Add resource activity report script for bulk CSV export#980
Draft
rajlearner17 wants to merge 8 commits into
Draft
Add resource activity report script for bulk CSV export#980rajlearner17 wants to merge 8 commits into
rajlearner17 wants to merge 8 commits into
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Python script to export resource create/delete/update activity from Guardrails workspaces via GraphQL API. Supports multiple workspaces, configurable resource types, and auto-detection of the Turbot automation identity. Designed for cases where the console Resource Activities report times out on large notification datasets.
rajlearner17
force-pushed
the
feature/snapshot-activity-report
branch
from
b8a31fc to
3e3545d
Compare
Large workspaces with millions of notifications can take over 180s on the first query. Bumps timeout to 300s and retries up to 3 times with progressive backoff (15s, 30s, 45s).
…aries Add fetch_resource_deletions.py that uses `turbot graphql` CLI for reliable paginated fetches of resource deletion notifications. Defaults to all resource types when a time boundary is set, supports --date for midnight-to-midnight UTC boundaries (no overlap between days), resource type aliases, and a safety guard against unbounded queries. Includes reference GraphQL queries captured from the Guardrails console and updated README with comprehensive examples. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace Koch workspace names, URLs, actor identity IDs, real resource IDs, and paging cursors with generic placeholders throughout the script, README, and GraphQL reference files. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…tivity page
Remove graphql-diff/ directory containing console query samples with
workspace-specific variables. Fix Detail URL in CSV output to link to
the resource activity page (/apollo/resources/{id}/activity) instead
of the notification page.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ials Auto-detect Turbot Identity ID via GraphQL query when --auto-detect-actor is passed. Auto-read workspace URL from credentials.yml so --workspace-url is no longer needed. Updated README case study and examples to use the simplified workflow. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…README Separate workspace URL extraction from auth token construction in resource_activity_report.py to prevent CodeQL from tracing secrets through to print statements. Delete secret variables after use. Add resource type URI lookup command to README aliases section. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…rrors Auto-detect now uses exit_on_error=False so transient CLI failures don't kill the script — it falls back to fetching by all actors. Error messages now include stdout when stderr is empty for better debugging. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
--profileis repeatable), configurable resource types (--resource-type), and configurable time ranges (--days)actorIdentityId + timestampcombined filter by fetching all resource CRUD and filtering dates client-side)Use case
Customers with large workspaces (millions of notifications) cannot use the console's "Export to CSV" on the Resource Activities report — it times out. This script provides a reliable alternative that completes in under a minute.
Files
guardrails_utilities/python_utils/notifications/get-resource-activity-report/resource_activity_report.py— Main scriptguardrails_utilities/python_utils/notifications/get-resource-activity-report/README.md— Full documentation with usage examplesguardrails_utilities/python_utils/notifications/get-resource-activity-report/requirements.txt— Dependencies (requests, PyYAML)Test plan
--profileflag works--resource-typefor non-snapshot resources (S3 buckets, EC2 instances)🤖 Generated with Claude Code