export async function evaluateAmiTaggingCoverage()

in packages/obligatron/src/obligations/tagging.ts [69:124]


export async function evaluateAmiTaggingCoverage(
	db: PrismaClient,
): Promise<ObligationResult[]> {
	// The tagging obligation currently only applies to accounts owned by P&E
	const filteredAccounts = await db.aws_accounts.findMany({
		where: { is_product_and_engineering: true },
	});

	const accountIds = filteredAccounts.map((_) => _.id);

	logger.log({
		message: `Evaluating AMI tagging for ${accountIds.length} accounts`,
	});

	const records: aws_ec2_images[] = await db.aws_ec2_images.findMany({
		where: {
			account_id: {
				equals: db.aws_ec2_images.fields.owner_id,
				in: accountIds,
			},
		},
	});

	const amiTags = [
		// The "core" tags
		'Stack',
		'Stage',
		'App',
		'gu:repo',

		// Tags added by AMIgo
		'AmigoStage',
		'SourceAMI',
		'BuildNumber',
		'BuiltBy',
		'Recipe',
		'BakeId',
	];

	const obligationResults = records.flatMap<ObligationResult | undefined>(
		(record) => {
			const tagKeys = Object.keys(record.tags as Prisma.JsonObject);

			const missingTags = amiTags.filter((tag) => !tagKeys.includes(tag));
			logger.log({
				message: `AMI ${record.arn} is missing tags: ${missingTags.join(', ')}`,
			});

			return missingTags.map<ObligationResult | undefined>((tag) => {
				return createObligationResult(record, tag);
			});
		},
	);

	return obligationResults.filter((_) => _ !== undefined);
}