PyPI - runbooks - Versions diffs - 1.1.3__py3-none-any.whl → 1.1.5__py3-none-any.whl - Mend

runbooks 1.1.3py3-none-any.whl → 1.1.5py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (247) hide show

runbooks/__init__.py +31 -2
runbooks/__init___optimized.py +18 -4
runbooks/_platform/__init__.py +1 -5
runbooks/_platform/core/runbooks_wrapper.py +141 -138
runbooks/aws2/accuracy_validator.py +812 -0
runbooks/base.py +7 -0
runbooks/cfat/WEIGHT_CONFIG_README.md +1 -1
runbooks/cfat/assessment/compliance.py +8 -8
runbooks/cfat/assessment/runner.py +1 -0
runbooks/cfat/cloud_foundations_assessment.py +227 -239
runbooks/cfat/models.py +6 -2
runbooks/cfat/tests/__init__.py +6 -1
runbooks/cli/__init__.py +13 -0
runbooks/cli/commands/cfat.py +274 -0
runbooks/cli/commands/finops.py +1164 -0
runbooks/cli/commands/inventory.py +379 -0
runbooks/cli/commands/operate.py +239 -0
runbooks/cli/commands/security.py +248 -0
runbooks/cli/commands/validation.py +825 -0
runbooks/cli/commands/vpc.py +310 -0
runbooks/cli/registry.py +107 -0
runbooks/cloudops/__init__.py +23 -30
runbooks/cloudops/base.py +96 -107
runbooks/cloudops/cost_optimizer.py +549 -547
runbooks/cloudops/infrastructure_optimizer.py +5 -4
runbooks/cloudops/interfaces.py +226 -227
runbooks/cloudops/lifecycle_manager.py +5 -4
runbooks/cloudops/mcp_cost_validation.py +252 -235
runbooks/cloudops/models.py +78 -53
runbooks/cloudops/monitoring_automation.py +5 -4
runbooks/cloudops/notebook_framework.py +179 -215
runbooks/cloudops/security_enforcer.py +125 -159
runbooks/common/accuracy_validator.py +11 -0
runbooks/common/aws_pricing.py +349 -326
runbooks/common/aws_pricing_api.py +211 -212
runbooks/common/aws_profile_manager.py +341 -0
runbooks/common/aws_utils.py +75 -80
runbooks/common/business_logic.py +127 -105
runbooks/common/cli_decorators.py +36 -60
runbooks/common/comprehensive_cost_explorer_integration.py +456 -464
runbooks/common/cross_account_manager.py +198 -205
runbooks/common/date_utils.py +27 -39
runbooks/common/decorators.py +235 -0
runbooks/common/dry_run_examples.py +173 -208
runbooks/common/dry_run_framework.py +157 -155
runbooks/common/enhanced_exception_handler.py +15 -4
runbooks/common/enhanced_logging_example.py +50 -64
runbooks/common/enhanced_logging_integration_example.py +65 -37
runbooks/common/env_utils.py +16 -16
runbooks/common/error_handling.py +40 -38
runbooks/common/lazy_loader.py +41 -23
runbooks/common/logging_integration_helper.py +79 -86
runbooks/common/mcp_cost_explorer_integration.py +478 -495
runbooks/common/mcp_integration.py +63 -74
runbooks/common/memory_optimization.py +140 -118
runbooks/common/module_cli_base.py +37 -58
runbooks/common/organizations_client.py +176 -194
runbooks/common/patterns.py +204 -0
runbooks/common/performance_monitoring.py +67 -71
runbooks/common/performance_optimization_engine.py +283 -274
runbooks/common/profile_utils.py +248 -39
runbooks/common/rich_utils.py +643 -92
runbooks/common/sre_performance_suite.py +177 -186
runbooks/enterprise/__init__.py +1 -1
runbooks/enterprise/logging.py +144 -106
runbooks/enterprise/security.py +187 -204
runbooks/enterprise/validation.py +43 -56
runbooks/finops/__init__.py +29 -33
runbooks/finops/account_resolver.py +1 -1
runbooks/finops/advanced_optimization_engine.py +980 -0
runbooks/finops/automation_core.py +268 -231
runbooks/finops/business_case_config.py +184 -179
runbooks/finops/cli.py +660 -139
runbooks/finops/commvault_ec2_analysis.py +157 -164
runbooks/finops/compute_cost_optimizer.py +336 -320
runbooks/finops/config.py +20 -20
runbooks/finops/cost_optimizer.py +488 -622
runbooks/finops/cost_processor.py +332 -214
runbooks/finops/dashboard_runner.py +1006 -172
runbooks/finops/ebs_cost_optimizer.py +991 -657
runbooks/finops/elastic_ip_optimizer.py +317 -257
runbooks/finops/enhanced_mcp_integration.py +340 -0
runbooks/finops/enhanced_progress.py +40 -37
runbooks/finops/enhanced_trend_visualization.py +3 -2
runbooks/finops/enterprise_wrappers.py +230 -292
runbooks/finops/executive_export.py +203 -160
runbooks/finops/helpers.py +130 -288
runbooks/finops/iam_guidance.py +1 -1
runbooks/finops/infrastructure/__init__.py +80 -0
runbooks/finops/infrastructure/commands.py +506 -0
runbooks/finops/infrastructure/load_balancer_optimizer.py +866 -0
runbooks/finops/infrastructure/vpc_endpoint_optimizer.py +832 -0
runbooks/finops/markdown_exporter.py +338 -175
runbooks/finops/mcp_validator.py +1952 -0
runbooks/finops/nat_gateway_optimizer.py +1513 -482
runbooks/finops/network_cost_optimizer.py +657 -587
runbooks/finops/notebook_utils.py +226 -188
runbooks/finops/optimization_engine.py +1136 -0
runbooks/finops/optimizer.py +25 -29
runbooks/finops/rds_snapshot_optimizer.py +367 -411
runbooks/finops/reservation_optimizer.py +427 -363
runbooks/finops/scenario_cli_integration.py +77 -78
runbooks/finops/scenarios.py +1278 -439
runbooks/finops/schemas.py +218 -182
runbooks/finops/snapshot_manager.py +2289 -0
runbooks/finops/tests/test_finops_dashboard.py +3 -3
runbooks/finops/tests/test_reference_images_validation.py +2 -2
runbooks/finops/tests/test_single_account_features.py +17 -17
runbooks/finops/tests/validate_test_suite.py +1 -1
runbooks/finops/types.py +3 -3
runbooks/finops/validation_framework.py +263 -269
runbooks/finops/vpc_cleanup_exporter.py +191 -146
runbooks/finops/vpc_cleanup_optimizer.py +593 -575
runbooks/finops/workspaces_analyzer.py +171 -182
runbooks/hitl/enhanced_workflow_engine.py +1 -1
runbooks/integration/__init__.py +89 -0
runbooks/integration/mcp_integration.py +1920 -0
runbooks/inventory/CLAUDE.md +816 -0
runbooks/inventory/README.md +3 -3
runbooks/inventory/Tests/common_test_data.py +30 -30
runbooks/inventory/__init__.py +2 -2
runbooks/inventory/cloud_foundations_integration.py +144 -149
runbooks/inventory/collectors/aws_comprehensive.py +28 -11
runbooks/inventory/collectors/aws_networking.py +111 -101
runbooks/inventory/collectors/base.py +4 -0
runbooks/inventory/core/collector.py +495 -313
runbooks/inventory/discovery.md +2 -2
runbooks/inventory/drift_detection_cli.py +69 -96
runbooks/inventory/find_ec2_security_groups.py +1 -1
runbooks/inventory/inventory_mcp_cli.py +48 -46
runbooks/inventory/list_rds_snapshots_aggregator.py +192 -208
runbooks/inventory/mcp_inventory_validator.py +549 -465
runbooks/inventory/mcp_vpc_validator.py +359 -442
runbooks/inventory/organizations_discovery.py +56 -52
runbooks/inventory/rich_inventory_display.py +33 -32
runbooks/inventory/unified_validation_engine.py +278 -251
runbooks/inventory/vpc_analyzer.py +733 -696
runbooks/inventory/vpc_architecture_validator.py +293 -348
runbooks/inventory/vpc_dependency_analyzer.py +382 -378
runbooks/inventory/vpc_flow_analyzer.py +3 -3
runbooks/main.py +152 -9147
runbooks/main_final.py +91 -60
runbooks/main_minimal.py +22 -10
runbooks/main_optimized.py +131 -100
runbooks/main_ultra_minimal.py +7 -2
runbooks/mcp/__init__.py +36 -0
runbooks/mcp/integration.py +679 -0
runbooks/metrics/dora_metrics_engine.py +2 -2
runbooks/monitoring/performance_monitor.py +9 -4
runbooks/operate/dynamodb_operations.py +3 -1
runbooks/operate/ec2_operations.py +145 -137
runbooks/operate/iam_operations.py +146 -152
runbooks/operate/mcp_integration.py +1 -1
runbooks/operate/networking_cost_heatmap.py +33 -10
runbooks/operate/privatelink_operations.py +1 -1
runbooks/operate/rds_operations.py +223 -254
runbooks/operate/s3_operations.py +107 -118
runbooks/operate/vpc_endpoints.py +1 -1
runbooks/operate/vpc_operations.py +648 -618
runbooks/remediation/base.py +1 -1
runbooks/remediation/commons.py +10 -7
runbooks/remediation/commvault_ec2_analysis.py +71 -67
runbooks/remediation/ec2_unattached_ebs_volumes.py +1 -0
runbooks/remediation/multi_account.py +24 -21
runbooks/remediation/rds_snapshot_list.py +91 -65
runbooks/remediation/remediation_cli.py +92 -146
runbooks/remediation/universal_account_discovery.py +83 -79
runbooks/remediation/workspaces_list.py +49 -44
runbooks/security/__init__.py +19 -0
runbooks/security/assessment_runner.py +1150 -0
runbooks/security/baseline_checker.py +812 -0
runbooks/security/cloudops_automation_security_validator.py +509 -535
runbooks/security/compliance_automation_engine.py +17 -17
runbooks/security/config/__init__.py +2 -2
runbooks/security/config/compliance_config.py +50 -50
runbooks/security/config_template_generator.py +63 -76
runbooks/security/enterprise_security_framework.py +1 -1
runbooks/security/executive_security_dashboard.py +519 -508
runbooks/security/integration_test_enterprise_security.py +5 -3
runbooks/security/multi_account_security_controls.py +959 -1210
runbooks/security/real_time_security_monitor.py +422 -444
runbooks/security/run_script.py +1 -1
runbooks/security/security_baseline_tester.py +1 -1
runbooks/security/security_cli.py +143 -112
runbooks/security/test_2way_validation.py +439 -0
runbooks/security/two_way_validation_framework.py +852 -0
runbooks/sre/mcp_reliability_engine.py +6 -6
runbooks/sre/production_monitoring_framework.py +167 -177
runbooks/tdd/__init__.py +15 -0
runbooks/tdd/cli.py +1071 -0
runbooks/utils/__init__.py +14 -17
runbooks/utils/logger.py +7 -2
runbooks/utils/version_validator.py +51 -48
runbooks/validation/__init__.py +6 -6
runbooks/validation/cli.py +9 -3
runbooks/validation/comprehensive_2way_validator.py +754 -708
runbooks/validation/mcp_validator.py +906 -228
runbooks/validation/terraform_citations_validator.py +104 -115
runbooks/validation/terraform_drift_detector.py +447 -451
runbooks/vpc/README.md +617 -0
runbooks/vpc/__init__.py +8 -1
runbooks/vpc/analyzer.py +577 -0
runbooks/vpc/cleanup_wrapper.py +476 -413
runbooks/vpc/cli_cloudtrail_commands.py +339 -0
runbooks/vpc/cli_mcp_validation_commands.py +480 -0
runbooks/vpc/cloudtrail_audit_integration.py +717 -0
runbooks/vpc/config.py +92 -97
runbooks/vpc/cost_engine.py +411 -148
runbooks/vpc/cost_explorer_integration.py +553 -0
runbooks/vpc/cross_account_session.py +101 -106
runbooks/vpc/enhanced_mcp_validation.py +917 -0
runbooks/vpc/eni_gate_validator.py +961 -0
runbooks/vpc/heatmap_engine.py +190 -162
runbooks/vpc/mcp_no_eni_validator.py +681 -640
runbooks/vpc/nat_gateway_optimizer.py +358 -0
runbooks/vpc/networking_wrapper.py +15 -8
runbooks/vpc/pdca_remediation_planner.py +528 -0
runbooks/vpc/performance_optimized_analyzer.py +219 -231
runbooks/vpc/runbooks_adapter.py +1167 -241
runbooks/vpc/tdd_red_phase_stubs.py +601 -0
runbooks/vpc/test_data_loader.py +358 -0
runbooks/vpc/tests/conftest.py +314 -4
runbooks/vpc/tests/test_cleanup_framework.py +1022 -0
runbooks/vpc/tests/test_cost_engine.py +0 -2
runbooks/vpc/topology_generator.py +326 -0
runbooks/vpc/unified_scenarios.py +1302 -1129
runbooks/vpc/vpc_cleanup_integration.py +1943 -1115
runbooks-1.1.5.dist-info/METADATA +328 -0
{runbooks-1.1.3.dist-info → runbooks-1.1.5.dist-info}/RECORD +233 -200
runbooks/finops/README.md +0 -414
runbooks/finops/accuracy_cross_validator.py +0 -647
runbooks/finops/business_cases.py +0 -950
runbooks/finops/dashboard_router.py +0 -922
runbooks/finops/ebs_optimizer.py +0 -956
runbooks/finops/embedded_mcp_validator.py +0 -1629
runbooks/finops/enhanced_dashboard_runner.py +0 -527
runbooks/finops/finops_dashboard.py +0 -584
runbooks/finops/finops_scenarios.py +0 -1218
runbooks/finops/legacy_migration.py +0 -730
runbooks/finops/multi_dashboard.py +0 -1519
runbooks/finops/single_dashboard.py +0 -1113
runbooks/finops/unlimited_scenarios.py +0 -393
runbooks-1.1.3.dist-info/METADATA +0 -799
{runbooks-1.1.3.dist-info → runbooks-1.1.5.dist-info}/WHEEL +0 -0
{runbooks-1.1.3.dist-info → runbooks-1.1.5.dist-info}/entry_points.txt +0 -0
{runbooks-1.1.3.dist-info → runbooks-1.1.5.dist-info}/licenses/LICENSE +0 -0
{runbooks-1.1.3.dist-info → runbooks-1.1.5.dist-info}/top_level.txt +0 -0

runbooks/cloudops/security_enforcer.py CHANGED Viewed

@@ -6,7 +6,7 @@ Supports automated compliance enforcement, security policy implementation, and a
 Business Scenarios:
 - Security Incident Response: Automated remediation for compliance violations
-- S3 Encryption Enforcement: Compliance with SOC2, PCI-DSS, HIPAA requirements
+- S3 Encryption Enforcement: Compliance with SOC2, PCI-DSS, HIPAA requirements
 - IAM Security Optimization: Least privilege principle enforcement
 - RDS Security Hardening: Database security and compliance
 - Multi-Account Security Governance: Organization-wide security policy enforcement
@@ -27,19 +27,33 @@ from botocore.exceptions import ClientError
 from datetime import datetime, timedelta
 from runbooks.common.rich_utils import (
-    console, print_header, print_success, print_error, print_warning, print_info,
-    create_table, create_progress_bar, format_cost, create_panel
+    console,
+    print_header,
+    print_success,
+    print_error,
+    print_warning,
+    print_info,
+    create_table,
+    create_progress_bar,
+    format_cost,
+    create_panel,
 )
 from .base import CloudOpsBase
 from .models import (
-    SecurityEnforcementResult, BusinessScenario, ExecutionMode, RiskLevel,
-    ResourceImpact, BusinessMetrics, ComplianceMetrics
+    SecurityEnforcementResult,
+    BusinessScenario,
+    ExecutionMode,
+    RiskLevel,
+    ResourceImpact,
+    BusinessMetrics,
+    ComplianceMetrics,
 )
 class SecurityEnforcer(CloudOpsBase):
     """
     Security enforcement scenarios for automated compliance and risk reduction.
     Business Use Cases:
     1. Security incident response and automated remediation
     2. Compliance framework enforcement (SOC2, PCI-DSS, HIPAA)
@@ -47,122 +61,115 @@ class SecurityEnforcer(CloudOpsBase):
     4. Security baseline implementation and monitoring
     5. Executive security reporting and audit preparation
     """
     def __init__(
-        self,
-        profile: str = "default",
-        dry_run: bool = True,
-        execution_mode: ExecutionMode = ExecutionMode.DRY_RUN
+        self, profile: str = "default", dry_run: bool = True, execution_mode: ExecutionMode = ExecutionMode.DRY_RUN
     ):
         """
         Initialize Security Enforcer with enterprise patterns.
         Args:
             profile: AWS profile (typically management profile for cross-account access)
             dry_run: Enable safe analysis mode (default True)
             execution_mode: Execution mode for operations
         """
         super().__init__(profile, dry_run, execution_mode)
         print_header("CloudOps Security Enforcer", "1.0.0")
         print_info(f"Execution mode: {execution_mode.value}")
         print_info(f"Profile: {profile}")
         if dry_run:
             print_warning("🛡️  DRY RUN MODE: No security policies will be enforced")
     async def enforce_s3_encryption(
-        self,
-        regions: Optional[List[str]] = None,
-        encryption_type: str = "AES256"
+        self, regions: Optional[List[str]] = None, encryption_type: str = "AES256"
     ) -> SecurityEnforcementResult:
         """
         Business Scenario: Enforce S3 bucket encryption for compliance
         Source: AWS_encrypt_unencrypted_S3_buckets.ipynb
         Typical Business Impact:
         - Compliance improvement: SOC2, PCI-DSS, HIPAA requirements
         - Risk reduction: Data protection and regulatory compliance
         - Implementation time: 10-20 minutes
         Args:
-            regions: Target regions (default: all available)
+            regions: Target regions (default: all available)
             encryption_type: Encryption type (AES256 or aws:kms)
         Returns:
             SecurityEnforcementResult with detailed compliance improvements
         """
         operation_name = "S3 Encryption Enforcement"
         print_header(f"🔒 {operation_name}")
         # Initialize result tracking
         unencrypted_buckets = []
         encrypted_buckets = []
         total_violations = 0
         violations_fixed = 0
         # Get target regions
-        target_regions = regions or self._get_available_regions('s3')[:3]  # S3 is global, limit regions
+        target_regions = regions or self._get_available_regions("s3")[:3]  # S3 is global, limit regions
         print_info(f"Scanning S3 buckets for encryption compliance")
         print_info(f"Required encryption: {encryption_type}")
         print_info(f"Target regions: {len(target_regions)}")
         # Progress tracking
         with create_progress_bar() as progress:
             task = progress.add_task("[cyan]Scanning S3 buckets...", total=len(target_regions))
             for region in target_regions:
                 try:
-                    region_results = await self._analyze_s3_encryption_in_region(
-                        region, encryption_type
-                    )
-                    unencrypted_buckets.extend(region_results['unencrypted'])
-                    encrypted_buckets.extend(region_results['encrypted'])
+                    region_results = await self._analyze_s3_encryption_in_region(region, encryption_type)
+                    unencrypted_buckets.extend(region_results["unencrypted"])
+                    encrypted_buckets.extend(region_results["encrypted"])
                     progress.update(task, advance=1)
                 except Exception as e:
                     print_warning(f"Could not analyze region {region}: {str(e)}")
                     continue
         total_violations = len(unencrypted_buckets)
         # Create resource impacts for unencrypted buckets
         resource_impacts = []
         for bucket_info in unencrypted_buckets:
             impact = self.create_resource_impact(
                 resource_type="s3-bucket",
-                resource_id=bucket_info['bucket_name'],
-                region=bucket_info['region'],
+                resource_id=bucket_info["bucket_name"],
+                region=bucket_info["region"],
                 estimated_cost=0.0,  # No direct cost for encryption
                 projected_savings=0.0,  # Compliance value, not cost savings
                 risk_level=RiskLevel.HIGH,  # Unencrypted data is high risk
                 modification_required=True,
                 resource_name=f"S3 Bucket {bucket_info['bucket_name']}",
                 business_criticality="high",  # Data protection is critical
-                estimated_downtime=0.0  # S3 encryption enablement has no downtime
+                estimated_downtime=0.0,  # S3 encryption enablement has no downtime
             )
             resource_impacts.append(impact)
         # Execute enforcement if not dry run
         if not self.dry_run and self.execution_mode == ExecutionMode.EXECUTE:
             print_info("🔧 Executing S3 encryption enforcement...")
             violations_fixed = await self._apply_s3_encryption(unencrypted_buckets, encryption_type)
         # Calculate compliance scores
         total_buckets = len(encrypted_buckets) + len(unencrypted_buckets)
         security_score_before = (len(encrypted_buckets) / total_buckets * 100) if total_buckets > 0 else 100.0
         if violations_fixed > 0:
-            security_score_after = ((len(encrypted_buckets) + violations_fixed) / total_buckets * 100)
+            security_score_after = (len(encrypted_buckets) + violations_fixed) / total_buckets * 100
         else:
             security_score_after = security_score_before
         # Display results
         if unencrypted_buckets:
             print_warning(f"⚠️  Found {len(unencrypted_buckets)} unencrypted S3 buckets")
             # Detailed table
             s3_table = create_table(
                 title="S3 Encryption Compliance Analysis",
@@ -171,26 +178,20 @@ class SecurityEnforcer(CloudOpsBase):
                     {"name": "Region", "style": "green"},
                     {"name": "Current Encryption", "style": "red"},
                     {"name": "Required Action", "style": "yellow"},
-                    {"name": "Compliance Risk", "style": "blue"}
-                ]
+                    {"name": "Compliance Risk", "style": "blue"},
+                ],
             )
             for bucket in unencrypted_buckets[:10]:  # Show top 10
-                s3_table.add_row(
-                    bucket['bucket_name'],
-                    bucket['region'],
-                    "None",
-                    f"Apply {encryption_type}",
-                    "High"
-                )
+                s3_table.add_row(bucket["bucket_name"], bucket["region"], "None", f"Apply {encryption_type}", "High")
             console.print(s3_table)
             if violations_fixed > 0:
                 print_success(f"🔐 Successfully encrypted {violations_fixed} buckets")
         else:
             print_success("✅ All S3 buckets are properly encrypted")
         # Create compliance metrics
         compliance_metrics = [
             ComplianceMetrics(
@@ -198,26 +199,26 @@ class SecurityEnforcer(CloudOpsBase):
                 current_score=security_score_after,
                 target_score=100.0,
                 violations_found=total_violations,
-                violations_fixed=violations_fixed
+                violations_fixed=violations_fixed,
             ),
             ComplianceMetrics(
                 framework="PCI-DSS",
                 current_score=security_score_after,
                 target_score=100.0,
                 violations_found=total_violations,
-                violations_fixed=violations_fixed
-            )
+                violations_fixed=violations_fixed,
+            ),
         ]
         # Business metrics
         business_metrics = self.create_business_metrics(
             total_savings=0.0,  # Security compliance doesn't directly save costs
             implementation_cost=0.0,  # No cost for S3 encryption
-            overall_risk=RiskLevel.LOW if total_violations == 0 else RiskLevel.MEDIUM
+            overall_risk=RiskLevel.LOW if total_violations == 0 else RiskLevel.MEDIUM,
         )
         business_metrics.operational_efficiency_gain = 90.0  # High automation value
         business_metrics.business_continuity_impact = "positive"  # Improves security posture
         # Create comprehensive result
         result = SecurityEnforcementResult(
             scenario=BusinessScenario.SECURITY_ENFORCEMENT,
@@ -235,12 +236,11 @@ class SecurityEnforcer(CloudOpsBase):
                 "Implement bucket policy to require encryption for new objects",
                 "Set up CloudTrail logging for S3 encryption compliance monitoring",
                 "Consider AWS Config rules for continuous compliance validation",
-                "Review and update data classification policies"
+                "Review and update data classification policies",
             ],
             aws_profile_used=self.profile,
             regions_analyzed=target_regions,
             services_analyzed=["s3"],
             # Security-specific metrics
             security_score_before=security_score_before,
             security_score_after=security_score_after,
@@ -250,171 +250,137 @@ class SecurityEnforcer(CloudOpsBase):
             medium_findings=0,
             low_findings=0,
             auto_remediated=violations_fixed,
-            manual_remediation_required=max(0, total_violations - violations_fixed)
+            manual_remediation_required=max(0, total_violations - violations_fixed),
         )
         self.display_execution_summary(result)
         return result
     async def _analyze_s3_encryption_in_region(
-        self,
-        region: str,
-        required_encryption: str
+        self, region: str, required_encryption: str
     ) -> Dict[str, List[Dict[str, str]]]:
         """
         Analyze S3 buckets in a specific region for encryption compliance.
         Args:
             region: AWS region to analyze
             required_encryption: Required encryption type
         Returns:
             Dictionary with encrypted and unencrypted bucket lists
         """
         encrypted_buckets = []
         unencrypted_buckets = []
         try:
-            s3 = self.session.client('s3', region_name=region)
+            s3 = self.session.client("s3", region_name=region)
             # List all buckets (S3 buckets are global, but we check from each region)
-            if region == 'us-east-1':  # Only check from one region to avoid duplicates
+            if region == "us-east-1":  # Only check from one region to avoid duplicates
                 response = s3.list_buckets()
-                for bucket in response.get('Buckets', []):
-                    bucket_name = bucket['Name']
+                for bucket in response.get("Buckets", []):
+                    bucket_name = bucket["Name"]
                     try:
                         # Check bucket encryption
                         encryption_response = s3.get_bucket_encryption(Bucket=bucket_name)
                         # Bucket has encryption configured
-                        encrypted_buckets.append({
-                            'bucket_name': bucket_name,
-                            'region': region,
-                            'encryption_type': 'Configured'
-                        })
+                        encrypted_buckets.append(
+                            {"bucket_name": bucket_name, "region": region, "encryption_type": "Configured"}
+                        )
                     except ClientError as e:
-                        if e.response['Error']['Code'] == 'ServerSideEncryptionConfigurationNotFoundError':
+                        if e.response["Error"]["Code"] == "ServerSideEncryptionConfigurationNotFoundError":
                             # Bucket has no encryption
-                            unencrypted_buckets.append({
-                                'bucket_name': bucket_name,
-                                'region': region,
-                                'encryption_type': 'None'
-                            })
+                            unencrypted_buckets.append(
+                                {"bucket_name": bucket_name, "region": region, "encryption_type": "None"}
+                            )
                         else:
                             print_warning(f"Could not check encryption for bucket {bucket_name}: {str(e)}")
         except ClientError as e:
             print_warning(f"Could not analyze S3 buckets in {region}: {str(e)}")
-        return {
-            'encrypted': encrypted_buckets,
-            'unencrypted': unencrypted_buckets
-        }
-    async def _apply_s3_encryption(
-        self,
-        unencrypted_buckets: List[Dict[str, str]],
-        encryption_type: str
-    ) -> int:
+        return {"encrypted": encrypted_buckets, "unencrypted": unencrypted_buckets}
+    async def _apply_s3_encryption(self, unencrypted_buckets: List[Dict[str, str]], encryption_type: str) -> int:
         """
         Apply encryption to unencrypted S3 buckets.
         Args:
             unencrypted_buckets: List of buckets requiring encryption
             encryption_type: Encryption type to apply
         Returns:
             Number of buckets successfully encrypted
         """
         if self.dry_run:
             print_info("DRY RUN: Would apply S3 encryption")
             return 0
         violations_fixed = 0
         print_warning("🚨 EXECUTING S3 encryption enforcement - this will modify bucket policies!")
         for bucket_info in unencrypted_buckets:
-            bucket_name = bucket_info['bucket_name']
+            bucket_name = bucket_info["bucket_name"]
             try:
-                s3 = self.session.client('s3', region_name='us-east-1')
+                s3 = self.session.client("s3", region_name="us-east-1")
                 # Apply server-side encryption configuration
                 if encryption_type == "AES256":
-                    encryption_config = {
-                        'Rules': [
-                            {
-                                'ApplyServerSideEncryptionByDefault': {
-                                    'SSEAlgorithm': 'AES256'
-                                }
-                            }
-                        ]
-                    }
+                    encryption_config = {"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}
                 else:  # aws:kms
-                    encryption_config = {
-                        'Rules': [
-                            {
-                                'ApplyServerSideEncryptionByDefault': {
-                                    'SSEAlgorithm': 'aws:kms'
-                                }
-                            }
-                        ]
-                    }
-                s3.put_bucket_encryption(
-                    Bucket=bucket_name,
-                    ServerSideEncryptionConfiguration=encryption_config
-                )
+                    encryption_config = {"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "aws:kms"}}]}
+                s3.put_bucket_encryption(Bucket=bucket_name, ServerSideEncryptionConfiguration=encryption_config)
                 print_success(f"✅ Applied {encryption_type} encryption to bucket {bucket_name}")
                 violations_fixed += 1
             except ClientError as e:
                 print_error(f"❌ Failed to encrypt bucket {bucket_name}: {str(e)}")
         return violations_fixed
     async def security_incident_response(
-        self,
-        incident_type: str = "compliance_violation",
-        severity: str = "high"
+        self, incident_type: str = "compliance_violation", severity: str = "high"
     ) -> SecurityEnforcementResult:
         """
         Business Scenario: Automated security incident response
         Designed for: CISO escalations, compliance violations, security alerts
         Response time: <15 minutes for initial remediation
         Args:
             incident_type: Type of security incident
             severity: Incident severity level
         Returns:
             SecurityEnforcementResult with incident response analysis
         """
         operation_name = "Security Incident Response"
         print_header(f"🚨 {operation_name}")
         print_warning(f"Security incident detected: {incident_type}")
         print_warning(f"Severity level: {severity}")
         # This would integrate multiple security enforcement scenarios
         # for rapid security response in incident situations
         response_actions = [
             "Immediate security assessment and vulnerability scanning",
             "Automated policy enforcement and compliance validation",
             "Security posture analysis and risk assessment",
-            "Incident documentation and audit trail generation"
+            "Incident documentation and audit trail generation",
         ]
         print_info("Security incident response actions:")
         for action in response_actions:
             print_info(f"  • {action}")
         return SecurityEnforcementResult(
             scenario=BusinessScenario.SECURITY_ENFORCEMENT,
             scenario_name="Security Incident Response",
@@ -427,12 +393,12 @@ class SecurityEnforcer(CloudOpsBase):
             resources_impacted=[],
             business_metrics=self.create_business_metrics(
                 total_savings=0.0,  # Security response doesn't directly save costs
-                overall_risk=RiskLevel.HIGH if severity == "critical" else RiskLevel.MEDIUM
+                overall_risk=RiskLevel.HIGH if severity == "critical" else RiskLevel.MEDIUM,
             ),
             recommendations=[
                 "Implement continuous security monitoring and alerting",
                 "Establish security incident response playbooks",
-                "Regular security posture assessments and compliance validation"
+                "Regular security posture assessments and compliance validation",
             ],
             aws_profile_used=self.profile,
             regions_analyzed=[],
@@ -445,5 +411,5 @@ class SecurityEnforcer(CloudOpsBase):
             medium_findings=1 if severity == "medium" else 0,
             low_findings=0,
             auto_remediated=1,
-            manual_remediation_required=0
-        )
+            manual_remediation_required=0,
+        )

runbooks/common/accuracy_validator.py CHANGED Viewed

@@ -59,6 +59,17 @@ from ..common.rich_utils import (
     print_warning,
 )
+# Define common enums that are needed regardless of FinOps availability
+class ErrorCategory(Enum):
+    AWS_CREDENTIALS = "AWS_CREDENTIALS"
+    AWS_THROTTLING = "AWS_THROTTLING"
+    NETWORK = "NETWORK"
+    PERMISSION = "PERMISSION"
+    DATA_VALIDATION = "DATA_VALIDATION"
+    CONFIGURATION = "CONFIGURATION"
 # Import the proven FinOps accuracy patterns
 try:
     from ..finops.accuracy_cross_validator import (

runbooks 1.1.3__py3-none-any.whl → 1.1.5__py3-none-any.whl

runbooks 1.1.3py3-none-any.whl → 1.1.5py3-none-any.whl