-0ceb9PM,554
 src/storage/audit_store.py,sha256=zO7L9o-8N31PsiLJ72wvmodoDrFtFeya05Ebfes8a5Y,14123
 src/storage/database.py,sha256=j-IJ4LiNs7PgXH0L3FtMlmbId1TaGjNCcYjgn3dt7sQ,9465
-src/storage/group_store.py,sha256=6sCqKwFTNHUOin08V1AXlN2scam2khSwf_cgisvD-M0,24832
+src/storage/group_store.py,sha256=RLQK1dBkSbXiFtEw9twpoUFgnWiJWo6MyIMhVQkYoU8,25828
 src/storage/inventory_store.py,sha256=hRxdL2oqDTvtIuyNiR9IoBFjH1jOe3DV43C8Ybt-aTU,10601
-src/storage/resource_store.py,sha256=MB8JVvlq5zZJcjLbIL6R6dtPfqK6hpV0JhzSjiofez0,13111
-src/storage/schema.py,sha256=PFDVbC12RGh-VP1CNLqFc6V_QCmblGkf63VCaHuPKGU,10274
-src/storage/snapshot_store.py,sha256=TI87NQmpMRG1lXcx8HvcKGPJuOyhzH0WmaUK0C2blZc,11855
+src/storage/resource_store.py,sha256=mfKiVQgok2z_PWi7cJx2VD_aMxL6ioI7TaPpEV5hS40,13220
+src/storage/schema.py,sha256=JvHl5GrSPNyFntH7KDVMVG-_rebo3uxCtVoOUwxFKCc,12275
+src/storage/snapshot_store.py,sha256=6BzGjsIljEetGQ88qXoGP5tsFxPNitT5ZVW2oRoCV_I,12589
 src/utils/__init__.py,sha256=1qjjL3wxB7ye6s3AT4h5hQ9Xgi7y0WllUMmTpiZWC54,284
 src/utils/export.py,sha256=lBUxLGkvtdzTFq2VKRmHgf18ZROiorHGGHlbeG7ixxc,8929
 src/utils/hash.py,sha256=w6jJqNR64IEcgMIrIY-M1QXuo_CkH0sbT8I6JcFQJqo,1747
@@ -134,12 +141,12 @@ src/web/templates/pages/diff.html,sha256=UeRqKd6Op2XXNkNg916km7KICMPngh8FVxiaSQu
 src/web/templates/pages/error.html,sha256=rCnXvdqhrXQX8RungpL35q6iAU77ntQTnC-B52zYkdo,1715
 src/web/templates/pages/groups.html,sha256=N2Bj44Bx5hTiXap9b_dIPjan_CS_9pAqJeJYAs5o-z0,43176
 src/web/templates/pages/queries.html,sha256=sf167CjkCQmx0jZQsEorgSO2N3zVyISdEIpxkhZVr7E,12443
-src/web/templates/pages/resources.html,sha256=fygTKEcER7e_L2jDKZD6G3MewWFWBvIHGMbBxW8GqMY,123801
+src/web/templates/pages/resources.html,sha256=hGr2-NDUlk16RWMEkebEMjtAlEpwVvy59KujoZ3_jCk,124172
 src/web/templates/pages/snapshot_detail.html,sha256=hHoM_smOhVnDhsqHRrjv_Bk3V2WsUcsjOhFEy6qqDDs,12457
 src/web/templates/pages/snapshots.html,sha256=3b47IQgkN4mxJpqjUaJ_lPqYUqM2Icz44Ad8CesZpvM,22536
-aws_inventory_manager-0.13.2.dist-info/LICENSE,sha256=-lY65BqqcGV9QVjIoTpYEB0Jaddm9j-cS5ICDRBRQo0,1071
-aws_inventory_manager-0.13.2.dist-info/METADATA,sha256=F4QepgckeuJ9n529xrQrLlBBztr7uzSuNTchDF_sxtw,42531
-aws_inventory_manager-0.13.2.dist-info/WHEEL,sha256=beeZ86-EfXScwlR_HKu4SllMC9wUEj_8Z_4FJ3egI2w,91
-aws_inventory_manager-0.13.2.dist-info/entry_points.txt,sha256=Ktdhto-PER5BtwWKYBtU_-FS3ngiGtAGGeoLzRW2qUw,44
-aws_inventory_manager-0.13.2.dist-info/top_level.txt,sha256=74rtVfumQlgAPzR5_2CgYN24MB0XARCg0t-gzk6gTrM,4
-aws_inventory_manager-0.13.2.dist-info/RECORD,,
+aws_inventory_manager-0.16.0.dist-info/LICENSE,sha256=-lY65BqqcGV9QVjIoTpYEB0Jaddm9j-cS5ICDRBRQo0,1071
+aws_inventory_manager-0.16.0.dist-info/METADATA,sha256=AK-ihmCdQsRVdob6LbCZ9U0CmogO0wmvKChT1WMXWdM,42531
+aws_inventory_manager-0.16.0.dist-info/WHEEL,sha256=beeZ86-EfXScwlR_HKu4SllMC9wUEj_8Z_4FJ3egI2w,91
+aws_inventory_manager-0.16.0.dist-info/entry_points.txt,sha256=Ktdhto-PER5BtwWKYBtU_-FS3ngiGtAGGeoLzRW2qUw,44
+aws_inventory_manager-0.16.0.dist-info/top_level.txt,sha256=74rtVfumQlgAPzR5_2CgYN24MB0XARCg0t-gzk6gTrM,4
+aws_inventory_manager-0.16.0.dist-info/RECORD,,

src/cli/main.py

@@ -823,8 +823,11 @@ def snapshot_create(
     exclude_tags: Optional[str] = typer.Option(
         None, "--exclude-tags", help="Exclude resources with ANY of these tags (Key=Value,Key2=Value2)"
     ),
+    created_by_role: Optional[str] = typer.Option(
+        None, "--created-by-role", help="Tag resources created by this IAM role with _created_by_role (queries CloudTrail, 90-day limit)"
+    ),
     use_config: bool = typer.Option(
-        True, "--use-config/--no-config", help="Use AWS Config for collection when available (default: enabled)"
+        False, "--config", help="Use AWS Config for collection when available (default: disabled, use direct API)"
     ),
     config_aggregator: Optional[str] = typer.Option(
         None, "--config-aggregator", help="AWS Config Aggregator name for multi-account collection"
@@ -835,7 +838,7 @@ def snapshot_create(
 ):
     """Create a new snapshot of AWS resources.
 
-    Captures resources from 25 AWS services:
+    Captures resources from 26 AWS services:
     - IAM: Roles, Users, Groups, Policies
     - Lambda: Functions, Layers
     - S3: Buckets
@@ -860,6 +863,7 @@ def snapshot_create(
     - CodePipeline: Pipelines
     - CodeBuild: Projects
     - Backup: Backup Plans, Backup Vaults
+    - Glue: Databases, Tables, Crawlers, Jobs, Connections
 
     Historical Baselines & Filtering:
     Use --before-date, --after-date, --include-tags, and/or --exclude-tags to create
@@ -1041,6 +1045,50 @@ def snapshot_create(
             config_aggregator=config_aggregator,
         )
 
+        # Tag resources created by role if specified (uses CloudTrail)
+        if created_by_role:
+            from ..cloudtrail import CloudTrailQuery
+
+            console.print(f"\n🔍 Checking creator role: [bold]{created_by_role}[/bold]")
+            console.print("   Querying CloudTrail (this may take a moment)...")
+
+            ct_query = CloudTrailQuery(profile_name=aws_profile, regions=region_list)
+            created_resources = ct_query.get_created_resource_names(
+                role_arn=created_by_role,
+                days_back=90,
+                regions=region_list,
+            )
+
+            # Build a set of (name, type) tuples for matching
+            created_set = set()
+            for resource_type, names in created_resources.items():
+                for name in names:
+                    created_set.add((name, resource_type))
+
+            # Tag resources that were created by this role (add to tags dict)
+            matched_count = 0
+            for resource in snapshot.resources:
+                is_match = False
+                # Match by name and type
+                if (resource.name, resource.resource_type) in created_set:
+                    is_match = True
+                # Also try matching by ARN components
+                elif resource.arn:
+                    arn_name = resource.arn.split("/")[-1].split(":")[-1]
+                    if (arn_name, resource.resource_type) in created_set:
+                        is_match = True
+
+                if is_match:
+                    matched_count += 1
+                    # Add created-by tag to resource (internal tracking, not AWS tag)
+                    if resource.tags is None:
+                        resource.tags = {}
+                    resource.tags["_created_by_role"] = created_by_role
+
+            console.print(f"   Found {len(created_resources)} resource types in CloudTrail")
+            console.print(f"   Tagged {matched_count}/{len(snapshot.resources)} resources as created by this role")
+            console.print(f"   [dim](Resources older than 90 days won't appear in CloudTrail)[/dim]")
+
         # T018: Check for zero resources after filtering
         if snapshot.resource_count == 0:
             console.print("⚠️  Warning: Snapshot contains 0 resources after filtering", style="bold yellow")
@@ -1147,7 +1195,7 @@ def snapshot_create(
                 console.print("\n  [dim]Use --verbose to see detailed breakdown by resource type[/dim]")
         elif not use_config:
             console.print("\nCollection Method:")
-            console.print("  All resources collected via Direct API (--no-config specified)")
+            console.print("  All resources collected via Direct API (use --config to enable AWS Config)")
 
     except typer.Exit:
         # Re-raise Exit exceptions (normal exit codes)
@@ -3617,6 +3665,157 @@ def serve(
     )
 
 
+# =============================================================================
+# Normalize Command (AI Normalization)
+# =============================================================================
+
+
+@app.command()
+def normalize(
+    snapshot: str = typer.Option(..., "--snapshot", "-s", help="Snapshot name to normalize"),
+    dry_run: bool = typer.Option(False, "--dry-run", help="Preview normalizations without saving"),
+    use_ai: bool = typer.Option(True, "--ai/--no-ai", help="Use AI for ambiguous names (default: enabled)"),
+):
+    """Re-run AI normalization on an existing snapshot.
+
+    This command updates the normalized_name column for all resources
+    in the specified snapshot using AI-based name normalization.
+
+    Use this to:
+    - Backfill normalized names for snapshots created before AI normalization
+    - Re-normalize with updated AI models or prompts
+    - Preview normalizations with --dry-run before committing
+
+    Example:
+        awsinv normalize --snapshot my-snapshot-20260113
+        awsinv normalize --snapshot my-snapshot --dry-run
+        awsinv normalize --snapshot my-snapshot --no-ai
+    """
+    global config
+    if config is None:
+        config = Config.load()
+
+    from ..storage import Database, SnapshotStore
+
+    try:
+        from ..matching import NormalizerConfig, ResourceNormalizer
+    except ImportError:
+        console.print(
+            "[red]AI dependencies not installed.[/red]\n"
+            "Install with: [cyan]pip install aws-inventory-manager[ai][/cyan]"
+        )
+        raise typer.Exit(code=1)
+
+    # Initialize database
+    db = Database(config.storage_path)
+    snapshot_store = SnapshotStore(db)
+
+    # Check snapshot exists
+    if not snapshot_store.exists(snapshot):
+        console.print(f"[red]✗ Snapshot '{snapshot}' not found[/red]")
+        raise typer.Exit(code=1)
+
+    # Load the snapshot
+    console.print(f"[cyan]Loading snapshot '[bold]{snapshot}[/bold]'...[/cyan]")
+    snapshot_obj = snapshot_store.load(snapshot)
+
+    if not snapshot_obj or not snapshot_obj.resources:
+        console.print(f"[yellow]⚠ Snapshot '{snapshot}' has no resources to normalize[/yellow]")
+        raise typer.Exit(code=0)
+
+    console.print(f"  Found [bold]{len(snapshot_obj.resources)}[/bold] resources")
+
+    # Initialize normalizer
+    normalizer_config = NormalizerConfig.from_env()
+
+    if use_ai and not normalizer_config.is_ai_enabled:
+        console.print("[yellow]⚠ OPENAI_API_KEY not set - using rules-based normalization only[/yellow]")
+        use_ai = False
+
+    normalizer = ResourceNormalizer(normalizer_config)
+
+    # Prepare resources for normalization
+    resource_dicts = [
+        {
+            "arn": r.arn,
+            "name": r.name,
+            "resource_type": r.resource_type,
+            "tags": r.tags,
+        }
+        for r in snapshot_obj.resources
+    ]
+
+    # Run normalization
+    if use_ai:
+        console.print("[cyan]Running AI-assisted normalization...[/cyan]")
+    else:
+        console.print("[cyan]Running rules-based normalization...[/cyan]")
+
+    with console.status("[bold green]Normalizing resources..."):
+        normalized_names = normalizer.normalize_resources(resource_dicts, use_ai=use_ai)
+
+    console.print(f"  Normalized [bold]{len(normalized_names)}[/bold] resource names")
+
+    if normalizer.tokens_used > 0:
+        console.print(f"  AI tokens used: [dim]{normalizer.tokens_used}[/dim]")
+
+    # Show preview in dry-run mode
+    if dry_run:
+        console.print("\n[yellow]DRY RUN - No changes saved[/yellow]\n")
+
+        # Build a table of changes
+        table = Table(title="Normalization Preview (first 20)")
+        table.add_column("Resource Type", style="cyan")
+        table.add_column("Original Name", style="white")
+        table.add_column("Normalized Name", style="green")
+
+        count = 0
+        for r in snapshot_obj.resources:
+            if count >= 20:
+                break
+            norm_name = normalized_names.get(r.arn, r.name)
+            # Only show if different or meaningful
+            table.add_row(
+                r.resource_type.split("::")[-1] if r.resource_type else "Unknown",
+                r.name or "(no name)",
+                norm_name,
+            )
+            count += 1
+
+        console.print(table)
+
+        if len(snapshot_obj.resources) > 20:
+            console.print(f"\n[dim]... and {len(snapshot_obj.resources) - 20} more resources[/dim]")
+
+        console.print("\n[yellow]Run without --dry-run to save changes[/yellow]")
+        raise typer.Exit(code=0)
+
+    # Update database with normalized names
+    console.print("[cyan]Updating database...[/cyan]")
+
+    snapshot_id = snapshot_store.get_id(snapshot)
+    if snapshot_id is None:
+        console.print("[red]✗ Failed to get snapshot ID[/red]")
+        raise typer.Exit(code=1)
+
+    updated_count = 0
+    with db.transaction() as cursor:
+        for r in snapshot_obj.resources:
+            norm_name = normalized_names.get(r.arn)
+            if norm_name:
+                cursor.execute(
+                    """
+                    UPDATE resources
+                    SET normalized_name = ?
+                    WHERE snapshot_id = ? AND arn = ?
+                    """,
+                    (norm_name, snapshot_id, r.arn),
+                )
+                updated_count += cursor.rowcount
+
+    console.print(f"[green]✓ Updated {updated_count} resources with normalized names[/green]")
+
+
 def cli_main():
     """Entry point for console script."""
     app()

src/cloudtrail/__init__.py

@@ -0,0 +1,5 @@
+"""CloudTrail query module for resource provenance tracking."""
+
+from .query import CloudTrailQuery, ResourceCreationEvent
+
+__all__ = ["CloudTrailQuery", "ResourceCreationEvent"]