testing new version

Author: RkSinghDeo

devolv/__init__.py

@@ -1,2 +1,2 @@
-__version__ = "0.2.27"
+__version__ = "0.2.28"
 

devolv/drift/cli.py

@@ -39,24 +39,18 @@ def push_branch(branch_name: str):
         raise typer.Exit(1)
 
 def detect_drift(local_doc, aws_doc) -> bool:
-    """Detect removal drift: AWS has permissions missing from local (danger)."""
     local_statements = {json.dumps(s, sort_keys=True) for s in local_doc.get("Statement", [])}
     aws_statements = {json.dumps(s, sort_keys=True) for s in aws_doc.get("Statement", [])}
 
     missing_in_local = aws_statements - local_statements
 
     if missing_in_local:
         typer.echo("❌ Drift detected: Local is missing permissions present in AWS.")
-        # No need to print each JSON line — rich diff will handle details
         return True
 
     typer.echo("✅ No removal drift detected (local may have extra permissions; that's fine).")
     return False
 
-
-    typer.echo("✅ No removal drift detected (local may have extra permissions; that's fine).")
-    return False
-
 @app.command()
 def drift(
     policy_name: str = typer.Option(..., "--policy-name", help="Name of the IAM policy"),
@@ -102,7 +96,11 @@ def drift(
         raise typer.Exit(1)
 
     assignees = [a.strip() for a in approvers.split(",") if a.strip()]
-    issue_num, _ = create_approval_issue(repo_full_name, token, policy_name, assignees=assignees)
+    
+    # 💡 Pass drift_detected to dynamically control issue body
+    issue_num, _ = create_approval_issue(
+        repo_full_name, token, policy_name, assignees=assignees, drift_detected=drift_detected
+    )
     issue_url = f"https://github.com/{repo_full_name}/issues/{issue_num}"
     typer.echo(f"✅ Approval issue created: {issue_url}")
 
@@ -122,6 +120,22 @@ def drift(
         typer.echo(f"✅ AWS policy {policy_arn} updated with superset of local + AWS.")
         _update_local_and_create_pr(superset_doc, policy_file, repo_full_name, policy_name, issue_num, token, "with superset of local + AWS")
 
+    elif choice == "accept":
+        typer.echo("✅ Approval received: no changes required. Closing issue.")
+        gh = Github(token)
+        repo = gh.get_repo(repo_full_name)
+        issue = repo.get_issue(number=issue_num)
+        issue.create_comment("✅ Approved current state. No action needed.")
+        issue.edit(state="closed")
+
+    elif choice == "reject":
+        typer.echo("❌ Approval rejected: no changes made. Closing issue.")
+        gh = Github(token)
+        repo = gh.get_repo(repo_full_name)
+        issue = repo.get_issue(number=issue_num)
+        issue.create_comment("❌ Rejected current state. No action taken.")
+        issue.edit(state="closed")
+
     else:
         typer.echo("⏭ No synchronization performed (skip).")
 

devolv/drift/github_approvals.py

@@ -17,26 +17,48 @@ def _get_github_repo(repo_full_name: str):
     gh = Github(_get_github_token())
     return gh.get_repo(repo_full_name)
 
-def create_github_issue(repo: str, title: str, body: str, assignees: list) -> tuple:
+def create_github_issue(repo: str, policy_name: str, assignees: list, drift_detected: bool = True) -> tuple:
     """
-    Create a GitHub issue and return (number, url)
+    Create a GitHub issue with dynamic body based on drift_detected.
+    Returns (issue number, issue URL)
     """
     try:
         repo_obj = _get_github_repo(repo)
+        approver_list = ", ".join([f"@{a}" for a in assignees]) if assignees else "anyone"
+
+        title = f"Approval needed for IAM policy: {policy_name}"
+        if drift_detected:
+            body = (
+                f"Please review and approve the sync for `{policy_name}`.\n\n"
+                f"✅ **Allowed approvers:** {approver_list}\n\n"
+                "**Reply with one of the following commands to proceed:**\n"
+                "- `local->aws` → Apply local policy changes to AWS\n"
+                "- `aws->local` → Update local policy file from AWS\n"
+                "- `aws<->local` → Sync both ways (superset, update AWS + local)\n"
+                "- `skip` → Skip this sync"
+            )
+        else:
+            body = (
+                f"Please review and approve the current state for `{policy_name}` (✅ No drift detected).\n\n"
+                f"✅ **Allowed approvers:** {approver_list}\n\n"
+                "**Reply with one of the following commands to proceed:**\n"
+                "- `accept` → Approve the current state, no further action\n"
+                "- `reject` → Reject the current state (no changes will be made)"
+            )
+
         issue = repo_obj.create_issue(title=title, body=body, assignees=assignees)
         print(f"✅ Created issue #{issue.number} in {repo}: {issue.html_url}")
         return issue.number, issue.html_url
+
     except Exception as e:
         print(f"❌ Failed to create issue in {repo}: {e}")
         raise
 
 def create_github_pr(repo: str, head_branch: str, title: str, body: str, base: str = "main", issue_num: int = None) -> tuple:
     """
-    Create a GitHub PR. If issue_num is provided, comment on the issue.
-    Return (PR number, PR URL).
+    Create a GitHub PR. Optionally comments on linked issue.
+    Returns (PR number, PR URL)
     """
-    from github import Github
-
     try:
         repo_obj = _get_github_repo(repo)
         pr = repo_obj.create_pull(
@@ -45,35 +67,29 @@ def create_github_pr(repo: str, head_branch: str, title: str, body: str, base: s
             head=head_branch,
             base=base
         )
-        #print(f"✅ Created PR #{pr.number} in {repo}: {pr.html_url}")
 
         if issue_num:
             issue = repo_obj.get_issue(number=issue_num)
-            issue.create_comment(f"A PR has been created for this sync: {pr.html_url}")
-        
+            issue.create_comment(f"✅ PR created and linked: {pr.html_url}")
+
+        print(f"✅ Created PR #{pr.number} in {repo}: {pr.html_url}")
         return pr.number, pr.html_url
 
     except Exception as e:
-        print(f"❌ Failed to create PR: {e}")
+        print(f"❌ Failed to create PR in {repo}: {e}")
         raise
 
 def push_branch(branch_name: str):
-    import subprocess
-    import typer
-
+    """
+    Create, commit to, and push a git branch, rebasing if needed.
+    """
     try:
-        # Create or switch to branch safely
         subprocess.run(["git", "checkout", "-B", branch_name], check=True)
-
-        # Ensure Git identity is set
         subprocess.run(["git", "config", "user.email", "github-actions@users.noreply.github.com"], check=True)
         subprocess.run(["git", "config", "user.name", "github-actions"], check=True)
-
-        # Add, commit
         subprocess.run(["git", "add", "."], check=True)
         subprocess.run(["git", "commit", "-m", f"Update policy: {branch_name}"], check=True)
 
-        # Try pushing
         try:
             subprocess.run(["git", "push", "--set-upstream", "origin", branch_name], check=True)
         except subprocess.CalledProcessError:
@@ -86,5 +102,3 @@ def push_branch(branch_name: str):
     except subprocess.CalledProcessError as e:
         typer.echo(f"❌ Git command failed: {e}")
         raise typer.Exit(1)
-
-

devolv/drift/issues.py

@@ -1,33 +1,41 @@
 from github import Github
 import time
 
-def create_approval_issue(repo_full_name, token, policy_name, assignees=None):
+def create_approval_issue(repo_full_name, token, policy_name, assignees=None, drift_detected=True):
     gh = Github(token)
     repo = gh.get_repo(repo_full_name)
 
     approver_list = ", ".join([f"@{a}" for a in assignees]) if assignees else "anyone"
 
     title = f"Approval needed for IAM policy: {policy_name}"
-    body = (
-        f"Please review and approve the sync for `{policy_name}`.\n\n"
-        f"✅ **Allowed approvers:** {approver_list}\n\n"
-        "**Reply with one of the following commands to proceed:**\n"
-        "- `local->aws` → Apply local policy changes to AWS\n"
-        "- `aws->local` → Update local policy file from AWS\n"
-        "- `aws<->local` → Sync both ways (superset, update AWS + local)\n"
-        "- `skip` → Skip this sync"
-    )
+
+    if drift_detected:
+        body = (
+            f"Please review and approve the sync for `{policy_name}`.\n\n"
+            f"✅ **Allowed approvers:** {approver_list}\n\n"
+            "**Reply with one of the following commands to proceed:**\n"
+            "- `local->aws` → Apply local policy changes to AWS\n"
+            "- `aws->local` → Update local policy file from AWS\n"
+            "- `aws<->local` → Sync both ways (superset, update AWS + local)\n"
+            "- `skip` → Skip this sync"
+        )
+    else:
+        body = (
+            f"Please review and approve the current state for `{policy_name}` (✅ No drift detected).\n\n"
+            f"✅ **Allowed approvers:** {approver_list}\n\n"
+            "**Reply with one of the following commands to proceed:**\n"
+            "- `accept` → Approve the current state, no further action\n"
+            "- `reject` → Reject the current state (no changes will be made)"
+        )
 
     issue = repo.create_issue(
         title=title,
         body=body,
         assignees=assignees or []
     )
 
-    #print(f"✅ Created issue #{issue.number} in {repo_full_name}: {issue.html_url}")
     return issue.number, issue.html_url
 
-
 def wait_for_sync_choice(repo_full_name, issue_number, token, allowed_approvers=None):
     g = Github(token)
     repo = g.get_repo(repo_full_name)
@@ -45,7 +53,7 @@ def wait_for_sync_choice(repo_full_name, issue_number, token, allowed_approvers=
                 print(f"Ignoring comment from unauthorized user: {commenter}")
                 continue
 
-            if content in ["local->aws", "aws->local", "aws<->local", "skip"]:
+            if content in ["local->aws", "aws->local", "aws<->local", "skip","accept", "reject"]:
                 return content
 
         print("Waiting for approval comment...")