in packages/obligatron/src/obligations/tagging.ts [69:124]
export async function evaluateAmiTaggingCoverage(
db: PrismaClient,
): Promise<ObligationResult[]> {
// The tagging obligation currently only applies to accounts owned by P&E
const filteredAccounts = await db.aws_accounts.findMany({
where: { is_product_and_engineering: true },
});
const accountIds = filteredAccounts.map((_) => _.id);
logger.log({
message: `Evaluating AMI tagging for ${accountIds.length} accounts`,
});
const records: aws_ec2_images[] = await db.aws_ec2_images.findMany({
where: {
account_id: {
equals: db.aws_ec2_images.fields.owner_id,
in: accountIds,
},
},
});
const amiTags = [
// The "core" tags
'Stack',
'Stage',
'App',
'gu:repo',
// Tags added by AMIgo
'AmigoStage',
'SourceAMI',
'BuildNumber',
'BuiltBy',
'Recipe',
'BakeId',
];
const obligationResults = records.flatMap<ObligationResult | undefined>(
(record) => {
const tagKeys = Object.keys(record.tags as Prisma.JsonObject);
const missingTags = amiTags.filter((tag) => !tagKeys.includes(tag));
logger.log({
message: `AMI ${record.arn} is missing tags: ${missingTags.join(', ')}`,
});
return missingTags.map<ObligationResult | undefined>((tag) => {
return createObligationResult(record, tag);
});
},
);
return obligationResults.filter((_) => _ !== undefined);
}