aws-inventory-manager 0.17.12__py3-none-any.whl

src/delta/differ.py

@@ -0,0 +1,185 @@
+"""Configuration differ for recursive comparison of resource configurations."""
+
+from __future__ import annotations
+
+from typing import Any
+
+from ..models.config_diff import SECURITY_CRITICAL_FIELDS, ChangeCategory, ConfigDiff
+
+
+class ConfigDiffer:
+    """Recursive configuration comparison engine.
+
+    Compares two resource configuration dictionaries and produces a list
+    of ConfigDiff objects representing field-level changes.
+    """
+
+    def __init__(self) -> None:
+        """Initialize the configuration differ."""
+        pass
+
+    def compare(
+        self,
+        resource_arn: str,
+        old_config: dict[str, Any],
+        new_config: dict[str, Any],
+        field_prefix: str = "",
+    ) -> list[ConfigDiff]:
+        """Recursively compare two configuration dictionaries.
+
+        Args:
+            resource_arn: ARN of the resource being compared
+            old_config: Previous configuration
+            new_config: Current configuration
+            field_prefix: Dot-notation prefix for nested fields (internal use)
+
+        Returns:
+            List of ConfigDiff objects representing changes
+        """
+        diffs: list[ConfigDiff] = []
+
+        # Get all unique keys from both configs
+        all_keys = set(old_config.keys()) | set(new_config.keys())
+
+        for key in all_keys:
+            field_path = f"{field_prefix}.{key}" if field_prefix else key
+
+            old_value = old_config.get(key)
+            new_value = new_config.get(key)
+
+            # Skip if values are identical
+            if old_value == new_value:
+                continue
+
+            # Recursively compare nested dictionaries
+            if isinstance(old_value, dict) and isinstance(new_value, dict):
+                nested_diffs = self.compare(resource_arn, old_value, new_value, field_path)
+                diffs.extend(nested_diffs)
+            # Recursively compare lists
+            elif isinstance(old_value, list) and isinstance(new_value, list):
+                list_diffs = self._compare_lists(resource_arn, old_value, new_value, field_path)
+                diffs.extend(list_diffs)
+            # Handle nested dict in old but not in new (or vice versa)
+            elif isinstance(old_value, dict) and not isinstance(new_value, dict):
+                # Dict was replaced with non-dict or removed
+                category = self._categorize_change(field_path, resource_arn)
+                diff = ConfigDiff(
+                    resource_arn=resource_arn,
+                    field_path=field_path,
+                    old_value=old_value,
+                    new_value=new_value,
+                    category=category,
+                )
+                diffs.append(diff)
+            elif isinstance(new_value, dict) and not isinstance(old_value, dict):
+                # Dict was added or replaced
+                category = self._categorize_change(field_path, resource_arn)
+                diff = ConfigDiff(
+                    resource_arn=resource_arn,
+                    field_path=field_path,
+                    old_value=old_value,
+                    new_value=new_value,
+                    category=category,
+                )
+                diffs.append(diff)
+            else:
+                # Simple value change, addition, or removal
+                category = self._categorize_change(field_path, resource_arn)
+                diff = ConfigDiff(
+                    resource_arn=resource_arn,
+                    field_path=field_path,
+                    old_value=old_value,
+                    new_value=new_value,
+                    category=category,
+                )
+                diffs.append(diff)
+
+        return diffs
+
+    def _compare_lists(
+        self,
+        resource_arn: str,
+        old_list: list[Any],
+        new_list: list[Any],
+        field_path: str,
+    ) -> list[ConfigDiff]:
+        """Compare two lists element by element.
+
+        Args:
+            resource_arn: ARN of the resource
+            old_list: Previous list
+            new_list: Current list
+            field_path: Field path for the list
+
+        Returns:
+            List of ConfigDiff objects for list changes
+        """
+        diffs: list[ConfigDiff] = []
+
+        max_len = max(len(old_list), len(new_list))
+
+        for i in range(max_len):
+            element_path = f"{field_path}.{i}"
+
+            old_value = old_list[i] if i < len(old_list) else None
+            new_value = new_list[i] if i < len(new_list) else None
+
+            if old_value == new_value:
+                continue
+
+            # Recursively compare nested dicts in lists
+            if isinstance(old_value, dict) and isinstance(new_value, dict):
+                nested_diffs = self.compare(resource_arn, old_value, new_value, element_path)
+                diffs.extend(nested_diffs)
+            else:
+                # Simple value change
+                category = self._categorize_change(element_path, resource_arn)
+                diff = ConfigDiff(
+                    resource_arn=resource_arn,
+                    field_path=element_path,
+                    old_value=old_value,
+                    new_value=new_value,
+                    category=category,
+                )
+                diffs.append(diff)
+
+        return diffs
+
+    def _categorize_change(self, field_path: str, resource_arn: str) -> ChangeCategory:
+        """Categorize a configuration change based on field path and resource type.
+
+        Args:
+            field_path: Dot-notation field path
+            resource_arn: ARN of the resource
+
+        Returns:
+            ChangeCategory enum value
+        """
+        field_lower = field_path.lower()
+        arn_lower = resource_arn.lower()
+
+        # Check for Tags category
+        if "tags" in field_lower or field_path.startswith("Tags."):
+            return ChangeCategory.TAGS
+
+        # Check for Permissions category (IAM-related) - do this BEFORE security check
+        # because some IAM fields like "Policy" could match security keywords
+        permissions_keywords = [
+            "policy",
+            "permission",
+            "role",
+            "assumerolepolicydocument",
+            "statement",
+        ]
+        if "iam" in arn_lower:
+            # For IAM resources, policy/permission changes are PERMISSIONS
+            if any(keyword in field_lower for keyword in permissions_keywords):
+                return ChangeCategory.PERMISSIONS
+
+        # Check for Security category
+        for security_field in SECURITY_CRITICAL_FIELDS:
+            if security_field.lower() in field_lower:
+                return ChangeCategory.SECURITY
+
+        # Default to Configuration
+        return ChangeCategory.CONFIGURATION

src/delta/formatters.py

@@ -0,0 +1,272 @@
+"""Drift formatter for color-coded terminal output of configuration changes."""
+
+from __future__ import annotations
+
+from typing import TYPE_CHECKING, Any, Optional
+
+from rich.console import Console
+from rich.panel import Panel
+from rich.table import Table
+
+from ..models.config_diff import ChangeCategory
+from .models import DriftReport
+
+if TYPE_CHECKING:
+    from ..models.config_diff import ConfigDiff
+
+
+class DriftFormatter:
+    """Format and display configuration drift with color coding.
+
+    Color scheme:
+    - Red: Removed fields
+    - Green: Added fields
+    - Yellow: Security-critical changes
+    - Cyan: Configuration changes
+    """
+
+    def __init__(self, console: Optional[Console] = None):
+        """Initialize drift formatter.
+
+        Args:
+            console: Rich console instance (creates new one if not provided)
+        """
+        self.console = console or Console()
+
+    def display(
+        self,
+        report: DriftReport,
+        group_by: str = "category",
+        resource_type_filter: Optional[str] = None,
+        region_filter: Optional[str] = None,
+    ) -> None:
+        """Display drift report to console with color coding.
+
+        Args:
+            report: DriftReport to display
+            group_by: How to group changes ("category" or "resource")
+            resource_type_filter: Optional resource type filter (e.g., "ec2")
+            region_filter: Optional region filter (e.g., "us-east-1")
+        """
+        # Apply filters
+        diffs = report.get_all_diffs()
+
+        if resource_type_filter:
+            diffs = [d for d in diffs if resource_type_filter.lower() in d.resource_arn.lower()]
+
+        if region_filter:
+            diffs = [d for d in diffs if region_filter in d.resource_arn]
+
+        # Check if there are any changes after filtering
+        if not diffs:
+            self.console.print()
+            self.console.print(
+                Panel(
+                    "[bold green]No configuration changes detected[/bold green]",
+                    style="green",
+                )
+            )
+            self.console.print()
+            return
+
+        # Display header
+        self.console.print()
+        self.console.print(
+            Panel(
+                f"[bold]Configuration Drift Details[/bold]\n" f"Total Changes: {len(diffs)}",
+                style="cyan",
+            )
+        )
+        self.console.print()
+
+        # Display summary statistics
+        self._display_summary(diffs)
+
+        # Group and display changes
+        if group_by == "resource":
+            self._display_by_resource(diffs)
+        else:
+            self._display_by_category(diffs)
+
+    def _display_summary(self, diffs: list) -> None:
+        """Display summary statistics for drift.
+
+        Args:
+            diffs: List of ConfigDiff objects
+        """
+        # Count by category
+        tags_count = sum(1 for d in diffs if d.category == ChangeCategory.TAGS)
+        config_count = sum(1 for d in diffs if d.category == ChangeCategory.CONFIGURATION)
+        security_count = sum(1 for d in diffs if d.category == ChangeCategory.SECURITY)
+        permissions_count = sum(1 for d in diffs if d.category == ChangeCategory.PERMISSIONS)
+
+        # Create summary table
+        table = Table(title="Summary", show_header=True, header_style="bold magenta")
+        table.add_column("Category", style="cyan", width=20)
+        table.add_column("Count", justify="right", style="yellow", width=10)
+
+        if tags_count > 0:
+            table.add_row("Tags", str(tags_count))
+        if config_count > 0:
+            table.add_row("Configuration", str(config_count))
+        if security_count > 0:
+            table.add_row("[yellow]Security[/yellow]", f"[yellow]{security_count}[/yellow]")
+        if permissions_count > 0:
+            table.add_row("Permissions", str(permissions_count))
+
+        self.console.print(table)
+        self.console.print()
+
+    def _display_by_category(self, diffs: list) -> None:
+        """Display diffs grouped by category.
+
+        Args:
+            diffs: List of ConfigDiff objects
+        """
+        # Group by category
+        from typing import Dict, List
+
+        categories: Dict[ChangeCategory, List] = {
+            ChangeCategory.TAGS: [],
+            ChangeCategory.CONFIGURATION: [],
+            ChangeCategory.SECURITY: [],
+            ChangeCategory.PERMISSIONS: [],
+        }
+
+        for diff in diffs:
+            categories[diff.category].append(diff)
+
+        # Display each category
+        category_names = {
+            ChangeCategory.TAGS: "Tags",
+            ChangeCategory.CONFIGURATION: "Configuration",
+            ChangeCategory.SECURITY: "Security",
+            ChangeCategory.PERMISSIONS: "Permissions",
+        }
+
+        for category, category_diffs in categories.items():
+            if not category_diffs:
+                continue
+
+            self.console.print(f"[bold]{category_names[category]} Changes:[/bold]")
+            table = Table(show_header=True, box=None, padding=(0, 2))
+            table.add_column("Resource", style="dim", width=50)
+            table.add_column("Field", style="cyan", width=30)
+            table.add_column("Change", width=40)
+
+            for diff in category_diffs:
+                # Extract resource name/ID from ARN
+                resource_display = self._format_resource_name(diff.resource_arn)
+
+                # Format the change with color coding
+                change_display = self._format_change(diff)
+
+                table.add_row(resource_display, diff.field_path, change_display)
+
+            self.console.print(table)
+            self.console.print()
+
+    def _display_by_resource(self, diffs: list) -> None:
+        """Display diffs grouped by resource ARN.
+
+        Args:
+            diffs: List of ConfigDiff objects
+        """
+        # Group by resource
+        by_resource: dict[str, list] = {}
+        for diff in diffs:
+            if diff.resource_arn not in by_resource:
+                by_resource[diff.resource_arn] = []
+            by_resource[diff.resource_arn].append(diff)
+
+        # Display each resource's changes
+        for resource_arn, resource_diffs in by_resource.items():
+            resource_display = self._format_resource_name(resource_arn)
+            self.console.print(f"[bold cyan]{resource_display}[/bold cyan]")
+
+            table = Table(show_header=True, box=None, padding=(0, 2))
+            table.add_column("Field", style="cyan", width=35)
+            table.add_column("Change", width=50)
+            table.add_column("Category", width=15)
+
+            for diff in resource_diffs:
+                change_display = self._format_change(diff)
+                category_display = diff.category.value.capitalize()
+
+                table.add_row(diff.field_path, change_display, category_display)
+
+            self.console.print(table)
+            self.console.print()
+
+    def _format_resource_name(self, arn: str) -> str:
+        """Extract a readable resource name from ARN.
+
+        Args:
+            arn: Resource ARN
+
+        Returns:
+            Formatted resource name
+        """
+        # Extract the resource ID/name from ARN
+        # ARN format: arn:aws:service:region:account:resourceType/resourceId
+        parts = arn.split(":")
+        if len(parts) >= 6:
+            resource_part = parts[5]
+            if "/" in resource_part:
+                return resource_part.split("/", 1)[1]
+            return resource_part
+        return arn
+
+    def _format_change(self, diff: ConfigDiff) -> str:
+        """Format a change with color coding and arrow notation.
+
+        Args:
+            diff: ConfigDiff object
+
+        Returns:
+            Rich-formatted change string
+        """
+        old_str = self._format_value(diff.old_value)
+        new_str = self._format_value(diff.new_value)
+
+        # Color code based on change type
+        if diff.old_value is None:
+            # Field added
+            return f"[green]+[/green] {new_str}"
+        elif diff.new_value is None:
+            # Field removed
+            return f"[red]-[/red] {old_str}"
+        else:
+            # Field modified
+            if diff.is_security_critical():
+                # Security-critical change - yellow
+                return f"[yellow]{old_str} → {new_str}[/yellow]"
+            else:
+                # Regular change - cyan
+                return f"{old_str} → {new_str}"
+
+    def _format_value(self, value: Any) -> str:
+        """Format a configuration value for display.
+
+        Args:
+            value: Configuration value
+
+        Returns:
+            Formatted string representation
+        """
+        if value is None:
+            return "[dim](none)[/dim]"
+        elif isinstance(value, bool):
+            return "true" if value else "false"
+        elif isinstance(value, (dict, list)):
+            # Truncate complex values
+            str_value = str(value)
+            if len(str_value) > 50:
+                return str_value[:47] + "..."
+            return str_value
+        else:
+            str_value = str(value)
+            # Truncate very long values
+            if len(str_value) > 100:
+                return str_value[:97] + "..."
+            return str_value

src/delta/models.py

@@ -0,0 +1,154 @@
+"""Drift report model for containing configuration differences."""
+
+from __future__ import annotations
+
+from typing import Any
+
+from ..models.config_diff import ChangeCategory, ConfigDiff
+
+
+class DriftReport:
+    """Container for configuration drift analysis results.
+
+    Stores and organizes ConfigDiff objects representing field-level changes
+    between snapshot versions.
+    """
+
+    def __init__(self) -> None:
+        """Initialize an empty drift report."""
+        self._diffs: list[ConfigDiff] = []
+
+    @property
+    def total_changes(self) -> int:
+        """Get total number of configuration changes."""
+        return len(self._diffs)
+
+    def add_diff(self, diff: ConfigDiff) -> None:
+        """Add a configuration diff to the report.
+
+        Args:
+            diff: ConfigDiff to add
+        """
+        self._diffs.append(diff)
+
+    def get_all_diffs(self) -> list[ConfigDiff]:
+        """Get all configuration diffs.
+
+        Returns:
+            List of all ConfigDiff objects
+        """
+        return self._diffs.copy()
+
+    def get_diffs_by_category(self, category: ChangeCategory) -> list[ConfigDiff]:
+        """Get diffs filtered by change category.
+
+        Args:
+            category: ChangeCategory to filter by
+
+        Returns:
+            List of diffs matching the category
+        """
+        return [d for d in self._diffs if d.category == category]
+
+    def get_security_critical_diffs(self) -> list[ConfigDiff]:
+        """Get diffs that affect security-critical settings.
+
+        Returns:
+            List of security-critical diffs
+        """
+        return [d for d in self._diffs if d.is_security_critical()]
+
+    def get_diffs_by_resource(self, resource_arn: str) -> list[ConfigDiff]:
+        """Get diffs for a specific resource ARN.
+
+        Args:
+            resource_arn: ARN of the resource
+
+        Returns:
+            List of diffs for the specified resource
+        """
+        return [d for d in self._diffs if d.resource_arn == resource_arn]
+
+    def get_diffs_by_resource_type(self, resource_type: str) -> list[ConfigDiff]:
+        """Get diffs filtered by resource type.
+
+        Args:
+            resource_type: Resource type to filter by (e.g., "ec2", "rds")
+
+        Returns:
+            List of diffs matching the resource type (case insensitive)
+        """
+        resource_type_lower = resource_type.lower()
+        return [d for d in self._diffs if resource_type_lower in d.resource_arn.lower()]
+
+    def get_diffs_by_region(self, region: str) -> list[ConfigDiff]:
+        """Get diffs filtered by AWS region.
+
+        Args:
+            region: AWS region (e.g., "us-east-1")
+
+        Returns:
+            List of diffs in the specified region
+        """
+        return [d for d in self._diffs if region in d.resource_arn]
+
+    def get_summary(self) -> dict[str, Any]:
+        """Generate summary statistics for the drift report.
+
+        Returns:
+            Dictionary with total counts by category and security criticality
+        """
+        return {
+            "total_changes": self.total_changes,
+            "tags_count": len(self.get_diffs_by_category(ChangeCategory.TAGS)),
+            "configuration_count": len(self.get_diffs_by_category(ChangeCategory.CONFIGURATION)),
+            "security_count": len(self.get_diffs_by_category(ChangeCategory.SECURITY)),
+            "permissions_count": len(self.get_diffs_by_category(ChangeCategory.PERMISSIONS)),
+            "security_critical_count": len(self.get_security_critical_diffs()),
+        }
+
+    def group_by_resource(self) -> dict[str, list[ConfigDiff]]:
+        """Group diffs by resource ARN.
+
+        Returns:
+            Dictionary mapping resource ARN to list of diffs
+        """
+        grouped: dict[str, list[ConfigDiff]] = {}
+        for diff in self._diffs:
+            if diff.resource_arn not in grouped:
+                grouped[diff.resource_arn] = []
+            grouped[diff.resource_arn].append(diff)
+        return grouped
+
+    def group_by_category(self) -> dict[ChangeCategory, list[ConfigDiff]]:
+        """Group diffs by change category.
+
+        Returns:
+            Dictionary mapping ChangeCategory to list of diffs
+        """
+        grouped: dict[ChangeCategory, list[ConfigDiff]] = {}
+        for diff in self._diffs:
+            if diff.category not in grouped:
+                grouped[diff.category] = []
+            grouped[diff.category].append(diff)
+        return grouped
+
+    def has_security_critical_changes(self) -> bool:
+        """Check if the report contains any security-critical changes.
+
+        Returns:
+            True if there are security-critical changes, False otherwise
+        """
+        return len(self.get_security_critical_diffs()) > 0
+
+    def to_dict(self) -> dict[str, Any]:
+        """Convert drift report to dictionary representation.
+
+        Returns:
+            Dictionary with all diffs and summary statistics
+        """
+        return {
+            "total_changes": self.total_changes,
+            "summary": self.get_summary(),
+            "diffs": [diff.to_dict() for diff in self._diffs],
+        }