PyPI - runbooks - Versions diffs - 1.0.0__py3-none-any.whl → 1.0.1__py3-none-any.whl - Mend

runbooks 1.0.0py3-none-any.whl → 1.0.1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (77) hide show

runbooks/__init__.py +1 -1
runbooks/cfat/WEIGHT_CONFIG_README.md +368 -0
runbooks/cfat/app.ts +27 -19
runbooks/cfat/assessment/runner.py +6 -5
runbooks/cfat/tests/test_weight_configuration.ts +449 -0
runbooks/cfat/weight_config.ts +574 -0
runbooks/common/__init__.py +26 -9
runbooks/common/aws_pricing.py +1070 -105
runbooks/common/date_utils.py +115 -0
runbooks/common/enhanced_exception_handler.py +10 -7
runbooks/common/mcp_cost_explorer_integration.py +5 -4
runbooks/common/profile_utils.py +76 -115
runbooks/common/rich_utils.py +3 -3
runbooks/finops/dashboard_runner.py +47 -28
runbooks/finops/ebs_optimizer.py +56 -9
runbooks/finops/enhanced_trend_visualization.py +7 -2
runbooks/finops/finops_dashboard.py +6 -5
runbooks/finops/iam_guidance.py +6 -1
runbooks/finops/nat_gateway_optimizer.py +46 -27
runbooks/finops/tests/test_integration.py +3 -1
runbooks/finops/vpc_cleanup_optimizer.py +22 -29
runbooks/inventory/core/collector.py +51 -28
runbooks/inventory/discovery.md +197 -247
runbooks/inventory/inventory_modules.py +2 -2
runbooks/inventory/list_ec2_instances.py +3 -3
runbooks/inventory/organizations_discovery.py +13 -8
runbooks/inventory/unified_validation_engine.py +2 -15
runbooks/main.py +74 -32
runbooks/operate/base.py +9 -6
runbooks/operate/deployment_framework.py +5 -4
runbooks/operate/deployment_validator.py +6 -5
runbooks/operate/mcp_integration.py +6 -5
runbooks/operate/networking_cost_heatmap.py +17 -13
runbooks/operate/vpc_operations.py +52 -12
runbooks/remediation/base.py +3 -1
runbooks/remediation/commons.py +5 -5
runbooks/remediation/commvault_ec2_analysis.py +66 -18
runbooks/remediation/config/accounts_example.json +31 -0
runbooks/remediation/multi_account.py +120 -7
runbooks/remediation/remediation_cli.py +710 -0
runbooks/remediation/universal_account_discovery.py +377 -0
runbooks/security/compliance_automation_engine.py +99 -20
runbooks/security/config/__init__.py +24 -0
runbooks/security/config/compliance_config.py +255 -0
runbooks/security/config/compliance_weights_example.json +22 -0
runbooks/security/config_template_generator.py +500 -0
runbooks/security/security_cli.py +377 -0
runbooks/validation/cli.py +8 -7
runbooks/validation/comprehensive_2way_validator.py +26 -15
runbooks/validation/mcp_validator.py +62 -8
runbooks/vpc/config.py +32 -7
runbooks/vpc/cross_account_session.py +5 -1
runbooks/vpc/heatmap_engine.py +21 -14
runbooks/vpc/mcp_no_eni_validator.py +115 -36
runbooks/vpc/runbooks_adapter.py +33 -12
runbooks/vpc/tests/conftest.py +4 -2
runbooks/vpc/tests/test_cost_engine.py +3 -1
{runbooks-1.0.0.dist-info → runbooks-1.0.1.dist-info}/METADATA +1 -1
{runbooks-1.0.0.dist-info → runbooks-1.0.1.dist-info}/RECORD +63 -65
runbooks/finops/runbooks.inventory.organizations_discovery.log +0 -0
runbooks/finops/runbooks.security.report_generator.log +0 -0
runbooks/finops/runbooks.security.run_script.log +0 -0
runbooks/finops/runbooks.security.security_export.log +0 -0
runbooks/finops/tests/results_test_finops_dashboard.xml +0 -1
runbooks/inventory/artifacts/scale-optimize-status.txt +0 -12
runbooks/inventory/runbooks.inventory.organizations_discovery.log +0 -0
runbooks/inventory/runbooks.security.report_generator.log +0 -0
runbooks/inventory/runbooks.security.run_script.log +0 -0
runbooks/inventory/runbooks.security.security_export.log +0 -0
runbooks/vpc/runbooks.inventory.organizations_discovery.log +0 -0
runbooks/vpc/runbooks.security.report_generator.log +0 -0
runbooks/vpc/runbooks.security.run_script.log +0 -0
runbooks/vpc/runbooks.security.security_export.log +0 -0
{runbooks-1.0.0.dist-info → runbooks-1.0.1.dist-info}/WHEEL +0 -0
{runbooks-1.0.0.dist-info → runbooks-1.0.1.dist-info}/entry_points.txt +0 -0
{runbooks-1.0.0.dist-info → runbooks-1.0.1.dist-info}/licenses/LICENSE +0 -0
{runbooks-1.0.0.dist-info → runbooks-1.0.1.dist-info}/top_level.txt +0 -0

runbooks/remediation/commvault_ec2_analysis.py CHANGED Viewed

@@ -2,7 +2,6 @@
 EC2 Utilization Analysis - Investigate EC2 utilization patterns for cost optimization.
 Business Case: Enhanced EC2 investigation framework for backup infrastructure analysis
-Target Account: 637423383469 (Backup infrastructure account)
 Challenge: Determine if EC2 instances are actively used for backups or idle
 Strategic Value: Infrastructure right-sizing and cost optimization through utilization analysis
 """
@@ -19,11 +18,58 @@ from ..common.rich_utils import (
     console, print_header, print_success, print_error, print_warning,
     create_table, create_progress_bar, format_cost
 )
-from ..common.env_utils import get_required_env_float
+from ..common.profile_utils import create_operational_session
 logger = logging.getLogger(__name__)
+def _calculate_instance_monthly_cost(instance_type: str, region: str = "us-east-1") -> float:
+    """
+    Calculate monthly cost for EC2 instance type using dynamic AWS Pricing API.
+    ENTERPRISE COMPLIANCE: Uses AWS Pricing API to eliminate hardcoded pricing violations.
+    Args:
+        instance_type: EC2 instance type (e.g., 't3.micro', 'm5.large')
+        region: AWS region for pricing lookup
+    Returns:
+        float: Monthly cost in USD from AWS Pricing API
+    """
+    from ..common.aws_pricing import get_ec2_monthly_cost
+    from ..common.rich_utils import console
+    try:
+        # Use dynamic AWS pricing - NO hardcoded values allowed
+        monthly_cost = get_ec2_monthly_cost(instance_type, region)
+        logger.debug(f"Dynamic pricing for {instance_type}: ${monthly_cost:.2f}/month")
+        return monthly_cost
+    except Exception as e:
+        console.print(f"[red]⚠ ENTERPRISE WARNING: Cannot get dynamic pricing for {instance_type}: {e}[/red]")
+        console.print(f"[yellow]Falling back to AWS pricing pattern calculation...[/yellow]")
+        # Use AWS pricing engine's fallback calculation (which uses documented AWS patterns)
+        from ..common.aws_pricing import get_aws_pricing_engine
+        try:
+            pricing_engine = get_aws_pricing_engine(enable_fallback=True)
+            result = pricing_engine.get_ec2_instance_pricing(instance_type, region)
+            logger.warning(f"Using fallback pricing for {instance_type}: ${result.monthly_cost:.2f}/month")
+            return result.monthly_cost
+        except Exception as fallback_error:
+            logger.error(f"All pricing methods failed for {instance_type}: {fallback_error}")
+            # Complete failure - cannot proceed without violating enterprise standards
+            raise RuntimeError(
+                f"ENTERPRISE VIOLATION: Cannot get dynamic pricing for {instance_type} "
+                f"in region {region}. All pricing methods failed. "
+                f"Hardcoded values are prohibited. "
+                f"Ensure AWS credentials are configured and Pricing API is accessible."
+            ) from e
 def calculate_ec2_cost_impact(instances_data: List[Dict]) -> Dict[str, float]:
@@ -36,23 +82,14 @@ def calculate_ec2_cost_impact(instances_data: List[Dict]) -> Dict[str, float]:
     running_instances = [i for i in instances_data if i.get("State", {}).get("Name") == "running"]
     idle_instances = [i for i in instances_data if i.get("CpuUtilization", 0) < 5.0]  # <5% CPU
-    # Rough cost estimation (simplified for investigation phase)
+    # Dynamic cost estimation using environment configuration
     estimated_monthly_cost = 0.0
     for instance in running_instances:
         instance_type = instance.get("InstanceType", "t3.micro")
-        # Simplified cost mapping (USD/month for common instance types)
-        cost_map = {
-            "t3.micro": 8.47,
-            "t3.small": 16.94,
-            "t3.medium": 33.87,
-            "m5.large": 70.08,
-            "m5.xlarge": 140.16,
-            "c5.large": 62.98,
-            "c5.xlarge": 125.95,
-        }
-        # Get dynamic cost estimate based on current AWS pricing - NO hardcoded defaults
-        default_cost = get_required_env_float('DEFAULT_EC2_MONTHLY_COST')
-        estimated_monthly_cost += cost_map.get(instance_type, default_cost)
+        # Dynamic cost calculation based on instance type
+        # Using AWS pricing calculation: hours * daily_hours * monthly_days
+        estimated_monthly_cost += _calculate_instance_monthly_cost(instance_type)
     return {
         "total_instances": total_instances,
@@ -66,7 +103,7 @@ def calculate_ec2_cost_impact(instances_data: List[Dict]) -> Dict[str, float]:
 @click.command()
 @click.option("--output-file", default="./tmp/commvault_ec2_investigation.csv", help="Output CSV file path")
-@click.option("--account", default="637423383469", help="Commvault backup account ID (JIRA FinOps-25)")
+@click.option("--account", help="Commvault backup account ID (JIRA FinOps-25). If not specified, uses current AWS account.")
 @click.option("--investigate-utilization", is_flag=True, help="Investigate EC2 utilization patterns")
 @click.option("--days", default=7, help="Number of days to analyze for utilization metrics")
 @click.option("--dry-run", is_flag=True, default=True, help="Preview analysis without execution")
@@ -74,11 +111,22 @@ def investigate_commvault_ec2(output_file, account, investigate_utilization, day
     """
     FinOps-25: Commvault EC2 investigation for cost optimization.
-    Account: 637423383469 (Commvault backup account)
     Challenge: Determine if EC2 instances are actively used for backups or idle
     """
     print_header("JIRA FinOps-25: Commvault EC2 Investigation", "v0.9.1")
+    # Auto-detect account if not specified
+    if not account:
+        try:
+            session = create_operational_session()
+            sts = session.client('sts')
+            identity = sts.get_caller_identity()
+            account = identity['Account']
+            console.print(f"[dim cyan]Auto-detected account: {account}[/dim cyan]")
+        except Exception as e:
+            console.print(f"[red]Error detecting account: {e}[/red]")
+            raise click.ClickException("Could not determine AWS account. Please specify --account parameter.")
     account_info = display_aws_account_info()
     console.print(f"[cyan]Account: {account} - Investigating EC2 usage patterns[/cyan]")

runbooks/remediation/config/accounts_example.json ADDED Viewed

@@ -0,0 +1,31 @@
+{
+  "target_accounts": [
+    {
+      "account_id": "111122223333",
+      "environment": "production",
+      "name": "Production Account",
+      "enabled": true
+    },
+    {
+      "account_id": "444455556666",
+      "environment": "staging",
+      "name": "Staging Account",
+      "enabled": true
+    },
+    {
+      "account_id": "777788889999",
+      "environment": "development",
+      "name": "Development Account",
+      "enabled": false
+    }
+  ],
+  "remediation_settings": {
+    "parallel_execution": true,
+    "max_workers": 5,
+    "timeout_seconds": 300,
+    "retry_attempts": 3
+  },
+  "description": "Configuration for multi-account remediation targets",
+  "last_updated": "2024-12-19",
+  "version": "1.0"
+}

runbooks/remediation/multi_account.py CHANGED Viewed

@@ -40,12 +40,9 @@ remediator = MultiAccountRemediator(
     max_workers=5
 )
-# Define target accounts
-accounts = [
-    AWSAccount("123456789012", "production"),
-    AWSAccount("987654321098", "staging"),
-    AWSAccount("456789012345", "development")
-]
+# Define target accounts using dynamic discovery
+# Example: Get accounts from AWS Organizations or environment configuration
+accounts = get_accounts_from_environment() or discover_organization_accounts()
 # Execute bulk S3 security remediation
 results = remediator.bulk_s3_security(
@@ -73,6 +70,8 @@ from loguru import logger
 from runbooks.inventory.models.account import AWSAccount
 from runbooks.remediation.base import BaseRemediation, RemediationContext, RemediationResult, RemediationStatus
+from runbooks.common.profile_utils import create_management_session
+from runbooks.remediation.universal_account_discovery import UniversalAccountDiscovery, AWSAccount as UniversalAWSAccount
 class MultiAccountRemediator:
@@ -167,7 +166,7 @@ class MultiAccountRemediator:
         try:
             # Create SSO OIDC client
-            sso_oidc = boto3.client("sso-oidc", region_name="us-east-1")
+            sso_oidc = boto3.client("sso-oidc", region_name=os.getenv("AWS_DEFAULT_REGION", "us-east-1"))
             # Register client
             client_creds = sso_oidc.register_client(clientName="CloudOpsRemediation", clientType="public")
@@ -567,3 +566,117 @@ class MultiAccountRemediator:
         compliance_summary["compliance_controls"] = list(compliance_summary["compliance_controls"])
         return compliance_summary
+# Dynamic account discovery functions for enterprise security operations
+def get_accounts_from_environment(profile: Optional[str] = None) -> Optional[List[AWSAccount]]:
+    """
+    Get AWS accounts using universal account discovery system.
+    Uses enhanced discovery with support for:
+    - Environment variables (REMEDIATION_TARGET_ACCOUNTS)
+    - Configuration files (REMEDIATION_ACCOUNT_CONFIG)
+    - AWS Organizations API (automatic discovery)
+    - Current account fallback (single account mode)
+    Args:
+        profile: AWS profile to use for discovery
+    Returns:
+        List of AWSAccount objects or None if not configured
+    """
+    try:
+        # Use universal account discovery system
+        discovery = UniversalAccountDiscovery(profile=profile)
+        universal_accounts = discovery.discover_target_accounts()
+        if not universal_accounts:
+            return None
+        # Convert to legacy AWSAccount format for compatibility
+        legacy_accounts = []
+        for universal_account in universal_accounts:
+            legacy_account = AWSAccount(
+                universal_account.account_id,
+                universal_account.account_name or f"account-{universal_account.account_id}"
+            )
+            legacy_accounts.append(legacy_account)
+        logger.info(f"Using {len(legacy_accounts)} accounts discovered via universal discovery system")
+        return legacy_accounts
+    except Exception as e:
+        logger.warning(f"Failed to discover accounts using universal discovery: {e}")
+        return None
+def discover_organization_accounts(profile: Optional[str] = None) -> List[AWSAccount]:
+    """
+    Discover AWS accounts using universal discovery system.
+    Enhanced to use the universal account discovery system which provides:
+    - Organizations API discovery (if available)
+    - Environment variable fallback
+    - Configuration file support
+    - Current account fallback
+    Args:
+        profile: AWS profile for discovery (universal profile management)
+    Returns:
+        List of discovered AWSAccount objects
+    """
+    try:
+        # Use universal account discovery system for Organizations discovery
+        discovery = UniversalAccountDiscovery(profile=profile)
+        universal_accounts = discovery._get_accounts_from_organizations()
+        if not universal_accounts:
+            # Fallback to other discovery methods
+            logger.info("Organizations API not available, trying other discovery methods...")
+            universal_accounts = discovery.discover_target_accounts()
+        # Convert to legacy AWSAccount format for compatibility
+        legacy_accounts = []
+        for universal_account in universal_accounts:
+            if universal_account.status == "ACTIVE":
+                legacy_account = AWSAccount(
+                    universal_account.account_id,
+                    universal_account.account_name or f"org-account-{universal_account.account_id}"
+                )
+                legacy_accounts.append(legacy_account)
+        logger.info(f"Discovered {len(legacy_accounts)} active AWS accounts via universal discovery")
+        return legacy_accounts
+    except Exception as e:
+        logger.warning(f"Failed to discover organization accounts: {e}")
+        # Universal discovery handles all fallback scenarios
+        return []
+def _determine_account_environment(account_name: str) -> str:
+    """
+    Determine account environment based on account name patterns.
+    Args:
+        account_name: AWS account name
+    Returns:
+        Environment classification
+    """
+    name_lower = account_name.lower()
+    # Common environment patterns
+    if any(env in name_lower for env in ["prod", "production"]):
+        return "production"
+    elif any(env in name_lower for env in ["staging", "stage", "uat"]):
+        return "staging"
+    elif any(env in name_lower for env in ["dev", "development"]):
+        return "development"
+    elif any(env in name_lower for env in ["test", "testing"]):
+        return "testing"
+    elif any(env in name_lower for env in ["sandbox", "sb"]):
+        return "sandbox"
+    else:
+        return "unknown"

runbooks 1.0.0__py3-none-any.whl → 1.0.1__py3-none-any.whl

runbooks 1.0.0py3-none-any.whl → 1.0.1py3-none-any.whl