PyPI - runbooks - Versions diffs - 1.0.1__py3-none-any.whl → 1.0.2__py3-none-any.whl - Mend

runbooks 1.0.1py3-none-any.whl → 1.0.2py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

runbooks/cloudops/models.py +20 -14
runbooks/common/aws_pricing_api.py +276 -44
runbooks/common/dry_run_examples.py +587 -0
runbooks/common/dry_run_framework.py +520 -0
runbooks/common/memory_optimization.py +533 -0
runbooks/common/performance_optimization_engine.py +1153 -0
runbooks/common/profile_utils.py +10 -3
runbooks/common/sre_performance_suite.py +574 -0
runbooks/finops/business_case_config.py +314 -0
runbooks/finops/cost_processor.py +19 -4
runbooks/finops/ebs_cost_optimizer.py +1 -1
runbooks/finops/embedded_mcp_validator.py +642 -36
runbooks/finops/executive_export.py +789 -0
runbooks/finops/finops_scenarios.py +34 -27
runbooks/finops/notebook_utils.py +1 -1
runbooks/finops/schemas.py +73 -58
runbooks/finops/single_dashboard.py +20 -4
runbooks/finops/vpc_cleanup_exporter.py +2 -1
runbooks/inventory/models/account.py +5 -3
runbooks/inventory/models/inventory.py +1 -1
runbooks/inventory/models/resource.py +5 -3
runbooks/inventory/organizations_discovery.py +89 -5
runbooks/main.py +182 -61
runbooks/operate/vpc_operations.py +60 -31
runbooks/remediation/workspaces_list.py +2 -2
runbooks/vpc/config.py +17 -8
runbooks/vpc/heatmap_engine.py +425 -53
runbooks/vpc/performance_optimized_analyzer.py +546 -0
{runbooks-1.0.1.dist-info → runbooks-1.0.2.dist-info}/METADATA +1 -1
{runbooks-1.0.1.dist-info → runbooks-1.0.2.dist-info}/RECORD +34 -26
{runbooks-1.0.1.dist-info → runbooks-1.0.2.dist-info}/WHEEL +0 -0
{runbooks-1.0.1.dist-info → runbooks-1.0.2.dist-info}/entry_points.txt +0 -0
{runbooks-1.0.1.dist-info → runbooks-1.0.2.dist-info}/licenses/LICENSE +0 -0
{runbooks-1.0.1.dist-info → runbooks-1.0.2.dist-info}/top_level.txt +0 -0

runbooks/common/dry_run_examples.py ADDED Viewed

@@ -0,0 +1,587 @@
+#!/usr/bin/env python3
+"""
+--dry-run Implementation Examples for CloudOps Runbooks Modules
+This module provides practical examples of how to integrate the universal dry-run
+safety framework into existing and new runbooks modules.
+Strategic Alignment:
+- "Do one thing and do it well" - Consistent dry-run behavior across modules
+- Enterprise safety standards with comprehensive examples
+Author: CloudOps Runbooks Team
+Version: 1.0.0 - Implementation Examples
+"""
+from typing import Any, Dict, List, Optional
+import boto3
+from botocore.exceptions import ClientError
+from runbooks.common.dry_run_framework import (
+    DryRunContext,
+    OperationType,
+    dry_run_operation,
+    discovery_operation,
+    analysis_operation,
+    assessment_operation,
+    resource_creation_operation,
+    resource_deletion_operation,
+    remediation_operation,
+    framework
+)
+from runbooks.common.rich_utils import console, print_success, print_warning, print_error
+# =============================================================================
+# 1. DISCOVERY OPERATIONS (inventory, scan modules)
+# =============================================================================
+@discovery_operation
+def collect_ec2_instances(
+    dry_run_context: DryRunContext,
+    profile: Optional[str] = None,
+    regions: Optional[List[str]] = None
+) -> Dict[str, Any]:
+    """
+    Example discovery operation - EC2 instance collection.
+    Discovery operations are inherently safe, so dry-run simulates API calls
+    for testing purposes only.
+    """
+    if dry_run_context.enabled:
+        # Simulation mode - no real API calls
+        console.print("[dim]🔄 Simulating EC2 instance discovery...[/dim]")
+        # Return simulated data
+        return {
+            "instances": [
+                {"id": "i-sim123", "type": "t3.micro", "state": "running"},
+                {"id": "i-sim456", "type": "m5.large", "state": "stopped"}
+            ],
+            "simulated": True,
+            "region_count": len(regions or ["us-east-1"]),
+            "total_discovered": 2
+        }
+    else:
+        # Real discovery operation
+        console.print("[cyan]🔍 Discovering EC2 instances across regions...[/cyan]")
+        session = boto3.Session(profile_name=profile)
+        instances = []
+        for region in regions or ["us-east-1"]:
+            try:
+                ec2 = session.client('ec2', region_name=region)
+                response = ec2.describe_instances()
+                for reservation in response['Reservations']:
+                    for instance in reservation['Instances']:
+                        instances.append({
+                            "id": instance['InstanceId'],
+                            "type": instance['InstanceType'],
+                            "state": instance['State']['Name'],
+                            "region": region
+                        })
+            except ClientError as e:
+                print_warning(f"Could not access region {region}: {e}")
+        print_success(f"Discovered {len(instances)} EC2 instances")
+        return {
+            "instances": instances,
+            "simulated": False,
+            "region_count": len(regions or ["us-east-1"]),
+            "total_discovered": len(instances)
+        }
+# =============================================================================
+# 2. ANALYSIS OPERATIONS (finops, security assess, vpc analyze modules)
+# =============================================================================
+@analysis_operation
+def analyze_cost_optimization(
+    dry_run_context: DryRunContext,
+    profile: Optional[str] = None,
+    account_id: Optional[str] = None
+) -> Dict[str, Any]:
+    """
+    Example analysis operation - cost optimization analysis.
+    Analysis operations are read-only, so dry-run shows what would be analyzed
+    without making API calls.
+    """
+    if dry_run_context.enabled:
+        # Preview mode - show what would be analyzed
+        console.print("[dim]📊 Preview: Cost analysis scope[/dim]")
+        console.print(f"[dim]  • Account: {account_id or 'Current account'}[/dim]")
+        console.print(f"[dim]  • Services: EC2, RDS, S3, Lambda[/dim]")
+        console.print(f"[dim]  • Time range: Last 30 days[/dim]")
+        return {
+            "preview": True,
+            "scope": {
+                "account_id": account_id,
+                "services": ["EC2", "RDS", "S3", "Lambda"],
+                "time_range": "30 days"
+            }
+        }
+    else:
+        # Real cost analysis
+        console.print("[green]💰 Analyzing cost optimization opportunities...[/green]")
+        session = boto3.Session(profile_name=profile)
+        cost_explorer = session.client('ce')
+        # Real cost analysis logic here
+        # This is a simplified example
+        print_success("Cost analysis completed")
+        return {
+            "analysis_complete": True,
+            "recommendations": [
+                {"service": "EC2", "potential_savings": "$150/month"},
+                {"service": "RDS", "potential_savings": "$75/month"}
+            ],
+            "total_potential_savings": "$225/month"
+        }
+# =============================================================================
+# 3. ASSESSMENT OPERATIONS (cfat assess module)
+# =============================================================================
+@assessment_operation
+def assess_security_compliance(
+    dry_run_context: DryRunContext,
+    profile: Optional[str] = None,
+    frameworks: Optional[List[str]] = None
+) -> Dict[str, Any]:
+    """
+    Example assessment operation - security compliance assessment.
+    Assessment operations are read-only, so dry-run shows assessment scope.
+    """
+    frameworks = frameworks or ["SOC2", "PCI-DSS", "HIPAA"]
+    if dry_run_context.enabled:
+        # Preview mode - show assessment scope
+        console.print("[dim]🔍 Preview: Security assessment scope[/dim]")
+        console.print(f"[dim]  • Frameworks: {', '.join(frameworks)}[/dim]")
+        console.print(f"[dim]  • Services to check: IAM, S3, EC2, VPC[/dim]")
+        console.print(f"[dim]  • Estimated duration: 5-10 minutes[/dim]")
+        return {
+            "preview": True,
+            "frameworks": frameworks,
+            "estimated_checks": 45
+        }
+    else:
+        # Real security assessment
+        console.print("[blue]🔒 Conducting security compliance assessment...[/blue]")
+        session = boto3.Session(profile_name=profile)
+        # Real assessment logic here
+        # This is a simplified example
+        results = {
+            "frameworks_assessed": frameworks,
+            "total_checks": 45,
+            "passed": 38,
+            "failed": 7,
+            "compliance_score": "84.4%"
+        }
+        print_success(f"Assessment completed - Compliance score: {results['compliance_score']}")
+        return results
+# =============================================================================
+# 4. RESOURCE CREATION OPERATIONS (operate module)
+# =============================================================================
+@resource_creation_operation(estimated_impact="Create 1 EC2 instance (~$25/month)")
+def create_ec2_instance(
+    dry_run_context: DryRunContext,
+    instance_type: str = "t3.micro",
+    image_id: Optional[str] = None,
+    profile: Optional[str] = None
+) -> Dict[str, Any]:
+    """
+    Example resource creation operation - EC2 instance creation.
+    Resource creation operations default to dry-run for safety.
+    """
+    if dry_run_context.enabled:
+        # Preview mode - show what would be created
+        console.print("[yellow]🔄 Preview: EC2 instance creation[/yellow]")
+        console.print(f"[dim]  • Instance type: {instance_type}[/dim]")
+        console.print(f"[dim]  • AMI ID: {image_id or 'Latest Amazon Linux 2'}[/dim]")
+        console.print(f"[dim]  • Estimated cost: ~$25/month[/dim]")
+        return {
+            "preview": True,
+            "instance_type": instance_type,
+            "image_id": image_id,
+            "estimated_monthly_cost": 25.00
+        }
+    else:
+        # Real instance creation
+        console.print("[green]🚀 Creating EC2 instance...[/green]")
+        session = boto3.Session(profile_name=profile)
+        ec2 = session.client('ec2')
+        # Use default AMI if not specified
+        if not image_id:
+            # Get latest Amazon Linux 2 AMI
+            images = ec2.describe_images(
+                Owners=['amazon'],
+                Filters=[
+                    {'Name': 'name', 'Values': ['amzn2-ami-hvm-*']},
+                    {'Name': 'architecture', 'Values': ['x86_64']},
+                    {'Name': 'virtualization-type', 'Values': ['hvm']}
+                ]
+            )
+            if images['Images']:
+                image_id = sorted(images['Images'], key=lambda x: x['CreationDate'], reverse=True)[0]['ImageId']
+        try:
+            response = ec2.run_instances(
+                ImageId=image_id,
+                MinCount=1,
+                MaxCount=1,
+                InstanceType=instance_type,
+                TagSpecifications=[
+                    {
+                        'ResourceType': 'instance',
+                        'Tags': [
+                            {'Key': 'CreatedBy', 'Value': 'CloudOps-Runbooks'},
+                            {'Key': 'Purpose', 'Value': 'Testing'}
+                        ]
+                    }
+                ]
+            )
+            instance_id = response['Instances'][0]['InstanceId']
+            print_success(f"EC2 instance created: {instance_id}")
+            return {
+                "instance_id": instance_id,
+                "instance_type": instance_type,
+                "image_id": image_id,
+                "created": True
+            }
+        except ClientError as e:
+            print_error(f"Failed to create instance: {e}")
+            raise
+# =============================================================================
+# 5. RESOURCE DELETION OPERATIONS (operate module)
+# =============================================================================
+@resource_deletion_operation(estimated_impact="Delete EC2 instances (~$150/month savings)")
+def terminate_ec2_instances(
+    dry_run_context: DryRunContext,
+    instance_ids: List[str],
+    profile: Optional[str] = None
+) -> Dict[str, Any]:
+    """
+    Example resource deletion operation - EC2 instance termination.
+    Resource deletion operations default to dry-run and require confirmation.
+    """
+    if dry_run_context.enabled:
+        # Preview mode - show what would be deleted
+        console.print("[red]⚠️  Preview: EC2 instance termination[/red]")
+        console.print(f"[dim]  • Instances to terminate: {len(instance_ids)}[/dim]")
+        console.print(f"[dim]  • Instance IDs: {', '.join(instance_ids)}[/dim]")
+        console.print(f"[dim]  • Estimated savings: ~$150/month[/dim]")
+        console.print(f"[dim]  • ⚠️  THIS OPERATION IS IRREVERSIBLE[/dim]")
+        return {
+            "preview": True,
+            "instances_to_terminate": instance_ids,
+            "estimated_savings": 150.00,
+            "irreversible": True
+        }
+    else:
+        # Real instance termination
+        console.print("[red]💥 Terminating EC2 instances...[/red]")
+        session = boto3.Session(profile_name=profile)
+        ec2 = session.client('ec2')
+        try:
+            response = ec2.terminate_instances(InstanceIds=instance_ids)
+            terminated = []
+            for instance in response['TerminatingInstances']:
+                terminated.append({
+                    'instance_id': instance['InstanceId'],
+                    'current_state': instance['CurrentState']['Name'],
+                    'previous_state': instance['PreviousState']['Name']
+                })
+            print_success(f"Successfully initiated termination of {len(terminated)} instances")
+            return {
+                "terminated_instances": terminated,
+                "count": len(terminated),
+                "operation": "terminate"
+            }
+        except ClientError as e:
+            print_error(f"Failed to terminate instances: {e}")
+            raise
+# =============================================================================
+# 6. SECURITY REMEDIATION OPERATIONS (remediation module)
+# =============================================================================
+@remediation_operation(estimated_impact="Fix S3 public buckets (security improvement)")
+def fix_public_s3_buckets(
+    dry_run_context: DryRunContext,
+    bucket_names: List[str],
+    profile: Optional[str] = None
+) -> Dict[str, Any]:
+    """
+    Example security remediation operation - fix public S3 buckets.
+    Remediation operations default to dry-run and require confirmation.
+    """
+    if dry_run_context.enabled:
+        # Preview mode - show what would be fixed
+        console.print("[yellow]🔧 Preview: S3 bucket security remediation[/yellow]")
+        console.print(f"[dim]  • Buckets to secure: {len(bucket_names)}[/dim]")
+        console.print(f"[dim]  • Bucket names: {', '.join(bucket_names)}[/dim]")
+        console.print(f"[dim]  • Actions: Remove public access, update policies[/dim]")
+        return {
+            "preview": True,
+            "buckets_to_fix": bucket_names,
+            "remediation_actions": [
+                "Remove public read access",
+                "Remove public write access",
+                "Update bucket policies",
+                "Enable access logging"
+            ]
+        }
+    else:
+        # Real security remediation
+        console.print("[green]🔒 Applying security remediation to S3 buckets...[/green]")
+        session = boto3.Session(profile_name=profile)
+        s3 = session.client('s3')
+        remediated_buckets = []
+        for bucket_name in bucket_names:
+            try:
+                # Block public access
+                s3.put_public_access_block(
+                    Bucket=bucket_name,
+                    PublicAccessBlockConfiguration={
+                        'BlockPublicAcls': True,
+                        'IgnorePublicAcls': True,
+                        'BlockPublicPolicy': True,
+                        'RestrictPublicBuckets': True
+                    }
+                )
+                remediated_buckets.append({
+                    'bucket_name': bucket_name,
+                    'status': 'secured',
+                    'actions_applied': ['public_access_blocked']
+                })
+            except ClientError as e:
+                print_warning(f"Could not secure bucket {bucket_name}: {e}")
+                remediated_buckets.append({
+                    'bucket_name': bucket_name,
+                    'status': 'failed',
+                    'error': str(e)
+                })
+        successful = len([b for b in remediated_buckets if b['status'] == 'secured'])
+        print_success(f"Successfully secured {successful}/{len(bucket_names)} S3 buckets")
+        return {
+            "buckets_processed": remediated_buckets,
+            "successful_count": successful,
+            "total_count": len(bucket_names)
+        }
+# =============================================================================
+# 7. DIRECT FRAMEWORK USAGE (without decorators)
+# =============================================================================
+def custom_operation_with_framework(
+    dry_run: bool = True,
+    operation_name: str = "custom_operation",
+    resources: Optional[List[str]] = None
+) -> Dict[str, Any]:
+    """
+    Example of using the dry-run framework directly without decorators.
+    This approach gives you full control over the dry-run behavior
+    and is useful for complex operations that need custom handling.
+    """
+    # Create dry-run context
+    context = framework.create_context(
+        dry_run=dry_run,
+        operation_type=OperationType.RESOURCE_MODIFY,
+        module_name="example",
+        operation_name=operation_name,
+        target_resources=resources,
+        estimated_impact="Moderate configuration changes"
+    )
+    # Display banner
+    framework.display_dry_run_banner(context)
+    # Request confirmation if needed
+    if not framework.confirm_operation(context):
+        return {"cancelled": True}
+    # Log operation start
+    framework.log_operation_start(context, {"custom_parameter": "example"})
+    try:
+        if context.enabled:
+            # Dry-run logic
+            console.print("[dim]🔄 Simulating custom operation...[/dim]")
+            result = {"simulated": True, "resources": resources or []}
+        else:
+            # Real operation logic
+            console.print("[green]⚡ Executing custom operation...[/green]")
+            # Your actual operation code here
+            result = {"executed": True, "resources": resources or []}
+        # Log success
+        framework.log_operation_complete(context, success=True, results=result)
+        return result
+    except Exception as e:
+        # Log failure
+        framework.log_operation_complete(context, success=False, error=str(e))
+        raise
+# =============================================================================
+# 8. MIGRATION HELPER FUNCTIONS
+# =============================================================================
+def migrate_legacy_dry_run_function(legacy_function: callable) -> callable:
+    """
+    Helper function to migrate legacy dry-run implementations to the new framework.
+    This function can wrap existing functions that have their own dry-run logic
+    and upgrade them to use the unified framework.
+    """
+    def wrapper(*args, **kwargs):
+        # Extract dry_run parameter
+        dry_run = kwargs.get('dry_run', True)
+        # Determine operation type based on function name/behavior
+        func_name = legacy_function.__name__
+        if 'create' in func_name or 'provision' in func_name:
+            op_type = OperationType.RESOURCE_CREATE
+        elif 'delete' in func_name or 'terminate' in func_name or 'remove' in func_name:
+            op_type = OperationType.RESOURCE_DELETE
+        elif 'modify' in func_name or 'update' in func_name or 'change' in func_name:
+            op_type = OperationType.RESOURCE_MODIFY
+        elif 'fix' in func_name or 'remediat' in func_name:
+            op_type = OperationType.REMEDIATION
+        else:
+            op_type = OperationType.ANALYSIS
+        # Create context
+        context = framework.create_context(
+            dry_run=dry_run,
+            operation_type=op_type,
+            module_name=legacy_function.__module__.split('.')[-2] if '.' in legacy_function.__module__ else 'legacy',
+            operation_name=func_name
+        )
+        # Apply framework behavior
+        framework.display_dry_run_banner(context)
+        if not framework.confirm_operation(context):
+            return None
+        framework.log_operation_start(context)
+        try:
+            # Call the original function with updated context
+            kwargs['dry_run'] = context.enabled
+            result = legacy_function(*args, **kwargs)
+            framework.log_operation_complete(context, success=True, results={"migrated": True})
+            return result
+        except Exception as e:
+            framework.log_operation_complete(context, success=False, error=str(e))
+            raise
+    return wrapper
+# =============================================================================
+# Example CLI Integration
+# =============================================================================
+if __name__ == "__main__":
+    """
+    Example CLI usage demonstrating the dry-run framework.
+    """
+    import click
+    @click.group()
+    def cli():
+        """Example CLI with dry-run framework integration."""
+        pass
+    @cli.command()
+    @click.option('--dry-run/--no-dry-run', default=True, help='Enable dry-run mode')
+    @click.option('--profile', help='AWS profile name')
+    @click.option('--regions', multiple=True, help='AWS regions')
+    def discover(dry_run, profile, regions):
+        """Discover EC2 instances with dry-run support."""
+        result = collect_ec2_instances(
+            profile=profile,
+            regions=list(regions) if regions else None,
+            dry_run=dry_run
+        )
+        console.print(f"Discovery result: {result}")
+    @cli.command()
+    @click.option('--dry-run/--no-dry-run', default=True, help='Enable dry-run mode')
+    @click.option('--instance-type', default='t3.micro', help='Instance type')
+    @click.option('--profile', help='AWS profile name')
+    def create(dry_run, instance_type, profile):
+        """Create EC2 instance with dry-run support."""
+        result = create_ec2_instance(
+            instance_type=instance_type,
+            profile=profile,
+            dry_run=dry_run
+        )
+        console.print(f"Creation result: {result}")
+    # Run CLI
+    cli()

runbooks 1.0.1__py3-none-any.whl → 1.0.2__py3-none-any.whl

runbooks 1.0.1py3-none-any.whl → 1.0.2py3-none-any.whl