runbooks 1.1.9__py3-none-any.whl → 1.1.10__py3-none-any.whl

runbooks/inventory/core/collector.py

@@ -288,6 +288,150 @@ class EnhancedInventoryCollector(CloudFoundationsBase):
         """Get current AWS account ID."""
         return self.get_account_id()
 
+    def _display_inventory_summary(self, results: Dict[str, Any]) -> None:
+        """
+        Display actionable inventory summary with business value.
+
+        Transforms technical data collection into executive-ready business intelligence.
+        Shows: Resource counts, cost estimates, security findings, actionable recommendations.
+        """
+        from runbooks.common.rich_utils import console, create_table, print_header, print_info
+
+        # Skip display if no resources collected
+        if not results.get("resources"):
+            print_info("No resources discovered (check AWS permissions)")
+            return
+
+        # Create summary table
+        table = create_table(
+            title="📊 AWS Resource Inventory Summary",
+            columns=[
+                {"header": "Resource Type", "style": "cyan"},
+                {"header": "Count", "style": "green", "justify": "right"},
+                {"header": "Key Findings", "style": "yellow"}
+            ]
+        )
+
+        total_resources = 0
+        findings_summary = []
+
+        # Process each resource type
+        for resource_type, data in results.get("resources", {}).items():
+            if not data:
+                continue
+
+            count = len(data) if isinstance(data, list) else data.get("count", 0)
+            total_resources += count
+
+            # Generate findings for this resource type
+            findings = self._generate_resource_findings(resource_type, data)
+            findings_text = findings if findings else "✅ No issues"
+
+            # Add to table
+            table.add_row(
+                resource_type.upper(),
+                str(count),
+                findings_text
+            )
+
+            # Collect findings for recommendations
+            if findings and findings != "✅ No issues":
+                findings_summary.append({
+                    "resource_type": resource_type,
+                    "finding": findings,
+                    "data": data
+                })
+
+        # Display table
+        console.print("\n")
+        console.print(table)
+
+        # Display summary metrics
+        account_id = results.get("metadata", {}).get("account_ids", ["Unknown"])[0] if results.get("metadata", {}).get("account_ids") else "Unknown"
+        console.print(f"\n📋 Total Resources: [bold]{total_resources}[/bold] across [bold]{len(results.get('resources', {}))}[/bold] services")
+        console.print(f"🏢 Account: [cyan]{account_id}[/cyan]")
+
+        # Display actionable recommendations
+        if findings_summary:
+            console.print("\n💡 [bold]Actionable Recommendations:[/bold]")
+            recommendations = self._generate_actionable_recommendations(findings_summary)
+            for i, rec in enumerate(recommendations[:5], 1):  # Top 5
+                console.print(f"  {i}. {rec}")
+        else:
+            console.print("\n✅ [green]No immediate action items identified[/green]")
+
+        console.print("")  # Blank line for readability
+
+    def _generate_resource_findings(self, resource_type: str, data: Any) -> str:
+        """
+        Generate business-focused findings for a resource type.
+
+        Returns human-readable finding (e.g., "12 stopped instances")
+        NOT technical data (e.g., "state=stopped count=12")
+        """
+        if not data:
+            return "✅ No issues"
+
+        findings = []
+
+        # EC2-specific findings
+        if resource_type == "ec2":
+            if isinstance(data, list):
+                stopped = sum(1 for instance in data if instance.get("State", {}).get("Name") == "stopped")
+                if stopped > 0:
+                    findings.append(f"{stopped} stopped (cost waste)")
+
+                no_tags = sum(1 for instance in data if not instance.get("Tags"))
+                if no_tags > 0:
+                    findings.append(f"{no_tags} untagged (compliance)")
+
+        # S3-specific findings
+        elif resource_type == "s3":
+            if isinstance(data, list):
+                # Note: Would need actual encryption status from API
+                # For now, placeholder for demonstration
+                findings.append("Review encryption status")
+
+        # RDS-specific findings
+        elif resource_type == "rds":
+            if isinstance(data, list):
+                # Placeholder for backup status
+                findings.append("Verify backup configuration")
+
+        return " | ".join(findings) if findings else "✅ No issues"
+
+    def _generate_actionable_recommendations(self, findings_summary: List[Dict]) -> List[str]:
+        """
+        Generate specific, actionable recommendations with commands to run.
+
+        Format: "Action → Business Value (Command to execute)"
+        """
+        recommendations = []
+
+        for finding in findings_summary:
+            resource_type = finding["resource_type"]
+
+            if resource_type == "ec2":
+                if "stopped" in finding["finding"]:
+                    recommendations.append(
+                        "[yellow]Terminate stopped EC2 instances[/yellow] → "
+                        "Reduce compute costs (Review with: [cyan]runbooks operate ec2 list --status stopped[/cyan])"
+                    )
+
+            elif resource_type == "s3":
+                recommendations.append(
+                    "[yellow]Review S3 bucket security[/yellow] → "
+                    "Ensure compliance (Check with: [cyan]runbooks security s3-audit[/cyan])"
+                )
+
+            elif resource_type == "rds":
+                recommendations.append(
+                    "[yellow]Verify RDS backup configuration[/yellow] → "
+                    "Prevent data loss (Check with: [cyan]runbooks operate rds list-backups[/cyan])"
+                )
+
+        return recommendations
+
     def collect_inventory(
         self, resource_types: List[str], account_ids: List[str], include_costs: bool = False,
         resource_filters: Optional[Dict[str, Any]] = None
@@ -440,6 +584,16 @@ class EnhancedInventoryCollector(CloudFoundationsBase):
             else:
                 logger.info(f"Inventory collection completed in {duration:.1f}s")
 
+            # Display business value summary to user (unless in short mode)
+            # Check for short mode flag in resource_filters
+            short_mode = resource_filters.get("short", False) if resource_filters else False
+            if not short_mode:
+                try:
+                    self._display_inventory_summary(results)
+                except Exception as display_error:
+                    # Graceful degradation if display fails - don't break core functionality
+                    logger.warning(f"Failed to display inventory summary: {display_error}")
+
             return results
 
         except Exception as e:
@@ -2876,7 +3030,44 @@ def run_inventory_collection(**kwargs) -> Dict[str, Any]:
     account_ids = [collector.get_current_account_id()]
     if use_all_profiles:
         try:
-            account_ids = collector.get_organization_accounts()
+            # PHASE 3: Enhanced Organizations discovery using proven Phase 2 pattern
+            # Import Organizations discovery functions (DRY reuse from inventory_modules.py)
+            from runbooks.inventory.inventory_modules import get_org_accounts_from_profiles, get_profiles
+
+            console.print("[cyan]🏢 Discovering AWS Organization accounts via Organizations API...[/cyan]")
+
+            # Use management profile for Organizations API access (same as Phase 2)
+            profile_list = get_profiles(fprofiles=[profile] if profile else None)
+            console.print(f"[dim]Querying Organizations API with profile: {profile or 'default'}[/dim]")
+
+            # Get organization accounts using proven FinOps pattern
+            org_accounts = get_org_accounts_from_profiles(profile_list)
+
+            # Extract account IDs from organization accounts (Phase 2 proven pattern)
+            discovered_account_ids = []
+            for acct in org_accounts:
+                if acct.get("Success") and acct.get("RootAcct") and acct.get("aws_acct"):
+                    # Management account
+                    discovered_account_ids.append(acct["aws_acct"].acct_number)
+
+                    # Child accounts in organization
+                    for child in acct["aws_acct"].ChildAccounts:
+                        discovered_account_ids.append(child["AccountId"])
+
+            if discovered_account_ids:
+                account_ids = discovered_account_ids
+                console.print(
+                    f"[green]✅ Discovered {len(account_ids)} organization accounts[/green]"
+                )
+                console.print(
+                    f"[cyan]📊 Analysis Scope: Organization-wide with Landing Zone support[/cyan]\n"
+                )
+                logger.info(f"Organizations discovery successful: {len(account_ids)} accounts")
+            else:
+                console.print(
+                    f"[yellow]⚠️ Organizations discovery returned no accounts, using current account[/yellow]"
+                )
+                logger.warning("Organizations discovery yielded no accounts")
 
             # Apply skip_profiles filtering (v1.1.9 - Group 1: Resource Filtering)
             if skip_profiles:
@@ -2886,8 +3077,17 @@ def run_inventory_collection(**kwargs) -> Dict[str, Any]:
                 logger.info(f"Profile exclusion filter active: {len(skip_profiles)} profiles to skip")
                 # Implementation note: Profile filtering requires profile-to-account mapping
                 # which is typically handled at the CLI layer before collector initialization
+
         except Exception as e:
+            # Graceful fallback to single account on Organizations discovery failure
+            console.print(
+                f"[yellow]⚠️ Organizations discovery error: {e}[/yellow]"
+            )
+            console.print(
+                f"[dim]Falling back to single account mode[/dim]\n"
+            )
             logger.warning(f"Failed to get organization accounts: {e}")
+            account_ids = [collector.get_current_account_id()]
 
     # Collect inventory with resource filters (v1.1.8)
     try:

runbooks/inventory/discovery.md

@@ -21,7 +21,8 @@ Based on real testing with enterprise AWS profiles, the CloudOps-Runbooks invent
 
 ```bash
 # Single resource type (TESTED ✅)
-runbooks inventory collect --resources ec2 --dry-run
+
+
 
 # Multiple resources (TESTED ✅)
 runbooks inventory collect --resources ec2,rds,s3,lambda --dry-run

runbooks/inventory/{draw_org_structure.py → draw_org.py}

@@ -57,9 +57,10 @@ from time import time
 from typing import Any, Dict, List, Optional
 
 import boto3
-from ArgumentsClass import CommonArguments
+from runbooks.inventory.ArgumentsClass import CommonArguments
 from runbooks.common.rich_utils import console
 from graphviz import Digraph
+from runbooks import __version__
 
 # Optional imports for enhanced features
 try:
@@ -72,7 +73,6 @@ except ImportError:
     JUPYTER_AVAILABLE = False
     logging.debug("Jupyter widgets not available - interactive features disabled")
 
-__version__ = "2025.04.09"
 
 
 # Visual styling constants
@@ -96,6 +96,10 @@ aws_policy_type_list = [
     "DECLARATIVE_POLICY_EC2",
 ]
 
+# Skip filters (set by Modern CLI wrapper or can be empty)
+excluded_accounts: set = set()
+excluded_ous: set = set()
+
 #####################
 # Function Definitions
 #####################
@@ -142,7 +146,7 @@ def parse_args(f_args):
         help="Use this parameter to specify where to start from (Defaults to the root)",
     )
     local.add_argument(
-        "--format",
+        "--output-format",
         dest="output_format",
         choices=["graphviz", "mermaid", "diagrams"],
         default="graphviz",
@@ -416,22 +420,49 @@ def generate_diagrams(org_structure: Any, filename: str) -> None:
 
     def build_diagram(node: Dict[str, Any]):
         """
-        Recursively build diagram nodes from the org structure.
-        For nodes with children, creates a Cluster.
+        Recursively build diagram nodes from the org structure with enhanced readability.
+
+        Enhancements:
+        - Account counts displayed per OU (matching graphviz UX pattern)
+        - Node IDs included for traceability
+        - Multi-line labels with escaped newlines
         """
         name = node.get("name", node.get("id", "Unnamed"))
+        node_id = node.get("id", "unknown")
+
         if "children" in node and node["children"]:
-            with Cluster(name):
+            # Count accounts directly under this OU (match graphviz UX)
+            account_count = sum(1 for child in node["children"] if not child.get("children"))
+
+            # Enhanced cluster label with account count (graphviz pattern)
+            cluster_label = f"{name}\\n({account_count} accounts)"
+
+            with Cluster(cluster_label):
                 children_nodes = [build_diagram(child) for child in node["children"]]
-            current = OrganizationsOrganizationalUnit(name)
+
+            # Use simplified OU representation with ID
+            current = OrganizationsOrganizationalUnit(f"{name}\\n{node_id}")
             for child in children_nodes:
                 current >> child
             return current
         else:
-            return OrganizationsAccount(name)
+            # Account leaf nodes with clear IDs
+            account_label = f"{name}\\n{node_id}"
+            return OrganizationsAccount(account_label)
 
     try:
-        with Diagram("AWS Organization Diagram", filename=filename, show=False, direction="LR"):
+        with Diagram(
+            "AWS Organization Structure",
+            filename=filename,
+            show=False,
+            direction="TB",  # Top-bottom (traditional org chart layout)
+            graph_attr={
+                "splines": "ortho",      # Orthogonal edge routing (cleaner lines)
+                "nodesep": "1.5",        # Horizontal spacing between nodes
+                "ranksep": "2.0",        # Vertical spacing between ranks
+                "concentrate": "true",   # Merge edges where appropriate
+            },
+        ):
             build_diagram(org_structure)
         print(f"Diagrams image successfully generated as '[red]{filename}'")
         logging.info(f"Diagrams image successfully generated as {filename}")
@@ -497,12 +528,21 @@ def draw_org(froot: str, filename: str):
         Description: Recursively traverse the OUs and accounts and update the diagram
         @param ou_id: The ID of the OU to start from
         """
+        # Check if this OU should be excluded
+        if ou_id in excluded_ous:
+            logging.info(f"Skipping excluded OU: {ou_id}")
+            return
+
         # Retrieve the details of the current OU
         if ou_id[0] == "r":
             ou_name = "Root"
         else:
             ou = org_client.describe_organizational_unit(OrganizationalUnitId=ou_id)
             ou_name = ou["OrganizationalUnit"]["Name"]
+            # Also check if OU name is in exclusion list
+            if ou_name in excluded_ous:
+                logging.info(f"Skipping excluded OU by name: {ou_name} ({ou_id})")
+                return
 
         if pPolicy:
             # Retrieve the policies associated with this OU
@@ -543,6 +583,12 @@ def draw_org(froot: str, filename: str):
         for account in all_accounts:
             account_id = account["Id"]
             account_name = account["Name"]
+
+            # Skip excluded accounts
+            if account_id in excluded_accounts:
+                logging.info(f"Skipping excluded account: {account_name} ({account_id})")
+                continue
+
             # Add the account as a node in the diagram
             if account["Status"] == "SUSPENDED":
                 dot.node(

runbooks/inventory/drift_detection_cli.py

@@ -32,20 +32,20 @@ from typing import List, Optional
 from ..common.profile_utils import get_profile_for_operation, validate_profile_access
 from ..common.rich_utils import console, print_error, print_info, print_success
 from .mcp_inventory_validator import (
+
+
+# Terminal control constants
     create_inventory_mcp_validator,
     generate_drift_report,
     validate_inventory_results_with_mcp,
 )
 
 
-@click.group()
-def drift():
-    """Infrastructure drift detection and validation commands."""
-    pass
 
-
-@drift.command("detect")
-@click.option("--profile", help="AWS profile to use (overrides environment variables)")
+# Terminal control constants
+ERASE_LINE = '\x1b[2K'
+@click.command()
+@click.option("--profile", "-p", help="AWS profile to use (overrides environment variables)")
 @click.option("--profiles", help="Comma-separated list of AWS profiles for multi-account analysis")
 @click.option(
     "--terraform-dir",
@@ -60,7 +60,7 @@ def drift():
 )
 @click.option("--output-file", help="File path to save drift report (optional)")
 @click.option("--threshold", type=float, default=99.5, help="Accuracy threshold for drift detection (default: 99.5%)")
-def detect_drift(
+def drift(
     profile: Optional[str],
     profiles: Optional[str],
     terraform_dir: str,
@@ -152,66 +152,6 @@ def detect_drift(
         raise click.Abort()
 
 
-@drift.command("report")
-@click.option("--profile", help="AWS profile to use for single-account analysis")
-@click.option(
-    "--terraform-dir",
-    default="/Volumes/Working/1xOps/CloudOps-Runbooks/terraform-aws",
-    help="Path to terraform configuration directory",
-)
-@click.option(
-    "--format",
-    "report_format",
-    type=click.Choice(["json", "csv", "markdown"]),
-    default="json",
-    help="Report output format",
-)
-@click.option("--output", "output_file", required=True, help="Output file path for drift report")
-def generate_report(profile: Optional[str], terraform_dir: str, report_format: str, output_file: str):
-    """
-    Generate comprehensive infrastructure drift report.
-
-    Creates detailed drift analysis report with actionable recommendations
-    for infrastructure as code management and compliance.
-    """
-    try:
-        # Use default profile if none specified
-        if not profile:
-            profile = get_profile_for_operation("operational", None)
-
-        print_info(f"Generating drift report for profile: {profile}")
-
-        # Validate profile
-        if not validate_profile_access(profile, "drift-reporting"):
-            print_error(f"Profile '{profile}' validation failed")
-            return
-
-        # Create mock inventory for demonstration
-        mock_inventory = _create_mock_inventory_data([profile])
-
-        # Generate comprehensive drift report
-        drift_report = generate_drift_report([profile], mock_inventory, terraform_dir)
-
-        # Export report
-        _export_drift_report(drift_report, output_file, report_format)
-
-        print_success(f"Drift report generated: {output_file}")
-
-        # Display summary
-        accounts_analyzed = drift_report.get("accounts_analyzed", 0)
-        overall_accuracy = drift_report.get("overall_accuracy", 0)
-        drift_detected = drift_report.get("drift_detected", False)
-
-        console.print(f"[dim]📊 Analysis Summary:[/]")
-        console.print(f"[dim]  Accounts analyzed: {accounts_analyzed}[/]")
-        console.print(f"[dim]  Overall accuracy: {overall_accuracy:.1f}%[/]")
-        console.print(f"[dim]  Drift detected: {'Yes' if drift_detected else 'No'}[/]")
-
-    except Exception as e:
-        print_error(f"Report generation failed: {str(e)}")
-        raise click.Abort()
-
-
 def _create_mock_inventory_data(profiles: List[str]) -> dict:
     """Create mock inventory data for demonstration purposes."""
     mock_data = {}

runbooks/inventory/find_cfn_drift_detection.py

@@ -66,13 +66,13 @@ Future Enhancements:
 
 import logging
 
-import Inventory_Modules
-from account_class import aws_acct_access
-from ArgumentsClass import CommonArguments
+from runbooks.inventory import inventory_modules as Inventory_Modules
+from runbooks.inventory.account_class import aws_acct_access
+from runbooks.inventory.ArgumentsClass import CommonArguments
 from botocore.exceptions import ClientError
 from runbooks.common.rich_utils import console
+from runbooks import __version__
 
-__version__ = "2023.05.04"
 
 # Configure comprehensive argument parsing for CloudFormation drift detection operations
 parser = CommonArguments()
@@ -174,6 +174,16 @@ if aws_acct.AccountType == "Root":
                 "AccountStatus": aws_acct.AccountStatus,  # Account operational status
             }
         ]
+else:
+    # Non-root account: Initialize ChildAccounts with single account entry
+    ChildAccounts = [
+        {
+            "MgmtAccount": aws_acct.acct_number,  # Management account identifier
+            "AccountId": aws_acct.acct_number,  # Account number for single account scope
+            "AccountEmail": aws_acct.MgmtEmail if hasattr(aws_acct, 'MgmtEmail') else "N/A",  # Management email
+            "AccountStatus": aws_acct.AccountStatus if hasattr(aws_acct, 'AccountStatus') else "ACTIVE",  # Account status
+        }
+    ]
 
 # Initialize drift detection operation tracking and regional scope configuration
 NumStacksFound = 0  # Counter for tracking total stacks processed for drift detection

runbooks/inventory/find_cfn_orphaned_stacks.py

@@ -71,13 +71,13 @@ import sys
 from os.path import split
 from time import time
 
-from account_class import aws_acct_access
-from ArgumentsClass import CommonArguments
+from runbooks.inventory.account_class import aws_acct_access
+from runbooks.inventory.ArgumentsClass import CommonArguments
 
 # import simplejson as json
 from botocore.exceptions import ClientError
 from runbooks.common.rich_utils import console
-from Inventory_Modules import (
+from runbooks.inventory.inventory_modules import (
     display_results,
     find_stack_instances3,
     find_stacks2,
@@ -86,8 +86,11 @@ from Inventory_Modules import (
     get_regions3,
     print_timings,
 )
+from runbooks import __version__
+
+# Terminal control constants
+ERASE_LINE = '\x1b[2K'
 
-__version__ = "2024.05.18"
 begin_time = time()
 
 
@@ -650,7 +653,6 @@ if __name__ == "__main__":
     logging.getLogger("s3transfer").setLevel(logging.CRITICAL)
     logging.getLogger("urllib3").setLevel(logging.CRITICAL)
 
-    ERASE_LINE = "\x1b[2K"
     begin_time = time()
 
     # Setup credentials and regions (filtered by what they wanted to check)

runbooks/inventory/find_cfn_stackset_drift.py

@@ -66,15 +66,15 @@ from datetime import datetime
 from os.path import split
 from time import time
 
-import Inventory_Modules
-from account_class import aws_acct_access
-from ArgumentsClass import CommonArguments
+from runbooks.inventory import inventory_modules as Inventory_Modules
+from runbooks.inventory.account_class import aws_acct_access
+from runbooks.inventory.ArgumentsClass import CommonArguments
 from botocore.exceptions import ClientError
 from runbooks.common.rich_utils import console
-from Inventory_Modules import display_results
+from runbooks.inventory.inventory_modules import display_results
+from runbooks import __version__
 
 # Initialize colorama for cross-platform colored terminal output
-__version__ = "2024.03.06"
 begin_time = time()  # Script execution timing for performance monitoring
 sleep_interval = 5  # Default wait interval for drift detection operations
 

runbooks/inventory/find_ec2_security_groups.py

@@ -60,19 +60,22 @@ from queue import Queue
 from threading import Thread
 from time import time
 
-from ArgumentsClass import CommonArguments
+from runbooks.inventory.ArgumentsClass import CommonArguments
 from botocore.exceptions import ClientError
 from runbooks.common.rich_utils import console
-from Inventory_Modules import (
+from runbooks.inventory.inventory_modules import (
     display_results,
     find_references_to_security_groups2,
     find_security_groups2,
     get_all_credentials,
 )
+from runbooks import __version__
+
+# Terminal control constants
+ERASE_LINE = '\x1b[2K'
 # Migrated to Rich.Progress - see rich_utils.py for enterprise UX standards
 # from tqdm.auto import tqdm
 
-__version__ = "2024.09.24"
 begin_time = time()
 
 

runbooks/inventory/find_landingzone_versions.py

@@ -73,14 +73,14 @@ License: MIT
 import logging
 
 import boto3
-import Inventory_Modules
-from ArgumentsClass import CommonArguments
+from runbooks.inventory import inventory_modules as Inventory_Modules
+from runbooks.inventory.ArgumentsClass import CommonArguments
 from botocore.exceptions import ClientError, CredentialRetrievalError, InvalidConfigError
-# colorama removed - migrated to Rich
+from runbooks.common.rich_utils import console
+from runbooks import __version__
 
-# Initialize colorama for cross-platform colored terminal output
+# colorama removed - migrated to Rich
 
-__version__ = "2023.05.31"
 
 # Configure comprehensive CLI argument parsing for Landing Zone discovery operations
 parser = CommonArguments()

runbooks/inventory/find_vpc_flow_logs.py

@@ -88,16 +88,16 @@ from time import sleep, time
 from typing import Any, List
 
 import boto3
-import Inventory_Modules
-from account_class import aws_acct_access
-from ArgumentsClass import CommonArguments
+from runbooks.inventory import inventory_modules as Inventory_Modules
+from runbooks.inventory.account_class import aws_acct_access
+from runbooks.inventory.ArgumentsClass import CommonArguments
 from botocore.config import Config
 from botocore.exceptions import ClientError
 from runbooks.common.rich_utils import console
-from Inventory_Modules import RemoveCoreAccounts, display_results, get_all_credentials, get_regions3
+from runbooks.inventory.inventory_modules import RemoveCoreAccounts, display_results, get_all_credentials, get_regions3
+from runbooks import __version__
 
 # Initialize colorama for cross-platform colored terminal output
-__version__ = "2024.03.10"
 begin_time = time()  # Script execution timing for performance monitoring
 sleep_interval = 5  # Default wait interval for CloudWatch Logs query processing