chore: ruff and poetry (#450)

trussworks · Jan 30, 2025 · c51cecd · c51cecd
1 parent 3794d48
commit c51cecd
Show file tree

Hide file tree

Showing 13 changed files with 1,011 additions and 332 deletions.
diff --git a/.github/workflows/pytest.yml b/.github/workflows/pytest.yml
@@ -22,8 +22,11 @@ jobs:
         uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
         with:
           python-version: ${{ matrix.python-version }}
-      - name: Install dependencies
-        run: |
-          python -m pip install --upgrade pip
-          pip install -r sleuth/requirements.txt
-          pytest
+      - uses: abatilo/actions-poetry@3765cf608f2d4a72178a9fc5b918668e542b89b1 # v4.0.0
+        with:
+          poetry-version: "2.0.1"
+      - name: Install with Poetry
+        run: poetry install
+      - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
+      - name: Run Python tests
+        run: poetry run pytest --full-trace
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
diff --git a/.markdownlint.yml b/.markdownlint.yml
@@ -0,0 +1,8 @@
+default: true
+first-line-h1: false
+first-header-h1: false
+line_length: false
+no-multiple-blanks: false
+no-inline-html: false
+no-alt-text: false
+heading-increment: false
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -24,22 +24,18 @@ repos:
         # mdformat fights with terraform_docs
         exclude: README.m(ark)?d(own)?
 
-  - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v0.43.0
+  - repo: https://github.com/DavidAnson/markdownlint-cli2
+    rev: v0.17.2
     hooks:
-      - id: markdownlint
+      - id: markdownlint-cli2
 
   - repo: https://github.com/shellcheck-py/shellcheck-py
     rev: v0.10.0.1
     hooks:
       - id: shellcheck
 
-  - repo: https://github.com/terraform-docs/terraform-docs
-    rev: "v0.19.0"
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.9.3
     hooks:
-      - id: terraform-docs-system
-
-  - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.96.3
-    hooks:
-      - id: terraform_fmt
+      - id: ruff
+      - id: ruff-format
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -0,0 +1,93 @@
+[tool.poetry]
+name = "terraform-aws-iam-sleuth"
+version = "0.1.0"
+description = ""
+authors = ["Your Name <[email protected]>"]
+license = "Apache 2.0"
+readme = "README.md"
+#packages = [{include = "terraform_aws_iam_sleuth"}]
+package-mode = false
+
+
+[tool.poetry.dependencies]
+python = ">= 3.10"
+ruff = "^0.9.3"
+boto3 = "^1.36.9"
+python-json-logger = "^3.2.1"
+tabulate = "^0.9.0"
+requests = "^2.32.3"
+setuptools = "^75.8.0"
+
+
+[tool.poetry.group.dev.dependencies]
+pytest = "^8.3.4"
+isort = "^6.0.0"
+freezegun = "^1.5.1"
+pytest-freezegun = "^0.4.2"
+ruff = "^0.9.3"
+
+[build-system]
+requires = ["poetry-core"]
+build-backend = "poetry.core.masonry.api"
+
+[tool.ruff]
+# Exclude a variety of commonly ignored directories.
+exclude = [
+    ".bzr",
+    ".direnv",
+    ".eggs",
+    ".git",
+    ".git-rewrite",
+    ".hg",
+    ".ipynb_checkpoints",
+    ".mypy_cache",
+    ".nox",
+    ".pants.d",
+    ".pyenv",
+    ".pytest_cache",
+    ".pytype",
+    ".ruff_cache",
+    ".svn",
+    ".tox",
+    ".venv",
+    ".vscode",
+    "__pypackages__",
+    "_build",
+    "buck-out",
+    "build",
+    "dist",
+    "node_modules",
+    "site-packages",
+    "venv",
+]
+
+# Same as Black.
+line-length = 88
+indent-width = 4
+
+[tool.ruff.lint]
+# Enable Pyflakes (`F`) and a subset of the pycodestyle (`E`)  codes by default.
+# Unlike Flake8, Ruff doesn't enable pycodestyle warnings (`W`) or
+# McCabe complexity (`C901`) by default.
+select = ["E4", "E7", "E9", "F"]
+ignore = ["E731"]
+
+# Allow fix for all enabled rules (when `--fix`) is provided.
+fixable = ["ALL"]
+unfixable = []
+
+# Allow unused variables when underscore-prefixed.
+dummy-variable-rgx = "^(_+|(_+[a-zA-Z0-9_]*[a-zA-Z0-9]+?))$"
+
+[tool.ruff.format]
+# Like Black, use double quotes for strings.
+quote-style = "double"
+
+# Like Black, indent with spaces, rather than tabs.
+indent-style = "space"
+
+# Like Black, respect magic trailing commas.
+skip-magic-trailing-comma = false
+
+# Like Black, automatically detect the appropriate line ending.
+line-ending = "auto"
diff --git a/scripts/user_hash_dump.py b/scripts/user_hash_dump.py
@@ -5,16 +5,18 @@
 
 import requests
 
-SLACK_API_TOKEN = os.environ['SLACK_API_TOKEN']
+SLACK_API_TOKEN = os.environ["SLACK_API_TOKEN"]
 
-users_list = requests.get('https://slack.com/api/users.list?token=%s' % SLACK_API_TOKEN).json()
+users_list = requests.get(
+    "https://slack.com/api/users.list?token=%s" % SLACK_API_TOKEN
+).json()
 
-if users_list['ok'] is not True:
-    print('Slack API call failed')
+if users_list["ok"] is not True:
+    print("Slack API call failed")
     sys.exit(1)
 
-for user in users_list['members']:
-    name = 'NA'
-    if 'name' in user:
-            name = user['name']
-    print("User: {} ID: {}".format(name, user['id']))
+for user in users_list["members"]:
+    name = "NA"
+    if "name" in user:
+        name = user["name"]
+    print("User: {} ID: {}".format(name, user["id"]))
diff --git a/sleuth/handler.py b/sleuth/handler.py
@@ -4,57 +4,54 @@
 
 from pythonjsonlogger import jsonlogger
 
+from sleuth.auditor import audit
 
 # setup module wide logger
-LOGGER = logging.getLogger('sleuth')
+LOGGER = logging.getLogger("sleuth")
 LOGGER.setLevel(logging.INFO)
 
 logHandler = logging.StreamHandler()
 supported_keys = [
-            'asctime',
-            'created',
-            'filename',
-            'funcName',
-            'levelname',
-            'levelno',
-            'lineno',
-            'module',
-            'msecs',
-            'message',
-            'name',
-            'process',
-            'processName',
-            'relativeCreated',
-        ]
-
-log_format = lambda x: ['%({0:s})'.format(i) for i in x]
-custom_format = ' '.join(log_format(supported_keys))
+    "asctime",
+    "created",
+    "filename",
+    "funcName",
+    "levelname",
+    "levelno",
+    "lineno",
+    "module",
+    "msecs",
+    "message",
+    "name",
+    "process",
+    "processName",
+    "relativeCreated",
+]
+
+log_format = lambda x: ["%({0:s})".format(i) for i in x]
+custom_format = " ".join(log_format(supported_keys))
 
 formatter = jsonlogger.JsonFormatter(custom_format)
 logHandler.setFormatter(formatter)
 LOGGER.addHandler(logHandler)
 
-from sleuth.auditor import audit
+VERSION = "1.3.0"
 
-VERSION = '1.3.0'
 
 def handler(event, context):
     """
     Incoming lambda handler
     """
 
-    LOGGER.info('Running aws-iam-sleuth {}'.format(VERSION))
+    LOGGER.info("Running aws-iam-sleuth {}".format(VERSION))
 
     audit()
 
     body = {}
-    response = {
-        "statusCode": 200,
-        "body": json.dumps(body)
-    }
+    response = {"statusCode": 200, "body": json.dumps(body)}
 
     return response
 
 
-if __name__ == '__main__':
-  handler(None, None)
+if __name__ == "__main__":
+    handler(None, None)
diff --git a/sleuth/requirements.txt b/sleuth/requirements.txt