runbooks 1.0.0__py3-none-any.whl → 1.0.2__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- runbooks/__init__.py +1 -1
- runbooks/cfat/WEIGHT_CONFIG_README.md +368 -0
- runbooks/cfat/app.ts +27 -19
- runbooks/cfat/assessment/runner.py +6 -5
- runbooks/cfat/tests/test_weight_configuration.ts +449 -0
- runbooks/cfat/weight_config.ts +574 -0
- runbooks/cloudops/models.py +20 -14
- runbooks/common/__init__.py +26 -9
- runbooks/common/aws_pricing.py +1070 -105
- runbooks/common/aws_pricing_api.py +276 -44
- runbooks/common/date_utils.py +115 -0
- runbooks/common/dry_run_examples.py +587 -0
- runbooks/common/dry_run_framework.py +520 -0
- runbooks/common/enhanced_exception_handler.py +10 -7
- runbooks/common/mcp_cost_explorer_integration.py +5 -4
- runbooks/common/memory_optimization.py +533 -0
- runbooks/common/performance_optimization_engine.py +1153 -0
- runbooks/common/profile_utils.py +86 -118
- runbooks/common/rich_utils.py +3 -3
- runbooks/common/sre_performance_suite.py +574 -0
- runbooks/finops/business_case_config.py +314 -0
- runbooks/finops/cost_processor.py +19 -4
- runbooks/finops/dashboard_runner.py +47 -28
- runbooks/finops/ebs_cost_optimizer.py +1 -1
- runbooks/finops/ebs_optimizer.py +56 -9
- runbooks/finops/embedded_mcp_validator.py +642 -36
- runbooks/finops/enhanced_trend_visualization.py +7 -2
- runbooks/finops/executive_export.py +789 -0
- runbooks/finops/finops_dashboard.py +6 -5
- runbooks/finops/finops_scenarios.py +34 -27
- runbooks/finops/iam_guidance.py +6 -1
- runbooks/finops/nat_gateway_optimizer.py +46 -27
- runbooks/finops/notebook_utils.py +1 -1
- runbooks/finops/schemas.py +73 -58
- runbooks/finops/single_dashboard.py +20 -4
- runbooks/finops/tests/test_integration.py +3 -1
- runbooks/finops/vpc_cleanup_exporter.py +2 -1
- runbooks/finops/vpc_cleanup_optimizer.py +22 -29
- runbooks/inventory/core/collector.py +51 -28
- runbooks/inventory/discovery.md +197 -247
- runbooks/inventory/inventory_modules.py +2 -2
- runbooks/inventory/list_ec2_instances.py +3 -3
- runbooks/inventory/models/account.py +5 -3
- runbooks/inventory/models/inventory.py +1 -1
- runbooks/inventory/models/resource.py +5 -3
- runbooks/inventory/organizations_discovery.py +102 -13
- runbooks/inventory/unified_validation_engine.py +2 -15
- runbooks/main.py +255 -92
- runbooks/operate/base.py +9 -6
- runbooks/operate/deployment_framework.py +5 -4
- runbooks/operate/deployment_validator.py +6 -5
- runbooks/operate/mcp_integration.py +6 -5
- runbooks/operate/networking_cost_heatmap.py +17 -13
- runbooks/operate/vpc_operations.py +82 -13
- runbooks/remediation/base.py +3 -1
- runbooks/remediation/commons.py +5 -5
- runbooks/remediation/commvault_ec2_analysis.py +66 -18
- runbooks/remediation/config/accounts_example.json +31 -0
- runbooks/remediation/multi_account.py +120 -7
- runbooks/remediation/remediation_cli.py +710 -0
- runbooks/remediation/universal_account_discovery.py +377 -0
- runbooks/remediation/workspaces_list.py +2 -2
- runbooks/security/compliance_automation_engine.py +99 -20
- runbooks/security/config/__init__.py +24 -0
- runbooks/security/config/compliance_config.py +255 -0
- runbooks/security/config/compliance_weights_example.json +22 -0
- runbooks/security/config_template_generator.py +500 -0
- runbooks/security/security_cli.py +377 -0
- runbooks/validation/cli.py +8 -7
- runbooks/validation/comprehensive_2way_validator.py +26 -15
- runbooks/validation/mcp_validator.py +62 -8
- runbooks/vpc/config.py +49 -15
- runbooks/vpc/cross_account_session.py +5 -1
- runbooks/vpc/heatmap_engine.py +438 -59
- runbooks/vpc/mcp_no_eni_validator.py +115 -36
- runbooks/vpc/performance_optimized_analyzer.py +546 -0
- runbooks/vpc/runbooks_adapter.py +33 -12
- runbooks/vpc/tests/conftest.py +4 -2
- runbooks/vpc/tests/test_cost_engine.py +3 -1
- {runbooks-1.0.0.dist-info → runbooks-1.0.2.dist-info}/METADATA +1 -1
- {runbooks-1.0.0.dist-info → runbooks-1.0.2.dist-info}/RECORD +85 -79
- runbooks/finops/runbooks.inventory.organizations_discovery.log +0 -0
- runbooks/finops/runbooks.security.report_generator.log +0 -0
- runbooks/finops/runbooks.security.run_script.log +0 -0
- runbooks/finops/runbooks.security.security_export.log +0 -0
- runbooks/finops/tests/results_test_finops_dashboard.xml +0 -1
- runbooks/inventory/artifacts/scale-optimize-status.txt +0 -12
- runbooks/inventory/runbooks.inventory.organizations_discovery.log +0 -0
- runbooks/inventory/runbooks.security.report_generator.log +0 -0
- runbooks/inventory/runbooks.security.run_script.log +0 -0
- runbooks/inventory/runbooks.security.security_export.log +0 -0
- runbooks/vpc/runbooks.inventory.organizations_discovery.log +0 -0
- runbooks/vpc/runbooks.security.report_generator.log +0 -0
- runbooks/vpc/runbooks.security.run_script.log +0 -0
- runbooks/vpc/runbooks.security.security_export.log +0 -0
- {runbooks-1.0.0.dist-info → runbooks-1.0.2.dist-info}/WHEEL +0 -0
- {runbooks-1.0.0.dist-info → runbooks-1.0.2.dist-info}/entry_points.txt +0 -0
- {runbooks-1.0.0.dist-info → runbooks-1.0.2.dist-info}/licenses/LICENSE +0 -0
- {runbooks-1.0.0.dist-info → runbooks-1.0.2.dist-info}/top_level.txt +0 -0
|
@@ -40,12 +40,9 @@ remediator = MultiAccountRemediator(
|
|
|
40
40
|
max_workers=5
|
|
41
41
|
)
|
|
42
42
|
|
|
43
|
-
# Define target accounts
|
|
44
|
-
accounts
|
|
45
|
-
|
|
46
|
-
AWSAccount("987654321098", "staging"),
|
|
47
|
-
AWSAccount("456789012345", "development")
|
|
48
|
-
]
|
|
43
|
+
# Define target accounts using dynamic discovery
|
|
44
|
+
# Example: Get accounts from AWS Organizations or environment configuration
|
|
45
|
+
accounts = get_accounts_from_environment() or discover_organization_accounts()
|
|
49
46
|
|
|
50
47
|
# Execute bulk S3 security remediation
|
|
51
48
|
results = remediator.bulk_s3_security(
|
|
@@ -73,6 +70,8 @@ from loguru import logger
|
|
|
73
70
|
|
|
74
71
|
from runbooks.inventory.models.account import AWSAccount
|
|
75
72
|
from runbooks.remediation.base import BaseRemediation, RemediationContext, RemediationResult, RemediationStatus
|
|
73
|
+
from runbooks.common.profile_utils import create_management_session
|
|
74
|
+
from runbooks.remediation.universal_account_discovery import UniversalAccountDiscovery, AWSAccount as UniversalAWSAccount
|
|
76
75
|
|
|
77
76
|
|
|
78
77
|
class MultiAccountRemediator:
|
|
@@ -167,7 +166,7 @@ class MultiAccountRemediator:
|
|
|
167
166
|
|
|
168
167
|
try:
|
|
169
168
|
# Create SSO OIDC client
|
|
170
|
-
sso_oidc = boto3.client("sso-oidc", region_name="us-east-1")
|
|
169
|
+
sso_oidc = boto3.client("sso-oidc", region_name=os.getenv("AWS_DEFAULT_REGION", "us-east-1"))
|
|
171
170
|
|
|
172
171
|
# Register client
|
|
173
172
|
client_creds = sso_oidc.register_client(clientName="CloudOpsRemediation", clientType="public")
|
|
@@ -567,3 +566,117 @@ class MultiAccountRemediator:
|
|
|
567
566
|
compliance_summary["compliance_controls"] = list(compliance_summary["compliance_controls"])
|
|
568
567
|
|
|
569
568
|
return compliance_summary
|
|
569
|
+
|
|
570
|
+
|
|
571
|
+
# Dynamic account discovery functions for enterprise security operations
|
|
572
|
+
def get_accounts_from_environment(profile: Optional[str] = None) -> Optional[List[AWSAccount]]:
|
|
573
|
+
"""
|
|
574
|
+
Get AWS accounts using universal account discovery system.
|
|
575
|
+
|
|
576
|
+
Uses enhanced discovery with support for:
|
|
577
|
+
- Environment variables (REMEDIATION_TARGET_ACCOUNTS)
|
|
578
|
+
- Configuration files (REMEDIATION_ACCOUNT_CONFIG)
|
|
579
|
+
- AWS Organizations API (automatic discovery)
|
|
580
|
+
- Current account fallback (single account mode)
|
|
581
|
+
|
|
582
|
+
Args:
|
|
583
|
+
profile: AWS profile to use for discovery
|
|
584
|
+
|
|
585
|
+
Returns:
|
|
586
|
+
List of AWSAccount objects or None if not configured
|
|
587
|
+
"""
|
|
588
|
+
try:
|
|
589
|
+
# Use universal account discovery system
|
|
590
|
+
discovery = UniversalAccountDiscovery(profile=profile)
|
|
591
|
+
universal_accounts = discovery.discover_target_accounts()
|
|
592
|
+
|
|
593
|
+
if not universal_accounts:
|
|
594
|
+
return None
|
|
595
|
+
|
|
596
|
+
# Convert to legacy AWSAccount format for compatibility
|
|
597
|
+
legacy_accounts = []
|
|
598
|
+
for universal_account in universal_accounts:
|
|
599
|
+
legacy_account = AWSAccount(
|
|
600
|
+
universal_account.account_id,
|
|
601
|
+
universal_account.account_name or f"account-{universal_account.account_id}"
|
|
602
|
+
)
|
|
603
|
+
legacy_accounts.append(legacy_account)
|
|
604
|
+
|
|
605
|
+
logger.info(f"Using {len(legacy_accounts)} accounts discovered via universal discovery system")
|
|
606
|
+
return legacy_accounts
|
|
607
|
+
|
|
608
|
+
except Exception as e:
|
|
609
|
+
logger.warning(f"Failed to discover accounts using universal discovery: {e}")
|
|
610
|
+
return None
|
|
611
|
+
|
|
612
|
+
|
|
613
|
+
def discover_organization_accounts(profile: Optional[str] = None) -> List[AWSAccount]:
|
|
614
|
+
"""
|
|
615
|
+
Discover AWS accounts using universal discovery system.
|
|
616
|
+
|
|
617
|
+
Enhanced to use the universal account discovery system which provides:
|
|
618
|
+
- Organizations API discovery (if available)
|
|
619
|
+
- Environment variable fallback
|
|
620
|
+
- Configuration file support
|
|
621
|
+
- Current account fallback
|
|
622
|
+
|
|
623
|
+
Args:
|
|
624
|
+
profile: AWS profile for discovery (universal profile management)
|
|
625
|
+
|
|
626
|
+
Returns:
|
|
627
|
+
List of discovered AWSAccount objects
|
|
628
|
+
"""
|
|
629
|
+
try:
|
|
630
|
+
# Use universal account discovery system for Organizations discovery
|
|
631
|
+
discovery = UniversalAccountDiscovery(profile=profile)
|
|
632
|
+
universal_accounts = discovery._get_accounts_from_organizations()
|
|
633
|
+
|
|
634
|
+
if not universal_accounts:
|
|
635
|
+
# Fallback to other discovery methods
|
|
636
|
+
logger.info("Organizations API not available, trying other discovery methods...")
|
|
637
|
+
universal_accounts = discovery.discover_target_accounts()
|
|
638
|
+
|
|
639
|
+
# Convert to legacy AWSAccount format for compatibility
|
|
640
|
+
legacy_accounts = []
|
|
641
|
+
for universal_account in universal_accounts:
|
|
642
|
+
if universal_account.status == "ACTIVE":
|
|
643
|
+
legacy_account = AWSAccount(
|
|
644
|
+
universal_account.account_id,
|
|
645
|
+
universal_account.account_name or f"org-account-{universal_account.account_id}"
|
|
646
|
+
)
|
|
647
|
+
legacy_accounts.append(legacy_account)
|
|
648
|
+
|
|
649
|
+
logger.info(f"Discovered {len(legacy_accounts)} active AWS accounts via universal discovery")
|
|
650
|
+
return legacy_accounts
|
|
651
|
+
|
|
652
|
+
except Exception as e:
|
|
653
|
+
logger.warning(f"Failed to discover organization accounts: {e}")
|
|
654
|
+
# Universal discovery handles all fallback scenarios
|
|
655
|
+
return []
|
|
656
|
+
|
|
657
|
+
|
|
658
|
+
def _determine_account_environment(account_name: str) -> str:
|
|
659
|
+
"""
|
|
660
|
+
Determine account environment based on account name patterns.
|
|
661
|
+
|
|
662
|
+
Args:
|
|
663
|
+
account_name: AWS account name
|
|
664
|
+
|
|
665
|
+
Returns:
|
|
666
|
+
Environment classification
|
|
667
|
+
"""
|
|
668
|
+
name_lower = account_name.lower()
|
|
669
|
+
|
|
670
|
+
# Common environment patterns
|
|
671
|
+
if any(env in name_lower for env in ["prod", "production"]):
|
|
672
|
+
return "production"
|
|
673
|
+
elif any(env in name_lower for env in ["staging", "stage", "uat"]):
|
|
674
|
+
return "staging"
|
|
675
|
+
elif any(env in name_lower for env in ["dev", "development"]):
|
|
676
|
+
return "development"
|
|
677
|
+
elif any(env in name_lower for env in ["test", "testing"]):
|
|
678
|
+
return "testing"
|
|
679
|
+
elif any(env in name_lower for env in ["sandbox", "sb"]):
|
|
680
|
+
return "sandbox"
|
|
681
|
+
else:
|
|
682
|
+
return "unknown"
|