iam-policy-validator 1.7.0__py3-none-any.whl

iam_validator/commands/cache.py

@@ -0,0 +1,392 @@
+"""Cache management command for IAM Policy Validator."""
+
+import argparse
+import logging
+from pathlib import Path
+
+from rich.console import Console
+from rich.table import Table
+
+from iam_validator.commands.base import Command
+from iam_validator.core.aws_fetcher import AWSServiceFetcher
+from iam_validator.core.config.config_loader import ConfigLoader
+
+logger = logging.getLogger(__name__)
+console = Console()
+
+
+class CacheCommand(Command):
+    """Manage AWS service definition cache."""
+
+    @property
+    def name(self) -> str:
+        return "cache"
+
+    @property
+    def help(self) -> str:
+        return "Manage AWS service definition cache"
+
+    @property
+    def epilog(self) -> str:
+        return """
+Examples:
+  # Show cache information
+  iam-validator cache info
+
+  # List all cached services
+  iam-validator cache list
+
+  # Clear all cached AWS service definitions
+  iam-validator cache clear
+
+  # Refresh cache (clear and pre-fetch common services)
+  iam-validator cache refresh
+
+  # Pre-fetch common AWS services
+  iam-validator cache prefetch
+
+  # Show cache location
+  iam-validator cache location
+"""
+
+    def add_arguments(self, parser: argparse.ArgumentParser) -> None:
+        """Add cache command arguments."""
+        subparsers = parser.add_subparsers(dest="cache_action", help="Cache action to perform")
+
+        # Info subcommand
+        info_parser = subparsers.add_parser("info", help="Show cache information and statistics")
+        info_parser.add_argument(
+            "--config",
+            type=str,
+            help="Path to configuration file",
+        )
+
+        # List subcommand
+        list_parser = subparsers.add_parser("list", help="List all cached AWS services")
+        list_parser.add_argument(
+            "--config",
+            type=str,
+            help="Path to configuration file",
+        )
+        list_parser.add_argument(
+            "--format",
+            choices=["table", "columns", "simple"],
+            default="table",
+            help="Output format (default: table)",
+        )
+
+        # Clear subcommand
+        clear_parser = subparsers.add_parser(
+            "clear", help="Clear all cached AWS service definitions"
+        )
+        clear_parser.add_argument(
+            "--config",
+            type=str,
+            help="Path to configuration file",
+        )
+
+        # Refresh subcommand
+        refresh_parser = subparsers.add_parser(
+            "refresh", help="Clear cache and pre-fetch common AWS services"
+        )
+        refresh_parser.add_argument(
+            "--config",
+            type=str,
+            help="Path to configuration file",
+        )
+
+        # Prefetch subcommand
+        prefetch_parser = subparsers.add_parser(
+            "prefetch", help="Pre-fetch common AWS services (without clearing)"
+        )
+        prefetch_parser.add_argument(
+            "--config",
+            type=str,
+            help="Path to configuration file",
+        )
+
+        # Location subcommand
+        location_parser = subparsers.add_parser("location", help="Show cache directory location")
+        location_parser.add_argument(
+            "--config",
+            type=str,
+            help="Path to configuration file",
+        )
+
+    async def execute(self, args: argparse.Namespace) -> int:
+        """Execute cache command."""
+        if not hasattr(args, "cache_action") or not args.cache_action:
+            console.print("[red]Error:[/red] No cache action specified")
+            console.print("Use 'iam-validator cache --help' for available actions")
+            return 1
+
+        # Load config to get cache settings
+        config_path = getattr(args, "config", None)
+        config = ConfigLoader.load_config(explicit_path=config_path, allow_missing=True)
+
+        cache_enabled = config.get_setting("cache_enabled", True)
+        cache_ttl_hours = config.get_setting("cache_ttl_hours", 168)
+        cache_directory = config.get_setting("cache_directory", None)
+        cache_ttl_seconds = cache_ttl_hours * 3600
+
+        # Get cache directory (even if caching is disabled, for info purposes)
+        cache_dir = AWSServiceFetcher._get_cache_directory(cache_directory)
+
+        action = args.cache_action
+
+        if action == "info":
+            return await self._show_info(cache_dir, cache_enabled, cache_ttl_hours)
+        elif action == "list":
+            output_format = getattr(args, "format", "table")
+            return self._list_cached_services(cache_dir, output_format)
+        elif action == "clear":
+            return await self._clear_cache(cache_dir, cache_enabled)
+        elif action == "refresh":
+            return await self._refresh_cache(cache_enabled, cache_ttl_seconds, cache_directory)
+        elif action == "prefetch":
+            return await self._prefetch_services(cache_enabled, cache_ttl_seconds, cache_directory)
+        elif action == "location":
+            return self._show_location(cache_dir)
+        else:
+            console.print(f"[red]Error:[/red] Unknown cache action: {action}")
+            return 1
+
+    async def _show_info(self, cache_dir: Path, cache_enabled: bool, cache_ttl_hours: int) -> int:
+        """Show cache information and statistics."""
+        table = Table(title="Cache Information")
+        table.add_column("Setting", style="cyan", no_wrap=True)
+        table.add_column("Value", style="white")
+
+        # Cache status
+        table.add_row(
+            "Status", "[green]Enabled[/green]" if cache_enabled else "[red]Disabled[/red]"
+        )
+
+        # Cache location
+        table.add_row("Location", str(cache_dir))
+
+        # Cache exists?
+        exists = cache_dir.exists()
+        table.add_row("Exists", "[green]Yes[/green]" if exists else "[yellow]No[/yellow]")
+
+        # Cache TTL
+        ttl_days = cache_ttl_hours / 24
+        table.add_row("TTL", f"{cache_ttl_hours} hours ({ttl_days:.1f} days)")
+
+        if exists:
+            # Count cached files
+            cache_files = list(cache_dir.glob("*.json"))
+            table.add_row("Cached Services", str(len(cache_files)))
+
+            # Calculate cache size
+            total_size = sum(f.stat().st_size for f in cache_files)
+            size_mb = total_size / (1024 * 1024)
+            table.add_row("Cache Size", f"{size_mb:.2f} MB")
+
+            # Show some cached services
+            if cache_files:
+                service_names = []
+                for f in cache_files[:5]:
+                    name = f.stem.split("_")[0] if "_" in f.stem else f.stem
+                    service_names.append(name)
+                sample = ", ".join(service_names)
+                if len(cache_files) > 5:
+                    sample += f", ... ({len(cache_files) - 5} more)"
+                table.add_row("Sample Services", sample)
+
+        console.print(table)
+        return 0
+
+    def _list_cached_services(self, cache_dir: Path, output_format: str) -> int:
+        """List all cached AWS services."""
+        if not cache_dir.exists():
+            console.print("[yellow]Cache directory does not exist[/yellow]")
+            return 0
+
+        cache_files = list(cache_dir.glob("*.json"))
+
+        if not cache_files:
+            console.print("[yellow]No services cached yet[/yellow]")
+            return 0
+
+        # Extract service names from filenames
+        services = []
+        for f in cache_files:
+            # Handle both formats: "service_hash.json" and "services_list.json"
+            if f.stem == "services_list":
+                continue  # Skip the services list file
+
+            # Extract service name (before underscore or full name)
+            name = f.stem.split("_")[0] if "_" in f.stem else f.stem
+
+            # Get file stats
+            size = f.stat().st_size
+            mtime = f.stat().st_mtime
+
+            services.append({"name": name, "size": size, "file": f.name, "mtime": mtime})
+
+        # Sort by service name
+        services.sort(key=lambda x: x["name"])
+
+        if output_format == "table":
+            self._print_services_table(services)
+        elif output_format == "columns":
+            self._print_services_columns(services)
+        else:  # simple
+            self._print_services_simple(services)
+
+        return 0
+
+    def _print_services_table(self, services: list[dict]) -> None:
+        """Print services in a nice table format."""
+        from datetime import datetime
+
+        table = Table(title=f"Cached AWS Services ({len(services)} total)")
+        table.add_column("Service", style="cyan", no_wrap=True)
+        table.add_column("Cache File", style="white")
+        table.add_column("Size", style="yellow", justify="right")
+        table.add_column("Cached", style="green")
+
+        for svc in services:
+            size_kb = svc["size"] / 1024
+            cached_time = datetime.fromtimestamp(svc["mtime"]).strftime("%Y-%m-%d %H:%M")
+
+            table.add_row(svc["name"], svc["file"], f"{size_kb:.1f} KB", cached_time)
+
+        console.print(table)
+
+    def _print_services_columns(self, services: list[dict]) -> None:
+        """Print services in columns format (like ls)."""
+        from rich.columns import Columns
+
+        console.print(f"[cyan]Cached AWS Services ({len(services)} total):[/cyan]\n")
+
+        service_names = [f"[green]{svc['name']}[/green]" for svc in services]
+        console.print(Columns(service_names, equal=True, expand=False))
+
+    def _print_services_simple(self, services: list[dict]) -> None:
+        """Print services in simple list format."""
+        console.print(f"[cyan]Cached AWS Services ({len(services)} total):[/cyan]\n")
+
+        for svc in services:
+            console.print(svc["name"])
+
+    async def _clear_cache(self, cache_dir: Path, cache_enabled: bool) -> int:
+        """Clear all cached AWS service definitions."""
+        if not cache_enabled:
+            console.print("[yellow]Warning:[/yellow] Cache is disabled in config")
+            return 0
+
+        if not cache_dir.exists():
+            console.print("[yellow]Cache directory does not exist, nothing to clear[/yellow]")
+            return 0
+
+        # Count files before deletion
+        cache_files = list(cache_dir.glob("*.json"))
+        file_count = len(cache_files)
+
+        if file_count == 0:
+            console.print("[yellow]Cache is already empty[/yellow]")
+            return 0
+
+        # Delete cache files
+        deleted = 0
+        failed = 0
+        for cache_file in cache_files:
+            try:
+                cache_file.unlink()
+                deleted += 1
+            except Exception as e:
+                logger.error(f"Failed to delete {cache_file}: {e}")
+                failed += 1
+
+        if failed == 0:
+            console.print(f"[green]✓[/green] Cleared {deleted} cached service definitions")
+        else:
+            console.print(
+                f"[yellow]![/yellow] Cleared {deleted} files, failed to delete {failed} files"
+            )
+            return 1
+
+        return 0
+
+    async def _refresh_cache(
+        self, cache_enabled: bool, cache_ttl_seconds: int, cache_directory: str | None
+    ) -> int:
+        """Clear cache and pre-fetch common services."""
+        if not cache_enabled:
+            console.print("[red]Error:[/red] Cache is disabled in config")
+            console.print("Enable cache by setting 'cache_enabled: true' in your config")
+            return 1
+
+        console.print("[cyan]Refreshing cache...[/cyan]")
+
+        # Create fetcher and clear cache
+        async with AWSServiceFetcher(
+            enable_cache=cache_enabled,
+            cache_ttl=cache_ttl_seconds,
+            cache_dir=cache_directory,
+            prefetch_common=False,  # Don't prefetch yet, we'll do it after clearing
+        ) as fetcher:
+            # Clear existing cache
+            console.print("Clearing old cache...")
+            await fetcher.clear_caches()
+
+            # Prefetch common services
+            console.print("Fetching fresh AWS service definitions...")
+            services = await fetcher.fetch_services()
+            console.print(f"[green]✓[/green] Fetched list of {len(services)} AWS services")
+
+            # Prefetch common services
+            console.print("Pre-fetching common services...")
+            prefetched = 0
+            for service_name in fetcher.COMMON_SERVICES:
+                try:
+                    await fetcher.fetch_service_by_name(service_name)
+                    prefetched += 1
+                except Exception as e:
+                    logger.warning(f"Failed to prefetch {service_name}: {e}")
+
+            console.print(f"[green]✓[/green] Pre-fetched {prefetched} common services")
+
+        console.print("[green]✓[/green] Cache refreshed successfully")
+        return 0
+
+    async def _prefetch_services(
+        self, cache_enabled: bool, cache_ttl_seconds: int, cache_directory: str | None
+    ) -> int:
+        """Pre-fetch common AWS services without clearing cache."""
+        if not cache_enabled:
+            console.print("[red]Error:[/red] Cache is disabled in config")
+            console.print("Enable cache by setting 'cache_enabled: true' in your config")
+            return 1
+
+        console.print("[cyan]Pre-fetching common AWS services...[/cyan]")
+
+        async with AWSServiceFetcher(
+            enable_cache=cache_enabled,
+            cache_ttl=cache_ttl_seconds,
+            cache_dir=cache_directory,
+            prefetch_common=True,  # Enable prefetching
+        ) as fetcher:
+            # Prefetching happens in __aenter__, just wait for it
+            prefetched = len(fetcher._prefetched_services)
+            total = len(fetcher.COMMON_SERVICES)
+
+            console.print(
+                f"[green]✓[/green] Pre-fetched {prefetched}/{total} common services successfully"
+            )
+
+        return 0
+
+    def _show_location(self, cache_dir: Path) -> int:
+        """Show cache directory location."""
+        console.print(f"[cyan]Cache directory:[/cyan] {cache_dir}")
+
+        if cache_dir.exists():
+            console.print("[green]✓[/green] Directory exists")
+        else:
+            console.print("[yellow]![/yellow] Directory does not exist yet")
+            console.print("It will be created automatically when caching is used")
+
+        return 0

iam_validator/commands/download_services.py

@@ -0,0 +1,255 @@
+"""Download AWS service definitions command."""
+
+import argparse
+import asyncio
+import json
+import logging
+from datetime import datetime, timezone
+from pathlib import Path
+
+import httpx
+from rich.console import Console
+from rich.progress import BarColumn, Progress, TaskID, TextColumn, TimeRemainingColumn
+
+from iam_validator.commands.base import Command
+from iam_validator.core.config import AWS_SERVICE_REFERENCE_BASE_URL
+
+logger = logging.getLogger(__name__)
+console = Console()
+
+BASE_URL = AWS_SERVICE_REFERENCE_BASE_URL
+DEFAULT_OUTPUT_DIR = Path("aws_services")
+
+
+class DownloadServicesCommand(Command):
+    """Download all AWS service definition JSON files."""
+
+    @property
+    def name(self) -> str:
+        return "sync-services"
+
+    @property
+    def help(self) -> str:
+        return "Sync/download all AWS service definitions for offline use"
+
+    @property
+    def epilog(self) -> str:
+        return """
+Examples:
+  # Sync all AWS service definitions to default directory (aws_services/)
+  iam-validator sync-services
+
+  # Sync to a custom directory
+  iam-validator sync-services --output-dir /path/to/backup
+
+  # Limit concurrent downloads
+  iam-validator sync-services --max-concurrent 5
+
+  # Enable verbose output
+  iam-validator sync-services --log-level debug
+
+Directory structure:
+  aws_services/
+      _manifest.json         # Metadata about the download
+      _services.json         # List of all services
+      s3.json                # Individual service definitions
+      ec2.json
+      iam.json
+      ...
+
+This command is useful for:
+  - Creating offline backups of AWS service definitions
+  - Avoiding API rate limiting during development
+  - Ensuring consistent service definitions across environments
+"""
+
+    def add_arguments(self, parser: argparse.ArgumentParser) -> None:
+        """Add sync-services command arguments."""
+        parser.add_argument(
+            "--output-dir",
+            type=Path,
+            default=DEFAULT_OUTPUT_DIR,
+            help=f"Output directory for downloaded files (default: {DEFAULT_OUTPUT_DIR})",
+        )
+
+        parser.add_argument(
+            "--max-concurrent",
+            type=int,
+            default=10,
+            help="Maximum number of concurrent downloads (default: 10)",
+        )
+
+    async def execute(self, args: argparse.Namespace) -> int:
+        """Execute the sync-services command."""
+        output_dir = args.output_dir
+        max_concurrent = args.max_concurrent
+
+        try:
+            await self._download_all_services(output_dir, max_concurrent)
+            return 0
+        except Exception as e:
+            console.print(f"[red]Error:[/red] {e}")
+            logger.error(f"Download failed: {e}", exc_info=True)
+            return 1
+
+    async def _download_services_list(self, client: httpx.AsyncClient) -> list[dict]:
+        """Download the list of all AWS services.
+
+        Args:
+            client: HTTP client for making requests
+
+        Returns:
+            List of service info dictionaries
+        """
+        console.print(f"[cyan]Fetching services list from {BASE_URL}...[/cyan]")
+
+        try:
+            response = await client.get(BASE_URL, timeout=30.0)
+            response.raise_for_status()
+            services = response.json()
+
+            console.print(f"[green]✓[/green] Found {len(services)} AWS services")
+            return services
+        except Exception as e:
+            logger.error(f"Failed to fetch services list: {e}")
+            raise
+
+    async def _download_service_detail(
+        self,
+        client: httpx.AsyncClient,
+        service_name: str,
+        service_url: str,
+        semaphore: asyncio.Semaphore,
+        progress: Progress,
+        task_id: TaskID,
+    ) -> tuple[str, dict | None]:
+        """Download detailed JSON for a single service.
+
+        Args:
+            client: HTTP client for making requests
+            service_name: Name of the service
+            service_url: URL to fetch service details
+            semaphore: Semaphore to limit concurrent requests
+            progress: Progress bar instance
+            task_id: Progress task ID
+
+        Returns:
+            Tuple of (service_name, service_data) or (service_name, None) if failed
+        """
+        async with semaphore:
+            try:
+                logger.debug(f"Downloading {service_name}...")
+                response = await client.get(service_url, timeout=30.0)
+                response.raise_for_status()
+                data = response.json()
+                logger.debug(f"✓ Downloaded {service_name}")
+                progress.update(task_id, advance=1)
+                return service_name, data
+            except Exception as e:
+                logger.error(f"✗ Failed to download {service_name}: {e}")
+                progress.update(task_id, advance=1)
+                return service_name, None
+
+    async def _download_all_services(self, output_dir: Path, max_concurrent: int = 10) -> None:
+        """Download all AWS service definitions.
+
+        Args:
+            output_dir: Directory to save the downloaded files
+            max_concurrent: Maximum number of concurrent downloads
+        """
+        # Create output directory
+        output_dir.mkdir(parents=True, exist_ok=True)
+        console.print(f"[cyan]Output directory:[/cyan] {output_dir.absolute()}\n")
+
+        # Create HTTP client with connection pooling
+        async with httpx.AsyncClient(
+            limits=httpx.Limits(max_connections=max_concurrent, max_keepalive_connections=5),
+            timeout=httpx.Timeout(30.0),
+        ) as client:
+            # Download services list
+            services = await self._download_services_list(client)
+
+            # Save services list (underscore prefix for easy discovery at top of directory)
+            services_file = output_dir / "_services.json"
+            with open(services_file, "w") as f:
+                json.dump(services, f, indent=2)
+            console.print(f"[green]✓[/green] Saved services list to {services_file}\n")
+
+            # Download all service details with rate limiting and progress bar
+            semaphore = asyncio.Semaphore(max_concurrent)
+            tasks = []
+
+            # Set up progress bar
+            with Progress(
+                TextColumn("[progress.description]{task.description}"),
+                BarColumn(),
+                TextColumn("[progress.percentage]{task.percentage:>3.0f}%"),
+                TextColumn("({task.completed}/{task.total})"),
+                TimeRemainingColumn(),
+                console=console,
+            ) as progress:
+                task_id = progress.add_task(
+                    "[cyan]Downloading service definitions...", total=len(services)
+                )
+
+                for item in services:
+                    service_name = item.get("service")
+                    service_url = item.get("url")
+
+                    if service_name and service_url:
+                        task = self._download_service_detail(
+                            client, service_name, service_url, semaphore, progress, task_id
+                        )
+                        tasks.append(task)
+
+                # Download all services concurrently
+                results = await asyncio.gather(*tasks)
+
+            # Save individual service files
+            successful = 0
+            failed = 0
+
+            console.print("\n[cyan]Saving service definitions...[/cyan]")
+
+            for service_name, data in results:
+                if data is not None:
+                    # Normalize filename (lowercase, safe characters)
+                    filename = f"{service_name.lower().replace(' ', '_')}.json"
+                    service_file = output_dir / filename
+
+                    with open(service_file, "w") as f:
+                        json.dump(data, f, indent=2)
+
+                    successful += 1
+                else:
+                    failed += 1
+
+            # Create manifest with metadata
+            manifest = {
+                "download_date": datetime.now(timezone.utc).isoformat(),
+                "total_services": len(services),
+                "successful_downloads": successful,
+                "failed_downloads": failed,
+                "base_url": BASE_URL,
+            }
+
+            manifest_file = output_dir / "_manifest.json"
+            with open(manifest_file, "w") as f:
+                json.dump(manifest, f, indent=2)
+
+            # Print summary
+            console.print(f"\n{'=' * 60}")
+            console.print("[bold cyan]Download Summary:[/bold cyan]")
+            console.print(f"  Total services: {len(services)}")
+            console.print(f"  [green]Successful:[/green] {successful}")
+            if failed > 0:
+                console.print(f"  [red]Failed:[/red] {failed}")
+            console.print(f"  Output directory: {output_dir.absolute()}")
+            console.print(f"  Manifest: {manifest_file}")
+            console.print(f"{'=' * 60}")
+
+            if failed > 0:
+                console.print(
+                    "\n[yellow]Warning:[/yellow] Some services failed to download. "
+                    "Check the logs for details."
+                )