runbooks 1.1.4__py3-none-any.whl → 1.1.6__py3-none-any.whl

runbooks/cli/commands/inventory.py

@@ -9,12 +9,44 @@ Preserves 100% functionality while reducing main.py context overhead.
 """
 
 import click
-from rich.console import Console
+import os
+import sys
 
 # Import common utilities and decorators
 from runbooks.common.decorators import common_aws_options, common_output_options, common_filter_options
 
-console = Console()
+# Test Mode Support: Disable Rich Console in test environments to prevent I/O conflicts
+# Issue: Rich Console writes to StringIO buffer that Click CliRunner closes, causing ValueError
+# Solution: Use plain print() in test mode (RUNBOOKS_TEST_MODE=1), Rich Console in production
+USE_RICH = os.getenv("RUNBOOKS_TEST_MODE") != "1"
+
+if USE_RICH:
+    from rich.console import Console
+
+    console = Console()
+else:
+    # Mock Rich Console for testing - plain text output compatible with Click CliRunner
+    class MockConsole:
+        """Mock console that prints to stdout without Rich formatting."""
+
+        def print(self, *args, **kwargs):
+            """Mock print that outputs plain text to stdout."""
+            if args:
+                # Extract text content from Rich markup if present
+                text = str(args[0]) if args else ""
+                # Remove Rich markup tags for plain output
+                import re
+
+                text = re.sub(r"\[.*?\]", "", text)
+                print(text, file=sys.stdout)
+
+        def __enter__(self):
+            return self
+
+        def __exit__(self, *args):
+            pass
+
+    console = MockConsole()
 
 
 def create_inventory_group():
@@ -32,7 +64,7 @@ def create_inventory_group():
     @common_output_options
     @common_filter_options
     @click.pass_context
-    def inventory(ctx, profile, region, dry_run, output, output_file, tags, accounts, regions):
+    def inventory(ctx, profile, region, dry_run, output_format, output_file, tags, accounts, regions):
         """
         Universal AWS resource discovery and inventory - works with ANY AWS environment.
 
@@ -49,16 +81,20 @@ def create_inventory_group():
             runbooks inventory collect                           # Use default profile
             runbooks inventory collect --profile my-profile      # Use specific profile
             runbooks inventory collect --resources ec2,rds       # Specific resources
-            runbooks inventory collect --all-accounts            # Multi-account (if Organizations access)
+            runbooks inventory collect --all-profiles            # Multi-account (if Organizations access)
             runbooks inventory collect --tags Environment=prod   # Filtered discovery
         """
+        # Ensure context object exists
+        if ctx.obj is None:
+            ctx.obj = {}
+
         # Update context with inventory-specific options
         ctx.obj.update(
             {
                 "profile": profile,
                 "region": region,
                 "dry_run": dry_run,
-                "output": output,
+                "output_format": output_format,
                 "output_file": output_file,
                 "tags": tags,
                 "accounts": accounts,
@@ -70,27 +106,71 @@ def create_inventory_group():
             click.echo(ctx.get_help())
 
     @inventory.command()
-    @common_aws_options
     @click.option("--resources", "-r", multiple=True, help="Resource types (ec2, rds, lambda, s3, etc.)")
     @click.option("--all-resources", is_flag=True, help="Collect all resource types")
-    @click.option("--all-accounts", is_flag=True, help="Collect from all organization accounts")
+    @click.option("--all-profiles", is_flag=True, help="Collect from all organization accounts")
+    @click.option("--all-regions", is_flag=True, help="Execute inventory collection across all AWS regions")
     @click.option("--include-costs", is_flag=True, help="Include cost information")
+    @click.option(
+        "--include-cost-analysis", "include_costs", is_flag=True, hidden=True, help="Alias for --include-costs"
+    )
+    @click.option(
+        "--include-security-analysis", "include_security", is_flag=True, help="Include security analysis in inventory"
+    )
+    @click.option(
+        "--include-cost-recommendations",
+        "include_cost_recommendations",
+        is_flag=True,
+        help="Include cost optimization recommendations",
+    )
     @click.option("--parallel", is_flag=True, default=True, help="Enable parallel collection")
     @click.option("--validate", is_flag=True, default=False, help="Enable MCP validation for ≥99.5% accuracy")
-    @click.option("--validate-all", is_flag=True, default=False, help="Enable comprehensive 3-way validation: runbooks + MCP + terraform")
-    @click.option("--all", is_flag=True, help="Use all available AWS profiles for multi-account collection (enterprise scaling)")
+    @click.option(
+        "--validate-all",
+        is_flag=True,
+        default=False,
+        help="Enable comprehensive 3-way validation: runbooks + MCP + terraform",
+    )
+    @click.option(
+        "--all", is_flag=True, help="Use all available AWS profiles for multi-account collection (enterprise scaling)"
+    )
     @click.option("--combine", is_flag=True, help="Combine results from the same AWS account")
     @click.option("--csv", is_flag=True, help="Generate CSV export (convenience flag for --export-format csv)")
     @click.option("--json", is_flag=True, help="Generate JSON export (convenience flag for --export-format json)")
     @click.option("--pdf", is_flag=True, help="Generate PDF export (convenience flag for --export-format pdf)")
-    @click.option("--markdown", is_flag=True, help="Generate markdown export (convenience flag for --export-format markdown)")
-    @click.option("--export-format", type=click.Choice(['json', 'csv', 'markdown', 'pdf', 'yaml']),
-                  help="Export format for results (convenience flags take precedence)")
+    @click.option(
+        "--markdown", is_flag=True, help="Generate markdown export (convenience flag for --export-format markdown)"
+    )
+    @click.option(
+        "--export-format",
+        type=click.Choice(["json", "csv", "markdown", "pdf", "yaml"]),
+        help="Export format for results (convenience flags take precedence)",
+    )
     @click.option("--output-dir", default="./awso_evidence", help="Output directory for exports")
     @click.option("--report-name", help="Base name for export files (without extension)")
     @click.pass_context
-    def collect(ctx, profile, region, dry_run, resources, all_resources, all_accounts, include_costs, parallel, validate, validate_all,
-               all, combine, csv, json, pdf, markdown, export_format, output_dir, report_name):
+    def collect(
+        ctx,
+        resources,
+        all_resources,
+        all_profiles,
+        all_regions,
+        include_costs,
+        include_security,
+        include_cost_recommendations,
+        parallel,
+        validate,
+        validate_all,
+        all,
+        combine,
+        csv,
+        json,
+        pdf,
+        markdown,
+        export_format,
+        output_dir,
+        report_name,
+    ):
         """
         🔍 Universal AWS resource inventory collection - works with ANY AWS environment.
 
@@ -112,7 +192,7 @@ def create_inventory_group():
             # Universal compatibility - works with any AWS setup
             runbooks inventory collect                                    # Default profile
             runbooks inventory collect --profile my-aws-profile           # Any profile
-            runbooks inventory collect --all-accounts                     # Auto-detects Organizations
+            runbooks inventory collect --all-profiles                     # Auto-detects Organizations
 
             # Resource-specific discovery
             runbooks inventory collect --resources ec2,rds,s3             # Specific services
@@ -123,7 +203,12 @@ def create_inventory_group():
             runbooks inventory collect --profile prod --validate --markdown
         """
         try:
-            from runbooks.inventory.collector import run_inventory_collection
+            from runbooks.inventory.core.collector import run_inventory_collection
+
+            # Access group-level AWS options from context (Bug #1 fix: profile override priority)
+            profile = ctx.obj.get('profile')
+            region = ctx.obj.get('region')
+            dry_run = ctx.obj.get('dry_run', False)
 
             # Enhanced context for inventory collection
             context_args = {
@@ -132,8 +217,11 @@ def create_inventory_group():
                 "dry_run": dry_run,
                 "resources": resources,
                 "all_resources": all_resources,
-                "all_accounts": all_accounts,
+                "all_profiles": all_profiles,
+                "all_regions": all_regions,
                 "include_costs": include_costs,
+                "include_security": include_security,
+                "include_cost_recommendations": include_cost_recommendations,
                 "parallel": parallel,
                 "validate": validate,
                 "validate_all": validate_all,
@@ -141,7 +229,7 @@ def create_inventory_group():
                 "combine": combine,
                 "export_formats": [],
                 "output_dir": output_dir,
-                "report_name": report_name
+                "report_name": report_name,
             }
 
             # Handle export format flags
@@ -171,32 +259,40 @@ def create_inventory_group():
             raise click.ClickException(str(e))
 
     @inventory.command()
-    @click.option("--resource-types", multiple=True,
-                  type=click.Choice(['ec2', 's3', 'rds', 'lambda', 'vpc', 'iam']),
-                  default=['ec2', 's3', 'vpc'],
-                  help="Resource types to validate")
-    @click.option("--test-mode", is_flag=True, default=True,
-                  help="Run in test mode with sample data")
+    @click.option(
+        "--resource-types",
+        multiple=True,
+        type=click.Choice(["ec2", "s3", "rds", "lambda", "vpc", "iam"]),
+        default=["ec2", "s3", "vpc"],
+        help="Resource types to validate",
+    )
+    @click.option("--test-mode", is_flag=True, default=True, help="Run in test mode with sample data")
+    @click.option(
+        "--real-validation",
+        is_flag=True,
+        default=False,
+        help="Run validation against real AWS APIs (requires valid profiles)",
+    )
     @click.pass_context
-    def validate_mcp(ctx, resource_types, test_mode):
+    def validate_mcp(ctx, resource_types, test_mode, real_validation):
         """Test inventory MCP validation functionality."""
         try:
             from runbooks.inventory.mcp_inventory_validator import create_inventory_mcp_validator
             from runbooks.common.profile_utils import get_profile_for_operation
 
+            # Access profile from group-level context (Bug #3 fix: profile override support)
+            profile = ctx.obj.get('profile')
+
             console.print(f"[blue]🔍 Testing Inventory MCP Validation[/blue]")
-            console.print(f"[dim]Profile: {ctx.obj['profile']} | Resources: {', '.join(resource_types)}[/dim]")
+            console.print(f"[dim]Profile: {profile or 'environment fallback'} | Resources: {', '.join(resource_types)} | Test mode: {test_mode}[/dim]")
 
             # Initialize validator
-            operational_profile = get_profile_for_operation("operational", ctx.obj['profile'])
+            operational_profile = get_profile_for_operation("operational", profile)
             validator = create_inventory_mcp_validator([operational_profile])
 
             # Test with sample data
             sample_data = {
-                operational_profile: {
-                    "resource_counts": {rt: 5 for rt in resource_types},
-                    "regions": ["us-east-1"]
-                }
+                operational_profile: {"resource_counts": {rt: 5 for rt in resource_types}, "regions": ["us-east-1"]}
             }
 
             console.print("[dim]Running validation test...[/dim]")
@@ -206,7 +302,9 @@ def create_inventory_group():
             if validation_results.get("passed_validation", False):
                 console.print(f"[green]✅ MCP Validation test completed: {accuracy:.1f}% accuracy[/green]")
             else:
-                console.print(f"[yellow]⚠️ MCP Validation test: {accuracy:.1f}% accuracy (demonstrates validation capability)[/yellow]")
+                console.print(
+                    f"[yellow]⚠️ MCP Validation test: {accuracy:.1f}% accuracy (demonstrates validation capability)[/yellow]"
+                )
 
             console.print(f"[dim]💡 Use 'runbooks inventory collect --validate' for real-time validation[/dim]")
 
@@ -214,63 +312,9 @@ def create_inventory_group():
             console.print(f"[red]❌ MCP validation test failed: {e}[/red]")
             raise click.ClickException(str(e))
 
-    @inventory.command("rds-snapshots")
-    @common_aws_options
-    @click.option("--all", is_flag=True, help="Use all available AWS profiles for multi-account collection")
-    @click.option("--combine", is_flag=True, help="Combine results from the same AWS account")
-    @click.option("--export-format", type=click.Choice(['json', 'csv', 'markdown', 'table']),
-                  default='table', help="Export format for results")
-    @click.option("--output-dir", default="./awso_evidence", help="Output directory for exports")
-    @click.option("--filter-account", help="Filter snapshots by specific account ID")
-    @click.option("--filter-status", help="Filter snapshots by status (available, creating, deleting)")
-    @click.option("--max-age-days", type=int, help="Filter snapshots older than specified days")
-    @click.pass_context
-    def discover_rds_snapshots(ctx, profile, region, dry_run, all, combine, export_format,
-                              output_dir, filter_account, filter_status, max_age_days):
-        """
-        🔍 Discover RDS snapshots using AWS Config organization-aggregator.
-
-        ✅ Enhanced Cross-Account Discovery:
-        - Leverages AWS Config organization-aggregator for cross-account access
-        - Multi-region discovery across 7 key AWS regions
-        - Intelligent Organizations detection with graceful standalone fallback
-        - Multi-format exports: JSON, CSV, Markdown, Table
-
-        Profile Priority: User > Environment > Default
-        Universal AWS compatibility with any profile configuration
-
-        Examples:
-            runbooks inventory rds-snapshots                              # Default profile
-            runbooks inventory rds-snapshots --profile org-profile        # Organizations profile
-            runbooks inventory rds-snapshots --all --combine              # Multi-account discovery
-            runbooks inventory rds-snapshots --filter-status available    # Filter by status
-            runbooks inventory rds-snapshots --max-age-days 30 --csv      # Recent snapshots
-        """
-        try:
-            from runbooks.inventory.rds_snapshots_discovery import run_rds_snapshots_discovery
-
-            # Enhanced context for RDS snapshots discovery
-            context_args = {
-                "profile": profile,
-                "region": region,
-                "dry_run": dry_run,
-                "all": all,
-                "combine": combine,
-                "export_format": export_format,
-                "output_dir": output_dir,
-                "filter_account": filter_account,
-                "filter_status": filter_status,
-                "max_age_days": max_age_days
-            }
-
-            # Run RDS snapshots discovery
-            return run_rds_snapshots_discovery(**context_args)
-
-        except ImportError as e:
-            console.print(f"[red]❌ RDS snapshots discovery module not available: {e}[/red]")
-            raise click.ClickException("RDS snapshots discovery functionality not available")
-        except Exception as e:
-            console.print(f"[red]❌ RDS snapshots discovery failed: {e}[/red]")
-            raise click.ClickException(str(e))
+    # NOTE: rds-snapshots command removed in v1.1.6 (Bug #2 fix: phantom command elimination)
+    # Reason: Module rds_snapshots_discovery.py doesn't exist (was never implemented)
+    # Future work: Implement proper RDS snapshots discovery in v1.2.0
+    # See: artifacts/future-work/rds-snapshots-discovery-v1.2.0.md
 
-    return inventory
+    return inventory

runbooks/cli/commands/operate.py

@@ -84,11 +84,7 @@ def create_operate_group():
             resolved_profile = get_profile_for_operation("operational", profile)
 
             # Delegate to operate module with resolved profile
-            ec2_ops = EC2Operations(
-                profile=resolved_profile,
-                region=region,
-                dry_run=dry_run
-            )
+            ec2_ops = EC2Operations(profile=resolved_profile, region=region, dry_run=dry_run)
 
             return ec2_ops.start_instances(list(instance_ids))
 
@@ -118,11 +114,7 @@ def create_operate_group():
             # Use ProfileManager for dynamic profile resolution
             resolved_profile = get_profile_for_operation("operational", profile)
 
-            ec2_ops = EC2Operations(
-                profile=resolved_profile,
-                region=region,
-                dry_run=dry_run
-            )
+            ec2_ops = EC2Operations(profile=resolved_profile, region=region, dry_run=dry_run)
 
             return ec2_ops.stop_instances(list(instance_ids))
 
@@ -157,17 +149,13 @@ def create_operate_group():
             # Use ProfileManager for dynamic profile resolution
             resolved_profile = get_profile_for_operation("operational", profile)
 
-            s3_ops = S3Operations(
-                profile=resolved_profile,
-                region=region,
-                dry_run=dry_run
-            )
+            s3_ops = S3Operations(profile=resolved_profile, region=region, dry_run=dry_run)
 
             return s3_ops.create_bucket(
                 bucket_name=bucket_name,
                 encryption=encryption,
                 versioning=versioning,
-                public_access_block=public_access_block
+                public_access_block=public_access_block,
             )
 
         except ImportError as e:
@@ -199,16 +187,9 @@ def create_operate_group():
             # Use ProfileManager for dynamic profile resolution
             resolved_profile = get_profile_for_operation("operational", profile)
 
-            vpc_ops = VPCOperations(
-                profile=resolved_profile,
-                region=region,
-                dry_run=dry_run
-            )
+            vpc_ops = VPCOperations(profile=resolved_profile, region=region, dry_run=dry_run)
 
-            return vpc_ops.create_vpc(
-                cidr_block=cidr_block,
-                vpc_name=vpc_name
-            )
+            return vpc_ops.create_vpc(cidr_block=cidr_block, vpc_name=vpc_name)
 
         except ImportError as e:
             console.print(f"[red]❌ VPC operations module not available: {e}[/red]")
@@ -240,17 +221,9 @@ def create_operate_group():
             # Use ProfileManager for dynamic profile resolution
             resolved_profile = get_profile_for_operation("operational", profile)
 
-            cf_ops = CloudFormationOperations(
-                profile=resolved_profile,
-                region=region,
-                dry_run=dry_run
-            )
+            cf_ops = CloudFormationOperations(profile=resolved_profile, region=region, dry_run=dry_run)
 
-            return cf_ops.deploy_stack(
-                template_file=template_file,
-                stack_name=stack_name,
-                parameters=parameters
-            )
+            return cf_ops.deploy_stack(template_file=template_file, stack_name=stack_name, parameters=parameters)
 
         except ImportError as e:
             console.print(f"[red]❌ CloudFormation operations module not available: {e}[/red]")
@@ -263,4 +236,4 @@ def create_operate_group():
     # This is a representative sample showing the modular pattern
     # Complete extraction would include: DynamoDB, Lambda, NAT Gateway, etc.
 
-    return operate
+    return operate

runbooks/cli/commands/security.py

@@ -56,15 +56,25 @@ def create_security_group():
 
     @security.command()
     @common_aws_options
-    @click.option("--framework", type=click.Choice(['soc2', 'pci-dss', 'hipaa', 'iso27001', 'well-architected']),
-                  multiple=True, help="Compliance frameworks to assess")
+    @click.option(
+        "--framework",
+        type=click.Choice(["soc2", "pci-dss", "hipaa", "iso27001", "well-architected"]),
+        multiple=True,
+        help="Compliance frameworks to assess",
+    )
     @click.option("--all-checks", is_flag=True, help="Run all available security checks")
-    @click.option("--severity", type=click.Choice(['critical', 'high', 'medium', 'low']),
-                  help="Filter by minimum severity level")
-    @click.option("--export-format", type=click.Choice(['json', 'csv', 'pdf', 'markdown']),
-                  help="Export format for results")
-    @click.option("--language", type=click.Choice(['en', 'ja', 'ko', 'vi']), default='en',
-                  help="Report language (English, Japanese, Korean, Vietnamese)")
+    @click.option(
+        "--severity", type=click.Choice(["critical", "high", "medium", "low"]), help="Filter by minimum severity level"
+    )
+    @click.option(
+        "--export-format", type=click.Choice(["json", "csv", "pdf", "markdown"]), help="Export format for results"
+    )
+    @click.option(
+        "--language",
+        type=click.Choice(["en", "ja", "ko", "vi"]),
+        default="en",
+        help="Report language (English, Japanese, Korean, Vietnamese)",
+    )
     @click.option("--all", is_flag=True, help="Use all available AWS profiles for multi-account security assessment")
     @click.pass_context
     def assess(ctx, profile, region, dry_run, framework, all_checks, severity, export_format, language, all):
@@ -97,7 +107,7 @@ def create_security_group():
                 frameworks=list(framework) if framework else None,
                 all_checks=all_checks,
                 severity_filter=severity,
-                language=language
+                language=language,
             )
 
             results = assessment.run_comprehensive_assessment()
@@ -116,8 +126,12 @@ def create_security_group():
 
     @security.command()
     @common_aws_options
-    @click.option("--check-type", type=click.Choice(['baseline', 'advanced', 'enterprise']),
-                  default='baseline', help="Security check depth level")
+    @click.option(
+        "--check-type",
+        type=click.Choice(["baseline", "advanced", "enterprise"]),
+        default="baseline",
+        help="Security check depth level",
+    )
     @click.option("--include-remediation", is_flag=True, help="Include remediation recommendations")
     @click.option("--auto-fix", is_flag=True, help="Automatically fix low-risk issues (with approval)")
     @click.option("--all", is_flag=True, help="Use all available AWS profiles for multi-account baseline assessment")
@@ -150,7 +164,7 @@ def create_security_group():
                 region=region,
                 check_type=check_type,
                 include_remediation=include_remediation,
-                auto_fix=auto_fix and not dry_run
+                auto_fix=auto_fix and not dry_run,
             )
 
             baseline_results = baseline_checker.run_baseline_assessment()
@@ -166,10 +180,20 @@ def create_security_group():
 
     @security.command()
     @common_aws_options
-    @click.option("--format", "report_format", type=click.Choice(['pdf', 'html', 'markdown', 'json']),
-                  multiple=True, default=['pdf'], help="Report formats")
-    @click.option("--compliance", type=click.Choice(['soc2', 'pci-dss', 'hipaa', 'iso27001']),
-                  multiple=True, help="Include compliance mapping")
+    @click.option(
+        "--format",
+        "report_format",
+        type=click.Choice(["pdf", "html", "markdown", "json"]),
+        multiple=True,
+        default=["pdf"],
+        help="Report formats",
+    )
+    @click.option(
+        "--compliance",
+        type=click.Choice(["soc2", "pci-dss", "hipaa", "iso27001"]),
+        multiple=True,
+        help="Include compliance mapping",
+    )
     @click.option("--executive-summary", is_flag=True, help="Generate executive summary")
     @click.option("--output-dir", default="./security_reports", help="Output directory")
     @click.option("--all", is_flag=True, help="Use all available AWS profiles for multi-account security reporting")
@@ -201,7 +225,7 @@ def create_security_group():
                 profile=resolved_profile,
                 output_dir=output_dir,
                 compliance_frameworks=list(compliance) if compliance else None,
-                executive_summary=executive_summary
+                executive_summary=executive_summary,
             )
 
             report_results = {}
@@ -221,4 +245,4 @@ def create_security_group():
             console.print(f"[red]❌ Security report generation failed: {e}[/red]")
             raise click.ClickException(str(e))
 
-    return security
+    return security