Release v1.9.0 #113
sureshcsdp
announced in
Announcements
Release v1.9.0
#113
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
What's Changed
Azure Multi-Subscription Scanning — Implementation Highlights
What's new
CleanCloud now scans all Azure subscriptions in parallel with a single service principal. Findings are aggregated into one report with a per-subscription cost breakdown — same experience as AWS multi-account, but simpler architecture.
Architecture
No hub-and-spoke. One service principal with Reader at Management Group level inherits access to all subscriptions underneath. Same credential, different subscription_id per scan.
3 discovery modes:
All accessible (default, no flag)
--management-group — auto-discover via Management Group
--subscription (repeatable) — explicit list
Core changes
session.py — list_subscriptions() returns [{id, name}] dicts; added list_subscriptions_in_management_group() via ManagementGroupsAPI
scan.py — new SubscriptionScanResult dataclass; parallel scan across all subscriptions; per-subscription error isolation; findings tagged with account_id/account_name
command.py — --management-group flag; per_subscription breakdown in JSON output
summary.py — per-subscription breakdown in human output
pyproject.toml — azure-mgmt-managementgroups>=1.0.0
Reliability improvements (also in this PR)
Retry logic — 429/500/503 retried up to 3 times with exponential backoff; respects Retry-After header; capped at 60s
Dedup bug fix — skipped rules now carry subscription_id/subscription_name context; no longer silently dropped across subscriptions
Output cleanup — removed nested progress bars (flickered in CI); failure messages truncated to rule name + error type
Deterministic ordering — results sorted by subscription_name
Rule timeout — future.result(timeout=120) prevents hung Azure API calls blocking CI
Defensive guard — result if result is not None else [] protects engine from buggy rules returning None
Inner pool reduced — max_workers=2 per subscription (down from 4), max 8 concurrent API streams
scan-action
Added subscription and management-group inputs to cleancloud-io/scan-action.
Tests
9 new tests covering retry logic: transient retries, exhaustion, Retry-After header, exponential backoff, 60s cap, non-retryable errors (403, 404).
Full Changelog: v1.8.0...v1.9.0
This discussion was created from the release Release v1.9.0.
Beta Was this translation helpful? Give feedback.
All reactions