feat(audit): flag unexpected resources (ok/unexpected + Reason); finish DynamoDB removal#83
Merged
Merged
Conversation
…namoDB removal `yolo audit` now classifies a fourth status, `orphan`: a resource carrying a YOLO ownership marker but of an AWS service YOLO no longer provisions (it has no `Resources/` class, so a sync would never recreate it). Driven by `Audit::SERVICE_BY_RESOURCE_GROUP`, whose keys mirror the `src/Resources/*` directories — enforced by ManagedServicesTest — so dropping a service dir auto-surfaces its leftovers and a still-managed service is never false-flagged. This makes the DynamoDB sessions table left behind by #80 visible: it's still tagged `yolo:app=<live app>` (so the ownership test alone read it as `ok`), but YOLO has no DynamoDB resource any more, so it now shows as `orphan` — a clear teardown candidate. Orphan takes precedence over ok/drift and is surfaced via a warning + a red label, ordered cleanup-first within its scope. Also finishes scrubbing DynamoDB from the codebase: - drop the `session.driver: dynamodb` special-case in the manifest validator (the generic allow-list already rejects it) and its dedicated test - remove the DynamoDB tombstone assertions/comments from the IAM and env-step tests - fix the `yolo.yml` stub that still advertised `dynamodb` as the default session driver, and the manifest-reference deprecation note Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Following review: the four-way ok/drift/orphan/rogue taxonomy overloaded
"drift" — which already means attribute-level config mismatch in `yolo sync` —
and made the labels hard to keep straight. Audit is an ownership/inventory
check (tags + ARN service + cluster liveness), never a config check, so it
really has just two outcomes:
- `ok` — accounted for
- `unexpected` — not accounted for, with a `reason`:
- `no ownership tag` (was rogue)
- `service no longer provisioned` (was orphan — the DynamoDB table)
- `app cluster gone` (was drift)
The cause moves from a one-word status into a Reason column — a sentence beats
a label, and "drift" now means exactly one thing across YOLO. The `--drift`
flag becomes `--unexpected`.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
stevethomas
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hey, I made a thing! 🥳
What problems are you solving?
Three things, all downstream of #80 (dropping DynamoDB sessions for Valkey):
yolo auditcouldn't see the leftover DynamoDB table. After feat(sessions): drop DynamoDB, move sessions onto the Valkey cluster #80 deleted YOLO's DynamoDB support, the per-app sessions table still lives in AWS — and it's still taggedyolo:app=<live app>, so audit's ownership test read it as fine. Audit had no way to know YOLO had stopped provisioning that kind of resource.Audit now flags it. A resource carrying a YOLO ownership marker but of an AWS service YOLO no longer has a
Resources/class for is surfaced — driven byAudit::SERVICE_BY_RESOURCE_GROUP, whose keys mirror thesrc/Resources/*directories (enforced byManagedServicesTest). So it's correct by construction: dropping a service directory auto-surfaces its leftovers, and a still-managed service is never false-flagged.yolo audit productionnow shows the DynamoDB sessions table as a teardown candidate.Audit's status vocabulary was confusing — collapsed to two statuses + a Reason column. The original
ok/drift/orphan/roguetaxonomy overloaded "drift", which already means attribute-level config mismatch inyolo sync. Audit is an ownership/inventory check — tags, ARN service, and whether the owning app's cluster is live — and it never inspects a resource's configuration. So it really has two outcomes:okunexpectedThe cause moves into a Reason column:
no ownership tag(was rogue),service no longer provisioned(was orphan — the DynamoDB case),app cluster gone(was drift). A sentence beats a one-word label, and "drift" now means exactly one thing across YOLO. The--driftflag becomes--unexpected.Finish scrubbing DynamoDB from the codebase. feat(sessions): drop DynamoDB, move sessions onto the Valkey cluster #80 left tombstones + one stale default: dropped the
session.driver: dynamodbspecial-case in the manifest validator (the generic allow-list already rejects it) and its dedicated test; removed the DynamoDB absence-assertions from the IAM/env-step tests; fixed theyolo.ymlstub that still advertiseddynamodbas the default session driver, and the manifest-reference deprecation note.Is there anything the reviewer needs to know to deploy this?
unexpected/service no longer provisionedinyolo audit production; teardown is a manualaws dynamodb delete-tableonce confirmed.🤖 Generated with Claude Code