# TFSumPy - Terraform Plan Analyzer
TFSumPy is a Python-based tool that analyzes Terraform plan files to provide a clear summary of infrastructure changes and identify potential risks. It helps DevOps teams review infrastructure changes more effectively by:
- Summarizing resource changes (create, update, delete)
- Identifying high and medium risk changes
- Automatically redacting sensitive information
- Providing detailed resource-level reporting
## Features
- 🔍 Analyzes Terraform plan JSON output
- ⚠️ Identifies high-risk changes (deletions of critical resources, security group modifications)
- 🔒 Automatically redacts sensitive information (credentials, IPs, resource names)
- 📊 Provides clear summary statistics
- 🛡️ Supports both pre and post Terraform 0.12 plan formats
## Installation
Currently, TFSumPy can only be installed from source:
```bash
git clone https://github.com/notry-cloud/tfsumpy.git
cd tfsumpy
pip install .
```
## Usage
First, generate a Terraform plan JSON file:
```bash
terraform plan -out=tfplan
terraform show -json tfplan > plan.json
```
Then analyze the plan using TFSumPy:
```bash
# Using default rules
tfsumpy plan.json
# Using custom rules configuration
tfsumpy plan.json --config rules_config.json
```
### Custom Rules Configuration
You can customize the analysis rules by creating a JSON configuration file. Here's an example structure:
```json
{
"sensitive_patterns": [
{
"pattern": "\\bAKIA[0-9A-Z]{16}\\b",
"replacement": "[AWS-KEY-REDACTED]"
},
{
"pattern": "\\b(password|secret|token)\\b[\"']?:?[\\s\"']+[^\\s\"']+",
"replacement": "[SECRET-REDACTED]"
}
],
"risk_rules": {
"high": [
{
"pattern": "\\bdelete\\b.*\\b(database|storage)\\b",
"message": "High risk: Critical storage resource deletion detected"
}
],
"medium": [
{
"pattern": "\\bcreate\\b.*\\b(bucket|storage)\\b.*public:\\s*true",
"message": "Medium risk: Public storage resource being created"
}
]
}
}
```
The configuration file allows you to define:
- `sensitive_patterns`: Regular expressions to identify and redact sensitive information
- `risk_rules`: Patterns to identify high and medium risk changes
Infrastructure Change Analysis
==============================
Total Changes: 5
Create: 2
Update: 2
Delete: 1
Risk Assessment:
High Risks:
- High risk: Security-related configuration change
Medium Risks:
- Medium risk: Version change could cause compatibility issues
Resource Details:
- CREATE aws_s3_bucket: project-storage-[REDACTED]
- UPDATE aws_security_group: app-sg-[REDACTED]
- UPDATE aws_ecs_service: api-service
- DELETE aws_iam_role: legacy-role
- CREATE aws_lambda_function: processor-function
## Requirements
- Python 3.7 or higher
- Terraform 0.12 or higher (for plan generation)
## Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
## License
This project is licensed under the MIT License - see the LICENSE file for details.
Raw data
{
"_id": null,
"home_page": "https://github.com/notry-cloud/tfsumpy",
"name": "tfsumpy",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.10",
"maintainer_email": null,
"keywords": "terraform, infrastructure, cloud, DevOps",
"author": "Notry",
"author_email": "support@notry.cloud",
"download_url": "https://files.pythonhosted.org/packages/bb/a0/92e298446ed13b0f89432dea4e2610bc5863314e8ad6d30da46a4eb2c8e6/tfsumpy-0.0.2.tar.gz",
"platform": null,
"description": "# TFSumPy - Terraform Plan Analyzer\n\nTFSumPy is a Python-based tool that analyzes Terraform plan files to provide a clear summary of infrastructure changes and identify potential risks. It helps DevOps teams review infrastructure changes more effectively by:\n\n- Summarizing resource changes (create, update, delete)\n- Identifying high and medium risk changes\n- Automatically redacting sensitive information\n- Providing detailed resource-level reporting\n\n## Features\n\n- \ud83d\udd0d Analyzes Terraform plan JSON output\n- \u26a0\ufe0f Identifies high-risk changes (deletions of critical resources, security group modifications)\n- \ud83d\udd12 Automatically redacts sensitive information (credentials, IPs, resource names)\n- \ud83d\udcca Provides clear summary statistics\n- \ud83d\udee1\ufe0f Supports both pre and post Terraform 0.12 plan formats\n\n## Installation\n\nCurrently, TFSumPy can only be installed from source:\n\n```bash\ngit clone https://github.com/notry-cloud/tfsumpy.git\ncd tfsumpy\npip install .\n```\n\n## Usage\n\nFirst, generate a Terraform plan JSON file:\n\n```bash\nterraform plan -out=tfplan\nterraform show -json tfplan > plan.json\n```\n\nThen analyze the plan using TFSumPy:\n\n```bash\n# Using default rules\ntfsumpy plan.json\n\n# Using custom rules configuration\ntfsumpy plan.json --config rules_config.json\n```\n\n### Custom Rules Configuration\n\nYou can customize the analysis rules by creating a JSON configuration file. Here's an example structure:\n\n```json\n{\n \"sensitive_patterns\": [\n {\n \"pattern\": \"\\\\bAKIA[0-9A-Z]{16}\\\\b\",\n \"replacement\": \"[AWS-KEY-REDACTED]\"\n },\n {\n \"pattern\": \"\\\\b(password|secret|token)\\\\b[\\\"']?:?[\\\\s\\\"']+[^\\\\s\\\"']+\",\n \"replacement\": \"[SECRET-REDACTED]\"\n }\n ],\n \"risk_rules\": {\n \"high\": [\n {\n \"pattern\": \"\\\\bdelete\\\\b.*\\\\b(database|storage)\\\\b\",\n \"message\": \"High risk: Critical storage resource deletion detected\"\n }\n ],\n \"medium\": [\n {\n \"pattern\": \"\\\\bcreate\\\\b.*\\\\b(bucket|storage)\\\\b.*public:\\\\s*true\",\n \"message\": \"Medium risk: Public storage resource being created\"\n }\n ]\n }\n}\n```\n\nThe configuration file allows you to define:\n- `sensitive_patterns`: Regular expressions to identify and redact sensitive information\n- `risk_rules`: Patterns to identify high and medium risk changes\n\nInfrastructure Change Analysis\n==============================\nTotal Changes: 5\nCreate: 2\nUpdate: 2\nDelete: 1\n\nRisk Assessment:\n\nHigh Risks:\n- High risk: Security-related configuration change\nMedium Risks:\n - Medium risk: Version change could cause compatibility issues\nResource Details:\n- CREATE aws_s3_bucket: project-storage-[REDACTED]\n- UPDATE aws_security_group: app-sg-[REDACTED]\n- UPDATE aws_ecs_service: api-service\n- DELETE aws_iam_role: legacy-role\n- CREATE aws_lambda_function: processor-function\n\n## Requirements\n\n- Python 3.7 or higher\n- Terraform 0.12 or higher (for plan generation)\n\n## Contributing\n\nContributions are welcome! Please feel free to submit a Pull Request.\n\n## License\n\nThis project is licensed under the MIT License - see the LICENSE file for details.\n",
"bugtrack_url": null,
"license": null,
"summary": "A Python tool for Terraform state summary and analysis",
"version": "0.0.2",
"project_urls": {
"Bug Tracker": "https://github.com/notry-cloud/tfsumpy/issues",
"GitHub": "https://github.com/notry-cloud/tfsumpy",
"Homepage": "https://github.com/notry-cloud/tfsumpy",
"Source Code": "https://github.com/notry-cloud/tfsumpy"
},
"split_keywords": [
"terraform",
" infrastructure",
" cloud",
" devops"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "893c867a3868478388b16892b39489c08716f84bbc67712309239fbe73449c13",
"md5": "6bff028f5581c981e386343e4535477e",
"sha256": "c5196c2c5c69602b4e6c056eb2e2ae1136ae44bcfdc95746808e6199ab78ad0a"
},
"downloads": -1,
"filename": "tfsumpy-0.0.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "6bff028f5581c981e386343e4535477e",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.10",
"size": 8080,
"upload_time": "2025-01-30T13:18:41",
"upload_time_iso_8601": "2025-01-30T13:18:41.423085Z",
"url": "https://files.pythonhosted.org/packages/89/3c/867a3868478388b16892b39489c08716f84bbc67712309239fbe73449c13/tfsumpy-0.0.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "bba092e298446ed13b0f89432dea4e2610bc5863314e8ad6d30da46a4eb2c8e6",
"md5": "def2f5991159723416901014c909ff01",
"sha256": "5bc23890e0a5e0f04bac649fc9bc33b328b682babb747c1b12ff2928f405303f"
},
"downloads": -1,
"filename": "tfsumpy-0.0.2.tar.gz",
"has_sig": false,
"md5_digest": "def2f5991159723416901014c909ff01",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.10",
"size": 7916,
"upload_time": "2025-01-30T13:18:44",
"upload_time_iso_8601": "2025-01-30T13:18:44.536246Z",
"url": "https://files.pythonhosted.org/packages/bb/a0/92e298446ed13b0f89432dea4e2610bc5863314e8ad6d30da46a4eb2c8e6/tfsumpy-0.0.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-01-30 13:18:44",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "notry-cloud",
"github_project": "tfsumpy",
"github_not_found": true,
"lcname": "tfsumpy"
}
JSON
