Merge pull request #18 from PostHog/tom/fix-tests

Piccirello · web-flow · commit ef01bb6df04c · 2026-02-01T11:28:37.000-08:00
Fix formatting and update terraform docs
diff --git a/CLAUDE.md b/CLAUDE.md
@@ -0,0 +1,19 @@
+# Claude Code Instructions
+
+## Before Committing
+
+Always run these commands before committing changes:
+
+```bash
+# Fix linting errors and format code
+cd src && uv run ruff check --fix . && uv run ruff format .
+
+# Update terraform documentation
+cd /Users/tom/Documents/projects/terraform-aws-sso-elevator && terraform-docs markdown table --output-file README.md --output-mode inject .
+```
+
+## Running Tests
+
+```bash
+cd src && uv run pytest -q
+```
diff --git a/README.md b/README.md
@@ -791,7 +791,7 @@ settings:
 | <a name="input_event_brige_check_on_inconsistency_rule_name"></a> [event\_brige\_check\_on\_inconsistency\_rule\_name](#input\_event\_brige\_check\_on\_inconsistency\_rule\_name) | DEPRECATED: Use event\_bridge\_check\_on\_inconsistency\_rule\_name instead. This variable contains a typo and will be removed in a future version. | `string` | `"sso-elevator-check-on-inconsistency"` | no |
 | <a name="input_event_brige_scheduled_revocation_rule_name"></a> [event\_brige\_scheduled\_revocation\_rule\_name](#input\_event\_brige\_scheduled\_revocation\_rule\_name) | DEPRECATED: Use event\_bridge\_scheduled\_revocation\_rule\_name instead. This variable contains a typo and will be removed in a future version. | `string` | `"sso-elevator-scheduled-revocation"` | no |
 | <a name="input_group_config"></a> [group\_config](#input\_group\_config) | value for the SSO Elevator group config | `any` | `[]` | no |
-| <a name="input_identity_store_id"></a> [identity\_store\_id](#input\_identity\_store\_id) | The Identity Store ID. If not provided and sso\_instance\_arn is also not provided, it will be automatically discovered. | `string` | `""` | no |
+| <a name="input_identity_store_id"></a> [identity\_store\_id](#input\_identity\_store\_id) | The Identity Store ID (e.g., "d-1234567890").<br/>If not provided and sso\_instance\_arn is also not provided, it will be automatically discovered.<br/><br/>Providing this value is RECOMMENDED for API efficiency - it eliminates describe\_sso\_instance API calls<br/>on every Lambda invocation. You can find this value in the AWS IAM Identity Center console or via:<br/>  aws sso-admin list-instances --query 'Instances[0].IdentityStoreId' --output text | `string` | `""` | no |
 | <a name="input_lambda_architecture"></a> [lambda\_architecture](#input\_lambda\_architecture) | The instruction set architecture for Lambda functions. Valid values are 'x86\_64' or 'arm64'. Use 'arm64' for better price/performance on Graviton2. | `string` | `"x86_64"` | no |
 | <a name="input_lambda_memory_size"></a> [lambda\_memory\_size](#input\_lambda\_memory\_size) | Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 64 MB increments. | `number` | `256` | no |
 | <a name="input_lambda_timeout"></a> [lambda\_timeout](#input\_lambda\_timeout) | The amount of time your Lambda Function has to run in seconds. | `number` | `30` | no |
diff --git a/src/main.py b/src/main.py
@@ -220,7 +220,7 @@ def load_select_options_for_account_access_request(client: WebClient, body: dict
 
 
 @handle_errors
-def handle_button_click(body: dict, client: WebClient, context: BoltContext) -> SlackResponse:  # noqa: ARG001
+def handle_button_click(body: dict, client: WebClient, context: BoltContext) -> SlackResponse:  # noqa: ARG001, PLR0915
     logger.info("Handling button click")
     try:
         payload = slack_helpers.ButtonClickedPayload.model_validate(body)
diff --git a/src/sso.py b/src/sso.py
@@ -470,7 +470,8 @@ def get_permission_sets_from_config(client: SSOAdminClient, cfg: config.Config)
         permission_sets = list(list_permission_sets(client, cfg.sso_instance_arn))
     else:
         permission_sets = [
-            ps for ps in list_permission_sets(client, cfg.sso_instance_arn)
+            ps
+            for ps in list_permission_sets(client, cfg.sso_instance_arn)
             if ps.name in cfg.permission_sets or ps.arn in cfg.permission_sets
         ]
     return permission_sets
diff --git a/src/statement.py b/src/statement.py
@@ -48,10 +48,7 @@ def get_affected_statements(
     permission_set_name: str,
     permission_set_arn: str | None = None,
 ) -> FrozenSet[Statement]:
-    return frozenset(
-        statement for statement in statements
-        if statement.affects(account_id, permission_set_name, permission_set_arn)
-    )
+    return frozenset(statement for statement in statements if statement.affects(account_id, permission_set_name, permission_set_arn))
 
 
 def get_permission_sets_for_account(statements: FrozenSet[Statement], account_id: str) -> set[str]:
