granny-devops 0.9.2__tar.gz → 0.10.0__tar.gz

{granny_devops-0.9.2 → granny_devops-0.10.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: granny-devops
-Version: 0.9.2
+Version: 0.10.0
 Summary: Cloud tools collection -- AWS infrastructure, CDN, and DevOps automation
 Author-email: Martin Wieser <martin.wieser@pseekoo.com>
 License: MIT License
@@ -221,6 +221,7 @@ Common keys:
 | ClouDNS | `CLOUDNS_AUTH_ID`/`_PASSWORD` (or `_SUB_AUTH_ID`/`_SUB_AUTH_USER`) |
 | INWX | `INWX_USERNAME`, `INWX_PASSWORD`, `INWX_SHARED_SECRET` (only with 2FA) |
 | Docker Hub | `DOCKER_HUB_USER`, `DOCKER_HUB_TOKEN` |
+| Elasticsearch / Kibana | `ELASTICSEARCH_URL`, `ELASTICSEARCH_API_KEY` or `ELASTICSEARCH_USERNAME` + `ELASTICSEARCH_PASSWORD` |
 
 Set only the ones you need. Use `granny credentials status` to verify
 what's configured at any time.
@@ -297,6 +298,28 @@ granny authentik list providers
 granny authentik rotate-secret my-oauth-provider
 granny authentik add-user-to-group user@example.com     # defaults to dash_admins
 granny authentik api GET /api/v3/core/users/me/        # generic escape hatch
+
+# Elasticsearch / Kibana users
+granny elk add-user user@example.com \
+  --email user@example.com \
+  --full-name "Example User" \
+  --role kibana_admin \
+  --generate-password
+
+# Azure -- subscriptions, ARM deployments, OpenAI, App Service, VM sizes
+granny azure account whoami                                  # signed-in identity
+granny azure account list                                    # subscriptions
+granny azure deployment list --subscription <id> --all-groups
+granny azure openai accounts --subscription <id>
+granny azure openai deployments --subscription <id> --kind OpenAI
+granny azure webapp list --subscription <id>
+granny azure vm-sizes list --subscription <id> --location polandcentral
+
+# Search-engine indexing (IndexNow + Google Indexing API)
+granny indexing generate-key                                 # mint an IndexNow key
+granny indexing submit https://example.com/new-page          # notify every engine
+granny indexing indexnow https://example.com/p1 https://example.com/p2
+granny indexing google https://example.com/job-posting --action URL_UPDATED
 ```
 
 ## Capability matrix
@@ -314,6 +337,9 @@ granny authentik api GET /api/v3/core/users/me/        # generic escape hatch
 | Cross-cloud inventory | GPU instances + reservations, credit balances, MTD spend + forecast (AWS, GCP, Azure) |
 | SSL automation | Bunny, Cloudflare, ACM |
 | SSO / IdP | Authentik (provider, application, group, and user operations) |
+| Observability admin | Elasticsearch / Kibana native-user management |
+| Azure ops | Identity, subscriptions, ARM deployments, Cognitive Services (Azure OpenAI), App Service, VM sizes, compute quota |
+| Search indexing | IndexNow (Bing/Yandex/Seznam/Naver/Yep), Google Indexing API |
 
 ## As a library
 
@@ -343,6 +369,8 @@ load_secrets_into_env()
 granny/
   cli/           Click command groups (granny <group> <verb>)
   analyze/      Cross-cloud inventory (AWS, GCP, Azure)
+  authentik/    Authentik admin
+  azure/        Azure account, ARM deployments, Cognitive, App Service, VM sizes, quota
   cdn/          Bunny CDN
   cloudflare/   Cloudflare Workers / D1 / R2 / KV
   create/       Standalone setup scripts (granny create <name>)
@@ -350,7 +378,9 @@ granny/
   dns/          Provider-agnostic DNS CRUD
   docker/       Multi-arch image builds
   edge/         Bunny Edge Scripting
+  elk/          Elasticsearch / Kibana security user management
   email/        Mailjet, WorkMail, SES forwarding
+  indexing/     IndexNow + Google Indexing API
   serverless/   Scaleway FaaS
   storage/      Object storage (AWS / Bunny / Hetzner)
 ```

{granny_devops-0.9.2 → granny_devops-0.10.0}/README.md

@@ -89,6 +89,7 @@ Common keys:
 | ClouDNS | `CLOUDNS_AUTH_ID`/`_PASSWORD` (or `_SUB_AUTH_ID`/`_SUB_AUTH_USER`) |
 | INWX | `INWX_USERNAME`, `INWX_PASSWORD`, `INWX_SHARED_SECRET` (only with 2FA) |
 | Docker Hub | `DOCKER_HUB_USER`, `DOCKER_HUB_TOKEN` |
+| Elasticsearch / Kibana | `ELASTICSEARCH_URL`, `ELASTICSEARCH_API_KEY` or `ELASTICSEARCH_USERNAME` + `ELASTICSEARCH_PASSWORD` |
 
 Set only the ones you need. Use `granny credentials status` to verify
 what's configured at any time.
@@ -165,6 +166,28 @@ granny authentik list providers
 granny authentik rotate-secret my-oauth-provider
 granny authentik add-user-to-group user@example.com     # defaults to dash_admins
 granny authentik api GET /api/v3/core/users/me/        # generic escape hatch
+
+# Elasticsearch / Kibana users
+granny elk add-user user@example.com \
+  --email user@example.com \
+  --full-name "Example User" \
+  --role kibana_admin \
+  --generate-password
+
+# Azure -- subscriptions, ARM deployments, OpenAI, App Service, VM sizes
+granny azure account whoami                                  # signed-in identity
+granny azure account list                                    # subscriptions
+granny azure deployment list --subscription <id> --all-groups
+granny azure openai accounts --subscription <id>
+granny azure openai deployments --subscription <id> --kind OpenAI
+granny azure webapp list --subscription <id>
+granny azure vm-sizes list --subscription <id> --location polandcentral
+
+# Search-engine indexing (IndexNow + Google Indexing API)
+granny indexing generate-key                                 # mint an IndexNow key
+granny indexing submit https://example.com/new-page          # notify every engine
+granny indexing indexnow https://example.com/p1 https://example.com/p2
+granny indexing google https://example.com/job-posting --action URL_UPDATED
 ```
 
 ## Capability matrix
@@ -182,6 +205,9 @@ granny authentik api GET /api/v3/core/users/me/        # generic escape hatch
 | Cross-cloud inventory | GPU instances + reservations, credit balances, MTD spend + forecast (AWS, GCP, Azure) |
 | SSL automation | Bunny, Cloudflare, ACM |
 | SSO / IdP | Authentik (provider, application, group, and user operations) |
+| Observability admin | Elasticsearch / Kibana native-user management |
+| Azure ops | Identity, subscriptions, ARM deployments, Cognitive Services (Azure OpenAI), App Service, VM sizes, compute quota |
+| Search indexing | IndexNow (Bing/Yandex/Seznam/Naver/Yep), Google Indexing API |
 
 ## As a library
 
@@ -211,6 +237,8 @@ load_secrets_into_env()
 granny/
   cli/           Click command groups (granny <group> <verb>)
   analyze/      Cross-cloud inventory (AWS, GCP, Azure)
+  authentik/    Authentik admin
+  azure/        Azure account, ARM deployments, Cognitive, App Service, VM sizes, quota
   cdn/          Bunny CDN
   cloudflare/   Cloudflare Workers / D1 / R2 / KV
   create/       Standalone setup scripts (granny create <name>)
@@ -218,7 +246,9 @@ granny/
   dns/          Provider-agnostic DNS CRUD
   docker/       Multi-arch image builds
   edge/         Bunny Edge Scripting
+  elk/          Elasticsearch / Kibana security user management
   email/        Mailjet, WorkMail, SES forwarding
+  indexing/     IndexNow + Google Indexing API
   serverless/   Scaleway FaaS
   storage/      Object storage (AWS / Bunny / Hetzner)
 ```

{granny_devops-0.9.2 → granny_devops-0.10.0}/granny/__init__.py

@@ -1,6 +1,6 @@
 """Granny -- Cloud tools collection for AWS infrastructure and DevOps automation."""
 
-__version__ = "0.9.2"
+__version__ = "0.10.0"
 __all__ = [
     "get_secret",
     "load_secrets_into_env",

granny_devops-0.10.0/granny/analyze/gpu_pricing.py

@@ -0,0 +1,199 @@
+"""Forward-looking GPU cluster cost estimation for AWS.
+
+Pulls live on-demand rates from the AWS Pricing API and effective hourly
+rates from Capacity Block offerings via ``describe_capacity_block_offerings``,
+then multiplies by hours and node count.
+
+The Pricing API runs only in ``us-east-1`` and ``ap-south-1`` but returns
+prices for every region. It does not need any non-default IAM permissions
+in most accounts. Capacity Block discovery does need an authenticated
+profile.
+
+Compute dominates an H100/H200 cluster's monthly bill by 2+ orders of
+magnitude (one ``p5en.48xlarge`` is ~$98/hr on-demand; the 100GB EBS root
+is ~$8/mo). We do not surface storage/network/data-transfer here -- treat
+the number as ``+/- 5%``.
+"""
+
+from __future__ import annotations
+
+import json
+import logging
+from dataclasses import dataclass
+
+logger = logging.getLogger(__name__)
+
+
+# AWS Pricing API uses human-readable "location" strings rather than
+# region codes. This covers the regions where p5e / p5en (H200) are sold.
+_PRICING_LOCATIONS: dict[str, str] = {
+    "us-east-1": "US East (N. Virginia)",
+    "us-east-2": "US East (Ohio)",
+    "us-west-1": "US West (N. California)",
+    "us-west-2": "US West (Oregon)",
+    "eu-west-1": "Europe (Ireland)",
+    "eu-west-2": "Europe (London)",
+    "eu-west-3": "Europe (Paris)",
+    "eu-central-1": "Europe (Frankfurt)",
+    "eu-north-1": "Europe (Stockholm)",
+    "ap-northeast-1": "Asia Pacific (Tokyo)",
+    "ap-northeast-2": "Asia Pacific (Seoul)",
+    "ap-southeast-1": "Asia Pacific (Singapore)",
+    "ap-southeast-2": "Asia Pacific (Sydney)",
+    "ap-south-1": "Asia Pacific (Mumbai)",
+    "ca-central-1": "Canada (Central)",
+}
+
+
+@dataclass
+class GpuClusterCostEstimate:
+    """Per-region, per-pricing-plan estimate for a GPU cluster.
+
+    ``hourly_per_node`` is the canonical figure; ``monthly_*`` are derived
+    by multiplying by ``hours_per_month`` and ``node_count``. ``None`` means
+    the underlying API returned nothing (region unsupported, no capacity).
+    """
+
+    instance_type: str
+    region: str
+    node_count: int
+    plan: str  # 'ondemand' or 'capacity-block'
+    hourly_per_node: float | None
+    monthly_per_node: float | None
+    monthly_total: float | None
+    hours_per_month: float
+    currency: str
+    notes: str
+
+
+def get_aws_ondemand_hourly(
+    instance_type: str,
+    region: str,
+    profile: str | None = None,
+) -> float | None:
+    """Return the on-demand USD/hour price for a Linux instance in the region.
+
+    Returns ``None`` if the Pricing API has no matching offer (typically
+    means the instance type is not yet sold in that region).
+    """
+    import boto3
+    from botocore.exceptions import BotoCoreError, ClientError
+
+    location = _PRICING_LOCATIONS.get(region)
+    if not location:
+        raise ValueError(
+            f"Unmapped Pricing API location for region {region!r}; "
+            f"add it to _PRICING_LOCATIONS"
+        )
+
+    session = boto3.Session(profile_name=profile if profile and profile != "default" else None)
+    pricing = session.client("pricing", region_name="us-east-1")
+
+    filters = [
+        {"Type": "TERM_MATCH", "Field": "ServiceCode", "Value": "AmazonEC2"},
+        {"Type": "TERM_MATCH", "Field": "instanceType", "Value": instance_type},
+        {"Type": "TERM_MATCH", "Field": "location", "Value": location},
+        {"Type": "TERM_MATCH", "Field": "tenancy", "Value": "Shared"},
+        {"Type": "TERM_MATCH", "Field": "operatingSystem", "Value": "Linux"},
+        {"Type": "TERM_MATCH", "Field": "preInstalledSw", "Value": "NA"},
+        {"Type": "TERM_MATCH", "Field": "capacitystatus", "Value": "Used"},
+        {"Type": "TERM_MATCH", "Field": "marketoption", "Value": "OnDemand"},
+    ]
+    try:
+        resp = pricing.get_products(ServiceCode="AmazonEC2", Filters=filters, MaxResults=20)
+    except (BotoCoreError, ClientError) as e:
+        raise RuntimeError(f"AWS Pricing API call failed: {e}") from e
+
+    for raw in resp.get("PriceList", []):
+        doc = json.loads(raw)
+        for term in doc.get("terms", {}).get("OnDemand", {}).values():
+            for dim in term.get("priceDimensions", {}).values():
+                price = dim.get("pricePerUnit", {}).get("USD")
+                if price and float(price) > 0:
+                    return float(price)
+    return None
+
+
+def _capacity_block_hourly(
+    instance_type: str,
+    node_count: int,
+    region: str,
+    profile: str | None,
+) -> tuple[float | None, str]:
+    """Return ``(effective_hourly_per_node, note)`` from cheapest current block."""
+    from granny.analyze.gpus import list_aws_capacity_block_offerings
+
+    offerings = list_aws_capacity_block_offerings(
+        instance_type=instance_type,
+        instance_count=node_count,
+        duration_hours=24,
+        start_window_days=30,
+        profiles=[profile] if profile else None,
+        regions=[region],
+    )
+    if not offerings:
+        return None, "No Capacity Block offerings in the next 30 days"
+
+    cheapest = offerings[0]
+    hours = cheapest.duration_hours or 24
+    nodes = cheapest.instance_count or node_count or 1
+    per_node_hour = cheapest.upfront_fee / (nodes * hours)
+    note = (
+        f"From cheapest 24h block: ${cheapest.upfront_fee:,.2f} upfront for "
+        f"{cheapest.instance_count}x at {cheapest.start_time[:10]}"
+    )
+    return per_node_hour, note
+
+
+def estimate_cluster_monthly(
+    instance_type: str,
+    node_count: int,
+    region: str,
+    plan: str = "ondemand",
+    hours_per_month: float = 730.0,
+    profile: str | None = None,
+) -> GpuClusterCostEstimate:
+    """Estimate the monthly cost of a GPU cluster in one region under one plan.
+
+    Args:
+        instance_type: EC2 instance type, e.g. ``p5en.48xlarge`` (H200 x8).
+        node_count: Number of nodes the cluster runs at full active load.
+        region: AWS region code.
+        plan: ``"ondemand"`` (Pricing API) or ``"capacity-block"`` (derives
+            an effective hourly from the cheapest 24h block currently sold).
+        hours_per_month: 730 = full 24/7 month; 168 = one week per month;
+            etc. Use this to model partial-month usage.
+        profile: AWS profile (needed only for ``"capacity-block"``).
+    """
+    notes: list[str] = []
+    hourly: float | None = None
+
+    if plan == "ondemand":
+        hourly = get_aws_ondemand_hourly(instance_type, region, profile)
+        if hourly is None:
+            notes.append(
+                f"Pricing API has no on-demand offer for {instance_type} in {region}"
+            )
+    elif plan == "capacity-block":
+        hourly, cb_note = _capacity_block_hourly(instance_type, node_count, region, profile)
+        notes.append(cb_note)
+    else:
+        raise ValueError(
+            f"plan must be 'ondemand' or 'capacity-block', got {plan!r}"
+        )
+
+    monthly_per_node = hourly * hours_per_month if hourly is not None else None
+    monthly_total = monthly_per_node * node_count if monthly_per_node is not None else None
+
+    return GpuClusterCostEstimate(
+        instance_type=instance_type,
+        region=region,
+        node_count=node_count,
+        plan=plan,
+        hourly_per_node=hourly,
+        monthly_per_node=monthly_per_node,
+        monthly_total=monthly_total,
+        hours_per_month=hours_per_month,
+        currency="USD",
+        notes="; ".join(n for n in notes if n),
+    )

granny_devops-0.10.0/granny/azure/__init__.py

@@ -0,0 +1 @@
+"""Azure operational helpers."""

granny_devops-0.10.0/granny/azure/_client.py

@@ -0,0 +1,81 @@
+"""Shared Azure Resource Manager HTTP helpers.
+
+Used by every module under ``granny.azure`` except ``quota.py``, which keeps
+its own copy for historical reasons. New modules should route through here.
+"""
+
+from __future__ import annotations
+
+import base64
+import json
+from collections.abc import Iterator
+from typing import Any
+
+import requests
+
+MANAGEMENT_SCOPE = "https://management.azure.com/.default"
+MANAGEMENT_URL = "https://management.azure.com"
+
+
+def get_management_token() -> str:
+    """Return an ARM bearer token from the default credential chain."""
+    try:
+        from azure.identity import DefaultAzureCredential
+    except ImportError as e:
+        raise RuntimeError(
+            "Azure support requires the [azure] extra: "
+            "pip install 'granny-devops[azure]'"
+        ) from e
+
+    credential = DefaultAzureCredential()
+    return credential.get_token(MANAGEMENT_SCOPE).token
+
+
+def headers(token: str | None = None) -> dict[str, str]:
+    """Authorization headers for ARM REST calls."""
+    bearer = token if token is not None else get_management_token()
+    return {
+        "Authorization": f"Bearer {bearer}",
+        "Content-Type": "application/json",
+    }
+
+
+def get(url: str, *, token: str | None = None) -> dict[str, Any]:
+    """Issue a GET against ARM and return the JSON body."""
+    response = requests.get(url, headers=headers(token), timeout=60)
+    if response.status_code == 404:
+        raise KeyError(f"Azure resource not found: {url}")
+    if response.status_code != 200:
+        raise_response_error("GET", url, response)
+    return response.json()
+
+
+def paginate(url: str, *, token: str | None = None) -> Iterator[dict[str, Any]]:
+    """Yield each item from a paginated ARM ``value``/``nextLink`` collection."""
+    bearer = token if token is not None else get_management_token()
+    next_url: str | None = url
+    while next_url:
+        data = get(next_url, token=bearer)
+        for item in data.get("value", []):
+            yield item
+        next_url = data.get("nextLink")
+
+
+def decode_jwt_payload(token: str) -> dict[str, Any]:
+    """Return the unverified JWT payload claims for ``token``."""
+    parts = token.split(".")
+    if len(parts) < 2:
+        return {}
+    payload_b64 = parts[1] + "=" * (-len(parts[1]) % 4)
+    try:
+        return json.loads(base64.urlsafe_b64decode(payload_b64))
+    except (ValueError, json.JSONDecodeError):
+        return {}
+
+
+def raise_response_error(method: str, url: str, response: requests.Response) -> None:
+    """Wrap a non-OK ARM response in a uniform RuntimeError."""
+    snippet = response.text[:1000]
+    raise RuntimeError(
+        f"Azure ARM {method} {url} failed: {response.status_code} {snippet}"
+    )

granny_devops-0.10.0/granny/azure/account.py

@@ -0,0 +1,90 @@
+"""Azure account and subscription helpers."""
+
+from __future__ import annotations
+
+from dataclasses import dataclass
+from typing import Any
+
+from granny.azure import _client
+
+_SUBSCRIPTIONS_API_VERSION = "2022-12-01"
+_TENANTS_API_VERSION = "2022-12-01"
+
+
+@dataclass
+class AzureIdentity:
+    object_id: str | None
+    tenant_id: str | None
+    user_principal_name: str | None
+    display_name: str | None
+    app_id: str | None
+    identity_type: str | None
+    audience: str | None
+    raw_claims: dict[str, Any]
+
+
+@dataclass
+class AzureSubscription:
+    subscription_id: str
+    display_name: str
+    state: str | None
+    tenant_id: str | None
+    raw: dict[str, Any]
+
+
+@dataclass
+class AzureTenant:
+    tenant_id: str
+    display_name: str | None
+    default_domain: str | None
+    raw: dict[str, Any]
+
+
+def get_signed_in_identity() -> AzureIdentity:
+    """Return identity info derived from the current ARM access token."""
+    token = _client.get_management_token()
+    claims = _client.decode_jwt_payload(token)
+    return AzureIdentity(
+        object_id=claims.get("oid"),
+        tenant_id=claims.get("tid"),
+        user_principal_name=claims.get("upn") or claims.get("unique_name"),
+        display_name=claims.get("name"),
+        app_id=claims.get("appid") or claims.get("azp"),
+        identity_type=claims.get("idtyp"),
+        audience=claims.get("aud"),
+        raw_claims=claims,
+    )
+
+
+def list_subscriptions() -> list[AzureSubscription]:
+    """List subscriptions visible to the signed-in identity."""
+    url = (
+        f"{_client.MANAGEMENT_URL}/subscriptions"
+        f"?api-version={_SUBSCRIPTIONS_API_VERSION}"
+    )
+    return [_parse_subscription(item) for item in _client.paginate(url)]
+
+
+def list_tenants() -> list[AzureTenant]:
+    """List tenants visible to the signed-in identity."""
+    url = f"{_client.MANAGEMENT_URL}/tenants?api-version={_TENANTS_API_VERSION}"
+    return [_parse_tenant(item) for item in _client.paginate(url)]
+
+
+def _parse_subscription(item: dict[str, Any]) -> AzureSubscription:
+    return AzureSubscription(
+        subscription_id=item.get("subscriptionId", ""),
+        display_name=item.get("displayName", ""),
+        state=item.get("state"),
+        tenant_id=item.get("tenantId"),
+        raw=item,
+    )
+
+
+def _parse_tenant(item: dict[str, Any]) -> AzureTenant:
+    return AzureTenant(
+        tenant_id=item.get("tenantId", ""),
+        display_name=item.get("displayName"),
+        default_domain=item.get("defaultDomain"),
+        raw=item,
+    )

granny_devops-0.10.0/granny/azure/deployment.py

@@ -0,0 +1,95 @@
+"""Azure Resource Manager deployment listing."""
+
+from __future__ import annotations
+
+from dataclasses import dataclass
+from typing import Any
+
+from granny.azure import _client
+
+_API_VERSION = "2024-03-01"
+
+
+@dataclass
+class AzureDeployment:
+    subscription: str
+    resource_group: str | None
+    name: str
+    provisioning_state: str | None
+    timestamp: str | None
+    mode: str | None
+    template_hash: str | None
+    correlation_id: str | None
+    id: str
+    raw: dict[str, Any]
+
+
+def list_deployments(
+    subscription: str,
+    resource_group: str | None = None,
+) -> list[AzureDeployment]:
+    """List ARM deployments at subscription or resource-group scope."""
+    if resource_group:
+        url = (
+            f"{_client.MANAGEMENT_URL}/subscriptions/{subscription}"
+            f"/resourceGroups/{resource_group}"
+            f"/providers/Microsoft.Resources/deployments?api-version={_API_VERSION}"
+        )
+    else:
+        url = (
+            f"{_client.MANAGEMENT_URL}/subscriptions/{subscription}"
+            f"/providers/Microsoft.Resources/deployments?api-version={_API_VERSION}"
+        )
+    return [
+        _parse_deployment(subscription=subscription, item=item)
+        for item in _client.paginate(url)
+    ]
+
+
+def list_deployments_all_groups(subscription: str) -> list[AzureDeployment]:
+    """List ARM deployments across every resource group in a subscription."""
+    deployments: list[AzureDeployment] = []
+    for group in _list_resource_groups(subscription):
+        deployments.extend(list_deployments(subscription, resource_group=group))
+    deployments.extend(list_deployments(subscription))
+    return deployments
+
+
+def _list_resource_groups(subscription: str) -> list[str]:
+    url = (
+        f"{_client.MANAGEMENT_URL}/subscriptions/{subscription}"
+        f"/resourcegroups?api-version=2022-09-01"
+    )
+    return [
+        item.get("name", "")
+        for item in _client.paginate(url)
+        if item.get("name")
+    ]
+
+
+def _parse_deployment(subscription: str, item: dict[str, Any]) -> AzureDeployment:
+    properties = item.get("properties", {}) if isinstance(item, dict) else {}
+    resource_id = item.get("id", "")
+    return AzureDeployment(
+        subscription=subscription,
+        resource_group=_resource_group_from_id(resource_id),
+        name=item.get("name", ""),
+        provisioning_state=properties.get("provisioningState"),
+        timestamp=properties.get("timestamp"),
+        mode=properties.get("mode"),
+        template_hash=properties.get("templateHash"),
+        correlation_id=properties.get("correlationId"),
+        id=resource_id,
+        raw=item,
+    )
+
+
+def _resource_group_from_id(resource_id: str) -> str | None:
+    parts = resource_id.lower().split("/")
+    try:
+        idx = parts.index("resourcegroups")
+    except ValueError:
+        return None
+    if idx + 1 < len(parts):
+        return resource_id.split("/")[idx + 1]
+    return None