Add Deterministic analyze Support for PowerCLI Scripts#95
Merged
Conversation
Implements deterministic analysis for PowerCLI scripts to match vRealize workflow analysis capabilities (issue #94). New module: ops_translate/analyze/powercli.py - Regex-based PowerShell parsing (MVP approach) - VMware cmdlet detection (New-VM, Set-VM, Get-VM, etc.) * Organized by category: vm_lifecycle, compute, networking, storage, tagging - NSX cmdlet detection (Get-Nsx*, New-Nsx*, etc.) * Categories: security_groups, firewall_rules, load_balancers, segments, tier_gateways - REST API call detection (Invoke-RestMethod, Invoke-WebRequest, curl) - Line-number tracking for evidence - Confidence scoring matching vRealize analyzer - Complexity calculation (0-100 scale) CLI integration: ops_translate/cli.py - Updated analyze command to support both vRealize and PowerCLI - Finds .xml files in input/vrealize/ AND .ps1 files in input/powercli/ - Routes to appropriate analyzer based on file extension - Unified caching for both file types - Combined gap reports merging both sources - Updated messaging to reflect multi-source support Output contract matches vRealize analyzer: - source_file, signals, confidence, evidence - vmware_operations, nsx_operations, rest_api_calls - complexity_score, has_external_dependencies This enables: - Gap analysis for PowerCLI scripts - SUPPORTED/PARTIAL/BLOCKED classifications for PowerCLI - HTML reports showing PowerCLI analysis - Decision Interview compatibility - True parity between vRealize and PowerCLI analysis
Changes: - Import PowerCLI scripts (simple-vm.ps1, environment-aware.ps1) instead of vRealize workflows for simple examples - Keep complex vRealize workflows with NSX for BLOCKED examples - Update all messaging to reflect 'vRealize workflows or PowerCLI scripts' - Update wrap-up to show both PowerCLI and vRealize sources - Emphasize that gap analysis now works for BOTH sources This demonstrates the full capability of the PowerCLI analyzer: - SUPPORTED classifications for simple PowerCLI scripts - BLOCKED classifications for NSX components in vRealize - Multi-source analysis in a single workflow
Creates classifier to handle VMware PowerCLI cmdlet detections from the PowerCLI analyzer (issue #94). New classifier: ops_translate/intent/classifiers/vmware_cmdlets.py - Handles vmware_operations from PowerCLI analyzer - Classifies by category: vm_lifecycle, compute, networking, storage, tagging - All basic VMware operations classified as SUPPORTED - Maps to KubeVirt/OpenShift equivalents: * VM lifecycle → VirtualMachine/virtctl * Compute → resources.requests/limits * Networking → Pod networking/NetworkAttachmentDefinition * Storage → PVC/DataVolume * Tagging → labels/annotations Classification rules match translatability: - New-VM, Start-VM, Stop-VM → SUPPORTED (direct KubeVirt mapping) - Get-VMHost, Get-Cluster → SUPPORTED (node/cluster selectors) - Get-Datastore, New-HardDisk → SUPPORTED (StorageClass/PVC) - New-TagAssignment → SUPPORTED (labels/annotations) Tested with simple-vm.ps1: - Correctly detects 2 vm_lifecycle operations - Classifies as Fully Supported - Generates proper gap analysis report
|
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #95 +/- ##
==========================================
+ Coverage 72.99% 73.24% +0.24%
==========================================
Files 63 65 +2
Lines 7936 8222 +286
==========================================
+ Hits 5793 6022 +229
- Misses 2143 2200 +57
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
- Add 25 unit tests covering all detection functions (92% coverage): - VMware cmdlet detection (5 tests) - NSX cmdlet detection (4 tests) - REST API detection (3 tests) - Risk signal detection (7 tests) - Complexity calculation (2 tests) - Full analysis integration (4 tests) - Fix endpoint detection to match bare domain names (e.g., vcenter.example.com) - Added third regex pattern for domains without protocol prefix - Fix has_external_dependencies calculation - Now correctly checks if any category has detections - Previously returned True for empty scripts with empty category dicts All tests pass. Resolves critical gaps from issue #94.
- Add helper function _is_nsx_api_call() to detect NSX-V and NSX-T API patterns
- NSX-V: /api/2.0/ or /api/v2.0/
- NSX-T: /policy/api/ or /api/v1/policy
- Enhance detect_rest_calls() to flag NSX API calls:
- Add 'nsx_api' boolean field
- Add 'nsx_version' field ("NSX-V", "NSX-T", or None)
- Increase confidence to 0.95 for NSX API calls (from 0.9/0.85)
- Add 3 new tests:
- test_detect_nsx_v_api() - Verifies NSX-V API detection
- test_detect_nsx_t_api() - Verifies NSX-T API detection
- test_detect_non_nsx_rest_call() - Ensures non-NSX calls aren't flagged
All 28 tests pass. Resolves final acceptance criterion from issue #94.
- Shorten comment lines in endpoint patterns - Shorten recommendation strings to fit 100-char limit - Refactor test URIs to use variable composition - Fix import ordering in cli.py (auto-fixed by ruff) - Remove unnecessary mode argument in open() (auto-fixed by ruff)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements deterministic gap analysis for PowerCLI scripts, bringing PowerCLI to feature parity with vRealize workflows.
Closes #94
Changes
1. PowerCLI Analyzer Module (
ops_translate/analyze/powercli.py)Regex-based PowerShell parsing (MVP approach):
Output contract matches vRealize analyzer:
{ "source_file": "script.ps1", "signals": {"vmware_cmdlets": 5, "nsx_cmdlets": 2, "rest_calls": 0}, "confidence": "high", "evidence": [...], "vmware_operations": {...}, "nsx_operations": {...}, "rest_api_calls": [...], "complexity_score": 15, "has_external_dependencies": True }2. CLI Integration (
ops_translate/cli.py)Updated analyze command:
.xmlfiles ininput/vrealize/AND.ps1files ininput/powercli/CLI Output:
3. VMware Cmdlet Classifier (
ops_translate/intent/classifiers/vmware_cmdlets.py)Handles PowerCLI analyzer output:
vmware_operationsdetections4. Updated Demo (
demo.sh)Now showcases both sources:
Testing
Tested with
simple-vm.ps1:Gap Analysis Output:
Impact
✅ PowerCLI scripts now get deterministic gap analysis
✅ SUPPORTED/PARTIAL/BLOCKED classifications work for PowerCLI
✅ HTML reports show PowerCLI analysis
✅ Decision Interview compatible
✅ True parity between vRealize and PowerCLI
Design Principle
PowerCLI now meets the same deterministic bar as vRealize workflows.