Added github action for black (#26)

* Added black linter

* Formatted with black linter

---------

Co-authored-by: Cibin Mathew <[email protected]>

Author: cibinmathew

.github/workflows/lint.yml

@@ -0,0 +1,12 @@
+# https://black.readthedocs.io/en/stable/integrations/github_actions.html
+
+name: Lint - black
+
+on: [push, pull_request]
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: psf/[email protected]

iam_check/application_error.py

@@ -2,9 +2,11 @@
 Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 SPDX-License-Identifier: MIT-0
 """
+
+
 class ApplicationError(Exception):
     pass
 
 
 class SchemaValidationError(ApplicationError):
-    pass
+    pass

iam_check/argument_actions.py

@@ -2,10 +2,15 @@
 Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 SPDX-License-Identifier: MIT-0
 """
+
 import argparse
 
-from .lib.reporter import ResourceOrCodeFindingToIgnore, ResourceAndCodeFindingToIgnore, \
-    AllowedExternalArn, AllowedExternalPrincipal
+from .lib.reporter import (
+    ResourceOrCodeFindingToIgnore,
+    ResourceAndCodeFindingToIgnore,
+    AllowedExternalArn,
+    AllowedExternalPrincipal,
+)
 from .tools import regex_patterns
 
 
@@ -28,8 +33,8 @@ class ParseFindingsToIgnoreFromCLI(argparse.Action):
     a combination of both in the form MyResource.FindingA
     """
 
-    def __call__(self,  _, namespace, values, option_string=None):
-        values = values.split(',')
+    def __call__(self, _, namespace, values, option_string=None):
+        values = values.split(",")
 
         findings_to_ignore = parse_findings_to_ignore(values)
 
@@ -47,7 +52,9 @@ def parse_findings_to_ignore(values_as_list):
         if "." in value:
             resource_and_code = value.split(".", 1)
             # a split must have at least two members of the array, so no need to validate
-            finding_to_ignore = ResourceAndCodeFindingToIgnore(resource_and_code[0], resource_and_code[1])
+            finding_to_ignore = ResourceAndCodeFindingToIgnore(
+                resource_and_code[0], resource_and_code[1]
+            )
         else:
             finding_to_ignore = ResourceOrCodeFindingToIgnore(value)
 
@@ -63,7 +70,7 @@ class ParseAllowExternalPrincipalsFromCLI(argparse.Action):
     """
 
     def __call__(self, _, namespace, values, option_string=None):
-        values = values.split(',')
+        values = values.split(",")
 
         allowed_external_principals = parse_allow_external_principals(values)
 
@@ -88,10 +95,11 @@ def parse_allow_external_principals(values_as_list):
 
     return allowed_external_principals
 
+
 class ParseListFromCLI(argparse.Action):
     def __call__(self, _, namespace, values, option_string=None):
-        values = values.split(',')
+        values = values.split(",")
         if values is None:
             setattr(namespace, self.dest, None)
         values = [value.strip() for value in values]
-        setattr(namespace, self.dest, values)
+        setattr(namespace, self.dest, values)

iam_check/client.py

@@ -2,43 +2,44 @@
 Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 SPDX-License-Identifier: MIT-0
 """
+
 import boto3
 from botocore.config import Config
 
 config = Config(
-	retries={
-		# this number was chosen arbitrarily, tweak as necessary
-		'max_attempts': 30,
-		'mode': 'standard'
-	}
+    retries={
+        # this number was chosen arbitrarily, tweak as necessary
+        "max_attempts": 30,
+        "mode": "standard",
+    }
 )
 
 
 def get_account_and_partition(region):
-	"""
-	Pull the account and partition from the credentials used to execute the validator
-	"""
+    """
+    Pull the account and partition from the credentials used to execute the validator
+    """
 
-	sts_client = build('sts', region)
-	identity = sts_client.get_caller_identity()
-	account_id = identity['Account']
+    sts_client = build("sts", region)
+    identity = sts_client.get_caller_identity()
+    account_id = identity["Account"]
 
-	parts = identity['Arn'].split(':')
-	partition = parts[1]
+    parts = identity["Arn"].split(":")
+    partition = parts[1]
 
-	return account_id, partition
+    return account_id, partition
 
 
 def build(service_name, region_name, client_config=None):
-	if client_config is None:
-		client_config = config
-	session = boto3.Session(profile_name=profile_name, region_name=region_name)
-	return session.client(service_name, config=client_config)
+    if client_config is None:
+        client_config = config
+    session = boto3.Session(profile_name=profile_name, region_name=region_name)
+    return session.client(service_name, config=client_config)
 
 
 profile_name = None
 
 
 def set_profile(profile):
-	global profile_name
-	profile_name = profile
+    global profile_name
+    profile_name = profile

iam_check/config.py

@@ -3,56 +3,58 @@
 import sys
 
 # logging configuration
-LOGGER = logging.getLogger('iam-policy-validator-for-terraform')
+LOGGER = logging.getLogger("iam-policy-validator-for-terraform")
 
 # AWS Account ID to use when unknown
-awsAccount = '123456789012'
+awsAccount = "123456789012"
 
-#IAM Policy checks to run
+# IAM Policy checks to run
 # The default is to run all checks if thhe list is empty
 # iamChecks = []
 
-#IAM policy resources
+# IAM policy resources
 iamPolicyAttributes = {}
 
-#Generate fake ARN
+# Generate fake ARN
 # default substitube is {<key>?<default>}
 arnServiceMap = {}
 
 validatePolicyResourceType = {}
 
+
 def configure_logging(enable_logging):
     console_handler = logging.StreamHandler(sys.stdout)
-    #console_handler.setLevel(logging.DEBUG)
+    # console_handler.setLevel(logging.DEBUG)
 
     LOGGER.setLevel(logging.INFO)
 
     # log_formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
-    log_formatter = logging.Formatter('%(asctime)s - %(levelname)s - %(message)s')
+    log_formatter = logging.Formatter("%(asctime)s - %(levelname)s - %(message)s")
     console_handler.setFormatter(log_formatter)
     LOGGER.propagate = False
     # for handler in LOGGER.handlers:
     #     LOGGER.removeHandler(handler)
     LOGGER.addHandler(console_handler)
     if not enable_logging:
         LOGGER.disabled = True
-def load_config_yaml(file, exclude_resource_type = []):
+
+
+def load_config_yaml(file, exclude_resource_type=[]):
     global arnServiceMap
     global iamPolicyAttributes
     global validatePolicyResourceType
-    
-    with open(file, 'r') as fh:
+
+    with open(file, "r") as fh:
         data = yaml.safe_load(fh)
 
-    arnServiceMap = data.get('arnServiceMap', arnServiceMap)
-    if 'arnServiceMap' in data:
-        arnServiceMap = data['arnServiceMap'] 
-        
-    if 'iamPolicyAttributes' in data:
-        iamPolicyAttributes = data['iamPolicyAttributes']
+    arnServiceMap = data.get("arnServiceMap", arnServiceMap)
+    if "arnServiceMap" in data:
+        arnServiceMap = data["arnServiceMap"]
+
+    if "iamPolicyAttributes" in data:
+        iamPolicyAttributes = data["iamPolicyAttributes"]
         for exclude_type in exclude_resource_type:
             del iamPolicyAttributes[exclude_type]
-        
-    if 'validatePolicyResourceType' in data:
-        validatePolicyResourceType = data['validatePolicyResourceType']
-    
+
+    if "validatePolicyResourceType" in data:
+        validatePolicyResourceType = data["validatePolicyResourceType"]