azure-discovery 0.1.0__py3-none-any.whl

azure_discovery/__init__.py

@@ -0,0 +1,33 @@
+"""Azure Discovery: Azure tenant discovery and visualization via Resource Graph.
+
+This package can be installed from PyPI as ``azure-discovery`` and used as:
+
+  pip install azure-discovery
+  azure-discovery discover --tenant-id <id> --subscription <sub-id>
+
+Programmatic usage:
+
+  from azure_discovery import run_discovery
+  from azure_discovery.adt_types import AzureDiscoveryRequest, AzureDiscoveryResponse
+"""
+
+from .orchestrator import run_discovery
+from .adt_types import (
+    AzureDiscoveryRequest,
+    AzureDiscoveryResponse,
+    AzureEnvironment,
+    DiscoveryFilter,
+    ResourceNode,
+    ResourceRelationship,
+)
+
+__all__ = [
+    "run_discovery",
+    "AzureDiscoveryRequest",
+    "AzureDiscoveryResponse",
+    "AzureEnvironment",
+    "DiscoveryFilter",
+    "ResourceNode",
+    "ResourceRelationship",
+]
+__version__ = "0.1.0"

azure_discovery/adt_types/__init__.py

@@ -0,0 +1,18 @@
+"""Typed interfaces shared across the Azure discovery tool."""
+
+from .models import (  # noqa: F401
+    AzureDiscoveryRequest,
+    AzureDiscoveryResponse,
+    AzureEnvironment,
+    AzureEnvironmentConfig,
+    DiscoveryFilter,
+    ResourceNode,
+    ResourceRelationship,
+    VisualizationOptions,
+    VisualizationResponse,
+)
+from .errors import (  # noqa: F401
+    AzureClientError,
+    InvalidTargetError,
+    VisualizationError,
+)

azure_discovery/adt_types/errors.py

@@ -0,0 +1,13 @@
+"""Custom exceptions for Azure discovery."""
+
+
+class InvalidTargetError(ValueError):
+    """Raised when a provided target identifier is malformed."""
+
+
+class AzureClientError(RuntimeError):
+    """Raised when Azure SDK clients report a fatal error."""
+
+
+class VisualizationError(RuntimeError):
+    """Raised when graph generation fails."""

azure_discovery/adt_types/models.py

@@ -0,0 +1,121 @@
+"""Pydantic models shared across modules."""
+
+from __future__ import annotations
+
+from datetime import datetime, timezone
+from enum import Enum
+from pathlib import Path
+from typing import Any, Dict, List, Optional
+
+from pydantic import BaseModel, Field, field_validator
+
+
+class AzureEnvironment(str, Enum):
+    """Supported Azure clouds."""
+
+    AZURE_PUBLIC = "azure_public"
+    AZURE_GOV = "azure_gov"
+    AZURE_CHINA = "azure_china"
+    AZURE_GERMANY = "azure_germany"
+    AZURE_STACK = "azure_stack"
+
+
+class AzureEnvironmentConfig(BaseModel):
+    """Concrete endpoints for an Azure cloud."""
+
+    name: AzureEnvironment
+    authority_host: str
+    resource_manager: str
+    storage_suffix: str
+
+
+class DiscoveryFilter(BaseModel):
+    """Optional filters used to scope discovery."""
+
+    include_types: Optional[List[str]] = None
+    exclude_types: Optional[List[str]] = None
+    required_tags: Optional[Dict[str, str]] = None
+    resource_groups: Optional[List[str]] = None
+
+
+class VisualizationOptions(BaseModel):
+    """Graph visualization configuration."""
+
+    output_dir: Path = Field(default=Path("artifacts/graphs"))
+    file_name: Optional[str] = None
+    include_attributes: bool = True
+    physics_enabled: bool = True
+
+    @field_validator("output_dir", mode="before")
+    @classmethod
+    def _ensure_path(cls, value: Any) -> Path:
+        if value is None:
+            raise ValueError("output_dir cannot be None")
+        return Path(value)
+
+
+class AzureDiscoveryRequest(BaseModel):
+    """Input payload for discovery operations."""
+
+    tenant_id: str
+    environment: AzureEnvironment = AzureEnvironment.AZURE_PUBLIC
+    subscriptions: Optional[List[str]] = None
+    filter: Optional[DiscoveryFilter] = None
+    include_relationships: bool = True
+    max_batch_size: int = Field(default=1000, ge=100, le=5000)
+    throttle_delay_seconds: float = Field(default=0.05, ge=0.0, le=5.0)
+    prefer_cli_credentials: bool = False
+    visualization: VisualizationOptions = Field(
+        default_factory=VisualizationOptions
+    )
+
+    @field_validator("tenant_id")
+    @classmethod
+    def _validate_tenant(cls, value: str) -> str:
+        if not value or not value.strip():
+            raise ValueError("tenant_id is required")
+        return value.strip()
+
+
+class ResourceNode(BaseModel):
+    """Normalized Azure resource."""
+
+    id: str
+    name: str
+    type: str
+    location: Optional[str] = None
+    subscription_id: str
+    resource_group: Optional[str] = None
+    tags: Dict[str, str] = Field(default_factory=dict)
+    dependencies: List[str] = Field(default_factory=list)
+
+
+class ResourceRelationship(BaseModel):
+    """Edge describing resource dependency."""
+
+    source_id: str
+    target_id: str
+    relation_type: str
+    weight: float = 1.0
+
+
+class AzureDiscoveryResponse(BaseModel):
+    """Discovery result payload."""
+
+    tenant_id: str
+    discovered_subscriptions: List[str]
+    nodes: List[ResourceNode]
+    relationships: List[ResourceRelationship]
+    total_resources: int
+    generated_at: datetime = Field(
+        default_factory=lambda: datetime.now(timezone.utc)
+    )
+    html_report_path: Optional[str] = None
+
+
+class VisualizationResponse(BaseModel):
+    """Result of graph rendering."""
+
+    html_path: str
+    nodes: int
+    relationships: int

azure_discovery/api.py

@@ -0,0 +1,45 @@
+"""FastAPI surface for Azure discovery."""
+
+from __future__ import annotations
+
+from pathlib import Path
+
+from fastapi import FastAPI, HTTPException
+from fastapi.responses import FileResponse
+
+from .orchestrator import run_discovery
+from .adt_types import AzureDiscoveryRequest, AzureDiscoveryResponse
+from .utils.logging import get_logger
+
+LOGGER = get_logger()
+app = FastAPI(title="Azure Discovery", version="1.0.0")
+
+
+@app.get("/healthz", tags=["system"])
+async def health_check() -> dict:
+    return {"status": "ok"}
+
+
+@app.post(
+    "/discover",
+    response_model=AzureDiscoveryResponse,
+    tags=["discovery"],
+)
+async def discover_endpoint(
+    request: AzureDiscoveryRequest,
+) -> AzureDiscoveryResponse:
+    LOGGER.info(
+        "API discovery invoked",
+        extra={"context": {"tenant_id": request.tenant_id}},
+    )
+    return await run_discovery(request)
+
+
+@app.get("/visuals/{file_name}", tags=["visualization"])
+async def visualization_endpoint(file_name: str) -> FileResponse:
+    if not file_name:
+        raise HTTPException(status_code=400, detail="file_name missing")
+    html_path = Path("artifacts/graphs") / file_name
+    if not html_path.is_file():
+        raise HTTPException(status_code=404, detail="Visualization not found")
+    return FileResponse(html_path)

azure_discovery/cli.py

@@ -0,0 +1,132 @@
+"""Command-line interface for Azure discovery."""
+
+from __future__ import annotations
+
+import asyncio
+import json
+import sys
+from pathlib import Path
+from typing import List, Optional
+
+import typer
+
+from .orchestrator import run_discovery
+from .adt_types import (
+    AzureDiscoveryRequest,
+    AzureEnvironment,
+    DiscoveryFilter,
+    VisualizationOptions,
+)
+from .utils.logging import get_logger
+
+cli = typer.Typer(help="Azure tenant discovery and visualization CLI")
+
+
+def _parse_tags(tag_args: Optional[List[str]]) -> Optional[dict]:
+    if not tag_args:
+        return None
+    tags = {}
+    for tag_arg in tag_args:
+        if "=" not in tag_arg:
+            raise typer.BadParameter("Tags must use key=value syntax")
+        key, value = tag_arg.split("=", 1)
+        tags[key.strip()] = value.strip()
+    return tags
+
+
+@cli.command("discover")
+def discover_command(
+    tenant_id: str = typer.Option(..., help="Azure AD tenant identifier"),
+    environment: AzureEnvironment = typer.Option(
+        AzureEnvironment.AZURE_PUBLIC, help="Azure cloud environment"
+    ),
+    subscription: Optional[List[str]] = typer.Option(
+        None, "--subscription", "-s", help="Explicit subscription identifier"
+    ),
+    include_type: Optional[List[str]] = typer.Option(
+        None, "--include-type", help="Resource type to include (repeatable)"
+    ),
+    exclude_type: Optional[List[str]] = typer.Option(
+        None, "--exclude-type", help="Resource type to exclude (repeatable)"
+    ),
+    resource_group: Optional[List[str]] = typer.Option(
+        None, "--resource-group", help="Resource group filter (repeatable)"
+    ),
+    required_tag: Optional[List[str]] = typer.Option(
+        None, "--required-tag", help="Required tag key=value (repeatable)"
+    ),
+    prefer_cli: bool = typer.Option(
+        False, "--prefer-cli", help="Prefer Azure CLI credential in chain"
+    ),
+    visualization_output_dir: Path = typer.Option(
+        Path("artifacts/graphs"),
+        "--visualization-output-dir",
+        help="Directory for HTML output",
+    ),
+    visualization_file: Optional[str] = typer.Option(
+        None, "--visualization-file", help="Optional HTML file name"
+    ),
+    output: Optional[Path] = typer.Option(
+        None, "--output", "-o", help="Write JSON output to file instead of stdout"
+    ),
+    quiet: bool = typer.Option(
+        False, "--quiet", "-q", help="Suppress all logs except errors"
+    ),
+    format: str = typer.Option(
+        "json", "--format", "-f", help="Output format: json, json-compact"
+    ),
+) -> None:
+    """Discover Azure resources and emit JSON output.
+
+    By default, JSON is written to stdout and logs go to stderr.
+    Use --output to write JSON to a file.
+    Use --quiet to suppress all logs except errors.
+    """
+
+    # Initialize logger with quiet mode
+    get_logger(quiet=quiet)
+
+    tag_filters = _parse_tags(required_tag)
+    discovery_filter = DiscoveryFilter(
+        include_types=include_type,
+        exclude_types=exclude_type,
+        required_tags=tag_filters,
+        resource_groups=resource_group,
+    )
+    visualization_options = VisualizationOptions(
+        output_dir=visualization_output_dir,
+        file_name=visualization_file,
+    )
+    request = AzureDiscoveryRequest(
+        tenant_id=tenant_id,
+        environment=environment,
+        subscriptions=subscription,
+        filter=discovery_filter,
+        prefer_cli_credentials=prefer_cli,
+        visualization=visualization_options,
+    )
+    response = asyncio.run(run_discovery(request))
+
+    # Format output based on format option
+    if format == "json-compact":
+        json_output = json.dumps(response.model_dump(), default=str)
+    else:  # json
+        json_output = json.dumps(response.model_dump(), indent=2, default=str)
+
+    # Write output to file or stdout
+    if output:
+        output.parent.mkdir(parents=True, exist_ok=True)
+        output.write_text(json_output)
+        # Log to stderr that output was written
+        typer.echo(f"Discovery results written to {output}", err=True)
+    else:
+        # Write JSON to stdout (clean output for piping)
+        sys.stdout.write(json_output + "\n")
+
+
+def main() -> None:
+    cli()
+
+
+if __name__ == "__main__":
+    main()

azure_discovery/enumerators/__init__.py

@@ -0,0 +1,3 @@
+"""Enumerators responsible for gathering data."""
+
+from .azure_resources import enumerate_azure_resources  # noqa: F401

azure_discovery/enumerators/azure_resources.py

@@ -0,0 +1,134 @@
+"""Azure resource enumeration logic."""
+
+from __future__ import annotations
+
+from typing import Any, Dict, List, Optional
+
+from azure.core.credentials import TokenCredential
+from ..adt_types import (
+    AzureDiscoveryRequest,
+    AzureDiscoveryResponse,
+    ResourceNode,
+    ResourceRelationship,
+)
+from ..utils import (
+    build_environment_config,
+    ensure_subscription_ids,
+    get_credential,
+    query_resource_graph,
+)
+from ..utils.graph_helpers import build_graph_edges, ensure_unique_nodes
+from ..utils.logging import get_logger
+
+LOGGER = get_logger()
+
+
+def _build_query(request: AzureDiscoveryRequest) -> str:
+    clauses = ["resources"]
+    filters = []
+
+    if request.filter:
+        discovery_filter = request.filter
+        if discovery_filter.include_types:
+            include_clause = " or ".join(
+                f"tolower(type) == '{resource_type.lower()}'"
+                for resource_type in discovery_filter.include_types
+            )
+            filters.append(f"({include_clause})")
+        if discovery_filter.exclude_types:
+            exclude_clause = " and ".join(
+                f"tolower(type) != '{resource_type.lower()}'"
+                for resource_type in discovery_filter.exclude_types
+            )
+            filters.append(f"({exclude_clause})")
+        if discovery_filter.resource_groups:
+            groups_clause = " or ".join(
+                f"tolower(resourceGroup) == '{group.lower()}'"
+                for group in discovery_filter.resource_groups
+            )
+            filters.append(f"({groups_clause})")
+        if discovery_filter.required_tags:
+            tag_clause = " and ".join(
+                f"tags['{key}'] =~ '{value}'"
+                for key, value in discovery_filter.required_tags.items()
+            )
+            filters.append(f"({tag_clause})")
+
+    if filters:
+        clauses.append("| where " + " and ".join(filters))
+
+    clauses.append(
+        "| project id, name, type, location, resourceGroup,"
+        " subscriptionId, tags, properties"
+    )
+    return " ".join(clauses)
+
+
+def _to_node(payload: Dict[str, Any]) -> ResourceNode:
+    dependencies = []
+    properties = payload.get("properties") or {}
+    raw_dependencies = properties.get("dependencies") or []
+    for dependency in raw_dependencies:
+        resource_id = dependency.get("resourceId")
+        if resource_id:
+            dependencies.append(resource_id)
+
+    return ResourceNode(
+        id=payload["id"],
+        name=payload.get("name", payload["id"].split("/")[-1]),
+        type=payload.get("type", "unknown"),
+        location=payload.get("location"),
+        subscription_id=payload.get("subscriptionId"),
+        resource_group=payload.get("resourceGroup"),
+        tags=payload.get("tags") or {},
+        dependencies=dependencies,
+    )
+
+
+async def enumerate_azure_resources(
+    request: AzureDiscoveryRequest,
+    credential: Optional[TokenCredential] = None,
+) -> AzureDiscoveryResponse:
+    """Return normalized Azure resources for the provided tenant.
+
+    When credential is provided (e.g. from an embedding app like auto_iac), it is
+    used with the request's environment so sovereign clouds work. Otherwise the
+    default credential chain is built from the request.
+    """
+    if not request:
+        raise ValueError("request cannot be None")
+
+    environment_config = build_environment_config(request.environment)
+    if credential is None:
+        credential = get_credential(request, environment_config)
+    subscription_ids = await ensure_subscription_ids(
+        request, credential, base_url=environment_config.resource_manager
+    )
+    query = _build_query(request)
+    raw_resources = await query_resource_graph(
+        credential=credential,
+        query=query,
+        subscriptions=subscription_ids,
+        batch_size=request.max_batch_size,
+        base_url=environment_config.resource_manager,
+    )
+    nodes = ensure_unique_nodes(_to_node(item) for item in raw_resources)
+    relationships = build_graph_edges(nodes, request.include_relationships)
+
+    LOGGER.info(
+        "Enumeration completed",
+        extra={
+            "context": {
+                "tenant_id": request.tenant_id,
+                "nodes": len(nodes),
+                "relationships": len(relationships),
+            }
+        },
+    )
+    return AzureDiscoveryResponse(
+        tenant_id=request.tenant_id,
+        discovered_subscriptions=subscription_ids,
+        nodes=nodes,
+        relationships=relationships,
+        total_resources=len(nodes),
+    )

azure_discovery/orchestrator.py

@@ -0,0 +1,24 @@
+"""Discovery orchestrator."""
+
+from __future__ import annotations
+
+from .adt_types import AzureDiscoveryRequest, AzureDiscoveryResponse
+from .enumerators import enumerate_azure_resources
+from .reporting import emit_console_summary, render_visualization
+
+
+async def run_discovery(request: AzureDiscoveryRequest) -> AzureDiscoveryResponse:
+    """Coordinate enumeration and visualization."""
+
+    if not request:
+        raise ValueError("request cannot be None")
+
+    discovery_response = await enumerate_azure_resources(request)
+    visualization = render_visualization(
+        response=discovery_response, options=request.visualization
+    )
+    enriched_response = discovery_response.model_copy(
+        update={"html_report_path": visualization.html_path}
+    )
+    emit_console_summary(enriched_response)
+    return enriched_response

azure_discovery/reporting/__init__.py

@@ -0,0 +1,4 @@
+"""Reporting and visualization helpers."""
+
+from .console import emit_console_summary  # noqa: F401
+from .html import render_visualization  # noqa: F401

azure_discovery/reporting/console.py

@@ -0,0 +1,28 @@
+"""Console reporting utilities."""
+
+from __future__ import annotations
+
+from ..adt_types import AzureDiscoveryResponse
+from ..utils.logging import get_logger
+
+LOGGER = get_logger()
+
+
+def emit_console_summary(response: AzureDiscoveryResponse) -> None:
+    """Log a concise discovery summary."""
+
+    if not response:
+        LOGGER.warning("Discovery response missing")
+        return
+    LOGGER.info(
+        "Discovery summary",
+        extra={
+            "context": {
+                "tenant_id": response.tenant_id,
+                "subscriptions": response.discovered_subscriptions,
+                "nodes": response.total_resources,
+                "relationships": len(response.relationships),
+                "report": response.html_report_path,
+            }
+        },
+    )

azure_discovery/reporting/html.py

@@ -0,0 +1,79 @@
+"""HTML visualization helpers."""
+
+from __future__ import annotations
+
+import json
+from datetime import datetime
+
+from pyvis.network import Network
+
+from ..adt_types import (
+    AzureDiscoveryResponse,
+    VisualizationOptions,
+    VisualizationResponse,
+)
+from ..adt_types.errors import VisualizationError
+
+
+def render_visualization(
+    response: AzureDiscoveryResponse,
+    options: VisualizationOptions,
+) -> VisualizationResponse:
+    """Render an interactive dependency graph."""
+
+    if not response:
+        raise VisualizationError("Discovery response missing")
+    output_dir = options.output_dir.expanduser()
+    output_dir.mkdir(parents=True, exist_ok=True)
+    file_name = (
+        options.file_name
+        or f"azure-graph-{datetime.utcnow().strftime('%Y%m%d%H%M%S')}.html"
+    )
+    html_path = output_dir / file_name
+
+    net = Network(
+        height="960px",
+        width="100%",
+        directed=True,
+        bgcolor="#05060a",
+        font_color="#f5f7fa",
+    )
+    if options.physics_enabled:
+        net.barnes_hut()
+    else:
+        net.force_atlas_2based(gravity=-50, central_gravity=0.015)
+
+    for node in response.nodes:
+        attributes = {
+            "id": node.id,
+            "type": node.type,
+            "location": node.location,
+            "resource_group": node.resource_group,
+            "tags": node.tags,
+        }
+        title = json.dumps(attributes, indent=2) if options.include_attributes else node.type
+        net.add_node(
+            node.id,
+            label=node.name,
+            title=title,
+            group=node.type.split("/")[-1],
+        )
+
+    for edge in response.relationships:
+        net.add_edge(
+            edge.source_id,
+            edge.target_id,
+            title=edge.relation_type,
+            value=edge.weight,
+        )
+
+    try:
+        net.write_html(str(html_path), notebook=False)
+    except Exception as exc:  # noqa: BLE001
+        raise VisualizationError("Failed to render HTML graph") from exc
+
+    return VisualizationResponse(
+        html_path=str(html_path),
+        nodes=len(response.nodes),
+        relationships=len(response.relationships),
+    )

azure_discovery/utils/__init__.py

@@ -0,0 +1,10 @@
+"""Utility helpers for Azure discovery."""
+
+from .azure_clients import (  # noqa: F401
+    build_environment_config,
+    ensure_subscription_ids,
+    get_credential,
+    query_resource_graph,
+)
+from .graph_helpers import build_graph_edges, ensure_unique_nodes
+from .logging import get_logger

azure_discovery/utils/azure_clients.py

@@ -0,0 +1,182 @@
+"""Azure SDK client helpers."""
+
+from __future__ import annotations
+
+import asyncio
+from typing import Any, Dict, List, Optional
+
+from azure.identity import (
+    AzureCliCredential,
+    ChainedTokenCredential,
+    DefaultAzureCredential,
+)
+from azure.identity._constants import KnownAuthorities
+from azure.mgmt.resourcegraph import ResourceGraphClient
+from azure.mgmt.resourcegraph.models import QueryRequest
+from azure.mgmt.subscription import SubscriptionClient
+
+from ..adt_types import (
+    AzureDiscoveryRequest,
+    AzureEnvironment,
+    AzureEnvironmentConfig,
+    AzureClientError,
+)
+from .logging import get_logger
+
+LOGGER = get_logger()
+
+_ENVIRONMENT_MAP: Dict[AzureEnvironment, AzureEnvironmentConfig] = {
+    AzureEnvironment.AZURE_PUBLIC: AzureEnvironmentConfig(
+        name=AzureEnvironment.AZURE_PUBLIC,
+        authority_host=KnownAuthorities.AZURE_PUBLIC_CLOUD,
+        resource_manager="https://management.azure.com/",
+        storage_suffix="core.windows.net",
+    ),
+    AzureEnvironment.AZURE_GOV: AzureEnvironmentConfig(
+        name=AzureEnvironment.AZURE_GOV,
+        authority_host=KnownAuthorities.AZURE_GOVERNMENT,
+        resource_manager="https://management.usgovcloudapi.net/",
+        storage_suffix="core.usgovcloudapi.net",
+    ),
+    AzureEnvironment.AZURE_CHINA: AzureEnvironmentConfig(
+        name=AzureEnvironment.AZURE_CHINA,
+        authority_host=KnownAuthorities.AZURE_CHINA,
+        resource_manager="https://management.chinacloudapi.cn/",
+        storage_suffix="core.chinacloudapi.cn",
+    ),
+    AzureEnvironment.AZURE_GERMANY: AzureEnvironmentConfig(
+        name=AzureEnvironment.AZURE_GERMANY,
+        authority_host=KnownAuthorities.AZURE_GERMANY,
+        resource_manager="https://management.microsoftazure.de/",
+        storage_suffix="core.cloudapi.de",
+    ),
+    AzureEnvironment.AZURE_STACK: AzureEnvironmentConfig(
+        name=AzureEnvironment.AZURE_STACK,
+        authority_host=KnownAuthorities.AZURE_PUBLIC_CLOUD,
+        resource_manager="https://management.local.azurestack.external/",
+        storage_suffix="local.azurestack.external",
+    ),
+}
+
+
+def build_environment_config(
+    environment: AzureEnvironment,
+) -> AzureEnvironmentConfig:
+    """Return endpoints for the requested cloud."""
+
+    if environment not in _ENVIRONMENT_MAP:
+        raise AzureClientError(f"Unsupported environment: {environment}")
+    return _ENVIRONMENT_MAP[environment]
+
+
+def get_credential(
+    request: AzureDiscoveryRequest,
+    config: AzureEnvironmentConfig,
+) -> ChainedTokenCredential:
+    """Return credential chain honoring CLI preference."""
+
+    credential_chain = []
+    if request.prefer_cli_credentials:
+        credential_chain.append(
+            AzureCliCredential(
+                authority=config.authority_host,
+                tenant_id=request.tenant_id,
+            )
+        )
+    credential_chain.append(
+        DefaultAzureCredential(
+            authority=config.authority_host,
+            exclude_interactive_browser_credential=False,
+        )
+    )
+    return ChainedTokenCredential(*credential_chain)
+
+
+async def ensure_subscription_ids(
+    request: AzureDiscoveryRequest,
+    credential: ChainedTokenCredential,
+    base_url: Optional[str] = None,
+) -> List[str]:
+    """Resolve the subscription list, querying Azure if needed."""
+
+    if request.subscriptions:
+        return sorted({sub.strip() for sub in request.subscriptions if sub})
+
+    loop = asyncio.get_running_loop()
+
+    # Add explicit credential scopes for sovereign cloud support
+    credential_scopes = [base_url + ".default"] if base_url else None
+    client = SubscriptionClient(
+        credential=credential,
+        base_url=base_url,
+        credential_scopes=credential_scopes,
+    )
+
+    def _list_subscriptions() -> List[str]:
+        return [sub.subscription_id for sub in client.subscriptions.list()]
+
+    try:
+        results: List[str] = await loop.run_in_executor(
+            None, _list_subscriptions
+        )
+    except Exception as exc:  # noqa: BLE001
+        LOGGER.error(
+            "Failed to enumerate subscriptions",
+            extra={"context": {"error": str(exc)}},
+        )
+        raise AzureClientError("Unable to enumerate subscriptions") from exc
+    if not results:
+        raise AzureClientError("No subscriptions available for discovery")
+    return sorted(results)
+
+
+async def query_resource_graph(
+    credential: ChainedTokenCredential,
+    query: str,
+    subscriptions: List[str],
+    batch_size: int,
+    base_url: Optional[str] = None,
+) -> List[Dict[str, Any]]:
+    """Execute a Resource Graph query with pagination."""
+
+    if not query or not query.strip():
+        raise AzureClientError("Resource Graph query cannot be empty")
+
+    # Add explicit credential scopes for sovereign cloud support
+    credential_scopes = [base_url + ".default"] if base_url else None
+    client = ResourceGraphClient(
+        credential=credential,
+        base_url=base_url,
+        credential_scopes=credential_scopes,
+    )
+    payload = QueryRequest(
+        subscriptions=subscriptions,
+        query=query,
+        options={"resultFormat": "objectArray", "top": batch_size},
+    )
+    loop = asyncio.get_running_loop()
+    results: List[Dict[str, Any]] = []
+    skip_token: Optional[str] = None
+
+    while True:
+        if skip_token:
+            payload.options["skipToken"] = skip_token
+
+        def _run_query() -> Any:
+            return client.resources(payload)
+
+        try:
+            response = await loop.run_in_executor(None, _run_query)
+        except Exception as exc:  # noqa: BLE001
+            LOGGER.error(
+                "Resource Graph query failed",
+                extra={"context": {"error": str(exc)}},
+            )
+            raise AzureClientError("Resource Graph query failure") from exc
+
+        results.extend(response.data or [])
+        skip_token = getattr(response, "skip_token", None)
+        if not skip_token:
+            break
+
+    return results

azure_discovery/utils/graph_helpers.py

@@ -0,0 +1,42 @@
+"""Graph helper utilities."""
+
+from __future__ import annotations
+
+from typing import Iterable, List
+
+from ..adt_types import ResourceNode, ResourceRelationship
+
+
+def ensure_unique_nodes(nodes: Iterable[ResourceNode]) -> List[ResourceNode]:
+    """Remove duplicate nodes preserving last occurrence."""
+
+    seen = {}
+    for node in nodes:
+        if node.id in seen:
+            del seen[node.id]
+        seen[node.id] = node
+    return list(seen.values())
+
+
+def build_graph_edges(
+    nodes: Iterable[ResourceNode],
+    include_relationships: bool,
+) -> List[ResourceRelationship]:
+    """Create inferred relationships if required."""
+
+    if not include_relationships:
+        return []
+
+    node_map = {node.id: node for node in nodes}
+    edges: List[ResourceRelationship] = []
+    for node in node_map.values():
+        for dependency_id in node.dependencies:
+            if dependency_id in node_map:
+                edges.append(
+                    ResourceRelationship(
+                        source_id=node.id,
+                        target_id=dependency_id,
+                        relation_type="depends_on",
+                    )
+                )
+    return edges

azure_discovery/utils/logging.py

@@ -0,0 +1,59 @@
+"""Structured logging helpers."""
+
+from __future__ import annotations
+
+import json
+import logging
+import os
+import sys
+from typing import Any, Dict
+
+_LOGGER_NAME = "azure_discovery"
+
+
+def _build_json_formatter() -> logging.Formatter:
+    class JsonFormatter(logging.Formatter):
+        def format(self, record: logging.LogRecord) -> str:
+            payload: Dict[str, Any] = {
+                "logger": record.name,
+                "level": record.levelname,
+                "message": record.getMessage(),
+                "module": record.module,
+                "function": record.funcName,
+            }
+            if record.exc_info:
+                payload["exc_info"] = self.formatException(record.exc_info)
+            if record.__dict__.get("context"):
+                payload["context"] = record.__dict__["context"]
+            return json.dumps(payload)
+
+    return JsonFormatter()
+
+
+def get_logger(quiet: bool = False) -> logging.Logger:
+    """Return module-wide structured logger.
+
+    Args:
+        quiet: If True, only log ERROR and above. Logs always go to stderr.
+    """
+
+    logger = logging.getLogger(_LOGGER_NAME)
+    if logger.handlers:
+        # Update log level if quiet mode changed
+        if quiet:
+            logger.setLevel(logging.ERROR)
+        return logger
+
+    # Always use stderr for logs, never stdout
+    handler = logging.StreamHandler(sys.stderr)
+    handler.setFormatter(_build_json_formatter())
+    logger.addHandler(handler)
+
+    if quiet:
+        logger.setLevel(logging.ERROR)
+    else:
+        env_level = os.getenv("AZURE_DISCOVERY_LOG_LEVEL", "INFO").upper()
+        logger.setLevel(env_level)
+
+    logger.propagate = False
+    return logger

azure_discovery-0.1.0.dist-info/METADATA

@@ -0,0 +1,335 @@
+Metadata-Version: 2.4
+Name: azure-discovery
+Version: 0.1.0
+Summary: Lightweight Azure tenant discovery and visualization via Resource Graph. Enumerates subscriptions and resources, normalizes results, and renders interactive dependency graphs. Supports public and sovereign clouds (Gov, China, Germany, Azure Stack).
+Author: David Frazer <david.frazer336@gmail.com>
+License-Expression: MIT
+Project-URL: Documentation, https://github.com/maravedi/AzureDiscovery#readme
+Project-URL: Repository, https://github.com/maravedi/AzureDiscovery
+Project-URL: Bug Tracker, https://github.com/maravedi/AzureDiscovery/issues
+Keywords: azure,resource-graph,discovery,inventory,sovereign-cloud,visualization
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: System :: Systems Administration
+Requires-Python: >=3.11
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: pydantic>=2.7
+Requires-Dist: fastapi>=0.110
+Requires-Dist: uvicorn>=0.30
+Requires-Dist: typer>=0.12
+Requires-Dist: pyvis>=0.3.2
+Requires-Dist: azure-identity>=1.17
+Requires-Dist: azure-mgmt-resourcegraph>=8.0
+Requires-Dist: azure-mgmt-subscription>=3.1
+Provides-Extra: dev
+Requires-Dist: pytest>=8.2; extra == "dev"
+Requires-Dist: pytest-asyncio>=0.23; extra == "dev"
+Requires-Dist: pytest-cov>=5.0; extra == "dev"
+Requires-Dist: ruff>=0.4.0; extra == "dev"
+Requires-Dist: mypy>=1.10; extra == "dev"
+Dynamic: license-file
+
+# Azure Discovery
+
+Azure Discovery is a lightweight Azure tenant mapper that enumerates subscriptions and resources via Azure Resource Graph, normalizes the results, and renders an interactive dependency graph. The tool exposes both a Typer-based CLI (`azure-discovery`) and a FastAPI surface so the same discovery workflow can be automated or embedded in other services.
+
+The package is published on [PyPI](https://pypi.org/project/azure-discovery/) as **azure-discovery** and can be installed with `pip install azure-discovery`.
+
+## Core capabilities
+
+- Builds environment-aware credential chains (Azure CLI + DefaultAzureCredential) with guardrails for unsupported clouds.
+- Queries Azure Resource Graph with include/exclude filters, tag constraints, and resource group scopes.
+- Resolves subscriptions automatically when not provided and de-duplicates resources for consistent graph IDs.
+- Produces JSON summaries, console metrics, and PyVis HTML graphs for quick triage.
+- Offers identical request/response contracts (Pydantic models) across CLI and API, following the Receive an Object, Return an Object (RORO) pattern.
+- Supports all Azure clouds: public, Government (GCC/GCC-H), China, Germany, and Azure Stack.
+
+## Installation
+
+**From PyPI (recommended):**
+
+```bash
+pip install azure-discovery
+```
+
+**With optional development dependencies:**
+
+```bash
+pip install azure-discovery[dev]
+```
+
+**From source (e.g. for development or when embedded in another repo):**
+
+```bash
+git clone https://github.com/maravedi/AzureDiscovery.git
+cd AzureDiscovery
+pip install -e .[dev]
+```
+
+## Package layout
+
+When installed, the package provides the **azure_discovery** Python package:
+
+```
+azure_discovery/
+  __init__.py       # run_discovery, AzureDiscoveryRequest, AzureDiscoveryResponse, etc.
+  cli.py            # Typer command surface (entry point: azure-discovery)
+  api.py            # FastAPI app for /discover and visualization endpoints
+  orchestrator.py   # Async coordinator for enumeration + visualization
+  adt_types/        # Pydantic models and custom exceptions
+  enumerators/      # Resource Graph query builder and normalization
+  reporting/        # Console logging and HTML/PyVis graph generation
+  utils/            # Azure SDK clients, graph helpers, structured logging
+```
+
+**Programmatic usage:**
+
+```python
+from azure_discovery import run_discovery
+from azure_discovery.adt_types import (
+    AzureDiscoveryRequest,
+    AzureDiscoveryResponse,
+    AzureEnvironment,
+    DiscoveryFilter,
+)
+
+request = AzureDiscoveryRequest(
+    tenant_id="<tenant-guid>",
+    environment=AzureEnvironment.AZURE_GOV,
+    subscriptions=["<sub-id>"],
+    filter=DiscoveryFilter(include_types=["Microsoft.Compute/virtualMachines"]),
+)
+response = await run_discovery(request)
+# response.nodes, response.relationships, response.html_report_path
+```
+
+To pass your own credential (e.g. for sovereign cloud from another app):
+
+```python
+from azure_discovery.enumerators.azure_resources import enumerate_azure_resources
+
+response = await enumerate_azure_resources(request, credential=my_credential)
+```
+
+## Prerequisites
+
+- Python 3.11+
+- Azure CLI 2.60+ (optional, used when `--prefer-cli` is set) or service principal credentials exported as `AZURE_CLIENT_ID`, `AZURE_TENANT_ID`, and `AZURE_CLIENT_SECRET`
+- Azure Resource Graph access (Reader or above on the subscriptions you plan to scan)
+- Network egress to `management.azure.com` and `api.azure.com` (or the sovereign cloud endpoints you select)
+
+## Required Azure permissions
+
+| Capability | Minimum RBAC role | Scope recommendation |
+| ---------- | ----------------- | -------------------- |
+| Run Resource Graph queries | `Reader`, `Resource Graph Reader`, or any custom role with `Microsoft.ResourceGraph/*/read` | Every subscription you plan to inventory or the parent management group |
+| Auto-discover subscriptions (when `--subscription` is omitted) | `Reader` on the management group or `Directory.Read.All` consent for service principals | Tenant root (`/providers/Microsoft.Management/managementGroups/<root>`) |
+| Register Microsoft.ResourceGraph (one-time) | `Contributor` or `Owner` | Each subscription being scanned |
+
+The tool never mutates resources, but it cannot enumerate subscriptions or call Resource Graph unless the identity has at least `Reader` at the relevant scope. Grant the narrowest scope that still covers your target estate (for example, a dedicated management group for security tooling).
+
+### Service principal flow (CLI based)
+
+```
+az ad sp create-for-rbac \
+  --name azure-discovery-sp \
+  --role "Reader" \
+  --scopes /subscriptions/<sub-id-1> /subscriptions/<sub-id-2> \
+  --years 1
+
+az role assignment create \
+  --assignee <appId> \
+  --role "Resource Graph Reader" \
+  --scope /subscriptions/<sub-id-1>
+```
+
+Export the emitted `appId`, `tenant`, and `password` as `AZURE_CLIENT_ID`, `AZURE_TENANT_ID`, and `AZURE_CLIENT_SECRET`. Repeat the role assignment command for every subscription or assign at the management group scope (`/providers/Microsoft.Management/managementGroups/<mg-id>`) to cover multiple subscriptions at once.
+
+### User-assigned permissions (Portal)
+
+1. Open Azure Portal → **Subscriptions** → select each target subscription.
+2. Navigate to **Access control (IAM)** → **Add** → **Add role assignment**.
+3. Pick the `Reader` (or `Resource Graph Reader`) role, then select the user or managed identity that will run AzureDiscovery.
+4. If you want automatic subscription discovery, repeat the assignment at the tenant root management group (visible under **Management groups**). Users need the **Azure RBAC Reader** role there.
+
+### Provider registration and validation
+
+Run the following once per subscription to ensure the Resource Graph service is registered and the identity can query it:
+
+```
+az account set --subscription <sub-id>
+az provider register --namespace Microsoft.ResourceGraph
+az graph query -q "Resources | take 1"
+```
+
+Successful output from `az graph query` confirms both the provider registration and the assigned role. If the command fails with `AuthorizationFailed`, double-check the scope of the role assignments and replicate them for every subscription you intend to scan.
+
+## Getting started
+
+1. **Install** (see [Installation](#installation) above).
+
+2. **Authenticate to Azure**
+
+   - Interactive: `az login --tenant <tenant-id>` and, if multiple tenants, `az account set --subscription <sub-id>`.
+   - Service principal: export `AZURE_CLIENT_ID`, `AZURE_TENANT_ID`, `AZURE_CLIENT_SECRET`, and (optionally) `AZURE_SUBSCRIPTION_ID`.
+   - For sovereign clouds (e.g. Azure Government): set `az cloud set --name AzureUSGovernment` and log in; or use a service principal with the appropriate authority.
+
+3. **Run the CLI**
+
+   After install, the `azure-discovery` console script is on your PATH:
+
+   ```bash
+   azure-discovery discover \
+     --tenant-id <tenant-guid> \
+     --subscription <sub-id-1> --subscription <sub-id-2> \
+     --include-type "Microsoft.Compute/virtualMachines" \
+     --resource-group core-infra \
+     --required-tag environment=prod \
+     --visualization-output-dir artifacts/graphs
+   ```
+
+   **Run as a module from source** (from the repo root):
+
+   ```bash
+   python -m azure_discovery.cli discover --help
+   python -m azure_discovery.cli discover --tenant-id <tenant-guid> --environment azure_gov [options...]
+   ```
+
+   The command prints the structured `AzureDiscoveryResponse` JSON and writes an interactive HTML graph under `artifacts/graphs/`.
+
+4. **Run the API (optional)**
+
+   ```bash
+   uvicorn azure_discovery.api:app --host 0.0.0.0 --port 8000 --reload
+   ```
+
+   - Health check: `curl http://localhost:8000/healthz`
+   - Discovery: `curl -X POST http://localhost:8000/discover -H "Content-Type: application/json" -d '{"tenant_id": "...", ... }'`
+   - Download visualization: `curl http://localhost:8000/visuals/<file-name> --output graph.html`
+
+## Configuration reference
+
+| Option | Description |
+| ------ | ----------- |
+| `--tenant-id` | Required Entra ID tenant GUID. |
+| `--environment` | Azure cloud (`azure_public`, `azure_gov`, `azure_china`, `azure_germany`, `azure_stack`). |
+| `--subscription/-s` | Repeatable flag to scope runs to explicit subscription IDs. Omit to auto-resolve. |
+| `--include-type` / `--exclude-type` | Filter resource types (case-insensitive). |
+| `--resource-group` | Restrict discovery to named resource groups. |
+| `--required-tag` | Enforce tag key=value pairs (repeatable). |
+| `--prefer-cli` | Place Azure CLI credentials at the front of the chain. |
+| `--visualization-output-dir` | Directory for PyVis HTML output (default `artifacts/graphs`). |
+| `--visualization-file` | Override the generated HTML file name. |
+| `--output/-o` | Write JSON output to file instead of stdout. |
+| `--quiet/-q` | Suppress all logs except errors. |
+| `--format/-f` | Output format: `json` (default) or `json-compact`. |
+
+Programmatic workflows can instantiate `AzureDiscoveryRequest` directly and call `orchestrator.run_discovery`, receiving an `AzureDiscoveryResponse` that contains resolved subscriptions, normalized nodes, inferred relationships, and an optional `html_report_path`.
+
+### Output and logging separation
+
+By default, the CLI writes JSON results to stdout and logs to stderr. This allows clean piping:
+
+```bash
+# Pipe JSON output to jq for filtering
+azure-discovery discover --tenant-id <id> | jq '.discovered_subscriptions'
+
+# Write output to file and suppress logs
+azure-discovery discover --tenant-id <id> --output results.json --quiet
+
+# Compact JSON output for scripting
+azure-discovery discover --tenant-id <id> --format json-compact
+```
+
+## Development
+
+### Quick start
+
+```bash
+# Install with development dependencies
+make install-dev
+
+# Run tests
+make test
+
+# Format code
+make format
+
+# Run linting
+make lint
+
+# Type checking
+make typecheck
+
+# Generate coverage report
+make coverage
+```
+
+### Available make commands
+
+Run `make help` to see all available commands:
+- `make install` - Install package dependencies
+- `make install-dev` - Install with development dependencies
+- `make test` - Run tests with pytest
+- `make lint` - Run ruff linter
+- `make format` - Format code with ruff
+- `make typecheck` - Run mypy type checking
+- `make coverage` - Generate test coverage report
+- `make clean` - Remove build artifacts and cache
+- `make run-api` - Run FastAPI server locally
+
+### Pre-commit hooks
+
+Install pre-commit hooks to automatically run linting and formatting on commit:
+
+```bash
+pip install pre-commit
+pre-commit install
+```
+
+This will run ruff formatting, linting, and mypy type checking before each commit.
+
+### Environment variables
+
+Copy `.env.example` to `.env` and configure your Azure credentials:
+
+```bash
+cp .env.example .env
+# Edit .env with your credentials
+```
+
+For detailed contributing guidelines, see [CONTRIBUTING.md](CONTRIBUTING.md).
+
+## Troubleshooting
+
+- **`AzureClientError: Unable to enumerate subscriptions`** – ensure the identity has at least `Reader` on one subscription and that the Resource Graph service is registered (`az provider register --namespace Microsoft.ResourceGraph`).
+- **`Resource Graph query failure`** – check that the tenant/subscription pair belongs to the same cloud you selected, and verify network egress to the relevant `resource_manager` endpoint (see `_ENVIRONMENT_MAP` in `azure_discovery.utils.azure_clients`).
+- **`VisualizationError: Failed to render HTML graph`** – confirm the `--visualization-output-dir` path exists and is writable; the PyVis writer does not auto-create directories unless it has permissions on each parent.
+- **`401` or `interaction_required` errors** – when running non-interactively, use a service principal credential chain and set `AZURE_CLIENT_SECRET`; the default chain will otherwise attempt to launch an interactive browser flow.
+- **Empty graph output** – verify filters are not mutually exclusive (e.g., mixing include/exclude for the same type) and that `--max-batch-size` in the request (via API) is not set below the minimum (100).
+
+## Known gaps and future opportunities
+
+- **Identity & RBAC coverage** – the tool currently inventories Azure Resource Manager assets only; Entra ID objects, role assignments, and policy definitions are not ingested or visualized.
+- **Change tracking** – runs are stateless; there is no persistence layer or diffing between historical discoveries.
+- **Security context** – vulnerability, compliance, and workload insights (e.g., Defender for Cloud signals) are not integrated.
+- **API hardening** – the FastAPI surface is unprotected (no authN/Z, rate limiting, or request quotas); deploy behind an API gateway or add middleware before production use.
+- **Scale controls** – back-off and throttling are minimal (`throttle_delay_seconds` only); there is no adaptive rate control or batching heuristics for very large tenants.
+
+These items are valuable next steps if you intend to operationalize Azure Discovery beyond ad-hoc investigations.
+
+## Publishing to PyPI (maintainers)
+
+To publish a new version to PyPI:
+
+1. Bump `version` in `pyproject.toml`.
+2. Ensure tests pass: `pip install -e .[dev] && pytest`.
+3. Build: `python -m build`.
+4. Upload: `twine upload dist/azure-discovery-<version>*` (requires PyPI credentials or token).
+
+The package uses a single top-level package **azure_discovery** to avoid namespace conflicts on install. The console script **azure-discovery** is provided by the `[project.scripts]` entry in `pyproject.toml`.

azure_discovery-0.1.0.dist-info/RECORD

@@ -0,0 +1,22 @@
+azure_discovery/__init__.py,sha256=tK8HAgGDPhdvsTOdWFHZK0pB5JUZBo6G23w7np2w8dE,835
+azure_discovery/api.py,sha256=J1iRt3SyVqbSbVpvQgfQcwDtzGK-PT7QlU5QQDTnv_k,1290
+azure_discovery/cli.py,sha256=Qqjifxu-zbsktkxpA0_8LI7PntgnmUOvs1NlcCu_Vj0,4233
+azure_discovery/orchestrator.py,sha256=xD_W0qHw46ahia95Lbam2UUa13jw4jnStWc-DE7nQLU,839
+azure_discovery/adt_types/__init__.py,sha256=wKv5ggC77-hCve-96VWnkjsjAe-zbzbcHEi1jQCCjOw,433
+azure_discovery/adt_types/errors.py,sha256=_I_2CTzEowzoXEXZcJEcyknmOYovG30IvX-jXt7d0RE,340
+azure_discovery/adt_types/models.py,sha256=KsT1WCUByCJYaWHTA0soVg7eM3LQNXPqWueabLFh69Y,3291
+azure_discovery/enumerators/__init__.py,sha256=NN13QgAU32Olw96YRNGNwzS3jB3aKY_elYbzGJ1tubQ,120
+azure_discovery/enumerators/azure_resources.py,sha256=jlWpsP3RpWlNk7H_Fw_pWfTOrT_01M43zaQWnbOmiZE,4533
+azure_discovery/reporting/__init__.py,sha256=hEqI9Aaoik3GNqf-cqG_MXfX6HxcJVHUZBHrzLbMVlA,153
+azure_discovery/reporting/console.py,sha256=3aEq7cG0Zq0Malxsj7qroTsVWRxI3to8kUPNdBnaNjU,785
+azure_discovery/reporting/html.py,sha256=jH4BJjZFGFpoSvquxnosMx1AIyWfUf0immdDnqm-ElM,2154
+azure_discovery/utils/__init__.py,sha256=oIrIQN9OPeaE3djBcB5sR1PhBpkdkw9lA8QEEv4agHY,292
+azure_discovery/utils/azure_clients.py,sha256=TG4tWivxE2IvKSBGRUtWF0eA25Wb0GrILor2nrfcwmY,5972
+azure_discovery/utils/graph_helpers.py,sha256=XQTqEg9SPU6V3r2qas2BII6-KquBizc5DclbCLAfLKg,1181
+azure_discovery/utils/logging.py,sha256=LvT9Fea__hqOq2UwScHpT8eElW4ArzwyZwVMBSMUgoc,1692
+azure_discovery-0.1.0.dist-info/licenses/LICENSE,sha256=H5Cd8vqg-_kMV2v3EQEc9JgLWLa-tZKrn8ekdbVRE_0,1085
+azure_discovery-0.1.0.dist-info/METADATA,sha256=ruZ-wVxReb5QSxtV2WEXSV6SWJ7s_ViUQ-DGu4MCbCI,15516
+azure_discovery-0.1.0.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+azure_discovery-0.1.0.dist-info/entry_points.txt,sha256=ZoF7ybEeKIn5Q2Rklb77swS2lZ-4L_NzXhUOo1pFttM,61
+azure_discovery-0.1.0.dist-info/top_level.txt,sha256=aui6halihvG0KwHYrQYpTpu5gO-dI-Xr3nQ1JRB1vIk,16
+azure_discovery-0.1.0.dist-info/RECORD,,

azure_discovery-0.1.0.dist-info/WHEEL

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (80.10.2)
+Root-Is-Purelib: true
+Tag: py3-none-any
+

azure_discovery-0.1.0.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+azure-discovery = azure_discovery.cli:main

azure_discovery-0.1.0.dist-info/licenses/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Azure Discovery Contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

azure_discovery-0.1.0.dist-info/top_level.txt

@@ -0,0 +1 @@
+azure_discovery