Skip to content

Add Deterministic analyze Support for PowerCLI Scripts#95

Merged
tsanders-rh merged 7 commits into
mainfrom
feature/issue-94-powercli-analyzer
Feb 15, 2026
Merged

Add Deterministic analyze Support for PowerCLI Scripts#95
tsanders-rh merged 7 commits into
mainfrom
feature/issue-94-powercli-analyzer

Conversation

@tsanders-rh

Copy link
Copy Markdown
Owner

Summary

Implements deterministic gap analysis for PowerCLI scripts, bringing PowerCLI to feature parity with vRealize workflows.

Closes #94

Changes

1. PowerCLI Analyzer Module (ops_translate/analyze/powercli.py)

Regex-based PowerShell parsing (MVP approach):

  • VMware cmdlet detection (New-VM, Set-VM, Get-VM, Start-VM, Stop-VM, etc.)
    • Organized by category: vm_lifecycle, compute, networking, storage, tagging
  • NSX cmdlet detection (Get-Nsx*, New-Nsx*, Set-Nsx*, etc.)
    • Categories: security_groups, firewall_rules, load_balancers, segments, tier_gateways
  • REST API call detection (Invoke-RestMethod, Invoke-WebRequest, curl)
  • Line-number tracking for evidence
  • Confidence scoring (0.0-0.95)
  • Complexity calculation (0-100 scale)

Output contract matches vRealize analyzer:

{
    "source_file": "script.ps1",
    "signals": {"vmware_cmdlets": 5, "nsx_cmdlets": 2, "rest_calls": 0},
    "confidence": "high",
    "evidence": [...],
    "vmware_operations": {...},
    "nsx_operations": {...},
    "rest_api_calls": [...],
    "complexity_score": 15,
    "has_external_dependencies": True
}

2. CLI Integration (ops_translate/cli.py)

Updated analyze command:

  • Finds .xml files in input/vrealize/ AND .ps1 files in input/powercli/
  • Routes to appropriate analyzer based on file extension
  • Unified caching for both file types
  • Combined gap reports merging both sources
  • Updated messaging: "Analyzing automation" instead of "Analyzing workflows"

CLI Output:

Analyzing automation for external dependencies...

Found 2 vRealize workflow(s) to analyze
Found 2 PowerCLI script(s) to analyze
Analyzing 4 changed file(s)

Analyzing simple-vm.ps1...
  ⚠ simple-vm.ps1: Found external dependencies

3. VMware Cmdlet Classifier (ops_translate/intent/classifiers/vmware_cmdlets.py)

Handles PowerCLI analyzer output:

  • Classifies vmware_operations detections
  • All basic VMware operations → SUPPORTED
  • Maps to KubeVirt/OpenShift equivalents:
    • VM lifecycle → VirtualMachine/virtctl
    • Compute → resources.requests/limits
    • Networking → Pod networking/NAD
    • Storage → PVC/DataVolume
    • Tagging → labels/annotations

4. Updated Demo (demo.sh)

Now showcases both sources:

  • Imports PowerCLI scripts (simple-vm.ps1, environment-aware.ps1) for SUPPORTED examples
  • Imports vRealize workflows (NSX-heavy) for BLOCKED examples
  • Demonstrates multi-source analysis in single workflow

Testing

Tested with simple-vm.ps1:

✓ Correctly detects 2 vm_lifecycle operations (New-VM, Start-VM)
✓ Classifies as Fully Supported
✓ Generates proper gap analysis report
✓ Maps to KubeVirt VirtualMachine

Gap Analysis Output:

### ✅ Fully Supported Components

#### VMware Vm Lifecycle

**OpenShift Equivalent**: KubeVirt VirtualMachine

**Recommendations**:
- VM lifecycle operations map directly to KubeVirt
- New-VM → VirtualMachine manifest
- Start-VM → virtctl start
- Stop-VM → virtctl stop

Impact

✅ PowerCLI scripts now get deterministic gap analysis
✅ SUPPORTED/PARTIAL/BLOCKED classifications work for PowerCLI
✅ HTML reports show PowerCLI analysis
✅ Decision Interview compatible
✅ True parity between vRealize and PowerCLI

Design Principle

This feature reinforces:

We do not guess.
We detect, classify, and make risk visible.

PowerCLI now meets the same deterministic bar as vRealize workflows.

Implements deterministic analysis for PowerCLI scripts to match vRealize
workflow analysis capabilities (issue #94).

New module: ops_translate/analyze/powercli.py
- Regex-based PowerShell parsing (MVP approach)
- VMware cmdlet detection (New-VM, Set-VM, Get-VM, etc.)
  * Organized by category: vm_lifecycle, compute, networking, storage, tagging
- NSX cmdlet detection (Get-Nsx*, New-Nsx*, etc.)
  * Categories: security_groups, firewall_rules, load_balancers, segments, tier_gateways
- REST API call detection (Invoke-RestMethod, Invoke-WebRequest, curl)
- Line-number tracking for evidence
- Confidence scoring matching vRealize analyzer
- Complexity calculation (0-100 scale)

CLI integration: ops_translate/cli.py
- Updated analyze command to support both vRealize and PowerCLI
- Finds .xml files in input/vrealize/ AND .ps1 files in input/powercli/
- Routes to appropriate analyzer based on file extension
- Unified caching for both file types
- Combined gap reports merging both sources
- Updated messaging to reflect multi-source support

Output contract matches vRealize analyzer:
- source_file, signals, confidence, evidence
- vmware_operations, nsx_operations, rest_api_calls
- complexity_score, has_external_dependencies

This enables:
- Gap analysis for PowerCLI scripts
- SUPPORTED/PARTIAL/BLOCKED classifications for PowerCLI
- HTML reports showing PowerCLI analysis
- Decision Interview compatibility
- True parity between vRealize and PowerCLI analysis
Changes:
- Import PowerCLI scripts (simple-vm.ps1, environment-aware.ps1) instead of vRealize workflows for simple examples
- Keep complex vRealize workflows with NSX for BLOCKED examples
- Update all messaging to reflect 'vRealize workflows or PowerCLI scripts'
- Update wrap-up to show both PowerCLI and vRealize sources
- Emphasize that gap analysis now works for BOTH sources

This demonstrates the full capability of the PowerCLI analyzer:
- SUPPORTED classifications for simple PowerCLI scripts
- BLOCKED classifications for NSX components in vRealize
- Multi-source analysis in a single workflow
Creates classifier to handle VMware PowerCLI cmdlet detections from the
PowerCLI analyzer (issue #94).

New classifier: ops_translate/intent/classifiers/vmware_cmdlets.py
- Handles vmware_operations from PowerCLI analyzer
- Classifies by category: vm_lifecycle, compute, networking, storage, tagging
- All basic VMware operations classified as SUPPORTED
- Maps to KubeVirt/OpenShift equivalents:
  * VM lifecycle → VirtualMachine/virtctl
  * Compute → resources.requests/limits
  * Networking → Pod networking/NetworkAttachmentDefinition
  * Storage → PVC/DataVolume
  * Tagging → labels/annotations

Classification rules match translatability:
- New-VM, Start-VM, Stop-VM → SUPPORTED (direct KubeVirt mapping)
- Get-VMHost, Get-Cluster → SUPPORTED (node/cluster selectors)
- Get-Datastore, New-HardDisk → SUPPORTED (StorageClass/PVC)
- New-TagAssignment → SUPPORTED (labels/annotations)

Tested with simple-vm.ps1:
- Correctly detects 2 vm_lifecycle operations
- Classifies as Fully Supported
- Generates proper gap analysis report
@codecov-commenter

codecov-commenter commented Feb 14, 2026

Copy link
Copy Markdown

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

❌ Patch coverage is 74.35065% with 79 lines in your changes missing coverage. Please review.
✅ Project coverage is 73.24%. Comparing base (3c35128) to head (8b865d8).

Files with missing lines Patch % Lines
ops_translate/cli.py 0.00% 36 Missing ⚠️
ops_translate/intent/classifiers/vmware_cmdlets.py 35.89% 25 Missing ⚠️
ops_translate/analyze/powercli.py 92.27% 18 Missing ⚠️
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.
Additional details and impacted files
@@            Coverage Diff             @@
##             main      #95      +/-   ##
==========================================
+ Coverage   72.99%   73.24%   +0.24%     
==========================================
  Files          63       65       +2     
  Lines        7936     8222     +286     
==========================================
+ Hits         5793     6022     +229     
- Misses       2143     2200      +57     
Flag Coverage Δ
unittests 73.24% <74.35%> (+0.24%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

- Add 25 unit tests covering all detection functions (92% coverage):
  - VMware cmdlet detection (5 tests)
  - NSX cmdlet detection (4 tests)
  - REST API detection (3 tests)
  - Risk signal detection (7 tests)
  - Complexity calculation (2 tests)
  - Full analysis integration (4 tests)

- Fix endpoint detection to match bare domain names (e.g., vcenter.example.com)
  - Added third regex pattern for domains without protocol prefix

- Fix has_external_dependencies calculation
  - Now correctly checks if any category has detections
  - Previously returned True for empty scripts with empty category dicts

All tests pass. Resolves critical gaps from issue #94.
- Add helper function _is_nsx_api_call() to detect NSX-V and NSX-T API patterns
  - NSX-V: /api/2.0/ or /api/v2.0/
  - NSX-T: /policy/api/ or /api/v1/policy

- Enhance detect_rest_calls() to flag NSX API calls:
  - Add 'nsx_api' boolean field
  - Add 'nsx_version' field ("NSX-V", "NSX-T", or None)
  - Increase confidence to 0.95 for NSX API calls (from 0.9/0.85)

- Add 3 new tests:
  - test_detect_nsx_v_api() - Verifies NSX-V API detection
  - test_detect_nsx_t_api() - Verifies NSX-T API detection
  - test_detect_non_nsx_rest_call() - Ensures non-NSX calls aren't flagged

All 28 tests pass. Resolves final acceptance criterion from issue #94.
- Shorten comment lines in endpoint patterns
- Shorten recommendation strings to fit 100-char limit
- Refactor test URIs to use variable composition
- Fix import ordering in cli.py (auto-fixed by ruff)
- Remove unnecessary mode argument in open() (auto-fixed by ruff)
@tsanders-rh tsanders-rh merged commit 67e61a0 into main Feb 15, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

🚧 Add Deterministic analyze Support for PowerCLI Scripts

2 participants