Carry quota severity on the struct, not per-reader#24
Merged
Conversation
cloud.QuotaUsage recomputed its severity from Utilization at every read site
(JSON output, the quota summary, comparison normalization, and the HTML
report). Severity now travels with the finding instead.
- cloud.QuotaUsage gains a Severity field (json:"severity").
- The AWS provider's ListQuotas sets it once, derived from utilization, so
it's the single source of truth and is serialized in --output json.
- A QuotaUsage.EffectiveSeverity() accessor returns the stored Severity,
falling back to QuotaSeverity(Utilization) when unset — keeping reports
saved before the field (and hand-built test data) correct.
- WriteQuotas, quota.Summarize, compare.normalizeQuotas, and the report
generator now read EffectiveSeverity() rather than recomputing.
The other findingless structs (OrphanResource, CostDiff, InventoryResource)
carry no severity by nature, so QuotaUsage was the one that needed this.
Tests: EffectiveSeverity (stored value wins; fallback computes from
utilization) and ListQuotas sets Severity on every quota. All read sites
verified converted by grep.
This is sub-item 9a of the output-renderer cleanup. 9b — splitting the
715-line output/table.go into per-domain files — is reframed from the
original "runtime FindingRenderer registry": commands dispatch
type-specifically, the renderers have heterogeneous signatures, and the one
generic consumer already routes through compare.NormalizeReport, so a
uniform any-typed registry would cost type safety with no caller that needs
it. The achievable win is the per-domain file split.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
cloud.QuotaUsagerecomputed its severity fromUtilizationat every read site — JSON output (WriteQuotas), the quota summary (quota.Summarize), comparison normalization (compare.normalizeQuotas), and the HTMLreportgenerator. Severity now travels with the finding.How
cloud.QuotaUsagegains aSeverityfield (json:"severity").ListQuotassets it once (derived from utilization) — the single source of truth, now serialized in--output json.QuotaUsage.EffectiveSeverity()accessor returns the storedSeverity, falling back toQuotaSeverity(Utilization)when unset — keeps reports saved before the field (and hand-built test data) correct.EffectiveSeverity()instead of recomputing.The other findingless structs (
OrphanResource,CostDiff,InventoryResource) carry no severity by nature, soQuotaUsagewas the one that needed this.Tests
EffectiveSeverity(stored value wins; fallback computes from utilization) andListQuotassetsSeverityon every quota. All read sites verified converted by grep.task build/go test ./.../go vet/golangci-lintgreen.Scope note
This is sub-item 9a of the output-renderer cleanup. 9b — splitting the 715-line
output/table.gointo per-domain files — is reframed from the original "runtimeFindingRendererregistry": commands dispatch type-specifically (compile-time-safe), the renderers have heterogeneous signatures (IAM principal counts, audit*Report, compareCompareResult), and the one generic consumer (report) already routes through the centralizedcompare.NormalizeReportswitch — so a uniformany-typed registry would cost type safety with no caller that needs it. The achievable win is the per-domain file split.