runbooks 1.0.0__py3-none-any.whl → 1.0.2__py3-none-any.whl

runbooks/finops/vpc_cleanup_optimizer.py

@@ -610,18 +610,9 @@ class VPCCleanupOptimizer:
         
         print_header("🌐 Real-Time NO-ENI VPC Discovery", "MCP-Validated VPC Cleanup Analysis")
         
-        # Configure enterprise profiles for MCP validation - Universal compatibility
-        from runbooks.common.profile_utils import get_enterprise_profile_mapping
-        enterprise_profiles = get_enterprise_profile_mapping()
-        
-        # Override with current profile if available
-        current_profile_type = self._determine_profile_type(self.profile)
-        if current_profile_type:
-            enterprise_profiles[current_profile_type] = self.profile
-        
-        # Initialize MCP validator for dynamic discovery
+        # Initialize MCP validator with universal profile support
         print_info("🔧 Initializing dynamic MCP validator...")
-        mcp_validator = NOENIVPCMCPValidator(enterprise_profiles)
+        mcp_validator = NOENIVPCMCPValidator(user_profile=self.profile)
         
         # Perform dynamic discovery across all accounts
         print_info("🚀 Starting real-time discovery across all AWS accounts...")
@@ -641,7 +632,7 @@ class VPCCleanupOptimizer:
             # Get detailed VPC information for each NO-ENI VPC
             try:
                 # Use appropriate session for this account
-                session = self._get_session_for_account(target.account_id, enterprise_profiles)
+                session = self._get_session_for_account(target.account_id)
                 ec2_client = session.client('ec2', region_name=target.region)
                 
                 # Get VPC details
@@ -708,26 +699,28 @@ class VPCCleanupOptimizer:
             return 'CENTRALISED_OPS'
         return None
     
-    def _get_session_for_account(self, account_id: str, enterprise_profiles: Dict[str, str]) -> boto3.Session:
-        """Get appropriate session for accessing a specific account."""
+    def _get_session_for_account(self, account_id: str) -> boto3.Session:
+        """Get appropriate session for accessing a specific account using universal profile management."""
+        from runbooks.common.profile_utils import get_profile_for_operation
+        
         # In enterprise setup, would assume role here
-        # For now, return session with best available profile
+        # For now, return session with best available profile using three-tier priority system
         
-        # Priority order for account access
-        profile_priority = ['MANAGEMENT', 'CENTRALISED_OPS', 'BILLING']
+        # Try different operation types in priority order
+        profile_types = ['management', 'operational', 'billing']
         
-        for profile_type in profile_priority:
-            if profile_type in enterprise_profiles:
-                try:
-                    session = boto3.Session(profile_name=enterprise_profiles[profile_type])
-                    # Verify access
-                    sts_client = session.client('sts')
-                    identity = sts_client.get_caller_identity()
-                    
-                    if identity['Account'] == account_id:
-                        return session
-                except Exception:
-                    continue
+        for profile_type in profile_types:
+            try:
+                profile_name = get_profile_for_operation(profile_type, self.profile)
+                session = boto3.Session(profile_name=profile_name)
+                # Verify access
+                sts_client = session.client('sts')
+                identity = sts_client.get_caller_identity()
+                
+                if identity['Account'] == account_id:
+                    return session
+            except Exception:
+                continue
         
         # Fallback to current session
         return self.session

runbooks/inventory/core/collector.py

@@ -42,12 +42,13 @@ try:
     ENHANCED_PROFILES_AVAILABLE = True
 except ImportError:
     ENHANCED_PROFILES_AVAILABLE = False
-    # Fallback profile definitions
+    # Fallback profile definitions with universal environment support
+    import os
     ENTERPRISE_PROFILES = {
-        "BILLING_PROFILE": "ams-admin-Billing-ReadOnlyAccess-909135376185",
-        "MANAGEMENT_PROFILE": "ams-admin-ReadOnlyAccess-909135376185",
-        "CENTRALISED_OPS_PROFILE": "ams-centralised-ops-ReadOnlyAccess-335083429030",
-        "SINGLE_ACCOUNT_PROFILE": "ams-shared-services-non-prod-ReadOnlyAccess-499201730520",
+        "BILLING_PROFILE": os.getenv("BILLING_PROFILE", "default-billing-profile"),
+        "MANAGEMENT_PROFILE": os.getenv("MANAGEMENT_PROFILE", "default-management-profile"),
+        "CENTRALISED_OPS_PROFILE": os.getenv("CENTRALISED_OPS_PROFILE", "default-ops-profile"),
+        "SINGLE_ACCOUNT_PROFILE": os.getenv("SINGLE_AWS_PROFILE", "default-single-profile"),
     }
 
 
@@ -141,28 +142,35 @@ class EnhancedInventoryCollector(CloudFoundationsBase):
         
         Strategic Alignment: "Do one thing and do it well"
         - Single profile override pattern: --profile takes precedence
-        - Simple fallback to environment variables when no --profile specified
-        - No hardcoded profile mappings - dynamic based on user input
+        - Universal AWS environment compatibility: works with ANY profile configuration
+        - Graceful fallback system for discovery across different AWS setups
         
         Returns:
             str: The active profile to use for all operations
         """
-        # Primary profile determination: user --profile parameter takes absolute precedence
+        # PRIMARY: User --profile parameter takes absolute precedence (Universal Compatibility)
         if self.profile:
-            print_info(f"Using user-specified profile: {self.profile}")
-            logger.info("Profile override via --profile parameter - enterprise priority system")
+            print_info(f"✅ Universal AWS Compatibility: Using user-specified profile '{self.profile}'")
+            logger.info("Profile override via --profile parameter - universal environment support")
             return self.profile
         
-        # Fallback to environment variables when no --profile specified
+        # SECONDARY: Environment variable fallback with intelligent prioritization
+        # Priority order: Management > Billing > Operations > Default (Organizations discovery preference)
         env_profile = (
             os.getenv("MANAGEMENT_PROFILE") or 
             os.getenv("BILLING_PROFILE") or 
             os.getenv("CENTRALISED_OPS_PROFILE") or
+            os.getenv("SINGLE_AWS_PROFILE") or
             "default"
         )
         
-        print_info(f"No --profile specified, using environment fallback: {env_profile}")
-        logger.info("Using environment variable fallback profile")
+        if env_profile != "default":
+            print_info(f"✅ Universal AWS Compatibility: Using environment profile '{env_profile}'")
+            logger.info(f"Environment variable profile selected: {env_profile}")
+        else:
+            print_info("✅ Universal AWS Compatibility: Using 'default' profile - works with any AWS CLI configuration")
+            logger.info("Using default profile - universal compatibility mode")
+        
         return env_profile
 
     def _initialize_collectors(self) -> Dict[str, str]:
@@ -226,21 +234,19 @@ class EnhancedInventoryCollector(CloudFoundationsBase):
 
     def get_organization_accounts(self) -> List[str]:
         """
-        Get list of accounts in AWS Organization.
+        Get list of accounts in AWS Organization with universal compatibility.
         
         Strategic Alignment: "Do one thing and do it well" 
-        - Single responsibility: discover organization structure
-        - Uses active profile for Organizations API access
-        - Enables multi-account inventory operations
+        - Universal AWS environment compatibility: works with ANY Organizations setup
+        - Intelligent fallback system: Organizations → standalone account detection
+        - Graceful handling of different permission scenarios
         """
         try:
-            # Use management profile for Organizations operations
-            # Use single active profile for all operations following --profile pattern
-            management_profile = self.active_profile
-            management_session = create_management_session(profile=management_profile)
+            # Use active profile for Organizations operations (Universal Compatibility)
+            management_session = create_management_session(profile=self.active_profile)
             organizations_client = management_session.client("organizations")
             
-            print_info("Discovering organization accounts with management profile...")
+            print_info(f"🔍 Universal Discovery: Attempting Organizations API with profile '{self.active_profile}'...")
             response = self._make_aws_call(organizations_client.list_accounts)
 
             accounts = []
@@ -248,14 +254,31 @@ class EnhancedInventoryCollector(CloudFoundationsBase):
                 if account["Status"] == "ACTIVE":
                     accounts.append(account["Id"])
 
-            print_success(f"Found {len(accounts)} active accounts in organization")
-            logger.info(f"Found {len(accounts)} active accounts using management profile: {management_profile}")
-            return accounts
+            if accounts:
+                print_success(f"✅ Organizations Discovery: Found {len(accounts)} active accounts in organization")
+                logger.info(f"Organizations discovery successful: {len(accounts)} accounts with profile {self.active_profile}")
+                return accounts
+            else:
+                print_warning("⚠️ Organizations Discovery: No active accounts found in organization")
+                return [self.get_account_id()]
 
         except Exception as e:
-            print_warning(f"Could not list organization accounts: {e}")
-            logger.warning(f"Organization discovery failed, falling back to current account: {e}")
-            # Fallback to current account
+            # Enhanced error messages for different AWS environment scenarios
+            error_message = str(e).lower()
+            
+            if "accessdenied" in error_message or "unauthorized" in error_message:
+                print_warning(f"⚠️ Universal Compatibility: Profile '{self.active_profile}' lacks Organizations permissions")
+                print_info("💡 Single Account Mode: Continuing with current account (universal compatibility)")
+            elif "organizationsnotinuse" in error_message:
+                print_info(f"ℹ️ Standalone Account: Profile '{self.active_profile}' not in an AWS Organization")
+                print_info("💡 Single Account Mode: Continuing with current account")
+            else:
+                print_warning(f"⚠️ Organizations Discovery Failed: {e}")
+                print_info("💡 Fallback Mode: Continuing with current account for universal compatibility")
+            
+            logger.warning(f"Organization discovery failed, graceful fallback: {e}")
+            
+            # Universal fallback: always return current account for single-account operations
             return [self.get_account_id()]
 
     def get_current_account_id(self) -> str: