tgwrap 0.10.2__py3-none-any.whl → 0.11.0__py3-none-any.whl

tgwrap/analyze.py

@@ -9,7 +9,7 @@ import re
 
 from .printer import Printer
 
-def run_analyze(config, data, verbose=False):
+def run_analyze(config, data, ignore_attributes, verbose=False):
     """ Run the terrasafe validation and return the unauthorized deletions """
 
     printer = Printer(verbose)
@@ -44,11 +44,29 @@ def run_analyze(config, data, verbose=False):
         for criticallity, ts_level in ts_default_levels.items():
             ts_config[ts_level] = [f"*{key}*" for key, value in config[criticallity].items() if value.get('terrasafe_level', ts_level) == ts_level]
 
+        ignorable_updates = []
+        for resource in detected_changes['updates']:
+            before = resource['change']['before']
+            after = resource['change']['after']
+
+            for i in ignore_attributes:
+                try:
+                    before.pop(i)
+                except KeyError:
+                    pass
+                try:
+                    after.pop(i)
+                except KeyError:
+                    pass
+
+            if before == after:
+                ignorable_updates.append(resource['address'])
+
         for resource in detected_changes['deletions']:
             resource_address = resource["address"]
             # Deny has precendence over Allow!
             if is_resource_match_any(resource_address, ts_config["unauthorized_deletion"]):
-                printer.verbose(f'Resource {resource_address} can not be destroyed for any reason')
+                printer.verbose(f'Resource {resource_address} cannot be destroyed for any reason')
             elif is_resource_match_any(resource_address, ts_config["ignore_deletion"]):
                 continue
             elif is_resource_recreate(resource) and is_resource_match_any(
@@ -69,8 +87,8 @@ def run_analyze(config, data, verbose=False):
 
         if changes['unauthorized']:
             printer.verbose("Unauthorized deletion detected for those resources:")
-            for deletion in changes['unauthorized']:
-                printer.verbose(f" - {deletion}")
+            for resource in changes['unauthorized']:
+                printer.verbose(f" - {resource}")
             printer.verbose("If you really want to delete those resources: comment it or export this environment variable:")
             printer.verbose(f"export TERRASAFE_ALLOW_DELETION=\"{';'.join(changes['unauthorized'])}\"")
 
@@ -114,20 +132,26 @@ def run_analyze(config, data, verbose=False):
 
         # now we have the proper lists, calculate the drifts
         for key, value in {'deletions': 'delete', 'creations': 'create', 'updates': 'update'}.items():
-            for resource in detected_changes[key]:
+
+            for index, resource in enumerate(detected_changes[key]):
                 resource_address = resource["address"]
-    
-                has_match, resource_config = get_matching_dd_config(resource_address, dd_config)
-                if has_match:
-                    # so what drift classification do we have?
-                    dd_class = resource_config[value]
-                    changes['drifts'][dd_class] += 1
+
+                # updates might need to be ignored
+                if key == 'updates' and resource_address in ignorable_updates:
+                    detected_changes[key].pop(index)
                 else:
-                    changes['drifts']['unknown'] += 1
-                    if resource_address not in changes['unknowns']:
-                        changes['unknowns'].append(resource_address)
+                    has_match, resource_config = get_matching_dd_config(resource_address, dd_config)
+
+                    if has_match:
+                        # so what drift classification do we have?
+                        dd_class = resource_config[value]
+                        changes['drifts'][dd_class] += 1
+                    else:
+                        changes['drifts']['unknown'] += 1
+                        if resource_address not in changes['unknowns']:
+                            changes['unknowns'].append(resource_address)
 
-                changes['drifts']['total'] += 1
+                    changes['drifts']['total'] += 1
 
     # remove ballast from the following lists
     changes['all'] = [ # ignore read and no-ops
@@ -140,9 +164,17 @@ def run_analyze(config, data, verbose=False):
         ]
     changes['creations'] = [resource["address"] for resource in detected_changes['creations']]
     changes['updates'] = [resource["address"] for resource in detected_changes['updates']]
+    changes['ignorable_updates'] = ignorable_updates
 
-    return changes, (not changes['unauthorized'])
+    # see if there are output changes
+    output_changes = get_output_changes(data)
+    changes['outputs'] = []
+    relevant_changes = set(['create', 'update', 'delete'])
+    for k,v in output_changes.items():
+        if relevant_changes.intersection(v['actions']):
+            changes['outputs'].append(k)
 
+    return changes, (not changes['unauthorized'])
 
 def parse_ignored_from_env_var():
     ignored = os.environ.get("TERRASAFE_ALLOW_DELETION")
@@ -170,6 +202,18 @@ def get_resource_actions(data):
 
     return changes
 
+def get_output_changes(data):
+    # check format version
+    if data["format_version"].split(".")[0] != "0" and data["format_version"].split(".")[0] != "1":
+        raise Exception("Only format major version 0 or 1 is supported")
+
+    if "output_changes" in data:
+        output_changes = data["output_changes"]
+    else:
+        output_changes = {}
+
+    return output_changes
+
 
 def has_delete_action(resource):
     return "delete" in resource["change"]["actions"]

tgwrap/cli.py

@@ -120,7 +120,7 @@ def main():
     help='dry-run mode, no real actions are executed (only in combination with step-by-step mode)',
     show_default=True
     )
-@click.option('--no-lock', '-n', is_flag=True, default=False,
+@click.option('--no-lock', '-n', is_flag=True, default=True,
     help='Do not apply a lock while executing the command (or set the TGWRAP_NO_LOCK environment variable, only applicable with plan)',
     envvar='TGWRAP_NO_LOCK', show_default=True,
     )
@@ -189,7 +189,7 @@ def run(command, verbose, debug, dry_run, no_lock, update, upgrade,
     help='dry-run mode, no real actions are executed (only in combination with step-by-step mode)',
     show_default=True
     )
-@click.option('--no-lock', '-n', is_flag=True, default=False,
+@click.option('--no-lock', '-n', is_flag=True, default=True,
     help='Do not apply a lock while executing the command (or set the TGWRAP_NO_LOCK environment variable, only applicable with plan)',
     envvar='TGWRAP_NO_LOCK', show_default=True,
     )
@@ -335,7 +335,7 @@ def show(verbose, json, working_dir, planfile_dir, terragrunt_args):
 @click.option('--working-dir', '-w', default=None,
     help='Working directory, when omitted the current directory is used',
     )
-@click.option('--no-lock', '-n', is_flag=True, default=False,
+@click.option('--no-lock', '-n', is_flag=True, default=True,
     help='Do not apply a lock while executing the command (or set the TGWRAP_NO_LOCK environment variable, only applicable with plan)',
     envvar='TGWRAP_NO_LOCK', show_default=True,
     )
@@ -366,7 +366,7 @@ def run_import(address, id, verbose, dry_run, working_dir, no_lock, terragrunt_a
     help='Verbose printing',
     show_default=True
     )
-@click.option('--exclude-external-dependencies/--include-external-dependencies', '-x/-i',
+@click.option('--exclude-external-dependencies', '-x',
     is_flag=True, default=True,
     help='Whether or not external dependencies must be ignored',
     show_default=True
@@ -388,6 +388,11 @@ def run_import(address, id, verbose, dry_run, working_dir, no_lock, terragrunt_a
 @click.option('--parallel-execution', '-p', is_flag=True, default=False,
     help='Whether or not to use parallel execution',
     )
+@click.option('--ignore-attributes', '-i',
+    multiple=True, default=[],
+    help=r'A glob of attributes for which updates can be ignored, this option can be used multiple times.',
+    show_default=True
+    )
 @click.option('--include-dir', '-I',
     multiple=True, default=[],
     help=r'A glob of a directory that needs to be included, this option can be used multiple times. For example: -I "integrations/\*/\*"',
@@ -411,7 +416,7 @@ def run_import(address, id, verbose, dry_run, working_dir, no_lock, terragrunt_a
 @click.argument('terragrunt-args', nargs=-1, type=click.UNPROCESSED)
 @click.version_option(version=__version__)
 def run_analyze(verbose, exclude_external_dependencies, working_dir, start_at_step,
-            out, analyze_config, parallel_execution, include_dir, exclude_dir,
+            out, analyze_config, parallel_execution, ignore_attributes, include_dir, exclude_dir,
             planfile_dir, data_collection_endpoint, terragrunt_args):
     """ Analyzes the plan files """
 
@@ -425,6 +430,7 @@ def run_analyze(verbose, exclude_external_dependencies, working_dir, start_at_st
         out=out,
         analyze_config=analyze_config,
         parallel_execution=parallel_execution,
+        ignore_attributes=ignore_attributes,
         include_dirs=include_dir,
         exclude_dirs=exclude_dir,
         planfile_dir=planfile_dir,
@@ -701,10 +707,15 @@ def deploy(
         ignore_unknown_options=True,
     ),
 )
-@click.option('--manifest-file', '-m',
-    help='Manifest file describing the deployment options',
-    required=True, default="manifest.yaml", show_default=True,
-    type=click.Path(),
+@click.option('--platform-repo-url', '-p',
+    help='URL of the platform git repository',
+    required=True,
+    envvar='TGWRAP_PLATFORM_REPO_URL'
+    )
+@click.option('--levels-deep', '-l',
+    help='For how many (directory) levels deep must be searched for deployments',
+    required=True, default=5, show_default=True,
+    type=int,
     )
 @click.option('--verbose', '-v',
     help='Verbose printing',
@@ -718,14 +729,15 @@ def deploy(
     show_default=True
     )
 @click.version_option(version=__version__)
-def check_deployments(manifest_file, verbose, working_dir, out):
+def check_deployments(platform_repo_url, levels_deep, verbose, working_dir, out):
     """ Check the freshness of deployed configuration versions against the platform repository """
 
     check_latest_version(verbose)
 
     tgwrap = TgWrap(verbose=verbose)
     tgwrap.check_deployments(
-        manifest_file=manifest_file,
+        repo_url=platform_repo_url,
+        levels_deep=levels_deep,
         working_dir=working_dir,
         out=out,
     )

tgwrap/main.py

@@ -53,7 +53,6 @@ class TgWrap():
     TERRAGRUNT_FILE='terragrunt.hcl'
     VERSION_FILE="version.hcl"
     LATEST_VERSION='latest'
-    LOCATE_VERSION_FILE_MAX_LEVELS=3
     PLANFILE_NAME="planfile"
     TG_SOURCE_VAR="TERRAGRUNT_SOURCE"
     TG_SOURCE_MAP_VAR="TERRAGRUNT_SOURCE_MAP"
@@ -222,9 +221,12 @@ class TgWrap():
         include_dirs = [dir.lstrip(f'.{os.path.sep}') for dir in include_dirs]
         exclude_dirs = [dir.lstrip(f'.{os.path.sep}') for dir in exclude_dirs]
 
+        # Below doesn't seem to work, at least when using `analyze`
+        # Not sure it has been added here in the first place
+
         # if the dir is not ending on '/*', add it
-        include_dirs = [dir.rstrip(f'.{os.path.sep}*') + f'{os.path.sep}*' for dir in include_dirs]
-        exclude_dirs = [dir.rstrip(f'.{os.path.sep}*') + f'{os.path.sep}*' for dir in exclude_dirs]
+        # include_dirs = [dir.rstrip(f'.{os.path.sep}*') + f'{os.path.sep}*' for dir in include_dirs]
+        # exclude_dirs = [dir.rstrip(f'.{os.path.sep}*') + f'{os.path.sep}*' for dir in exclude_dirs]
 
         common_path = os.path.commonpath([os.path.abspath(working_dir), os.path.abspath(directory)])
         self.printer.verbose(f'Common path for dir {directory}: {common_path}')
@@ -372,7 +374,7 @@ class TgWrap():
 
         return graph
 
-    def _clone_repo(self, manifest, target_dir, version_tag=None):
+    def _clone_repo(self, repo, target_dir, version_tag=None):
         """Clones the repo, possibly a specific version, into a temp directory"""
 
         def get_tags(target_dir):
@@ -452,9 +454,7 @@ class TgWrap():
             return is_latest, is_branch, is_tag
 
         # clone the repo
-        repo = manifest['git_repository']
         self.printer.verbose(f'Clone repo {repo}')
-        
         cmd = f"git clone {repo} {target_dir}"
         rc = subprocess.run(
             shlex.split(cmd),
@@ -483,7 +483,7 @@ class TgWrap():
             working_dir=target_dir,
             )
 
-        self.printer.header(f'Deploy using reference {version_tag}')
+        self.printer.header(f'Fetch repo using reference {version_tag}')
 
         if is_latest:
             pass # nothing to do, we already have latest
@@ -961,6 +961,25 @@ class TgWrap():
         planfile, auto_approve, clean, working_dir, terragrunt_args):
         """ Executes a terragrunt command on a single module """
 
+        def extract_source_value(terragrunt_file_content):
+            # Regular expression to capture the terraform block
+            terraform_block_pattern = re.compile(r'terraform\s*\{(.*?)\n\}', re.DOTALL)
+            
+            # Regular expression to capture the 'source' key and its value
+            source_pattern = re.compile(r'source\s*=\s*"(.*?)(?<!\\)"', re.DOTALL)
+            
+            # Find the terraform block
+            terraform_block_match = terraform_block_pattern.search(terragrunt_file_content)
+            if terraform_block_match:
+                terraform_block = terraform_block_match.group(1)
+                
+                # Search for the 'source' key within the block
+                source_match = source_pattern.search(terraform_block)
+                if source_match:
+                    return source_match.group(1)  # Return the value of 'source'
+            else:
+                raise ValueError('Could not locate the terragrunt source value')
+
         self.printer.verbose(f"Attempting to execute 'run {command}'")
         if terragrunt_args:
             self.printer.verbose(f"- with additional parameters: {' '.join(terragrunt_args)}")
@@ -968,6 +987,7 @@ class TgWrap():
         check_for_file=self.TERRAGRUNT_FILE
         if working_dir:
             check_for_file = os.path.join(working_dir, check_for_file)
+
         if not os.path.isfile(check_for_file):
             self.printer.error(
                 f"{check_for_file} not found, this seems not to be a terragrunt module directory!"
@@ -978,13 +998,15 @@ class TgWrap():
             source_module = None
             with open(check_for_file, 'r') as file:
                 try:
-                    content = hcl2.load(file)
-                    source = content['terraform'][0]['source']
+                    content = file.read()
+                    source = extract_source_value(content)
+
                     # get the source part, typically the last part after the double /.
                     # also remove a potential version element from it.
                     source_module = re.sub(r'\${[^}]*}', '', source.split('//')[::-1][0])
                 except Exception as e:
-                    self.printer.verbose(f'Could not parse terragrunt.hcl, error (of type {type(e)}) raised, but we fall back to default behaviour.')
+                    self.printer.warning(f'Could not parse terragrunt.hcl, but we fall back to default behaviour.')
+                    self.printer.verbose(f'error (of type {type(e)}) raised')
                     pass
 
         cmd = self._construct_command(
@@ -1183,7 +1205,7 @@ class TgWrap():
             self.printer.verbose(rc)
 
     def analyze(self, exclude_external_dependencies, working_dir, start_at_step,
-        out, analyze_config, parallel_execution, include_dirs, exclude_dirs, 
+        out, analyze_config, parallel_execution, ignore_attributes, include_dirs, exclude_dirs, 
         planfile_dir, data_collection_endpoint, terragrunt_args):
         """ Analyzes the plan files """
 
@@ -1222,11 +1244,7 @@ class TgWrap():
             cmd = f"terraform show -json {self.PLANFILE_NAME}"
 
         config = None
-        if not analyze_config:
-            self.printer.warning(
-                f"Analyze  config file is not set, this is required for checking for unauthorized deletions and drift detection scores!"
-                )
-        else:
+        if analyze_config:
             self.printer.verbose(
                 f"\nAnalyze using config {analyze_config}"
                 )
@@ -1234,7 +1252,6 @@ class TgWrap():
 
         ts_validation_successful = True
         details = {}
-        drifts = {}
         try:
             # then run it and capture the output
             with tempfile.NamedTemporaryFile(mode='w+', prefix='tgwrap-', delete=False) as f:
@@ -1265,7 +1282,6 @@ class TgWrap():
                     except IndexError:
                         self.printer.warning(f'Could not determine planfile: {line[:100]}')
 
-
                     try:
                         # plan file could be empty (except for new line) if module is skipped
                         if len(plan_file) > 1:
@@ -1279,7 +1295,9 @@ class TgWrap():
                                 config=config,
                                 data=data,
                                 verbose=self.printer.print_verbose,
+                                ignore_attributes=ignore_attributes,
                                 )
+
                             if not ts_success:
                                 ts_validation_successful = False
                         else:
@@ -1296,6 +1314,7 @@ class TgWrap():
             "creations": 0,
             "updates": 0,
             "deletions": 0,
+            "outputs": 0,
             "minor": 0,
             "medium": 0,
             "major": 0,
@@ -1306,9 +1325,14 @@ class TgWrap():
 
         self.printer.header("Analysis results:", print_line_before=True)
         for key, value in details.items():
+            # if we want to ignore a few attributes
+            if ignore_attributes:
+                value['updates'] = [item for item in value['updates'] if item not in value['ignorable_updates']]
+
             self.printer.header(f'Module: {key}')
-            if not value["all"]:
+            if not value["all"] and not value["outputs"]:
                 self.printer.success('No changes detected')
+
             if value["unauthorized"]:
                 self.printer.error('Unauthorized deletions:')
                 for m in value["unauthorized"]:
@@ -1328,30 +1352,48 @@ class TgWrap():
                 for m in value["updates"]:
                     total_drifts["updates"] = total_drifts["updates"] + 1
                     self.printer.normal(f'-> {m}')
+            if value["ignorable_updates"]:
+                if self.printer.print_verbose:
+                    self.printer.normal('Updates (ignored):')
+                    for m in value["ignorable_updates"]:
+                        self.printer.normal(f'-> {m}')
+                else:
+                    self.printer.normal(f'Updates (ignored): {len(value["ignorable_updates"])} resources (add --verbose to see them)')
+            if value["outputs"]:
+                self.printer.normal('Output changes:')
+                for m in value["outputs"]:
+                    total_drifts["outputs"] = total_drifts["outputs"] + 1
+                    self.printer.normal(f'-> {m}')
 
-        for key, value in details.items():
-            for type in ["minor", "medium", "major", "unknown", "total"]:
-                total_drifts[type] += value["drifts"][type]
-            
-            # the formula below is just a way to achieve a numeric results that is coming from the various drift categories
-            value['drifts']['score'] = calculate_score(
-                major = value['drifts']['major'],
-                medium = value['drifts']['medium'],
-                minor = value['drifts']['minor'],
-            )
-            value['drifts']['score'] = value['drifts']['major'] * 10 + value['drifts']['medium'] + value['drifts']['minor'] / 10
+        if not analyze_config:
+            self.printer.error(
+                f"Analyze config file is not set, this is required for checking for unauthorized deletions and drift detection scores!",
+                print_line_before=True,
+                )
+        else:
+            for key, value in details.items():
+                for type in ["minor", "medium", "major", "unknown", "total"]:
+                    total_drifts[type] += value["drifts"][type]
+                
+                # the formula below is just a way to achieve a numeric results that is coming from the various drift categories
+                value['drifts']['score'] = calculate_score(
+                    major = value['drifts']['major'],
+                    medium = value['drifts']['medium'],
+                    minor = value['drifts']['minor'],
+                )
+                value['drifts']['score'] = value['drifts']['major'] * 10 + value['drifts']['medium'] + value['drifts']['minor'] / 10
 
-        # the formula below is just a way to achieve a numeric results that is coming from the various drift categories
-        total_drift_score = total_drifts['major'] * 10 + total_drifts['medium'] + total_drifts['minor'] / 10
-        total_drifts['score'] = total_drift_score
+            # the formula below is just a way to achieve a numeric results that is coming from the various drift categories
+            total_drift_score = total_drifts['major'] * 10 + total_drifts['medium'] + total_drifts['minor'] / 10
+            total_drifts['score'] = total_drift_score
 
-        self.printer.header(f"Drift score: {total_drift_score} ({total_drifts['major']}.{total_drifts['medium']}.{total_drifts['minor']})")
-        if total_drifts["unknown"] > 0:
-            self.printer.warning(f"For {total_drifts['unknown']} resources, drift score is not configured, please update configuration!")
-            self.printer.warning('- Unknowns:')
-            for key, value in details.items():
-                for m in value["unknowns"]:
-                    self.printer.warning(f' -> {m}')
+            self.printer.header(f"Drift score: {total_drift_score} ({total_drifts['major']}.{total_drifts['medium']}.{total_drifts['minor']})")
+            if total_drifts["unknown"] > 0:
+                self.printer.warning(f"For {total_drifts['unknown']} resources, drift score is not configured, please update configuration!")
+                self.printer.warning('- Unknowns:')
+                for key, value in details.items():
+                    for m in value["unknowns"]:
+                        self.printer.warning(f' -> {m}')
 
         if out or data_collection_endpoint:
             # in the output we convert the dict of dicts to a list of dicts as it makes processing
@@ -1489,7 +1531,7 @@ class TgWrap():
                 source_config_dir = None
 
             version_tag, _, _ = self._clone_repo(
-                manifest=manifest,
+                repo=manifest['git_repository'],
                 target_dir=temp_dir,
                 version_tag=version_tag,
                 )
@@ -1611,30 +1653,72 @@ class TgWrap():
             except Exception:
                 pass
 
-    def check_deployments(self, manifest_file, working_dir, out):
+    def check_deployments(self, repo_url, levels_deep, working_dir, out):
         """ Check the freshness of deployed configuration versions against the platform repository """
 
-        def locate_version_files(current_directory, found_files=[], root_directory=None, level=1):
+        def locate_version_files(current_directory, found_files=[], root_directory=None, level=1, git_status=''):
             " This tries to find a version file in the current directory, or a given number of directories beneath it"
 
+            # do not include hidden directories
+            if os.path.basename(current_directory).startswith('.'):
+                return found_files
+
             if not root_directory:
                 root_directory = current_directory
 
+            if not git_status:
+                self.printer.verbose(f'Check for git status in directory {current_directory}')
+                # Execute 'git status' to get an overview of the current status
+                cmd = "git status"
+                rc = subprocess.run(
+                    shlex.split(cmd),
+                    cwd=current_directory,
+                    universal_newlines=True,
+                    stdout=subprocess.PIPE,
+                    stderr=subprocess.PIPE,
+                    )
+                output = ('stdout: ' + rc.stdout + 'stderr: ' + rc.stderr).lower()
+                if 'not a git repository' in output:
+                    pass
+                elif 'branch is up to date' in output:
+                    git_status = 'up to date; '
+                elif 'head detached' in output:
+                    git_status = 'head detached; '
+                elif 'untracked files' in output:
+                    git_status = git_status + 'untracked files; '
+                elif 'changes to be committed' in output:
+                    git_status = git_status + 'staged changes; '
+                elif 'changes not staged for commit' in output:
+                    git_status = git_status + 'unstaged changes; '
+                elif 'branch is ahead of' in output:
+                    git_status = git_status + 'ahead of remote; '
+                elif 'branch is behind of' in output:
+                    git_status = git_status + 'behind remote; '
+                elif 'unmerged paths' in output:
+                    git_status = git_status + 'merge conflicts; '
+
             for entry in os.listdir(current_directory):
                 full_entry = os.path.join(current_directory, entry)
-                if os.path.isdir(full_entry) and level < self.LOCATE_VERSION_FILE_MAX_LEVELS:
+
+                if os.path.isdir(full_entry) and level <= levels_deep:
                     found_files = locate_version_files(
                         current_directory=full_entry,
                         found_files=found_files,
                         root_directory=root_directory,
                         level=level+1,
+                        git_status=git_status,
                     )
                 elif entry == self.VERSION_FILE:
-                    found_files.append(os.path.relpath(current_directory, root_directory))
+                    found_files.append(
+                        {
+                            'path': os.path.relpath(current_directory, root_directory),
+                            'git_status': git_status,
+                        }
+                    )
                     
             return found_files
 
-        def get_all_version(repo_dir, min_version=None):
+        def get_all_versions(repo_dir, min_version=None):
             "Get all the version tags from the repo including their data"
 
             # Execute 'git tag' command to get a list of all tags
@@ -1665,25 +1749,27 @@ class TgWrap():
         try:
             # do we have a working dir? 
             working_dir = working_dir if working_dir else os.getcwd()
-            self.printer.header(f'Check released versions ({self.LOCATE_VERSION_FILE_MAX_LEVELS} levels) in directory: {working_dir}')
+            self.printer.header(f'Check released versions (max {levels_deep} levels deep) in directory: {working_dir}')
 
-            result = locate_version_files(working_dir)
+            found_files = locate_version_files(working_dir)
 
             versions = []
-            for location in result:
+            for result in found_files:
                 # Determine the deployed version as defined in the version file
-                with open(os.path.join(working_dir, location, self.VERSION_FILE), 'r') as file:
+                with open(os.path.join(working_dir, result['path'], self.VERSION_FILE), 'r') as file:
+                    # todo: replace this with regex as it is (now) the only reason we use this lib
                     content = hcl2.load(file)
                     try:
                         version_tag = content['locals'][0]['version_tag']
                         versions.append(
                             {
-                                'path': location,
+                                'path': result['path'],
+                                'git_status': result['git_status'],
                                 'tag': version_tag
                             }
                         )
                     except KeyError as e:
-                        versions.append({location: 'unknown'})
+                        versions.append({result: 'unknown'})
 
             self.printer.verbose(f'Detected versions: {versions}')
 
@@ -1700,11 +1786,14 @@ class TgWrap():
             self.printer.verbose(f'Detected minimum version {min_version} and maximum version {max_version}')
 
             temp_dir = os.path.join(tempfile.mkdtemp(prefix='tgwrap-'), "tg-source")
-            manifest = self.load_yaml_file(os.path.join(working_dir, manifest_file))
-            self._clone_repo(manifest=manifest, target_dir=temp_dir)
+            self._clone_repo(
+                repo=repo_url,
+                target_dir=temp_dir,
+                version_tag='latest',
+            )
 
             # determine the version tag from the repo, including their date
-            all_versions = get_all_version(repo_dir=temp_dir, min_version=min_version['tag'])
+            all_versions = get_all_versions(repo_dir=temp_dir, min_version=min_version['tag'])
 
             # so now we can determine how old the deployed versions are
             now = datetime.now(timezone.utc)
@@ -1718,31 +1807,45 @@ class TgWrap():
                     version['days_since_release'] = (now - release_date).days
 
             self.printer.header(
-                'Deployed versions:' if len(versions) > 0 else 'No deployed versions detected'
+                'Deployed versions:' if len(versions) > 0 else 'No deployed versions detected',
+                print_line_before=True,
                 )
-            
+
+            # sort the list based on its path
+            versions = sorted(versions, key=lambda x: x['path'])
+
             for version in versions:
                 days_since_release = version.get("days_since_release", 0)
                 message = f'-> {version["path"]}: {version["tag"]} (released {days_since_release} days ago)'
                 if version['release_date'] == 'unknown':
                     self.printer.normal(message)
-                elif days_since_release > 60:
-                    self.printer.error(message)
-                elif days_since_release > 30:
+                elif days_since_release > 120:
                     self.printer.error(message)
-                elif days_since_release < 7:
+                elif days_since_release > 80:
+                    self.printer.warning(message)
+                elif days_since_release < 40:
                     self.printer.success(message)
                 else:
                     self.printer.normal(message)
 
+                if version.get('git_status'):
+                    message = f'WARNING: git status: {version["git_status"].strip()}'
+                    if not 'up to date' in message:
+                        self.printer.warning(message)
+
             self.printer.normal("\n") # just to get an empty line :-/
             self.printer.warning("""
 Note:
     This result only says something about the freshness of the deployed configurations,
     but not whether the actual resources are in sync with these.
+
     Check the drift of these configurations with the actual deployments by
     planning and analyzing the results.
-            """)
+
+    Also, it uses the locally checked out repositories, make sure these are pulled so that
+    this reflect the most up to date situation!
+            """,
+            print_line_before=True, print_line_after=True)
 
             if out:
                 # use the regular printer, to avoid it being sent to stderr

{tgwrap-0.10.2.dist-info → tgwrap-0.11.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: tgwrap
-Version: 0.10.2
+Version: 0.11.0
 Summary: A (terragrunt) wrapper around a (terraform) wrapper around ....
 Home-page: https://gitlab.com/lunadata/tgwrap
 License: MIT
@@ -72,6 +72,8 @@ And this was not something a bunch of aliases could solve, hence this wrapper wa
 
 When using the run-all, analyzing what is about to be changed is not going to be easier. Hence we created the `tgwrap analyze` function that lists all the planned changes and (if a config file is availabe) calculates a drift score and runs a [terrasafe](https://pypi.org/project/terrasafe/) style validation check.
 
+> you can ignore minor changes, such as tag updates, with `tgwrap analyze -i tags`
+
 It needs a config file as follows:
 
 ```yaml

tgwrap-0.11.0.dist-info/RECORD

@@ -0,0 +1,13 @@
+tgwrap/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+tgwrap/analyze.py,sha256=5C0OcDpOfn6U39QNIoc7V9ePjjcXKbJH6cOVNr9jJ9A,10289
+tgwrap/cli.py,sha256=RYZf7Mb7qJW-q_-qqREi9s2dAu_wpOtvmvB086Y5URQ,32084
+tgwrap/deploy.py,sha256=-fSk-Ix_HqrXY7KQX_L27TnFzIuhBHYv4xYJW6zRDN4,10243
+tgwrap/inspector-resources-template.yml,sha256=Mos8NDzzZ3VxdXgeiVL9cmQfRcIXIHMLf79_KLwdXu8,3297
+tgwrap/inspector.py,sha256=5pW7Ex1lkKRoXY6hZGbCNmSD2iRzgMSfqi9w7gb-AcY,16990
+tgwrap/main.py,sha256=rCdrsu1J4biQj7IDqF0AaR-s7DL-cQ2DTt50zAfjZ8M,93702
+tgwrap/printer.py,sha256=frn1PARd8A28mkRCYR6ybN2x0NBULhNOutn4l2U7REY,2754
+tgwrap-0.11.0.dist-info/LICENSE,sha256=VT-AVxIXt3EQTC-7Hy1uPGnrDNJLqfcgLgJD78fiyx4,1065
+tgwrap-0.11.0.dist-info/METADATA,sha256=10rGGUHsLlUTxMGsbhltzdi8bd2QNHkmE_uQ9fHMs8Q,17560
+tgwrap-0.11.0.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
+tgwrap-0.11.0.dist-info/entry_points.txt,sha256=H8X0PMPmd4aW7Y9iyChZ0Ug6RWGXqhRUvHH-6f6Mxz0,42
+tgwrap-0.11.0.dist-info/RECORD,,

tgwrap-0.10.2.dist-info/RECORD

@@ -1,13 +0,0 @@
-tgwrap/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-tgwrap/analyze.py,sha256=TJvAKVIbWl8-8oxpTwXVBWU72q_XQKzUTlyMZ25cV2M,8728
-tgwrap/cli.py,sha256=0SFzLJA-deut81Mpt6Giq77WK26vTDcajyFnPIHXR5c,31649
-tgwrap/deploy.py,sha256=-fSk-Ix_HqrXY7KQX_L27TnFzIuhBHYv4xYJW6zRDN4,10243
-tgwrap/inspector-resources-template.yml,sha256=Mos8NDzzZ3VxdXgeiVL9cmQfRcIXIHMLf79_KLwdXu8,3297
-tgwrap/inspector.py,sha256=5pW7Ex1lkKRoXY6hZGbCNmSD2iRzgMSfqi9w7gb-AcY,16990
-tgwrap/main.py,sha256=WKxlREE4QmdZKTHivhWa3K5yI40amGlmjBs4y7oCTqw,88748
-tgwrap/printer.py,sha256=frn1PARd8A28mkRCYR6ybN2x0NBULhNOutn4l2U7REY,2754
-tgwrap-0.10.2.dist-info/LICENSE,sha256=VT-AVxIXt3EQTC-7Hy1uPGnrDNJLqfcgLgJD78fiyx4,1065
-tgwrap-0.10.2.dist-info/METADATA,sha256=TMYitOkytrAQdGcEIeCOeiyKLg5yAFtgnmiupyLiJjo,17476
-tgwrap-0.10.2.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
-tgwrap-0.10.2.dist-info/entry_points.txt,sha256=H8X0PMPmd4aW7Y9iyChZ0Ug6RWGXqhRUvHH-6f6Mxz0,42
-tgwrap-0.10.2.dist-info/RECORD,,