PyPI - runbooks - Versions diffs - 0.7.9__py3-none-any.whl → 0.9.1__py3-none-any.whl - Mend

runbooks 0.7.9py3-none-any.whl → 0.9.1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (122) hide show

runbooks/__init__.py +1 -1
runbooks/cfat/README.md +12 -1
runbooks/cfat/__init__.py +1 -1
runbooks/cfat/assessment/compliance.py +4 -1
runbooks/cfat/assessment/runner.py +42 -34
runbooks/cfat/models.py +1 -1
runbooks/cloudops/__init__.py +123 -0
runbooks/cloudops/base.py +385 -0
runbooks/cloudops/cost_optimizer.py +811 -0
runbooks/cloudops/infrastructure_optimizer.py +29 -0
runbooks/cloudops/interfaces.py +828 -0
runbooks/cloudops/lifecycle_manager.py +29 -0
runbooks/cloudops/mcp_cost_validation.py +678 -0
runbooks/cloudops/models.py +251 -0
runbooks/cloudops/monitoring_automation.py +29 -0
runbooks/cloudops/notebook_framework.py +676 -0
runbooks/cloudops/security_enforcer.py +449 -0
runbooks/common/__init__.py +152 -0
runbooks/common/accuracy_validator.py +1039 -0
runbooks/common/context_logger.py +440 -0
runbooks/common/cross_module_integration.py +594 -0
runbooks/common/enhanced_exception_handler.py +1108 -0
runbooks/common/enterprise_audit_integration.py +634 -0
runbooks/common/mcp_cost_explorer_integration.py +900 -0
runbooks/common/mcp_integration.py +548 -0
runbooks/common/performance_monitor.py +387 -0
runbooks/common/profile_utils.py +216 -0
runbooks/common/rich_utils.py +172 -1
runbooks/feedback/user_feedback_collector.py +440 -0
runbooks/finops/README.md +377 -458
runbooks/finops/__init__.py +4 -21
runbooks/finops/account_resolver.py +279 -0
runbooks/finops/accuracy_cross_validator.py +638 -0
runbooks/finops/aws_client.py +721 -36
runbooks/finops/budget_integration.py +313 -0
runbooks/finops/cli.py +59 -5
runbooks/finops/cost_optimizer.py +1340 -0
runbooks/finops/cost_processor.py +211 -37
runbooks/finops/dashboard_router.py +900 -0
runbooks/finops/dashboard_runner.py +990 -232
runbooks/finops/embedded_mcp_validator.py +288 -0
runbooks/finops/enhanced_dashboard_runner.py +8 -7
runbooks/finops/enhanced_progress.py +327 -0
runbooks/finops/enhanced_trend_visualization.py +423 -0
runbooks/finops/finops_dashboard.py +184 -1829
runbooks/finops/helpers.py +509 -196
runbooks/finops/iam_guidance.py +400 -0
runbooks/finops/markdown_exporter.py +466 -0
runbooks/finops/multi_dashboard.py +1502 -0
runbooks/finops/optimizer.py +15 -15
runbooks/finops/profile_processor.py +2 -2
runbooks/finops/runbooks.inventory.organizations_discovery.log +0 -0
runbooks/finops/runbooks.security.report_generator.log +0 -0
runbooks/finops/runbooks.security.run_script.log +0 -0
runbooks/finops/runbooks.security.security_export.log +0 -0
runbooks/finops/schemas.py +589 -0
runbooks/finops/service_mapping.py +195 -0
runbooks/finops/single_dashboard.py +710 -0
runbooks/finops/tests/test_reference_images_validation.py +1 -1
runbooks/inventory/README.md +12 -1
runbooks/inventory/core/collector.py +157 -29
runbooks/inventory/list_ec2_instances.py +9 -6
runbooks/inventory/list_ssm_parameters.py +10 -10
runbooks/inventory/organizations_discovery.py +210 -164
runbooks/inventory/rich_inventory_display.py +74 -107
runbooks/inventory/run_on_multi_accounts.py +13 -13
runbooks/inventory/runbooks.inventory.organizations_discovery.log +0 -0
runbooks/inventory/runbooks.security.security_export.log +0 -0
runbooks/main.py +1371 -240
runbooks/metrics/dora_metrics_engine.py +711 -17
runbooks/monitoring/performance_monitor.py +433 -0
runbooks/operate/README.md +394 -0
runbooks/operate/base.py +215 -47
runbooks/operate/ec2_operations.py +435 -5
runbooks/operate/iam_operations.py +598 -3
runbooks/operate/privatelink_operations.py +1 -1
runbooks/operate/rds_operations.py +508 -0
runbooks/operate/s3_operations.py +508 -0
runbooks/operate/vpc_endpoints.py +1 -1
runbooks/remediation/README.md +489 -13
runbooks/remediation/base.py +5 -3
runbooks/remediation/commons.py +8 -4
runbooks/security/ENTERPRISE_SECURITY_FRAMEWORK.md +506 -0
runbooks/security/README.md +12 -1
runbooks/security/__init__.py +265 -33
runbooks/security/cloudops_automation_security_validator.py +1164 -0
runbooks/security/compliance_automation.py +12 -10
runbooks/security/compliance_automation_engine.py +1021 -0
runbooks/security/enterprise_security_framework.py +930 -0
runbooks/security/enterprise_security_policies.json +293 -0
runbooks/security/executive_security_dashboard.py +1247 -0
runbooks/security/integration_test_enterprise_security.py +879 -0
runbooks/security/module_security_integrator.py +641 -0
runbooks/security/multi_account_security_controls.py +2254 -0
runbooks/security/real_time_security_monitor.py +1196 -0
runbooks/security/report_generator.py +1 -1
runbooks/security/run_script.py +4 -8
runbooks/security/security_baseline_tester.py +39 -52
runbooks/security/security_export.py +99 -120
runbooks/sre/README.md +472 -0
runbooks/sre/__init__.py +33 -0
runbooks/sre/mcp_reliability_engine.py +1049 -0
runbooks/sre/performance_optimization_engine.py +1032 -0
runbooks/sre/production_monitoring_framework.py +584 -0
runbooks/sre/reliability_monitoring_framework.py +1011 -0
runbooks/validation/__init__.py +2 -2
runbooks/validation/benchmark.py +154 -149
runbooks/validation/cli.py +159 -147
runbooks/validation/mcp_validator.py +291 -248
runbooks/vpc/README.md +478 -0
runbooks/vpc/__init__.py +2 -2
runbooks/vpc/manager_interface.py +366 -351
runbooks/vpc/networking_wrapper.py +68 -36
runbooks/vpc/rich_formatters.py +22 -8
runbooks-0.9.1.dist-info/METADATA +308 -0
{runbooks-0.7.9.dist-info → runbooks-0.9.1.dist-info}/RECORD +120 -59
{runbooks-0.7.9.dist-info → runbooks-0.9.1.dist-info}/entry_points.txt +1 -1
runbooks/finops/cross_validation.py +0 -375
runbooks-0.7.9.dist-info/METADATA +0 -636
{runbooks-0.7.9.dist-info → runbooks-0.9.1.dist-info}/WHEEL +0 -0
{runbooks-0.7.9.dist-info → runbooks-0.9.1.dist-info}/licenses/LICENSE +0 -0
{runbooks-0.7.9.dist-info → runbooks-0.9.1.dist-info}/top_level.txt +0 -0

runbooks/security/integration_test_enterprise_security.py ADDED Viewed

@@ -0,0 +1,879 @@
+"""
+Enterprise Security Framework Integration Test Suite
+=================================================
+Comprehensive integration tests validating the enterprise security framework
+across all CloudOps modules with real AWS integration and compliance validation.
+Author: DevOps Security Engineer (Claude Code Enterprise Team)
+Framework: Enterprise security integration testing with proven patterns
+Status: Production-ready integration test suite
+"""
+import asyncio
+import json
+import logging
+import os
+import tempfile
+import time
+from datetime import datetime
+from pathlib import Path
+from typing import Any, Dict, List, Optional
+from unittest.mock import Mock, patch
+import boto3
+import pytest
+from botocore.exceptions import ClientError
+from runbooks.common.rich_utils import (
+    console,
+    create_panel,
+    print_error,
+    print_info,
+    print_success,
+    print_warning,
+)
+from runbooks.security import (
+    ComplianceAutomationEngine,
+    ComplianceFramework,
+    ComplianceStatus,
+    EnterpriseSecurityFramework,
+    ModuleSecurityIntegrator,
+    SecuritySeverity,
+)
+class EnterpriseSecurityIntegrationTest:
+    """
+    Enterprise Security Framework Integration Test Suite
+    ==================================================
+    Validates comprehensive security framework functionality:
+    - Enterprise security framework initialization and validation
+    - Multi-framework compliance automation and reporting
+    - Cross-module security integration and validation
+    - Safety gates and approval workflows
+    - Audit trail generation and evidence collection
+    """
+    def __init__(self, profile: str = "default", test_accounts: Optional[List[str]] = None):
+        self.profile = profile
+        self.test_accounts = test_accounts or ["123456789012"]  # Mock account for testing
+        self.test_output_dir = Path(tempfile.mkdtemp(prefix="enterprise_security_test_"))
+        print_info(f"Initializing Enterprise Security Integration Test Suite")
+        print_info(f"Test output directory: {self.test_output_dir}")
+    async def run_comprehensive_integration_tests(self) -> Dict[str, Any]:
+        """Execute comprehensive enterprise security integration tests."""
+        console.print(
+            create_panel(
+                "[bold cyan]Enterprise Security Framework Integration Test Suite[/bold cyan]\n\n"
+                "[dim]Validating enterprise security across all CloudOps modules[/dim]",
+                title="🛡️ Starting Integration Tests",
+                border_style="cyan",
+            )
+        )
+        test_results = {
+            "test_suite": "enterprise_security_integration",
+            "start_time": datetime.utcnow().isoformat(),
+            "tests": {},
+            "overall_status": "running",
+        }
+        try:
+            # Test 1: Enterprise Security Framework Initialization
+            print_info("Test 1: Enterprise Security Framework Initialization")
+            test_results["tests"]["framework_initialization"] = await self._test_framework_initialization()
+            # Test 2: Multi-Framework Compliance Assessment
+            print_info("Test 2: Multi-Framework Compliance Assessment")
+            test_results["tests"]["compliance_assessment"] = await self._test_compliance_assessment()
+            # Test 3: Cross-Module Security Integration
+            print_info("Test 3: Cross-Module Security Integration")
+            test_results["tests"]["module_integration"] = await self._test_module_integration()
+            # Test 4: Enterprise Safety Gates Validation
+            print_info("Test 4: Enterprise Safety Gates Validation")
+            test_results["tests"]["safety_gates"] = await self._test_safety_gates()
+            # Test 5: Security Remediation Engine
+            print_info("Test 5: Security Remediation Engine")
+            test_results["tests"]["remediation_engine"] = await self._test_remediation_engine()
+            # Test 6: Audit Trail and Evidence Collection
+            print_info("Test 6: Audit Trail and Evidence Collection")
+            test_results["tests"]["audit_trail"] = await self._test_audit_trail()
+            # Test 7: Performance and Scalability
+            print_info("Test 7: Performance and Scalability")
+            test_results["tests"]["performance"] = await self._test_performance()
+            # Calculate overall test results
+            test_results["overall_status"] = self._calculate_overall_status(test_results["tests"])
+            test_results["end_time"] = datetime.utcnow().isoformat()
+            # Display test summary
+            self._display_test_summary(test_results)
+            return test_results
+        except Exception as e:
+            print_error(f"Integration test suite failed: {str(e)}", exception=e)
+            test_results["overall_status"] = "failed"
+            test_results["error"] = str(e)
+            test_results["end_time"] = datetime.utcnow().isoformat()
+            return test_results
+        finally:
+            # Cleanup test artifacts
+            await self._cleanup_test_artifacts()
+    async def _test_framework_initialization(self) -> Dict[str, Any]:
+        """Test enterprise security framework initialization."""
+        test_result = {"test_name": "framework_initialization", "status": "running", "subtests": {}}
+        try:
+            # Test 1.1: Initialize Enterprise Security Framework
+            print_info("  1.1: Initialize Enterprise Security Framework")
+            security_framework = EnterpriseSecurityFramework(
+                profile=self.profile, output_dir=str(self.test_output_dir / "security")
+            )
+            test_result["subtests"]["framework_init"] = {
+                "status": "success",
+                "message": "Enterprise Security Framework initialized successfully",
+            }
+            # Test 1.2: Validate Security Policies Loading
+            print_info("  1.2: Validate Security Policies Loading")
+            security_policies = security_framework.security_policies
+            required_policies = ["encryption_requirements", "access_control", "audit_requirements"]
+            missing_policies = [policy for policy in required_policies if policy not in security_policies]
+            if not missing_policies:
+                test_result["subtests"]["policies_loading"] = {
+                    "status": "success",
+                    "message": f"All {len(required_policies)} security policies loaded successfully",
+                }
+            else:
+                test_result["subtests"]["policies_loading"] = {
+                    "status": "failed",
+                    "message": f"Missing security policies: {missing_policies}",
+                }
+            # Test 1.3: Validate Framework Components
+            print_info("  1.3: Validate Framework Components")
+            components = {
+                "encryption_manager": security_framework.encryption_manager,
+                "access_controller": security_framework.access_controller,
+                "audit_logger": security_framework.audit_logger,
+                "remediation_engine": security_framework.remediation_engine,
+                "safety_gates": security_framework.safety_gates,
+            }
+            initialized_components = [name for name, component in components.items() if component is not None]
+            if len(initialized_components) == len(components):
+                test_result["subtests"]["components_validation"] = {
+                    "status": "success",
+                    "message": f"All {len(components)} framework components initialized",
+                }
+            else:
+                test_result["subtests"]["components_validation"] = {
+                    "status": "failed",
+                    "message": f"Component initialization failed: {len(components) - len(initialized_components)} missing",
+                }
+            test_result["status"] = (
+                "success"
+                if all(subtest["status"] == "success" for subtest in test_result["subtests"].values())
+                else "failed"
+            )
+            return test_result
+        except Exception as e:
+            test_result["status"] = "failed"
+            test_result["error"] = str(e)
+            return test_result
+    async def _test_compliance_assessment(self) -> Dict[str, Any]:
+        """Test multi-framework compliance assessment."""
+        test_result = {"test_name": "compliance_assessment", "status": "running", "subtests": {}}
+        try:
+            # Test 2.1: Initialize Compliance Automation Engine
+            print_info("  2.1: Initialize Compliance Automation Engine")
+            compliance_engine = ComplianceAutomationEngine(
+                profile=self.profile, output_dir=str(self.test_output_dir / "compliance")
+            )
+            test_result["subtests"]["engine_init"] = {
+                "status": "success",
+                "message": "Compliance Automation Engine initialized successfully",
+            }
+            # Test 2.2: Validate Framework Support
+            print_info("  2.2: Validate Framework Support")
+            supported_frameworks = list(compliance_engine.framework_assessors.keys())
+            expected_frameworks = [
+                ComplianceFramework.AWS_WELL_ARCHITECTED,
+                ComplianceFramework.SOC2_TYPE_II,
+                ComplianceFramework.NIST_CYBERSECURITY,
+                ComplianceFramework.PCI_DSS,
+                ComplianceFramework.HIPAA,
+                ComplianceFramework.ISO27001,
+                ComplianceFramework.CIS_BENCHMARKS,
+            ]
+            framework_coverage = len([f for f in expected_frameworks if f in supported_frameworks])
+            if framework_coverage >= len(expected_frameworks):
+                test_result["subtests"]["framework_support"] = {
+                    "status": "success",
+                    "message": f"All {framework_coverage} compliance frameworks supported",
+                }
+            else:
+                test_result["subtests"]["framework_support"] = {
+                    "status": "partial",
+                    "message": f"{framework_coverage}/{len(expected_frameworks)} frameworks supported",
+                }
+            # Test 2.3: Execute Mock Compliance Assessment
+            print_info("  2.3: Execute Mock Compliance Assessment")
+            # Mock the AWS API calls for testing
+            with patch.object(compliance_engine, "_discover_target_accounts") as mock_discover:
+                mock_discover.return_value = self.test_accounts
+                # Execute assessment for subset of frameworks
+                test_frameworks = [ComplianceFramework.AWS_WELL_ARCHITECTED, ComplianceFramework.SOC2_TYPE_II]
+                # Mock the framework assessment to avoid real AWS calls
+                with patch.object(compliance_engine, "_assess_framework_compliance") as mock_assess:
+                    mock_assess.return_value = self._create_mock_compliance_report(
+                        ComplianceFramework.AWS_WELL_ARCHITECTED
+                    )
+                    reports = await compliance_engine.assess_compliance(
+                        frameworks=test_frameworks[:1],  # Test with single framework
+                        target_accounts=self.test_accounts,
+                        scope="test",
+                    )
+                    if reports and len(reports) > 0:
+                        test_result["subtests"]["compliance_assessment"] = {
+                            "status": "success",
+                            "message": f"Compliance assessment completed for {len(reports)} framework(s)",
+                            "details": {"reports_generated": len(reports), "assessment_successful": True},
+                        }
+                    else:
+                        test_result["subtests"]["compliance_assessment"] = {
+                            "status": "failed",
+                            "message": "Compliance assessment failed to generate reports",
+                        }
+            test_result["status"] = (
+                "success"
+                if all(subtest["status"] in ["success", "partial"] for subtest in test_result["subtests"].values())
+                else "failed"
+            )
+            return test_result
+        except Exception as e:
+            test_result["status"] = "failed"
+            test_result["error"] = str(e)
+            return test_result
+    async def _test_module_integration(self) -> Dict[str, Any]:
+        """Test cross-module security integration."""
+        test_result = {"test_name": "module_integration", "status": "running", "subtests": {}}
+        try:
+            # Test 3.1: Initialize Module Security Integrator
+            print_info("  3.1: Initialize Module Security Integrator")
+            module_security = ModuleSecurityIntegrator(profile=self.profile)
+            test_result["subtests"]["integrator_init"] = {
+                "status": "success",
+                "message": "Module Security Integrator initialized successfully",
+            }
+            # Test 3.2: Validate Module Validators
+            print_info("  3.2: Validate Module Validators")
+            expected_modules = ["inventory", "operate", "finops", "cfat", "vpc", "remediation", "sre"]
+            available_validators = list(module_security.module_validators.keys())
+            validator_coverage = len([module for module in expected_modules if module in available_validators])
+            if validator_coverage >= len(expected_modules):
+                test_result["subtests"]["validator_coverage"] = {
+                    "status": "success",
+                    "message": f"All {validator_coverage} module validators available",
+                }
+            else:
+                test_result["subtests"]["validator_coverage"] = {
+                    "status": "partial",
+                    "message": f"{validator_coverage}/{len(expected_modules)} module validators available",
+                }
+            # Test 3.3: Test Module Operation Validation
+            print_info("  3.3: Test Module Operation Validation")
+            test_operations = [
+                ("inventory", "collect", {"services": ["ec2", "s3"], "regions": ["us-east-1"]}),
+                ("operate", "ec2_terminate", {"instance_id": "i-1234567890abcdef0"}),
+                ("finops", "cost_analysis", {"account_id": "123456789012", "period": "monthly"}),
+            ]
+            validation_results = []
+            for module_name, operation, parameters in test_operations:
+                try:
+                    validation_result = await module_security.validate_module_operation(
+                        module_name=module_name,
+                        operation=operation,
+                        parameters=parameters,
+                        user_context={
+                            "user_arn": "arn:aws:iam::123456789012:user/test-user",
+                            "account_id": "123456789012",
+                        },
+                    )
+                    validation_results.append(
+                        {
+                            "module": module_name,
+                            "operation": operation,
+                            "status": validation_result.get("status", "unknown"),
+                            "success": validation_result.get("status") == "success",
+                        }
+                    )
+                except Exception as e:
+                    validation_results.append(
+                        {
+                            "module": module_name,
+                            "operation": operation,
+                            "status": "error",
+                            "error": str(e),
+                            "success": False,
+                        }
+                    )
+            successful_validations = len([r for r in validation_results if r["success"]])
+            if successful_validations >= len(test_operations):
+                test_result["subtests"]["operation_validation"] = {
+                    "status": "success",
+                    "message": f"All {successful_validations} module operation validations passed",
+                    "details": validation_results,
+                }
+            else:
+                test_result["subtests"]["operation_validation"] = {
+                    "status": "partial",
+                    "message": f"{successful_validations}/{len(test_operations)} validations passed",
+                    "details": validation_results,
+                }
+            test_result["status"] = (
+                "success"
+                if all(subtest["status"] in ["success", "partial"] for subtest in test_result["subtests"].values())
+                else "failed"
+            )
+            return test_result
+        except Exception as e:
+            test_result["status"] = "failed"
+            test_result["error"] = str(e)
+            return test_result
+    async def _test_safety_gates(self) -> Dict[str, Any]:
+        """Test enterprise safety gates functionality."""
+        test_result = {"test_name": "safety_gates", "status": "running", "subtests": {}}
+        try:
+            # Initialize security framework for safety gates testing
+            security_framework = EnterpriseSecurityFramework(
+                profile=self.profile, output_dir=str(self.test_output_dir / "safety_gates")
+            )
+            # Test 4.1: High-Risk Operation Validation
+            print_info("  4.1: High-Risk Operation Validation")
+            safety_gates = security_framework.safety_gates
+            high_risk_validation = safety_gates.validate_destructive_operation(
+                operation="terminate_production_database",
+                resource_arn="arn:aws:rds:us-west-2:123456789012:db:prod-database",
+                parameters={
+                    "instance_id": "prod-database",
+                    "final_snapshot": True,
+                    "business_justification": "Cost optimization",
+                },
+            )
+            # Safety gates should require approval for production resources
+            if not high_risk_validation.get("safe_to_proceed", True):
+                test_result["subtests"]["high_risk_validation"] = {
+                    "status": "success",
+                    "message": "Safety gates correctly blocked high-risk operation",
+                    "details": high_risk_validation,
+                }
+            else:
+                test_result["subtests"]["high_risk_validation"] = {
+                    "status": "warning",
+                    "message": "Safety gates allowed high-risk operation (may be intentional)",
+                    "details": high_risk_validation,
+                }
+            # Test 4.2: Low-Risk Operation Validation
+            print_info("  4.2: Low-Risk Operation Validation")
+            low_risk_validation = safety_gates.validate_destructive_operation(
+                operation="describe_instances",
+                resource_arn="arn:aws:ec2:us-west-2:123456789012:instance/*",
+                parameters={"read_only": True},
+            )
+            # Safety gates should allow low-risk operations
+            if low_risk_validation.get("safe_to_proceed", False):
+                test_result["subtests"]["low_risk_validation"] = {
+                    "status": "success",
+                    "message": "Safety gates correctly allowed low-risk operation",
+                    "details": low_risk_validation,
+                }
+            else:
+                test_result["subtests"]["low_risk_validation"] = {
+                    "status": "failed",
+                    "message": "Safety gates incorrectly blocked low-risk operation",
+                    "details": low_risk_validation,
+                }
+            # Test 4.3: Rollback Manager Functionality
+            print_info("  4.3: Rollback Manager Functionality")
+            rollback_manager = security_framework.safety_gates.rollback_manager
+            rollback_plan_id = rollback_manager.create_rollback_plan(
+                operation_id="test-operation-12345",
+                operation_details={
+                    "operation": "test_operation",
+                    "resource": "test-resource",
+                    "parameters": {"test": True},
+                },
+            )
+            if rollback_plan_id and rollback_plan_id in rollback_manager.rollback_plans:
+                test_result["subtests"]["rollback_manager"] = {
+                    "status": "success",
+                    "message": "Rollback plan created successfully",
+                    "rollback_plan_id": rollback_plan_id,
+                }
+            else:
+                test_result["subtests"]["rollback_manager"] = {
+                    "status": "failed",
+                    "message": "Rollback plan creation failed",
+                }
+            test_result["status"] = (
+                "success"
+                if all(subtest["status"] in ["success", "warning"] for subtest in test_result["subtests"].values())
+                else "failed"
+            )
+            return test_result
+        except Exception as e:
+            test_result["status"] = "failed"
+            test_result["error"] = str(e)
+            return test_result
+    async def _test_remediation_engine(self) -> Dict[str, Any]:
+        """Test security remediation engine functionality."""
+        test_result = {"test_name": "remediation_engine", "status": "running", "subtests": {}}
+        try:
+            # Initialize security framework
+            security_framework = EnterpriseSecurityFramework(
+                profile=self.profile, output_dir=str(self.test_output_dir / "remediation")
+            )
+            # Test 5.1: Remediation Engine Initialization
+            print_info("  5.1: Remediation Engine Initialization")
+            remediation_engine = security_framework.remediation_engine
+            if remediation_engine and hasattr(remediation_engine, "remediation_playbooks"):
+                test_result["subtests"]["engine_init"] = {
+                    "status": "success",
+                    "message": "Remediation engine initialized with playbooks",
+                }
+            else:
+                test_result["subtests"]["engine_init"] = {
+                    "status": "failed",
+                    "message": "Remediation engine initialization failed",
+                }
+            # Test 5.2: Mock Security Finding Remediation
+            print_info("  5.2: Mock Security Finding Remediation")
+            # Create mock security finding
+            from runbooks.security.enterprise_security_framework import SecurityFinding
+            mock_finding = SecurityFinding(
+                finding_id="test-finding-12345",
+                title="Test Security Finding",
+                description="Mock security finding for testing",
+                severity=SecuritySeverity.MEDIUM,
+                resource_arn="arn:aws:s3:::test-bucket",
+                account_id="123456789012",
+                region="us-east-1",
+                compliance_frameworks=[ComplianceFramework.AWS_WELL_ARCHITECTED],
+                remediation_available=True,
+                auto_remediation_command="runbooks operate s3 block-public-access --bucket-name test-bucket",
+            )
+            # Execute remediation in dry-run mode
+            remediation_result = await remediation_engine.execute_remediation(finding=mock_finding, dry_run=True)
+            if remediation_result and remediation_result.get("status") in ["success", "dry_run_success"]:
+                test_result["subtests"]["mock_remediation"] = {
+                    "status": "success",
+                    "message": "Mock remediation executed successfully",
+                    "details": remediation_result,
+                }
+            else:
+                test_result["subtests"]["mock_remediation"] = {
+                    "status": "failed",
+                    "message": "Mock remediation failed",
+                    "details": remediation_result,
+                }
+            test_result["status"] = (
+                "success"
+                if all(subtest["status"] == "success" for subtest in test_result["subtests"].values())
+                else "failed"
+            )
+            return test_result
+        except Exception as e:
+            test_result["status"] = "failed"
+            test_result["error"] = str(e)
+            return test_result
+    async def _test_audit_trail(self) -> Dict[str, Any]:
+        """Test audit trail and evidence collection."""
+        test_result = {"test_name": "audit_trail", "status": "running", "subtests": {}}
+        try:
+            # Initialize security framework
+            security_framework = EnterpriseSecurityFramework(
+                profile=self.profile, output_dir=str(self.test_output_dir / "audit")
+            )
+            # Test 6.1: Audit Logger Initialization
+            print_info("  6.1: Audit Logger Initialization")
+            audit_logger = security_framework.audit_logger
+            if audit_logger and hasattr(audit_logger, "audit_log_path"):
+                test_result["subtests"]["logger_init"] = {
+                    "status": "success",
+                    "message": "Audit logger initialized successfully",
+                }
+            else:
+                test_result["subtests"]["logger_init"] = {
+                    "status": "failed",
+                    "message": "Audit logger initialization failed",
+                }
+            # Test 6.2: Audit Trail Entry Creation
+            print_info("  6.2: Audit Trail Entry Creation")
+            from runbooks.security.enterprise_security_framework import AuditTrailEntry
+            test_audit_entry = AuditTrailEntry(
+                operation_id="test-audit-12345",
+                timestamp=datetime.utcnow(),
+                user_arn="arn:aws:iam::123456789012:user/test-user",
+                account_id="123456789012",
+                service="cloudops-security",
+                operation="test_operation",
+                resource_arn="arn:aws:s3:::test-bucket",
+                parameters={"test": True},
+                result="success",
+                security_context={"mfa_authenticated": True},
+                compliance_frameworks=[ComplianceFramework.SOC2_TYPE_II],
+                risk_level=SecuritySeverity.LOW,
+            )
+            # Log audit entry
+            audit_logger.log_security_event(test_audit_entry)
+            # Verify audit log file exists
+            if audit_logger.audit_log_path.exists():
+                test_result["subtests"]["audit_logging"] = {
+                    "status": "success",
+                    "message": "Audit trail entry logged successfully",
+                    "audit_log_path": str(audit_logger.audit_log_path),
+                }
+            else:
+                test_result["subtests"]["audit_logging"] = {"status": "failed", "message": "Audit log file not created"}
+            # Test 6.3: Audit Trail Retrieval
+            print_info("  6.3: Audit Trail Retrieval")
+            recent_entries = audit_logger.get_recent_entries(hours=1)
+            if len(recent_entries) > 0:
+                test_result["subtests"]["audit_retrieval"] = {
+                    "status": "success",
+                    "message": f"Retrieved {len(recent_entries)} recent audit entries",
+                }
+            else:
+                test_result["subtests"]["audit_retrieval"] = {
+                    "status": "warning",
+                    "message": "No recent audit entries found (may be expected for test environment)",
+                }
+            test_result["status"] = (
+                "success"
+                if all(subtest["status"] in ["success", "warning"] for subtest in test_result["subtests"].values())
+                else "failed"
+            )
+            return test_result
+        except Exception as e:
+            test_result["status"] = "failed"
+            test_result["error"] = str(e)
+            return test_result
+    async def _test_performance(self) -> Dict[str, Any]:
+        """Test performance and scalability metrics."""
+        test_result = {"test_name": "performance", "status": "running", "subtests": {}}
+        try:
+            # Test 7.1: Framework Initialization Performance
+            print_info("  7.1: Framework Initialization Performance")
+            start_time = time.time()
+            security_framework = EnterpriseSecurityFramework(
+                profile=self.profile, output_dir=str(self.test_output_dir / "performance")
+            )
+            init_time = time.time() - start_time
+            # Framework should initialize within 5 seconds
+            if init_time < 5.0:
+                test_result["subtests"]["init_performance"] = {
+                    "status": "success",
+                    "message": f"Framework initialized in {init_time:.2f} seconds",
+                    "init_time": init_time,
+                }
+            else:
+                test_result["subtests"]["init_performance"] = {
+                    "status": "warning",
+                    "message": f"Framework initialization took {init_time:.2f} seconds (>5s threshold)",
+                    "init_time": init_time,
+                }
+            # Test 7.2: Module Security Validation Performance
+            print_info("  7.2: Module Security Validation Performance")
+            module_security = ModuleSecurityIntegrator(profile=self.profile)
+            validation_start_time = time.time()
+            # Test multiple validation operations
+            validation_operations = [
+                ("inventory", "collect", {"services": ["ec2"]}),
+                ("operate", "describe", {"resource_type": "ec2"}),
+                ("finops", "analyze", {"scope": "account"}),
+            ]
+            for module_name, operation, parameters in validation_operations:
+                await module_security.validate_module_operation(
+                    module_name=module_name,
+                    operation=operation,
+                    parameters=parameters,
+                    user_context={"user_arn": "arn:aws:iam::123456789012:user/test", "account_id": "123456789012"},
+                )
+            validation_time = time.time() - validation_start_time
+            avg_validation_time = validation_time / len(validation_operations)
+            # Each validation should complete within 2 seconds
+            if avg_validation_time < 2.0:
+                test_result["subtests"]["validation_performance"] = {
+                    "status": "success",
+                    "message": f"Average validation time: {avg_validation_time:.2f} seconds per operation",
+                    "avg_validation_time": avg_validation_time,
+                    "total_validations": len(validation_operations),
+                }
+            else:
+                test_result["subtests"]["validation_performance"] = {
+                    "status": "warning",
+                    "message": f"Average validation time: {avg_validation_time:.2f} seconds (>2s threshold)",
+                    "avg_validation_time": avg_validation_time,
+                }
+            test_result["status"] = (
+                "success"
+                if all(subtest["status"] in ["success", "warning"] for subtest in test_result["subtests"].values())
+                else "failed"
+            )
+            return test_result
+        except Exception as e:
+            test_result["status"] = "failed"
+            test_result["error"] = str(e)
+            return test_result
+    def _create_mock_compliance_report(self, framework: ComplianceFramework):
+        """Create a mock compliance report for testing."""
+        from runbooks.security.compliance_automation_engine import (
+            ComplianceAssessment,
+            ComplianceReport,
+            ComplianceStatus,
+        )
+        return ComplianceReport(
+            report_id=f"mock-report-{framework.value.lower().replace(' ', '_')}-{int(time.time())}",
+            framework=framework,
+            assessment_date=datetime.utcnow(),
+            overall_compliance_score=92.5,
+            compliance_status=ComplianceStatus.COMPLIANT,
+            total_controls=10,
+            compliant_controls=9,
+            non_compliant_controls=1,
+            partially_compliant_controls=0,
+            control_assessments=[],
+            remediation_plan={},
+            executive_summary="Mock compliance assessment for testing",
+            next_assessment_due=datetime.utcnow(),
+        )
+    def _calculate_overall_status(self, tests: Dict[str, Any]) -> str:
+        """Calculate overall test suite status."""
+        statuses = [test.get("status", "unknown") for test in tests.values()]
+        if all(status == "success" for status in statuses):
+            return "success"
+        elif any(status == "failed" for status in statuses):
+            return "failed"
+        else:
+            return "partial"
+    def _display_test_summary(self, test_results: Dict[str, Any]):
+        """Display comprehensive test summary."""
+        from runbooks.common.rich_utils import create_table
+        # Create test summary table
+        summary_table = create_table(
+            title="🛡️ Enterprise Security Integration Test Summary",
+            columns=[
+                {"name": "Test", "style": "bold", "justify": "left"},
+                {"name": "Status", "style": "bold", "justify": "center"},
+                {"name": "Details", "style": "dim", "justify": "left"},
+            ],
+        )
+        for test_name, test_data in test_results["tests"].items():
+            status = test_data.get("status", "unknown")
+            # Style based on status
+            if status == "success":
+                status_text = "🟢 SUCCESS"
+                style = "success"
+            elif status == "failed":
+                status_text = "🔴 FAILED"
+                style = "error"
+            elif status == "partial":
+                status_text = "🟡 PARTIAL"
+                style = "warning"
+            else:
+                status_text = f"❓ {status.upper()}"
+                style = "dim"
+            # Get test details
+            subtests = test_data.get("subtests", {})
+            details = f"{len(subtests)} subtests"
+            if "error" in test_data:
+                details += f" | Error: {test_data['error'][:50]}..."
+            summary_table.add_row(
+                test_name.replace("_", " ").title(), status_text, details, style=style if status != "success" else None
+            )
+        console.print(summary_table)
+        # Overall summary
+        overall_status = test_results["overall_status"]
+        total_tests = len(test_results["tests"])
+        if overall_status == "success":
+            status_style = "success"
+            status_icon = "🛡️"
+            status_message = "All enterprise security tests passed"
+        elif overall_status == "partial":
+            status_style = "warning"
+            status_icon = "⚠️"
+            status_message = "Some enterprise security tests have warnings"
+        else:
+            status_style = "error"
+            status_icon = "🚨"
+            status_message = "Enterprise security test failures detected"
+        overall_summary = f"""[bold {status_style}]{status_icon} Overall Status: {overall_status.upper()}[/bold {status_style}]
+[dim]Total Tests: {total_tests} | Status: {status_message}
+Test Duration: {test_results.get("end_time", "running")}[/dim]"""
+        console.print(create_panel(overall_summary, title="Integration Test Results", border_style=status_style))
+    async def _cleanup_test_artifacts(self):
+        """Cleanup test artifacts and temporary files."""
+        try:
+            import shutil
+            if self.test_output_dir.exists():
+                shutil.rmtree(self.test_output_dir)
+                print_info(f"Cleaned up test artifacts: {self.test_output_dir}")
+        except Exception as e:
+            print_warning(f"Failed to cleanup test artifacts: {str(e)}")
+# Main test execution function
+async def main():
+    """Execute enterprise security integration test suite."""
+    print_info("Starting Enterprise Security Framework Integration Tests")
+    # Initialize test suite
+    test_suite = EnterpriseSecurityIntegrationTest(
+        profile="default",  # Use default profile for testing
+        test_accounts=["123456789012"],  # Mock account ID
+    )
+    # Run comprehensive integration tests
+    test_results = await test_suite.run_comprehensive_integration_tests()
+    # Export test results
+    results_file = Path("./enterprise_security_test_results.json")
+    with open(results_file, "w") as f:
+        json.dump(test_results, f, indent=2, default=str)
+    print_success(f"Integration test results exported: {results_file}")
+    return test_results
+if __name__ == "__main__":
+    # Run integration tests
+    asyncio.run(main())

runbooks 0.7.9__py3-none-any.whl → 0.9.1__py3-none-any.whl

runbooks 0.7.9py3-none-any.whl → 0.9.1py3-none-any.whl