runbooks 1.1.4__py3-none-any.whl → 1.1.6__py3-none-any.whl

runbooks/remediation/universal_account_discovery.py

@@ -35,7 +35,7 @@ from runbooks.common.rich_utils import console, print_error, print_info, print_w
 @dataclass
 class AWSAccount:
     """Universal AWS account representation."""
-    
+
     account_id: str
     account_name: Optional[str] = None
     status: str = "ACTIVE"
@@ -47,86 +47,84 @@ class AWSAccount:
 class UniversalAccountDiscovery:
     """
     Universal AWS account discovery that works with ANY AWS setup.
-    
+
     Discovery methods (in priority order):
     1. Environment variables (REMEDIATION_TARGET_ACCOUNTS)
     2. Configuration file (REMEDIATION_ACCOUNT_CONFIG)
     3. AWS Organizations API (if available)
     4. Current account (single account mode)
-    
+
     No hardcoded account arrays - fully dynamic discovery.
     """
-    
+
     def __init__(self, profile: Optional[str] = None):
         """Initialize universal account discovery."""
         self.profile = profile
         self.resolved_profile = get_profile_for_operation("management", profile)
         self.session = self._create_session()
-    
+
     def _create_session(self) -> boto3.Session:
         """Create AWS session using universal profile management."""
         return boto3.Session(profile_name=self.resolved_profile)
-    
+
     def discover_target_accounts(self, include_current: bool = True) -> List[AWSAccount]:
         """
         Discover target accounts for remediation using universal approach.
-        
+
         Args:
             include_current: Include current account in results
-            
+
         Returns:
             List[AWSAccount]: Discovered target accounts
         """
         console.log("[cyan]🔍 Starting universal account discovery...[/]")
-        
+
         discovered_accounts = []
-        
+
         # Method 1: Environment variables (highest priority)
         env_accounts = self._get_accounts_from_environment()
         if env_accounts:
             console.log(f"[green]✓ Found {len(env_accounts)} accounts from environment variables[/]")
             discovered_accounts.extend(env_accounts)
             return discovered_accounts
-        
+
         # Method 2: Configuration file
         config_accounts = self._get_accounts_from_config()
         if config_accounts:
             console.log(f"[green]✓ Found {len(config_accounts)} accounts from configuration file[/]")
             discovered_accounts.extend(config_accounts)
             return discovered_accounts
-        
+
         # Method 3: AWS Organizations API (if available)
         org_accounts = self._get_accounts_from_organizations()
         if org_accounts:
             console.log(f"[green]✓ Found {len(org_accounts)} accounts from AWS Organizations[/]")
             discovered_accounts.extend(org_accounts)
             return discovered_accounts
-        
+
         # Method 4: Current account fallback (single account mode)
         if include_current:
             current_account = self._get_current_account()
             if current_account:
                 console.log("[yellow]🔍 Single account mode: Using current account[/]")
                 discovered_accounts.append(current_account)
-        
+
         if not discovered_accounts:
             print_warning("No target accounts discovered. Check configuration or permissions.")
-        
+
         return discovered_accounts
-    
+
     def _get_accounts_from_environment(self) -> List[AWSAccount]:
         """Get accounts from environment variables."""
         env_accounts = os.getenv("REMEDIATION_TARGET_ACCOUNTS")
         if not env_accounts:
             return []
-        
+
         try:
             account_ids = [acc.strip() for acc in env_accounts.split(",")]
             return [
                 AWSAccount(
-                    account_id=account_id,
-                    account_name=f"Env-Account-{account_id}",
-                    profile_name=self.resolved_profile
+                    account_id=account_id, account_name=f"Env-Account-{account_id}", profile_name=self.resolved_profile
                 )
                 for account_id in account_ids
                 if account_id
@@ -134,17 +132,17 @@ class UniversalAccountDiscovery:
         except Exception as e:
             print_warning(f"Failed to parse REMEDIATION_TARGET_ACCOUNTS: {e}")
             return []
-    
+
     def _get_accounts_from_config(self) -> List[AWSAccount]:
         """Get accounts from configuration file."""
         config_path = os.getenv("REMEDIATION_ACCOUNT_CONFIG")
         if not config_path or not os.path.exists(config_path):
             return []
-        
+
         try:
-            with open(config_path, 'r') as f:
+            with open(config_path, "r") as f:
                 config = json.load(f)
-            
+
             accounts = []
             for account_config in config.get("target_accounts", []):
                 account = AWSAccount(
@@ -152,27 +150,27 @@ class UniversalAccountDiscovery:
                     account_name=account_config.get("account_name"),
                     status=account_config.get("status", "ACTIVE"),
                     email=account_config.get("email"),
-                    profile_name=account_config.get("profile_name", self.resolved_profile)
+                    profile_name=account_config.get("profile_name", self.resolved_profile),
                 )
                 accounts.append(account)
-            
+
             console.log(f"[dim cyan]Loaded account configuration from: {config_path}[/]")
             return accounts
-            
+
         except Exception as e:
             print_warning(f"Failed to load account configuration from {config_path}: {e}")
             return []
-    
+
     def _get_accounts_from_organizations(self) -> List[AWSAccount]:
         """Get accounts from AWS Organizations API."""
         try:
             # Check if Organizations API is available
             orgs_client = self.session.client("organizations")
-            
+
             # Try to list accounts
             paginator = orgs_client.get_paginator("list_accounts")
             accounts = []
-            
+
             for page in paginator.paginate():
                 for account in page["Accounts"]:
                     aws_account = AWSAccount(
@@ -181,16 +179,16 @@ class UniversalAccountDiscovery:
                         status=account.get("Status", "ACTIVE"),
                         email=account.get("Email"),
                         joined_method=account.get("JoinedMethod"),
-                        profile_name=self.resolved_profile
+                        profile_name=self.resolved_profile,
                     )
                     accounts.append(aws_account)
-            
+
             # Filter to active accounts only
             active_accounts = [acc for acc in accounts if acc.status == "ACTIVE"]
             console.log(f"[dim cyan]Discovered {len(active_accounts)} active accounts via Organizations API[/]")
-            
+
             return active_accounts
-            
+
         except ClientError as e:
             error_code = e.response.get("Error", {}).get("Code", "Unknown")
             if error_code in ["AccessDenied", "AWSOrganizationsNotInUseException"]:
@@ -201,103 +199,109 @@ class UniversalAccountDiscovery:
         except Exception as e:
             print_warning(f"Failed to access Organizations API: {e}")
             return []
-    
+
     def _get_current_account(self) -> Optional[AWSAccount]:
         """Get current account as fallback."""
         try:
             sts_client = self.session.client("sts")
             identity = sts_client.get_caller_identity()
-            
+
             return AWSAccount(
                 account_id=identity["Account"],
                 account_name=f"Current-Account-{identity['Account']}",
                 status="ACTIVE",
-                profile_name=self.resolved_profile
+                profile_name=self.resolved_profile,
             )
-            
+
         except Exception as e:
             print_error(f"Failed to get current account identity: {e}")
             return None
-    
+
     def filter_accounts_by_criteria(
-        self, 
-        accounts: List[AWSAccount], 
+        self,
+        accounts: List[AWSAccount],
         include_patterns: Optional[List[str]] = None,
         exclude_patterns: Optional[List[str]] = None,
-        max_accounts: Optional[int] = None
+        max_accounts: Optional[int] = None,
     ) -> List[AWSAccount]:
         """
         Filter discovered accounts by various criteria.
-        
+
         Args:
             accounts: List of discovered accounts
             include_patterns: Account ID or name patterns to include
             exclude_patterns: Account ID or name patterns to exclude
             max_accounts: Maximum number of accounts to return
-            
+
         Returns:
             List[AWSAccount]: Filtered accounts
         """
         filtered_accounts = accounts.copy()
-        
+
         # Apply include patterns
         if include_patterns:
             filtered_accounts = [
-                acc for acc in filtered_accounts
-                if any(pattern in acc.account_id or (acc.account_name and pattern in acc.account_name)
-                      for pattern in include_patterns)
+                acc
+                for acc in filtered_accounts
+                if any(
+                    pattern in acc.account_id or (acc.account_name and pattern in acc.account_name)
+                    for pattern in include_patterns
+                )
             ]
-        
+
         # Apply exclude patterns
         if exclude_patterns:
             filtered_accounts = [
-                acc for acc in filtered_accounts
-                if not any(pattern in acc.account_id or (acc.account_name and pattern in acc.account_name)
-                          for pattern in exclude_patterns)
+                acc
+                for acc in filtered_accounts
+                if not any(
+                    pattern in acc.account_id or (acc.account_name and pattern in acc.account_name)
+                    for pattern in exclude_patterns
+                )
             ]
-        
+
         # Apply max accounts limit
         if max_accounts and len(filtered_accounts) > max_accounts:
             console.log(f"[yellow]Limiting to {max_accounts} accounts (found {len(filtered_accounts)})[/]")
             filtered_accounts = filtered_accounts[:max_accounts]
-        
+
         return filtered_accounts
-    
+
     def validate_account_access(self, accounts: List[AWSAccount]) -> List[AWSAccount]:
         """
         Validate access to discovered accounts.
-        
+
         Args:
             accounts: List of accounts to validate
-            
+
         Returns:
             List[AWSAccount]: Accounts with validated access
         """
         validated_accounts = []
-        
+
         for account in accounts:
             try:
                 # Try to get caller identity to validate access
                 session = boto3.Session(profile_name=account.profile_name or self.resolved_profile)
                 sts_client = session.client("sts")
                 identity = sts_client.get_caller_identity()
-                
+
                 # Verify account ID matches
                 if identity["Account"] == account.account_id:
                     validated_accounts.append(account)
                     console.log(f"[green]✓ Validated access to account: {account.account_id}[/]")
                 else:
                     print_warning(f"Account ID mismatch for {account.account_id}: got {identity['Account']}")
-                    
+
             except Exception as e:
                 print_warning(f"Failed to validate access to account {account.account_id}: {e}")
-        
+
         return validated_accounts
-    
+
     def export_account_config_template(self, output_path: str) -> None:
         """
         Export account configuration template for enterprise customization.
-        
+
         Args:
             output_path: Path to save the configuration template
         """
@@ -308,25 +312,25 @@ class UniversalAccountDiscovery:
                     "account_name": "Production Environment",
                     "status": "ACTIVE",
                     "email": "prod@company.com",
-                    "profile_name": "prod-profile"
+                    "profile_name": "prod-profile",
                 },
                 {
-                    "account_id": "444455556666", 
+                    "account_id": "444455556666",
                     "account_name": "Staging Environment",
                     "status": "ACTIVE",
                     "email": "staging@company.com",
-                    "profile_name": "staging-profile"
-                }
+                    "profile_name": "staging-profile",
+                },
             ],
             "discovery_settings": {
                 "max_concurrent_accounts": 10,
                 "validation_timeout_seconds": 30,
-                "include_suspended_accounts": False
-            }
+                "include_suspended_accounts": False,
+            },
         }
-        
+
         try:
-            with open(output_path, 'w') as f:
+            with open(output_path, "w") as f:
                 json.dump(template, f, indent=2)
             console.log(f"[green]Account configuration template exported to: {output_path}[/]")
         except Exception as e:
@@ -336,10 +340,10 @@ class UniversalAccountDiscovery:
 def discover_remediation_accounts(profile: Optional[str] = None) -> List[AWSAccount]:
     """
     Convenience function for universal account discovery.
-    
+
     Args:
         profile: AWS profile to use for discovery
-        
+
     Returns:
         List[AWSAccount]: Discovered accounts for remediation
     """
@@ -350,21 +354,21 @@ def discover_remediation_accounts(profile: Optional[str] = None) -> List[AWSAcco
 def get_account_by_id(account_id: str, profile: Optional[str] = None) -> Optional[AWSAccount]:
     """
     Get specific account by ID using universal discovery.
-    
+
     Args:
         account_id: Target account ID
         profile: AWS profile to use
-        
+
     Returns:
         Optional[AWSAccount]: Account if found, None otherwise
     """
     discovery = UniversalAccountDiscovery(profile=profile)
     accounts = discovery.discover_target_accounts()
-    
+
     for account in accounts:
         if account.account_id == account_id:
             return account
-    
+
     return None
 
 
@@ -372,6 +376,6 @@ def get_account_by_id(account_id: str, profile: Optional[str] = None) -> Optiona
 __all__ = [
     "AWSAccount",
     "UniversalAccountDiscovery",
-    "discover_remediation_accounts", 
+    "discover_remediation_accounts",
     "get_account_by_id",
-]
+]

runbooks/remediation/workspaces_list.py

@@ -15,8 +15,14 @@ from botocore.exceptions import ClientError
 
 from .commons import display_aws_account_info, get_client, write_to_csv
 from ..common.rich_utils import (
-    console, print_header, print_success, print_error, print_warning,
-    create_table, create_progress_bar, format_cost
+    console,
+    print_header,
+    print_success,
+    print_error,
+    print_warning,
+    create_table,
+    create_progress_bar,
+    format_cost,
 )
 
 logger = logging.getLogger(__name__)
@@ -25,7 +31,7 @@ logger = logging.getLogger(__name__)
 def calculate_workspace_monthly_cost(workspace_bundle_id: str, running_mode: str) -> float:
     """
     Calculate monthly cost for WorkSpace based on bundle and running mode.
-    
+
     JIRA FinOps-24: Cost calculations for significant annual savings savings target
     Based on AWS WorkSpaces pricing: https://aws.amazon.com/workspaces/pricing/
     """
@@ -34,27 +40,23 @@ def calculate_workspace_monthly_cost(workspace_bundle_id: str, running_mode: str
         # Value bundles
         "wsb-bh8rsxt14": {"name": "Value", "monthly": 25.0, "hourly": 0.22},  # Windows 10 Value
         "wsb-3t36q8qkj": {"name": "Value", "monthly": 25.0, "hourly": 0.22},  # Amazon Linux 2 Value
-        
-        # Standard bundles  
+        # Standard bundles
         "wsb-92tn3b7gx": {"name": "Standard", "monthly": 35.0, "hourly": 0.50},  # Windows 10 Standard
         "wsb-2bs6k5lgj": {"name": "Standard", "monthly": 35.0, "hourly": 0.50},  # Amazon Linux 2 Standard
-        
         # Performance bundles
         "wsb-gk1wpk43z": {"name": "Performance", "monthly": 68.0, "hourly": 0.85},  # Windows 10 Performance
         "wsb-1b5w6vnzg": {"name": "Performance", "monthly": 68.0, "hourly": 0.85},  # Amazon Linux 2 Performance
-        
         # PowerPro bundles
         "wsb-8vbljg4r6": {"name": "PowerPro", "monthly": 134.0, "hourly": 1.50},  # Windows 10 PowerPro
         "wsb-vbljg4r61": {"name": "PowerPro", "monthly": 134.0, "hourly": 1.50},  # Amazon Linux 2 PowerPro
-        
         # Graphics bundles
         "wsb-1pzkp0bx8": {"name": "Graphics", "monthly": 144.0, "hourly": 1.75},  # Windows 10 Graphics
         "wsb-pszkp0bx9": {"name": "Graphics", "monthly": 144.0, "hourly": 1.75},  # Amazon Linux 2 Graphics
     }
-    
+
     # Get bundle info or use default
     bundle_info = bundle_costs.get(workspace_bundle_id, {"name": "Standard", "monthly": 35.0, "hourly": 0.50})
-    
+
     # Calculate cost based on running mode
     if running_mode.upper() == "AUTO_STOP":
         # Auto-stop: Pay monthly fee + hourly usage (simplified to monthly for unused)
@@ -113,12 +115,12 @@ def get_workspaces(
 ):
     """
     🚨 HIGH-RISK: Analyze WorkSpaces usage and optionally delete unused ones.
-    
+
     WorkSpaces Resource Optimization: Enhanced cleanup with dynamic cost calculation using business case configuration
     """
 
     print_header("WorkSpaces Cost Optimization Analysis", "latest version")
-    
+
     # HIGH-RISK OPERATION WARNING
     if delete_unused and not confirm:
         print_warning("🚨 HIGH-RISK OPERATION: WorkSpace deletion")
@@ -143,7 +145,9 @@ def get_workspaces(
         start_time = end_time - timedelta(days=days)
         unused_threshold = end_time - timedelta(days=unused_days)
 
-        console.print(f"[dim]Analyzing usage from {start_time.strftime('%Y-%m-%d')} to {end_time.strftime('%Y-%m-%d')}[/dim]")
+        console.print(
+            f"[dim]Analyzing usage from {start_time.strftime('%Y-%m-%d')} to {end_time.strftime('%Y-%m-%d')}[/dim]"
+        )
 
         # Collect all workspaces first for progress tracking
         all_workspaces = []
@@ -153,12 +157,9 @@ def get_workspaces(
 
         total_cost = 0.0
         unused_cost = 0.0
-        
+
         with create_progress_bar() as progress:
-            task_id = progress.add_task(
-                f"Analyzing {len(all_workspaces)} WorkSpaces...",
-                total=len(all_workspaces)
-            )
+            task_id = progress.add_task(f"Analyzing {len(all_workspaces)} WorkSpaces...", total=len(all_workspaces))
 
             for workspace in all_workspaces:
                 workspace_id = workspace["WorkspaceId"]
@@ -235,15 +236,15 @@ def get_workspaces(
 
         # Create summary table with Rich CLI
         print_header("WorkSpaces Analysis Summary")
-        
+
         summary_table = create_table(
             title="WorkSpaces Cost Analysis - JIRA FinOps-24",
             columns=[
                 {"header": "Metric", "style": "cyan"},
                 {"header": "Value", "style": "green bold"},
                 {"header": "Monthly Cost", "style": "red"},
-                {"header": "Annual Cost", "style": "red bold"}
-            ]
+                {"header": "Annual Cost", "style": "red bold"},
+            ],
         )
 
         # Basic metrics
@@ -251,32 +252,32 @@ def get_workspaces(
             "Total WorkSpaces",
             str(len(data)),
             format_cost(total_cost) if calculate_savings or analyze else "N/A",
-            format_cost(total_cost * 12) if calculate_savings or analyze else "N/A"
+            format_cost(total_cost * 12) if calculate_savings or analyze else "N/A",
         )
-        
+
         summary_table.add_row(
             f"Unused WorkSpaces (>{unused_days} days)",
             str(len(unused_workspaces)),
-            format_cost(unused_cost) if calculate_savings or analyze else "N/A", 
-            format_cost(unused_cost * 12) if calculate_savings or analyze else "N/A"
+            format_cost(unused_cost) if calculate_savings or analyze else "N/A",
+            format_cost(unused_cost * 12) if calculate_savings or analyze else "N/A",
         )
 
         if calculate_savings or analyze:
             potential_savings_monthly = unused_cost
             potential_savings_annual = unused_cost * 12
-            
+
             summary_table.add_row(
                 "🎯 Potential Savings",
                 f"{len(unused_workspaces)} WorkSpaces",
                 format_cost(potential_savings_monthly),
-                format_cost(potential_savings_annual)
+                format_cost(potential_savings_annual),
             )
 
         console.print(summary_table)
 
         if unused_workspaces:
             print_warning(f"⚠ Found {len(unused_workspaces)} unused WorkSpaces:")
-            
+
             # Create detailed unused workspaces table
             unused_table = create_table(
                 title="Unused WorkSpaces Details",
@@ -286,22 +287,22 @@ def get_workspaces(
                     {"header": "Days Since Connection", "style": "yellow"},
                     {"header": "Running Mode", "style": "green"},
                     {"header": "Monthly Cost", "style": "red"},
-                    {"header": "State", "style": "magenta"}
-                ]
+                    {"header": "State", "style": "magenta"},
+                ],
             )
-            
+
             for ws in unused_workspaces[:10]:  # Show first 10 for readability
                 unused_table.add_row(
-                    ws['WorkspaceId'],
-                    ws['UserName'],
-                    str(ws['DaysSinceConnection']),
-                    ws['RunningMode'],
-                    format_cost(ws['MonthlyCost']) if ws['MonthlyCost'] > 0 else "N/A",
-                    ws['State']
+                    ws["WorkspaceId"],
+                    ws["UserName"],
+                    str(ws["DaysSinceConnection"]),
+                    ws["RunningMode"],
+                    format_cost(ws["MonthlyCost"]) if ws["MonthlyCost"] > 0 else "N/A",
+                    ws["State"],
                 )
-            
+
             console.print(unused_table)
-            
+
             if len(unused_workspaces) > 10:
                 console.print(f"[dim]... and {len(unused_workspaces) - 10} more unused WorkSpaces[/dim]")
 
@@ -309,9 +310,13 @@ def get_workspaces(
         if calculate_savings or analyze:
             target_annual_savings = 12518.0  # JIRA FinOps-24 target
             if potential_savings_annual >= target_annual_savings * 0.8:  # 80% of target
-                print_success(f"🎯 Target Achievement: {potential_savings_annual/target_annual_savings*100:.1f}% of significant annual savings savings target")
+                print_success(
+                    f"🎯 Target Achievement: {potential_savings_annual / target_annual_savings * 100:.1f}% of significant annual savings savings target"
+                )
             else:
-                print_warning(f"📊 Analysis: {potential_savings_annual/target_annual_savings*100:.1f}% of significant annual savings savings target")
+                print_warning(
+                    f"📊 Analysis: {potential_savings_annual / target_annual_savings * 100:.1f}% of significant annual savings savings target"
+                )
 
         # Handle deletion of unused WorkSpaces
         if delete_unused and unused_workspaces:

runbooks/security/__init__.py

@@ -210,6 +210,16 @@ from .run_script import parse_arguments
 from .security_baseline_tester import SecurityBaselineTester
 from .security_export import SecurityExporter
 
+# Import new assessment and baseline modules
+from .assessment_runner import (
+    SecurityAssessmentRunner,
+    SecurityAssessmentResults,
+    SecurityCheckResult,
+    SecurityFrameworkType,
+    SecurityCheckSeverity,
+)
+from .baseline_checker import SecurityBaselineChecker, BaselineAssessmentResults, BaselineCheckType
+
 # Import centralized version from main runbooks package
 from runbooks import __version__
 
@@ -300,6 +310,15 @@ __all__ = [
     # CLI functions
     "run_security_script",
     "parse_arguments",
+    # New assessment and baseline modules
+    "SecurityAssessmentRunner",
+    "SecurityAssessmentResults",
+    "SecurityCheckResult",
+    "SecurityFrameworkType",
+    "SecurityCheckSeverity",
+    "SecurityBaselineChecker",
+    "BaselineAssessmentResults",
+    "BaselineCheckType",
     # Metadata
     "__version__",
     "__author__",