runbooks 1.0.0__py3-none-any.whl → 1.0.2__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (99) hide show
  1. runbooks/__init__.py +1 -1
  2. runbooks/cfat/WEIGHT_CONFIG_README.md +368 -0
  3. runbooks/cfat/app.ts +27 -19
  4. runbooks/cfat/assessment/runner.py +6 -5
  5. runbooks/cfat/tests/test_weight_configuration.ts +449 -0
  6. runbooks/cfat/weight_config.ts +574 -0
  7. runbooks/cloudops/models.py +20 -14
  8. runbooks/common/__init__.py +26 -9
  9. runbooks/common/aws_pricing.py +1070 -105
  10. runbooks/common/aws_pricing_api.py +276 -44
  11. runbooks/common/date_utils.py +115 -0
  12. runbooks/common/dry_run_examples.py +587 -0
  13. runbooks/common/dry_run_framework.py +520 -0
  14. runbooks/common/enhanced_exception_handler.py +10 -7
  15. runbooks/common/mcp_cost_explorer_integration.py +5 -4
  16. runbooks/common/memory_optimization.py +533 -0
  17. runbooks/common/performance_optimization_engine.py +1153 -0
  18. runbooks/common/profile_utils.py +86 -118
  19. runbooks/common/rich_utils.py +3 -3
  20. runbooks/common/sre_performance_suite.py +574 -0
  21. runbooks/finops/business_case_config.py +314 -0
  22. runbooks/finops/cost_processor.py +19 -4
  23. runbooks/finops/dashboard_runner.py +47 -28
  24. runbooks/finops/ebs_cost_optimizer.py +1 -1
  25. runbooks/finops/ebs_optimizer.py +56 -9
  26. runbooks/finops/embedded_mcp_validator.py +642 -36
  27. runbooks/finops/enhanced_trend_visualization.py +7 -2
  28. runbooks/finops/executive_export.py +789 -0
  29. runbooks/finops/finops_dashboard.py +6 -5
  30. runbooks/finops/finops_scenarios.py +34 -27
  31. runbooks/finops/iam_guidance.py +6 -1
  32. runbooks/finops/nat_gateway_optimizer.py +46 -27
  33. runbooks/finops/notebook_utils.py +1 -1
  34. runbooks/finops/schemas.py +73 -58
  35. runbooks/finops/single_dashboard.py +20 -4
  36. runbooks/finops/tests/test_integration.py +3 -1
  37. runbooks/finops/vpc_cleanup_exporter.py +2 -1
  38. runbooks/finops/vpc_cleanup_optimizer.py +22 -29
  39. runbooks/inventory/core/collector.py +51 -28
  40. runbooks/inventory/discovery.md +197 -247
  41. runbooks/inventory/inventory_modules.py +2 -2
  42. runbooks/inventory/list_ec2_instances.py +3 -3
  43. runbooks/inventory/models/account.py +5 -3
  44. runbooks/inventory/models/inventory.py +1 -1
  45. runbooks/inventory/models/resource.py +5 -3
  46. runbooks/inventory/organizations_discovery.py +102 -13
  47. runbooks/inventory/unified_validation_engine.py +2 -15
  48. runbooks/main.py +255 -92
  49. runbooks/operate/base.py +9 -6
  50. runbooks/operate/deployment_framework.py +5 -4
  51. runbooks/operate/deployment_validator.py +6 -5
  52. runbooks/operate/mcp_integration.py +6 -5
  53. runbooks/operate/networking_cost_heatmap.py +17 -13
  54. runbooks/operate/vpc_operations.py +82 -13
  55. runbooks/remediation/base.py +3 -1
  56. runbooks/remediation/commons.py +5 -5
  57. runbooks/remediation/commvault_ec2_analysis.py +66 -18
  58. runbooks/remediation/config/accounts_example.json +31 -0
  59. runbooks/remediation/multi_account.py +120 -7
  60. runbooks/remediation/remediation_cli.py +710 -0
  61. runbooks/remediation/universal_account_discovery.py +377 -0
  62. runbooks/remediation/workspaces_list.py +2 -2
  63. runbooks/security/compliance_automation_engine.py +99 -20
  64. runbooks/security/config/__init__.py +24 -0
  65. runbooks/security/config/compliance_config.py +255 -0
  66. runbooks/security/config/compliance_weights_example.json +22 -0
  67. runbooks/security/config_template_generator.py +500 -0
  68. runbooks/security/security_cli.py +377 -0
  69. runbooks/validation/cli.py +8 -7
  70. runbooks/validation/comprehensive_2way_validator.py +26 -15
  71. runbooks/validation/mcp_validator.py +62 -8
  72. runbooks/vpc/config.py +49 -15
  73. runbooks/vpc/cross_account_session.py +5 -1
  74. runbooks/vpc/heatmap_engine.py +438 -59
  75. runbooks/vpc/mcp_no_eni_validator.py +115 -36
  76. runbooks/vpc/performance_optimized_analyzer.py +546 -0
  77. runbooks/vpc/runbooks_adapter.py +33 -12
  78. runbooks/vpc/tests/conftest.py +4 -2
  79. runbooks/vpc/tests/test_cost_engine.py +3 -1
  80. {runbooks-1.0.0.dist-info → runbooks-1.0.2.dist-info}/METADATA +1 -1
  81. {runbooks-1.0.0.dist-info → runbooks-1.0.2.dist-info}/RECORD +85 -79
  82. runbooks/finops/runbooks.inventory.organizations_discovery.log +0 -0
  83. runbooks/finops/runbooks.security.report_generator.log +0 -0
  84. runbooks/finops/runbooks.security.run_script.log +0 -0
  85. runbooks/finops/runbooks.security.security_export.log +0 -0
  86. runbooks/finops/tests/results_test_finops_dashboard.xml +0 -1
  87. runbooks/inventory/artifacts/scale-optimize-status.txt +0 -12
  88. runbooks/inventory/runbooks.inventory.organizations_discovery.log +0 -0
  89. runbooks/inventory/runbooks.security.report_generator.log +0 -0
  90. runbooks/inventory/runbooks.security.run_script.log +0 -0
  91. runbooks/inventory/runbooks.security.security_export.log +0 -0
  92. runbooks/vpc/runbooks.inventory.organizations_discovery.log +0 -0
  93. runbooks/vpc/runbooks.security.report_generator.log +0 -0
  94. runbooks/vpc/runbooks.security.run_script.log +0 -0
  95. runbooks/vpc/runbooks.security.security_export.log +0 -0
  96. {runbooks-1.0.0.dist-info → runbooks-1.0.2.dist-info}/WHEEL +0 -0
  97. {runbooks-1.0.0.dist-info → runbooks-1.0.2.dist-info}/entry_points.txt +0 -0
  98. {runbooks-1.0.0.dist-info → runbooks-1.0.2.dist-info}/licenses/LICENSE +0 -0
  99. {runbooks-1.0.0.dist-info → runbooks-1.0.2.dist-info}/top_level.txt +0 -0
runbooks/vpc/config.py CHANGED
@@ -81,24 +81,33 @@ class AWSCostModel:
81
81
 
82
82
  @staticmethod
83
83
  def _get_nat_gateway_hourly() -> float:
84
- """Get NAT Gateway hourly cost from AWS Pricing API with universal compatibility."""
84
+ """Get NAT Gateway hourly cost from AWS Pricing API with enhanced enterprise fallback."""
85
85
  if AWS_PRICING_AVAILABLE:
86
86
  try:
87
- return pricing_api.get_nat_gateway_monthly_cost() / (24 * 30)
88
- except Exception:
89
- pass
87
+ # Use enhanced pricing API with regional fallback and graceful degradation
88
+ current_region = os.getenv('AWS_DEFAULT_REGION', 'us-east-1')
89
+ monthly_cost = pricing_api.get_nat_gateway_monthly_cost(current_region)
90
+ return monthly_cost / (24 * 30)
91
+ except Exception as e:
92
+ print(f"⚠️ NAT Gateway pricing API fallback: {e}")
93
+
90
94
  # Universal compatibility: standard AWS pricing when API unavailable
95
+ print("ℹ️ Using universal compatibility NAT Gateway rate")
91
96
  return 0.045 # AWS standard NAT Gateway hourly rate
92
97
 
93
98
  @staticmethod
94
99
  def _get_nat_gateway_monthly() -> float:
95
- """Get NAT Gateway monthly cost from AWS Pricing API with universal compatibility."""
100
+ """Get NAT Gateway monthly cost from AWS Pricing API with enhanced enterprise fallback."""
96
101
  if AWS_PRICING_AVAILABLE:
97
102
  try:
98
- return pricing_api.get_nat_gateway_monthly_cost()
99
- except Exception:
100
- pass
103
+ # Use enhanced pricing API with regional fallback and graceful degradation
104
+ current_region = os.getenv('AWS_DEFAULT_REGION', 'us-east-1')
105
+ return pricing_api.get_nat_gateway_monthly_cost(current_region)
106
+ except Exception as e:
107
+ print(f"⚠️ NAT Gateway monthly pricing API fallback: {e}")
108
+
101
109
  # Universal compatibility: calculate from hourly rate
110
+ print("ℹ️ Calculating monthly cost from universal compatibility hourly rate")
102
111
  return AWSCostModel._get_nat_gateway_hourly() * 24 * 30
103
112
 
104
113
  @staticmethod
@@ -388,11 +397,29 @@ class VPCNetworkingConfig:
388
397
  return default_value
389
398
  return int(value)
390
399
 
391
- # AWS Profiles
392
- billing_profile: Optional[str] = field(default_factory=lambda: os.getenv("BILLING_PROFILE"))
393
- centralized_ops_profile: Optional[str] = field(default_factory=lambda: os.getenv("CENTRALIZED_OPS_PROFILE"))
394
- single_account_profile: Optional[str] = field(default_factory=lambda: os.getenv("SINGLE_ACCOUNT_PROFILE"))
395
- management_profile: Optional[str] = field(default_factory=lambda: os.getenv("MANAGEMENT_PROFILE"))
400
+ # AWS Profiles - Universal compatibility with fallback to AWS_PROFILE or 'default'
401
+ billing_profile: Optional[str] = field(default_factory=lambda: (
402
+ os.getenv("BILLING_PROFILE") or
403
+ os.getenv("AWS_PROFILE") or
404
+ "default"
405
+ ))
406
+ centralized_ops_profile: Optional[str] = field(default_factory=lambda: (
407
+ os.getenv("CENTRALIZED_OPS_PROFILE") or
408
+ os.getenv("CENTRALISED_OPS_PROFILE") or # Alternative spelling
409
+ os.getenv("AWS_PROFILE") or
410
+ "default"
411
+ ))
412
+ single_account_profile: Optional[str] = field(default_factory=lambda: (
413
+ os.getenv("SINGLE_ACCOUNT_PROFILE") or
414
+ os.getenv("SINGLE_AWS_PROFILE") or # Alternative naming
415
+ os.getenv("AWS_PROFILE") or
416
+ "default"
417
+ ))
418
+ management_profile: Optional[str] = field(default_factory=lambda: (
419
+ os.getenv("MANAGEMENT_PROFILE") or
420
+ os.getenv("AWS_PROFILE") or
421
+ "default"
422
+ ))
396
423
 
397
424
  # Analysis Configuration - ENTERPRISE COMPLIANCE: No hardcoded defaults
398
425
  default_analysis_days: int = field(default_factory=lambda: VPCNetworkingConfig._get_required_env_int("DEFAULT_ANALYSIS_DAYS"))
@@ -445,8 +472,15 @@ def load_config(config_file: Optional[str] = None) -> VPCNetworkingConfig:
445
472
 
446
473
  # Validate configuration only in production (not during testing)
447
474
  is_testing = os.getenv("PYTEST_CURRENT_TEST") is not None or "pytest" in os.environ.get("_", "")
448
- if not is_testing and config.enable_cost_approval_workflow and not config.billing_profile:
449
- raise ValueError("BILLING_PROFILE required when cost approval workflow is enabled")
475
+ if not is_testing and config.enable_cost_approval_workflow:
476
+ # Universal compatibility - warn instead of failing
477
+ if not config.billing_profile or config.billing_profile == "default":
478
+ import warnings
479
+ warnings.warn(
480
+ "Cost approval workflow enabled but no specific BILLING_PROFILE set. "
481
+ "Using default profile. Set BILLING_PROFILE for enterprise multi-account setup.",
482
+ UserWarning
483
+ )
450
484
 
451
485
  return config
452
486
 
runbooks/vpc/cross_account_session.py CHANGED
@@ -188,12 +188,16 @@ class CrossAccountSessionManager:
188
188
  account_id = account["id"]
189
189
  account_name = account.get("name", f"Account-{account_id}")
190
190
 
191
- # Try multiple role patterns for different organization setups
191
+ # Try multiple role patterns for different organization setups - universal compatibility
192
192
  role_patterns = [
193
193
  self.role_name, # Default: OrganizationAccountAccessRole
194
194
  "AWSControlTowerExecution", # Control Tower pattern
195
195
  "OrganizationAccountAccess", # Alternative naming
196
196
  "ReadOnlyAccess", # Fallback for read-only operations
197
+ "PowerUserAccess", # Common enterprise role
198
+ "AdminRole", # Common enterprise role
199
+ "CrossAccountRole", # Generic cross-account role
200
+ "AssumeRole", # Generic assume role
197
201
  ]
198
202
 
199
203
  for role_name in role_patterns: