runbooks 1.1.4__py3-none-any.whl → 1.1.6__py3-none-any.whl

runbooks/security/compliance_automation_engine.py

@@ -144,7 +144,7 @@ class ComplianceAutomationEngine:
         self.profile = profile
         self.output_dir = Path(output_dir)
         self.output_dir.mkdir(parents=True, exist_ok=True)
-        
+
         # Initialize universal compliance configuration
         self.compliance_config = get_universal_compliance_config()
 
@@ -173,30 +173,30 @@ class ComplianceAutomationEngine:
     def _create_session(self) -> boto3.Session:
         """Create secure AWS session using enterprise profile management."""
         # Use management profile for compliance operations requiring cross-account access
-        return create_management_session(profile=self.profile)
-    
+        return create_management_session(profile_name=self.profile)
+
     def _get_compliance_weight(self, control_id: str, default_weight: float) -> float:
         """
         Get compliance weight for control using universal configuration system.
-        
+
         Uses the universal compliance configuration with priority:
         1. Environment variables: COMPLIANCE_WEIGHT_<CONTROL_ID>
         2. Configuration file: COMPLIANCE_CONFIG_PATH
         3. Framework-specific defaults
-        
+
         Args:
             control_id: Control identifier
             default_weight: Framework-specific default weight
-            
+
         Returns:
             float: Compliance weight for the control
         """
         return self.compliance_config.get_control_weight(control_id, default_weight)
-    
+
     def _get_compliance_threshold(self, framework: ComplianceFramework) -> float:
         """
         Get compliance threshold for framework using universal configuration system.
-        
+
         Uses the universal compliance configuration with framework-specific defaults:
         - PCI DSS: 100.0% (requires perfect compliance)
         - HIPAA: 95.0% (healthcare requires high compliance)
@@ -205,10 +205,10 @@ class ComplianceAutomationEngine:
         - ISO 27001: 90.0% (information security management)
         - NIST Cybersecurity: 85.0% (cybersecurity framework)
         - CIS Benchmarks: 85.0% (security benchmarks)
-        
+
         Args:
             framework: Compliance framework
-            
+
         Returns:
             float: Compliance threshold for the framework
         """
@@ -222,11 +222,11 @@ class ComplianceAutomationEngine:
             ComplianceFramework.NIST_CYBERSECURITY: 85.0,
             ComplianceFramework.CIS_BENCHMARKS: 85.0,
         }
-        
+
         # Get framework name for configuration lookup
-        framework_name = framework.value.lower().replace(' ', '-').replace('_', '-')
+        framework_name = framework.value.lower().replace(" ", "-").replace("_", "-")
         default_threshold = framework_defaults.get(framework, 90.0)
-        
+
         return self.compliance_config.get_framework_threshold(framework_name, default_threshold)
 
     def _load_framework_controls(self) -> Dict[ComplianceFramework, List[ComplianceControl]]:
@@ -661,7 +661,7 @@ class ComplianceAutomationEngine:
     async def _discover_target_accounts(self) -> List[str]:
         """
         Discover target accounts for compliance assessment using configuration-driven approach.
-        
+
         Priority:
         1. Environment variable: COMPLIANCE_TARGET_ACCOUNTS (comma-separated)
         2. Configuration file: COMPLIANCE_ACCOUNTS_CONFIG
@@ -674,12 +674,12 @@ class ComplianceAutomationEngine:
             account_ids = [acc.strip() for acc in env_accounts.split(",")]
             print_info(f"Using {len(account_ids)} accounts from COMPLIANCE_TARGET_ACCOUNTS environment variable")
             return account_ids
-        
+
         # Try configuration file
         config_path = os.getenv("COMPLIANCE_ACCOUNTS_CONFIG")
         if config_path and os.path.exists(config_path):
             try:
-                with open(config_path, 'r') as f:
+                with open(config_path, "r") as f:
                     config = json.load(f)
                     account_ids = config.get("target_accounts", [])
                     if account_ids:
@@ -687,7 +687,7 @@ class ComplianceAutomationEngine:
                         return account_ids
             except Exception as e:
                 print_warning(f"Failed to load account configuration from {config_path}: {e}")
-        
+
         # Fall back to Organizations API discovery
         try:
             print_info("Discovering accounts via AWS Organizations API...")

runbooks/security/config/__init__.py

@@ -18,7 +18,7 @@ from .compliance_config import (
 
 __all__ = [
     "ComplianceConfiguration",
-    "UniversalComplianceConfig", 
+    "UniversalComplianceConfig",
     "get_universal_compliance_config",
     "reset_compliance_config",
-]
+]

runbooks/security/config/compliance_config.py

@@ -3,13 +3,13 @@
 Universal Compliance Configuration Management
 ============================================
 
-This module provides enterprise-grade compliance configuration management 
-that eliminates hardcoded values and supports dynamic configuration across 
+This module provides enterprise-grade compliance configuration management
+that eliminates hardcoded values and supports dynamic configuration across
 all compliance frameworks.
 
 Features:
 - Environment variable configuration
-- Configuration file support  
+- Configuration file support
 - Framework-specific defaults
 - Universal profile compatibility
 - No hardcoded compliance weights or thresholds
@@ -29,7 +29,7 @@ from runbooks.common.rich_utils import console
 @dataclass
 class ComplianceConfiguration:
     """Universal compliance configuration container."""
-    
+
     control_weights: Dict[str, float] = field(default_factory=dict)
     framework_thresholds: Dict[str, float] = field(default_factory=dict)
     assessment_frequencies: Dict[str, str] = field(default_factory=dict)
@@ -39,48 +39,48 @@ class ComplianceConfiguration:
 class UniversalComplianceConfig:
     """
     Universal compliance configuration manager that works with ANY AWS setup.
-    
+
     Configuration Priority Order:
     1. Environment variables (highest priority)
     2. Configuration file (COMPLIANCE_CONFIG_PATH)
     3. Framework defaults (fallback)
-    
+
     No hardcoded values - fully configurable for any enterprise environment.
     """
-    
+
     def __init__(self, config_path: Optional[str] = None):
         """Initialize universal compliance configuration."""
         self.config_path = config_path or os.getenv("COMPLIANCE_CONFIG_PATH")
         self.config = self._load_configuration()
-    
+
     def _load_configuration(self) -> ComplianceConfiguration:
         """Load compliance configuration from all sources."""
         config = ComplianceConfiguration()
-        
+
         # Load from configuration file if available
         if self.config_path and os.path.exists(self.config_path):
             try:
-                with open(self.config_path, 'r') as f:
+                with open(self.config_path, "r") as f:
                     file_config = json.load(f)
-                    
+
                 config.control_weights.update(file_config.get("control_weights", {}))
                 config.framework_thresholds.update(file_config.get("framework_thresholds", {}))
                 config.assessment_frequencies.update(file_config.get("assessment_frequencies", {}))
                 config.remediation_priorities.update(file_config.get("remediation_priorities", {}))
-                
+
                 console.log(f"[green]Loaded compliance configuration from: {self.config_path}[/]")
-                
+
             except Exception as e:
                 console.log(f"[yellow]Warning: Failed to load compliance config from {self.config_path}: {e}[/]")
-        
+
         # Override with environment variables (highest priority)
         self._load_environment_overrides(config)
-        
+
         return config
-    
+
     def _load_environment_overrides(self, config: ComplianceConfiguration) -> None:
         """Load configuration overrides from environment variables."""
-        
+
         # Load control weights from environment
         for env_var in os.environ:
             if env_var.startswith("COMPLIANCE_WEIGHT_"):
@@ -91,7 +91,7 @@ class UniversalComplianceConfig:
                     console.log(f"[dim cyan]Environment override: {control_id} weight = {weight}[/]")
                 except ValueError:
                     console.log(f"[yellow]Warning: Invalid weight in {env_var}: {os.environ[env_var]}[/]")
-        
+
         # Load framework thresholds from environment
         for env_var in os.environ:
             if env_var.startswith("COMPLIANCE_THRESHOLD_"):
@@ -102,89 +102,89 @@ class UniversalComplianceConfig:
                     console.log(f"[dim cyan]Environment override: {framework} threshold = {threshold}[/]")
                 except ValueError:
                     console.log(f"[yellow]Warning: Invalid threshold in {env_var}: {os.environ[env_var]}[/]")
-    
+
     def get_control_weight(self, control_id: str, framework_default: float = 1.0) -> float:
         """
         Get compliance weight for control with universal fallback.
-        
+
         Args:
             control_id: Control identifier (e.g., "SEC-1", "CC6.1")
             framework_default: Framework-specific default weight
-            
+
         Returns:
             float: Compliance weight for the control
         """
         # Normalize control ID for lookup
         normalized_id = control_id.lower().replace(".", "-")
-        
+
         # Check configuration sources in priority order
         if normalized_id in self.config.control_weights:
             return self.config.control_weights[normalized_id]
-        
+
         # Use framework default
         return framework_default
-    
+
     def get_framework_threshold(self, framework: str, default_threshold: float = 90.0) -> float:
         """
         Get compliance threshold for framework with universal fallback.
-        
+
         Args:
             framework: Framework identifier (e.g., "aws-well-architected", "soc2-type-ii")
             default_threshold: Default threshold if not configured
-            
+
         Returns:
             float: Compliance threshold for the framework
         """
         # Normalize framework name for lookup
         normalized_framework = framework.lower().replace("_", "-")
-        
+
         # Check configuration sources in priority order
         if normalized_framework in self.config.framework_thresholds:
             return self.config.framework_thresholds[normalized_framework]
-        
+
         # Use default threshold
         return default_threshold
-    
+
     def get_assessment_frequency(self, control_id: str, default_frequency: str = "monthly") -> str:
         """
         Get assessment frequency for control with universal fallback.
-        
+
         Args:
             control_id: Control identifier
             default_frequency: Default frequency if not configured
-            
+
         Returns:
             str: Assessment frequency for the control
         """
         normalized_id = control_id.lower().replace(".", "-")
-        
+
         if normalized_id in self.config.assessment_frequencies:
             return self.config.assessment_frequencies[normalized_id]
-        
+
         return default_frequency
-    
+
     def get_remediation_priority(self, control_id: str, default_priority: int = 3) -> int:
         """
         Get remediation priority for control with universal fallback.
-        
+
         Args:
             control_id: Control identifier
             default_priority: Default priority if not configured (1=highest, 5=lowest)
-            
+
         Returns:
             int: Remediation priority for the control
         """
         normalized_id = control_id.lower().replace(".", "-")
-        
+
         if normalized_id in self.config.remediation_priorities:
             return self.config.remediation_priorities[normalized_id]
-        
+
         return default_priority
-    
+
     def export_configuration_template(self, output_path: str) -> None:
         """
         Export a configuration template for enterprise customization.
-        
+
         Args:
             output_path: Path to save the configuration template
         """
@@ -195,7 +195,7 @@ class UniversalComplianceConfig:
                 "cc6-1": 3.0,
                 "cc6-2": 2.5,
                 "pci-1": 2.0,
-                "hipaa-164-312-a-1": 2.5
+                "hipaa-164-312-a-1": 2.5,
             },
             "framework_thresholds": {
                 "aws-well-architected": 90.0,
@@ -204,24 +204,24 @@ class UniversalComplianceConfig:
                 "hipaa": 95.0,
                 "nist-cybersecurity": 90.0,
                 "iso-27001": 85.0,
-                "cis-benchmarks": 88.0
+                "cis-benchmarks": 88.0,
             },
             "assessment_frequencies": {
                 "critical-controls": "weekly",
-                "high-controls": "monthly", 
+                "high-controls": "monthly",
                 "medium-controls": "quarterly",
-                "low-controls": "annually"
+                "low-controls": "annually",
             },
             "remediation_priorities": {
                 "critical-controls": 1,
                 "high-controls": 2,
                 "medium-controls": 3,
-                "low-controls": 4
-            }
+                "low-controls": 4,
+            },
         }
-        
+
         try:
-            with open(output_path, 'w') as f:
+            with open(output_path, "w") as f:
                 json.dump(template, f, indent=2)
             console.log(f"[green]Configuration template exported to: {output_path}[/]")
         except Exception as e:
@@ -249,7 +249,7 @@ def reset_compliance_config() -> None:
 # Export public interface
 __all__ = [
     "ComplianceConfiguration",
-    "UniversalComplianceConfig", 
+    "UniversalComplianceConfig",
     "get_universal_compliance_config",
     "reset_compliance_config",
-]
+]

runbooks/security/config_template_generator.py

@@ -3,12 +3,12 @@
 Configuration Template Generator for Security and Remediation Modules
 ====================================================================
 
-This utility generates configuration templates for enterprise security and 
+This utility generates configuration templates for enterprise security and
 remediation operations, eliminating the need for hardcoded values.
 
 Features:
 - Compliance weight configuration templates
-- Account discovery configuration templates  
+- Account discovery configuration templates
 - Framework threshold configuration templates
 - Environment variable examples
 - Complete setup documentation
@@ -29,91 +29,79 @@ from runbooks.common.rich_utils import console, create_panel, print_info, print_
 
 class SecurityConfigTemplateGenerator:
     """Generate configuration templates for security and remediation modules."""
-    
+
     def __init__(self, output_dir: str = "./artifacts/security/config"):
         """Initialize template generator."""
         self.output_dir = Path(output_dir)
         self.output_dir.mkdir(parents=True, exist_ok=True)
-    
+
     def generate_compliance_config_template(self) -> Dict:
         """Generate compliance configuration template."""
         return {
             "_description": "Universal Compliance Configuration Template",
             "_usage": "Set COMPLIANCE_CONFIG_PATH environment variable to point to this file",
-            
             "control_weights": {
                 "_description": "Control weights for compliance scoring (1.0 = normal, 2.0 = double weight)",
-                
                 "aws_well_architected": {
                     "sec-1": 2.0,  # Identity Foundation
                     "sec-2": 1.5,  # Security at All Layers
                     "sec-3": 2.5,  # Data Protection
                     "sec-4": 1.8,  # Incident Response
-                    "sec-5": 1.2   # Network Security
+                    "sec-5": 1.2,  # Network Security
                 },
-                
                 "soc2_type_ii": {
                     "cc6-1": 3.0,  # Access Controls (Critical)
                     "cc6-2": 2.5,  # Authentication
                     "cc6-3": 2.0,  # Authorization
                     "cc7-1": 2.2,  # System Operations
-                    "cc8-1": 1.8   # Change Management
+                    "cc8-1": 1.8,  # Change Management
                 },
-                
                 "pci_dss": {
-                    "pci-1": 2.0,   # Network Security
-                    "pci-2": 2.5,   # System Security
-                    "pci-3": 3.0,   # Data Protection (Critical)
-                    "pci-4": 2.0,   # Transmission Security
-                    "pci-6": 1.5    # Secure Systems
+                    "pci-1": 2.0,  # Network Security
+                    "pci-2": 2.5,  # System Security
+                    "pci-3": 3.0,  # Data Protection (Critical)
+                    "pci-4": 2.0,  # Transmission Security
+                    "pci-6": 1.5,  # Secure Systems
                 },
-                
                 "hipaa": {
                     "hipaa-164-312-a-1": 2.5,  # Access Control
                     "hipaa-164-312-a-2": 2.0,  # Assigned Security
-                    "hipaa-164-312-b": 3.0,    # Audit Controls (Critical)
-                    "hipaa-164-312-c": 2.8,    # Integrity
-                    "hipaa-164-312-d": 1.5     # Person Authentication
-                }
+                    "hipaa-164-312-b": 3.0,  # Audit Controls (Critical)
+                    "hipaa-164-312-c": 2.8,  # Integrity
+                    "hipaa-164-312-d": 1.5,  # Person Authentication
+                },
             },
-            
             "framework_thresholds": {
                 "_description": "Minimum compliance scores required for each framework (percentage)",
-                
                 "aws-well-architected": 90.0,
                 "soc2-type-ii": 95.0,
-                "pci-dss": 100.0,           # PCI DSS requires perfect compliance
+                "pci-dss": 100.0,  # PCI DSS requires perfect compliance
                 "hipaa": 95.0,
                 "nist-cybersecurity": 90.0,
                 "iso-27001": 90.0,
-                "cis-benchmarks": 88.0
+                "cis-benchmarks": 88.0,
             },
-            
             "assessment_frequencies": {
                 "_description": "How often to assess each control type",
-                
                 "critical-controls": "weekly",
                 "high-controls": "monthly",
-                "medium-controls": "quarterly", 
-                "low-controls": "annually"
+                "medium-controls": "quarterly",
+                "low-controls": "annually",
             },
-            
             "remediation_priorities": {
                 "_description": "Remediation priority levels (1=highest, 5=lowest)",
-                
                 "critical-controls": 1,
                 "high-controls": 2,
                 "medium-controls": 3,
-                "low-controls": 4
-            }
+                "low-controls": 4,
+            },
         }
-    
+
     def generate_account_config_template(self) -> Dict:
         """Generate account discovery configuration template."""
         return {
             "_description": "Universal Account Discovery Configuration Template",
             "_usage": "Set REMEDIATION_ACCOUNT_CONFIG environment variable to point to this file",
-            
             "target_accounts": [
                 {
                     "account_id": "111122223333",
@@ -122,43 +110,41 @@ class SecurityConfigTemplateGenerator:
                     "email": "prod@company.com",
                     "profile_name": "prod-profile",
                     "environment": "production",
-                    "criticality": "high"
+                    "criticality": "high",
                 },
                 {
                     "account_id": "444455556666",
-                    "account_name": "Staging Environment", 
+                    "account_name": "Staging Environment",
                     "status": "ACTIVE",
                     "email": "staging@company.com",
                     "profile_name": "staging-profile",
                     "environment": "staging",
-                    "criticality": "medium"
+                    "criticality": "medium",
                 },
                 {
                     "account_id": "777788889999",
                     "account_name": "Development Environment",
-                    "status": "ACTIVE", 
+                    "status": "ACTIVE",
                     "email": "dev@company.com",
                     "profile_name": "dev-profile",
                     "environment": "development",
-                    "criticality": "low"
-                }
+                    "criticality": "low",
+                },
             ],
-            
             "discovery_settings": {
                 "max_concurrent_accounts": 10,
                 "validation_timeout_seconds": 30,
                 "include_suspended_accounts": False,
                 "auto_discover_via_organizations": True,
-                "fallback_to_current_account": True
+                "fallback_to_current_account": True,
             },
-            
             "filtering_rules": {
                 "include_patterns": ["prod-*", "staging-*"],
                 "exclude_patterns": ["test-*", "sandbox-*"],
-                "max_accounts": 50
-            }
+                "max_accounts": 50,
+            },
         }
-    
+
     def generate_environment_variables_template(self) -> str:
         """Generate environment variables template."""
         return """# Universal Security and Remediation Configuration
@@ -221,7 +207,7 @@ export COMPLIANCE_CACHE_TTL="3600"
 # Export compliance configuration template
 # runbooks security export-config-template --output-dir ./config
 """
-    
+
     def generate_setup_documentation(self) -> str:
         """Generate complete setup documentation."""
         return """# Universal Security and Remediation Module Setup Guide
@@ -426,7 +412,7 @@ runbooks security export-metrics --output ./metrics/
 
 This configuration system eliminates ALL hardcoded values and provides universal compatibility with any AWS environment.
 """
-    
+
     def generate_all_templates(self) -> None:
         """Generate all configuration templates."""
         console.print(
@@ -437,58 +423,59 @@ This configuration system eliminates ALL hardcoded values and provides universal
                 border_style="cyan",
             )
         )
-        
+
         # Generate compliance configuration
         compliance_config = self.generate_compliance_config_template()
         compliance_path = self.output_dir / "compliance_config.json"
-        with open(compliance_path, 'w') as f:
+        with open(compliance_path, "w") as f:
             json.dump(compliance_config, f, indent=2)
         print_success(f"Generated compliance configuration: {compliance_path}")
-        
+
         # Generate account configuration
         account_config = self.generate_account_config_template()
         account_path = self.output_dir / "account_config.json"
-        with open(account_path, 'w') as f:
+        with open(account_path, "w") as f:
             json.dump(account_config, f, indent=2)
         print_success(f"Generated account configuration: {account_path}")
-        
+
         # Generate environment variables template
         env_template = self.generate_environment_variables_template()
         env_path = self.output_dir / "environment_variables.sh"
-        with open(env_path, 'w') as f:
+        with open(env_path, "w") as f:
             f.write(env_template)
         print_success(f"Generated environment variables template: {env_path}")
-        
+
         # Generate setup documentation
         setup_docs = self.generate_setup_documentation()
         docs_path = self.output_dir / "SETUP_GUIDE.md"
-        with open(docs_path, 'w') as f:
+        with open(docs_path, "w") as f:
             f.write(setup_docs)
         print_success(f"Generated setup documentation: {docs_path}")
-        
+
         # Generate summary
-        console.print("\n" + create_panel(
-            f"[bold green]Configuration templates generated successfully![/bold green]\n\n"
-            f"[cyan]Files created in {self.output_dir}:[/cyan]\n"
-            f"• compliance_config.json - Compliance weights and thresholds\n"
-            f"• account_config.json - Account discovery configuration\n"
-            f"• environment_variables.sh - Environment variable examples\n"
-            f"• SETUP_GUIDE.md - Complete setup documentation\n\n"
-            f"[yellow]Next steps:[/yellow]\n"
-            f"1. Review and customize the configuration files\n"
-            f"2. Set environment variables or use config files\n"
-            f"3. Run: runbooks security assess --help\n"
-            f"4. Run: runbooks remediation --help",
-            title="✅ Templates Ready",
-            border_style="green",
-        ))
+        console.print(
+            "\n"
+            + create_panel(
+                f"[bold green]Configuration templates generated successfully![/bold green]\n\n"
+                f"[cyan]Files created in {self.output_dir}:[/cyan]\n"
+                f"• compliance_config.json - Compliance weights and thresholds\n"
+                f"• account_config.json - Account discovery configuration\n"
+                f"• environment_variables.sh - Environment variable examples\n"
+                f"• SETUP_GUIDE.md - Complete setup documentation\n\n"
+                f"[yellow]Next steps:[/yellow]\n"
+                f"1. Review and customize the configuration files\n"
+                f"2. Set environment variables or use config files\n"
+                f"3. Run: runbooks security assess --help\n"
+                f"4. Run: runbooks remediation --help",
+                title="✅ Templates Ready",
+                border_style="green",
+            )
+        )
 
 
 @click.command()
 @click.option(
-    "--output-dir",
-    default="./artifacts/security/config",
-    help="Output directory for configuration templates"
+    "--output-dir", default="./artifacts/security/config", help="Output directory for configuration templates"
 )
 def generate_config_templates(output_dir: str):
     """Generate universal configuration templates for security and remediation modules."""
@@ -497,4 +484,4 @@ def generate_config_templates(output_dir: str):
 
 
 if __name__ == "__main__":
-    generate_config_templates()
+    generate_config_templates()