runbooks 0.2.3__py3-none-any.whl → 0.6.1__py3-none-any.whl

runbooks/cfat/runner.py

@@ -0,0 +1,69 @@
+"""
+Cloud Foundations Assessment Tool - Backward Compatibility Module.
+
+This module maintains backward compatibility for existing code
+while providing access to the enhanced assessment engine.
+
+For new implementations, consider using the enhanced assessment
+module directly:
+
+    from runbooks.cfat.assessment import CloudFoundationsAssessment
+
+This module will be deprecated in a future version.
+"""
+
+from typing import Optional
+
+from loguru import logger
+
+from runbooks.cfat.assessment.runner import CloudFoundationsAssessment
+from runbooks.config import RunbooksConfig
+
+
+class AssessmentRunner(CloudFoundationsAssessment):
+    """
+    Backward Compatibility Wrapper for Cloud Foundations Assessment.
+
+    This class provides backward compatibility for existing code that
+    uses the original AssessmentRunner class. All functionality is
+    delegated to the enhanced CloudFoundationsAssessment engine.
+
+    **Deprecation Notice**: This class is deprecated and will be removed
+    in a future version. Please migrate to using CloudFoundationsAssessment
+    directly:
+
+    ```python
+    # Old way (deprecated)
+    from runbooks.cfat.runner import AssessmentRunner
+    runner = AssessmentRunner()
+
+    # New way (recommended)
+    from runbooks.cfat.assessment import CloudFoundationsAssessment
+    assessment = CloudFoundationsAssessment()
+    ```
+
+    Args:
+        profile: AWS CLI profile for authentication
+        region: AWS region for assessment
+        config: RunbooksConfig instance for configuration
+    """
+
+    def __init__(
+        self, profile: Optional[str] = None, region: Optional[str] = None, config: Optional[RunbooksConfig] = None
+    ):
+        """
+        Initialize backward compatibility wrapper.
+
+        Args:
+            profile: AWS CLI profile to use
+            region: AWS region for assessment
+            config: Configuration object
+        """
+        # Log deprecation warning
+        logger.warning(
+            "AssessmentRunner is deprecated. Please use CloudFoundationsAssessment "
+            "from runbooks.cfat.assessment instead."
+        )
+
+        # Initialize the enhanced assessment engine
+        super().__init__(profile=profile, region=region, config=config)

runbooks/cfat/src/actions/check-cloudtrail-existence.ts

@@ -0,0 +1,43 @@
+import { CloudTrailClient, DescribeTrailsCommand } from '@aws-sdk/client-cloudtrail';
+import { CloudTrailInfo } from '../types';
+
+async function checkCloudTrailExists(regions: string[]): Promise<CloudTrailInfo[]> {
+  let cloudTrailValidation: CloudTrailInfo[] = []
+  for (const region of regions){
+    const cloudTrailClient = new CloudTrailClient({ region });
+    const cloudTrailDescribeCommand = new DescribeTrailsCommand({});
+
+    try {
+      const cloudTrailResponse = await cloudTrailClient.send(cloudTrailDescribeCommand);
+      if(cloudTrailResponse.trailList){
+          for (const trail of cloudTrailResponse.trailList) {
+            let trailInfo: CloudTrailInfo = {}
+            if(trail.HomeRegion == region){
+              //console.log(`trail found in ${region}`)
+              trailInfo = {
+                region: region,
+                trailFound: true,
+                isOrgTrail: trail.IsMultiRegionTrail,
+                isMultiRegion: trail.IsMultiRegionTrail
+              }
+            }
+            else{
+              trailInfo = {
+                region: region,
+                trailFound: false
+              }
+            }
+            cloudTrailValidation.push(trailInfo)
+          }
+      }
+    } catch (error) {
+      console.log(`Error checking instance: ${error}`);
+    }
+    finally {
+      cloudTrailClient.destroy();
+    }
+  }// end for regions
+  return cloudTrailValidation;
+};
+
+export default checkCloudTrailExists;

runbooks/cfat/src/actions/check-config-existence.ts

@@ -0,0 +1,37 @@
+import { ConfigServiceClient, DescribeConfigurationRecorderStatusCommand, DescribeDeliveryChannelsCommand } from '@aws-sdk/client-config-service';
+import { ConfigInfo } from '../types';
+
+async function checkConfigExists(regions: string[]): Promise<ConfigInfo[]> {
+  let configDetails:ConfigInfo[] = [];
+  for (const region of regions) {
+    const configServiceClient = new ConfigServiceClient({ region });
+    let configDetail: ConfigInfo = {
+      region: region,
+      configRecorderFound: false,
+      configDeliveryChannelFound: false
+    }
+    try {
+      // Check if Config recorder exists
+      const recorderResponse = await configServiceClient.send(new DescribeConfigurationRecorderStatusCommand({}));
+      const recorderExists = recorderResponse.ConfigurationRecordersStatus?.length !== 0;
+      if(recorderExists){
+        configDetail.configRecorderFound = true
+      }
+      // Check if Config delivery channel exists
+      const channelResponse = await configServiceClient.send(new DescribeDeliveryChannelsCommand({}));
+      const channelExists = channelResponse.DeliveryChannels?.length !== 0;
+      if(channelExists){
+        configDetail.configDeliveryChannelFound = true
+      }
+    configDetails.push(configDetail)
+    } catch (error) {
+      console.error(`Error checking AWS Config in ${region}:`, error);
+    }
+    finally {
+      configServiceClient.destroy();
+    }
+  }
+  return configDetails;
+}
+
+export default checkConfigExists

runbooks/cfat/src/actions/check-control-tower.ts

@@ -0,0 +1,37 @@
+import { ControlTowerClient, ListLandingZonesCommand, GetLandingZoneCommand } from "@aws-sdk/client-controltower";
+import { ControlTowerInfo } from '../types';
+
+async function getControlTower(region: string): Promise<ControlTowerInfo> {
+  let controlTowerInfo:ControlTowerInfo = {}
+  const controlTowerClient = new ControlTowerClient({ region });
+  try {
+    const command = new ListLandingZonesCommand({});
+    const response = await controlTowerClient.send(command);
+    if(response.landingZones && response.landingZones.length > 0){
+      const input = {
+        landingZoneIdentifier: response.landingZones[0].arn,
+      };
+      const lzRegion:string = response.landingZones[0].arn?.toString().split(':')[3] ?? ""
+      if(lzRegion){
+        controlTowerInfo.controlTowerRegion = lzRegion
+        const controlTowerClientRegion = new ControlTowerClient({ region: lzRegion });
+        const command = new GetLandingZoneCommand(input);
+        const lzResponse = await controlTowerClientRegion.send(command);
+        if(lzResponse.landingZone){
+          controlTowerInfo.status= lzResponse.landingZone.status
+          controlTowerInfo.latestAvailableVersion = lzResponse.landingZone.latestAvailableVersion
+          controlTowerInfo.deployedVersion = lzResponse.landingZone.version
+          controlTowerInfo.driftStatus = lzResponse.landingZone.driftStatus?.status
+        }
+      }
+    }
+  } catch (error) {
+    console.error(`Error checking Control Tower in ${region}:`, error);
+  }
+  finally {
+    controlTowerClient.destroy();
+  }
+  return controlTowerInfo
+}
+
+export default getControlTower

runbooks/cfat/src/actions/check-ec2-existence.ts

@@ -0,0 +1,46 @@
+import { EC2Client, DescribeInstancesCommand, DescribeInstancesCommandOutput } from "@aws-sdk/client-ec2";
+import { Ec2Check } from '../types';
+
+async function checkEc2Exists(regions: string[]): Promise<Ec2Check[]> {
+  let ec2Validation: Ec2Check[] = []
+  for (const region of regions){
+    const ec2Client = new EC2Client({ region });
+
+    const command = new DescribeInstancesCommand({});
+
+    try {
+      const response = await ec2Client.send(command);
+      if(response.Reservations){
+        if (response.Reservations.length > 0) {
+          //console.log(`WARNING: Instance(s) exists in region: ${region}`);
+          const ec2Found: Ec2Check = {
+            region: region,
+            ec2Found: true
+          }
+          ec2Validation.push(ec2Found)
+        }
+        else{
+          const ec2Found: Ec2Check = {
+            region: region,
+            ec2Found: false
+          }
+          ec2Validation.push(ec2Found)
+        }
+      } else {
+        const ec2Found: Ec2Check = {
+          region: region,
+          ec2Found: false
+        }
+        ec2Validation.push(ec2Found)
+      }
+    } catch (error) {
+      console.log(`Error checking instance: ${error}`);
+    }
+    finally {
+      ec2Client.destroy();
+    }
+  }// end for
+  return ec2Validation;
+};
+
+export default checkEc2Exists;

runbooks/cfat/src/actions/check-iam-users.ts

@@ -0,0 +1,50 @@
+import { IamUserInfo } from '../types';
+import { IAMClient, ListUsersCommand, ListAccessKeysCommand, GetAccessKeyLastUsedCommand } from "@aws-sdk/client-iam";
+
+// function list all IAM users and if they have keys in the management account
+const checkIamUsers = async (): Promise<IamUserInfo[]> => {
+  // Set to us-east-1 as IAM is global and region isn't a concern
+  const iamClient = new IAMClient({ region: 'us-east-1' });
+  const iamUserInfo: IamUserInfo[] = [];
+  try {
+    const listUsersCommand = new ListUsersCommand({});
+    const listUsersResponse = await iamClient.send(listUsersCommand);
+    for (const user of listUsersResponse.Users || []) {
+      const userName = user.UserName || "";
+      const listAccessKeysCommand = new ListAccessKeysCommand({
+        UserName: userName,
+      });
+      const listAccessKeysResponse = await iamClient.send(listAccessKeysCommand);
+      const accessKeys = listAccessKeysResponse.AccessKeyMetadata || [];
+      if (accessKeys.length > 0) {
+        for (const accessKey of accessKeys) {
+          const accessKeyId = accessKey.AccessKeyId || "";
+          const getLastUsedCommand = new GetAccessKeyLastUsedCommand({
+            AccessKeyId: accessKeyId,
+          });
+          const lastUsedResponse = await iamClient.send(getLastUsedCommand);
+          const foundUserInfo: IamUserInfo = {
+            userName,
+            accessKeyId,
+            lastUsed: lastUsedResponse && lastUsedResponse.AccessKeyLastUsed
+              ? `${lastUsedResponse.AccessKeyLastUsed.LastUsedDate}` || "Not available"
+              : "Not available",
+          };
+          iamUserInfo.push(foundUserInfo);
+        }
+      } else {
+        const foundUserInfo: IamUserInfo = {
+          userName
+        };
+        iamUserInfo.push(foundUserInfo);
+      }
+    }
+  } catch (error) {
+    console.error("Error:", error);
+  } finally {
+    iamClient.destroy();
+  }
+  return iamUserInfo;
+};
+
+export default checkIamUsers;

runbooks/cfat/src/actions/check-legacy-cur.ts

@@ -0,0 +1,30 @@
+import { CostAndUsageReportServiceClient, DescribeReportDefinitionsCommand } from "@aws-sdk/client-cost-and-usage-report-service";
+import { LegacyCurInfo } from '../types';
+
+const checkLegacyCur = async (region: string): Promise<LegacyCurInfo> => {
+	// Set up AWS SDK client for Cost Explorer
+	const curClient = new CostAndUsageReportServiceClient({ region });
+	let isLegacyCurSetup = false;
+
+	try {
+		// Check if Cost Explorer is set up
+		const input = {};
+		const command = new DescribeReportDefinitionsCommand(input);
+		const response = await curClient.send(command);
+		if (response.ReportDefinitions && response.ReportDefinitions.length > 0) {
+			isLegacyCurSetup = true;
+		}
+
+		return { isLegacyCurSetup };
+	} catch (error) {
+		// Check if the error is related to Cost Explorer setup
+		console.error(`Error: ${error}`);
+		isLegacyCurSetup = false;
+		return { isLegacyCurSetup };
+	} finally {
+		// Close the AWS SDK client
+		curClient.destroy();
+	}
+};
+
+export default checkLegacyCur;

runbooks/cfat/src/actions/check-org-cloudformation.ts

@@ -0,0 +1,30 @@
+import { CloudFormationClient,
+  DescribeOrganizationsAccessCommand,
+  DescribeOrganizationsAccessInput,
+} from "@aws-sdk/client-cloudformation";
+
+import {OrgCloudFormationStatus} from '../types'
+
+async function getOrgCloudFormation(region: string): Promise<OrgCloudFormationStatus> {
+  let orgCfnStatus: OrgCloudFormationStatus = {
+    status: "disabled"
+  }
+  const cloudFormationClient = new CloudFormationClient({region});
+  try {
+    const describeOrgAccessInput: DescribeOrganizationsAccessInput = {};
+    const command = new DescribeOrganizationsAccessCommand(describeOrgAccessInput);
+    const cloudFormationOrgAccess = await cloudFormationClient.send(command);
+    //console.log("CloudFormation activation status: ", cloudFormationOrgAccess.Status)
+    orgCfnStatus.status = cloudFormationOrgAccess.Status ?? "disabled"
+  }
+  catch (error) {
+    console.log(`Error: ${error}`);
+    //throw new Error(`Error: ${error}`);
+  }
+  finally {
+    cloudFormationClient.destroy()
+    return orgCfnStatus
+  }
+};
+
+export default getOrgCloudFormation;

runbooks/cfat/src/actions/check-vpc-existence.ts

@@ -0,0 +1,43 @@
+import { EC2Client, DescribeVpcsCommand} from "@aws-sdk/client-ec2";
+import { VpcCheck } from '../types';
+
+async function checkVpcExists(regions: string[]): Promise<VpcCheck[]> {
+  let vpcValidation: VpcCheck[] = []
+  for (const region of regions){
+    const ec2Client = new EC2Client({ region });
+    const command = new DescribeVpcsCommand({});
+    try {
+      const response = await ec2Client.send(command);
+      if(response.Vpcs){
+        if (response.Vpcs.length > 0) {
+          const vpcFound: VpcCheck = {
+            region: region,
+            vpcFound: true
+          }
+          vpcValidation.push(vpcFound)
+        }
+        else{
+          const vpcFound: VpcCheck = {
+            region: region,
+            vpcFound: false
+          }
+          vpcValidation.push(vpcFound)
+        }
+      } else {
+        const vpcFound: VpcCheck = {
+          region: region,
+          vpcFound: false
+        }
+        vpcValidation.push(vpcFound)
+      }
+    } catch (error) {
+      console.log(`Error: ${error}`);
+    }
+    finally {
+      ec2Client.destroy();
+    }
+  }// end for
+  return vpcValidation;
+};
+
+export default checkVpcExists;

runbooks/cfat/src/actions/create-asanaimport.ts

@@ -0,0 +1,14 @@
+
+import { Task } from '../types';
+import * as fs from 'fs';
+
+async function createAsanaImport(tasks: Task[]): Promise<void> {
+  let csv:string = '"Task", "Description", "Status"  \r\n'
+  for(const task of tasks){
+    csv += `"cfat - ${task.title}", "${task.detail} - Remediation Link: ${task.remediationLink}", "Not Started" \r\n`
+  }
+  fs.writeFileSync('./asana-import.csv', csv);
+  return
+}
+
+export default createAsanaImport;