DRIVERS-3019 Add ruff linter and apply fixes

.evergreen/auth_aws/aws_tester.py

@@ -44,7 +44,7 @@ def join(*parts):
 def run(args, env):
     """Run a python command in a subprocess."""
     env.update(os.environ.copy())
-    return subprocess.run([sys.executable] + args, env=env).returncode
+    return subprocess.run([sys.executable, *args], env=env, check=False).returncode
 
 
 def create_user(user, kwargs):

.evergreen/auth_oidc/azure/remote-scripts/test.py

@@ -21,17 +21,17 @@ def fetch(self, context: OIDCCallbackContext) -> OIDCCallbackResult:
                 status = response.status
                 body = response.read().decode('utf8')
         except Exception as e:
-            msg = "Failed to acquire IMDS access token: %s" % e
-            raise ValueError(msg)
+            msg = "Failed to acquire IMDS access token"
+            raise ValueError(msg) from e
 
         if status != 200:
             print(body)
             msg = "Failed to acquire IMDS access token."
             raise ValueError(msg)
         try:
             data = json.loads(body)
-        except Exception:
-            raise ValueError("Azure IMDS response must be in JSON format.")
+        except Exception as e:
+            raise ValueError("Azure IMDS response must be in JSON format.") from e
 
         for key in ["access_token", "expires_in"]:
             if not data.get(key):

.evergreen/auth_oidc/gcp/remote-scripts/test.py

@@ -1,6 +1,5 @@
 from pymongo import MongoClient
 import os
-import json
 from urllib.request import urlopen, Request
 from pymongo.auth_oidc import OIDCCallback, OIDCCallbackContext, OIDCCallbackResult
 
@@ -20,7 +19,7 @@ def fetch(self, context: OIDCCallbackContext) -> OIDCCallbackResult:
                 body = response.read().decode('utf8')
         except Exception as e:
             msg = "Failed to acquire IMDS access token: %s" % e
-            raise ValueError(msg)
+            raise ValueError(msg) from e
 
         if status != 200:
             print(body)

.evergreen/auth_oidc/oidc_write_orchestration.py

@@ -9,7 +9,7 @@
 
 HERE = os.path.abspath(os.path.dirname(__file__))
 sys.path.insert(0, HERE)
-from utils import get_secrets, MOCK_ENDPOINT, DEFAULT_CLIENT
+from utils import get_secrets, DEFAULT_CLIENT
 
 
 def azure():

.evergreen/auth_oidc/utils.py

@@ -1,8 +1,7 @@
-import json
 import os
 import sys
 
-import boto3
+import boto3  # noqa: F401
 
 HERE = os.path.abspath(os.path.dirname(__file__))
 
@@ -11,7 +10,7 @@ def join(*args):
 
 aws_lib = join(os.path.dirname(HERE), 'auth_aws', 'lib')
 sys.path.insert(0, aws_lib)
-from aws_handle_oidc_creds import get_id_token, MOCK_ENDPOINT
+from aws_handle_oidc_creds import get_id_token, MOCK_ENDPOINT  # noqa: F401
 secrets_root = join(os.path.dirname(HERE), 'secrets_handling')
 sys.path.insert(0, secrets_root)
 from setup_secrets import get_secrets as root_get_secrets

.evergreen/csfle/fake_azure.py

@@ -115,7 +115,7 @@ def get_oauth2_token():
     if case == 'slow':
         return _slow()
 
-    assert case in (None, ''), 'Unknown HTTP test case "{}"'.format(case)
+    assert case in (None, ''), f'Unknown HTTP test case "{case}"'
 
     return {
         'access_token': 'magic-cookie',
@@ -148,7 +148,6 @@ def _slow() -> Iterable[bytes]:
 
 if __name__ == '__main__':
     print(
-        'RECOMMENDED: Run this script using bottle.py (e.g. [{} {}/bottle.py fake_azure:imds])'
-        .format(sys.executable,
-                Path(__file__).resolve().parent))
+        f'RECOMMENDED: Run this script using bottle.py (e.g. [{sys.executable} {Path(__file__).resolve().parent}/bottle.py fake_azure:imds])'
+        )
     imds.run()

.evergreen/csfle/gcpkms/mock_server.py

@@ -19,8 +19,7 @@ def b64_to_b64url(b64):
 def dict_to_b64url(arg):
     as_json = json.dumps(arg).encode("utf8")
     as_b64 = base64.b64encode(as_json).decode("utf8")
-    as_b64url = b64_to_b64url(as_b64)
-    return as_b64url
+    return b64_to_b64url(as_b64)
 
 
 def get_access_token():
@@ -34,7 +33,7 @@ def get_access_token():
     if "GOOGLE_APPLICATION_CREDENTIALS" not in os.environ:
         raise Exception(
             "please set GOOGLE_APPLICATION_CREDENTIALS environment variable to a JSON Service account key")
-    creds = json.load(open(os.environ["GOOGLE_APPLICATION_CREDENTIALS"], "r"))
+    creds = json.load(open(os.environ["GOOGLE_APPLICATION_CREDENTIALS"]))
     private_key = creds["private_key"].encode("utf8")
     client_email = creds["client_email"]
 
@@ -82,7 +81,7 @@ def main():
     global private_key
     port = 5000
     server = http.server.HTTPServer(("localhost", port), Handler)
-    print ("Listening on port {}".format(port))
+    print (f"Listening on port {port}")
     server.serve_forever()
 
 

.evergreen/csfle/kms_failpoint_server.py

@@ -64,7 +64,7 @@ def _send_json(self, data: dict):
 
     def _send_not_found(self):
         self.send_response(http.HTTPStatus.NOT_FOUND)
-        msg = "Not found".encode("utf8")
+        msg = b"Not found"
         self.send_header("Content-Type", "text/plain")
         self.send_header("Content-Length", len(msg))
         self.end_headers()
@@ -93,18 +93,18 @@ def do_POST(self):
                 remaining_http_fails = data['count']
             else:
                 self._send_not_found()
-                return
-            print("Enabling failpoint for type: {}".format(failpoint_type))
+                return None
+            print(f"Enabling failpoint for type: {failpoint_type}")
             self._send_json(
-                {"message": "failpoint set for type: '{}'".format(failpoint_type)}
+                {"message": f"failpoint set for type: '{failpoint_type}'"}
             )
-            return
+            return None
 
         if path.match("/reset"):
             remaining_http_fails = 0
             remaining_network_fails = 0
             self._send_json({"message": "failpoints reset"})
-            return
+            return None
 
         # If a failpoint was set, fail the request.
         if remaining_network_fails > 0:
@@ -116,40 +116,39 @@ def do_POST(self):
             aws_op = self.headers['X-Amz-Target']
             if aws_op == "TrentService.Encrypt":
                 self._send_json({"CiphertextBlob": base64.b64encode(fake_ciphertext.encode()).decode()})
-                return
-            elif aws_op == "TrentService.Decrypt":
+                return None
+            if aws_op == "TrentService.Decrypt":
                 if remaining_http_fails > 0:
                     self._http_fail()
-                    return
+                    return None
                 self._send_json({"Plaintext": base64.b64encode(fake_plaintext.encode()).decode()})
-                return
-            else:
-                self._send_not_found()
-                return
+                return None
+            self._send_not_found()
+            return None
 
         # GCP or Azure auth path: /c01df00d-cafe-g00d-dea1-decea5sedbeef/oauth2/v2.0/token
         if path.match("*token"):
             if remaining_http_fails > 0:
                 self._http_fail()
-                return
+                return None
             return self._send_json({"access_token": "foo", "expires_in": 99999})
         # GCP encrypt path: /v1/projects/{project}/locations/{location}/keyRings/{key-ring}/cryptoKeys/{key}:encrypt
-        elif path.match("*encrypt"):
+        if path.match("*encrypt"):
             return self._send_json({"ciphertext": base64.b64encode(fake_ciphertext.encode()).decode()})
         # GCP decrypt path: /v1/projects/{project}/locations/{location}/keyRings/{key-ring}/cryptoKeys/{key}:decrypt
-        elif path.match("*decrypt"):
+        if path.match("*decrypt"):
             if remaining_http_fails > 0:
                 self._http_fail()
-                return
+                return None
             return self._send_json({"plaintext": base64.b64encode(fake_plaintext.encode()).decode()})
         # Azure decrypt path: /keys/{key-name}/{key-version}/unwrapkey
-        elif path.match("*unwrapkey"):
+        if path.match("*unwrapkey"):
             if remaining_http_fails > 0:
                 self._http_fail()
-                return
+                return None
             return self._send_json({"value": base64.b64encode(fake_plaintext.encode()).decode()})
         # Azure encrypt path: /keys/{key-name}/{key-version}/wrapkey
-        elif path.match("*wrapkey"):
+        if path.match("*wrapkey"):
             return self._send_json({"value": base64.b64encode(fake_ciphertext.encode()).decode()})
         self._send_not_found()
 

.evergreen/csfle/kms_http_common.py

@@ -71,12 +71,11 @@ def do_GET(self):
         else:
             self.send_response(http.HTTPStatus.NOT_FOUND)
             self.end_headers()
-            self.wfile.write("Unknown URL".encode())
+            self.wfile.write(b"Unknown URL")
 
     @abstractmethod
     def do_POST(self):
         """Serve a POST request."""
-        pass
 
     def _send_reply(self, data, status=http.HTTPStatus.OK):
         print("Sending Response: " + data.decode())

.evergreen/csfle/kms_http_server.py

@@ -56,7 +56,7 @@ def do_POST(self):
         else:
             self.send_response(http.HTTPStatus.NOT_FOUND)
             self.end_headers()
-            self.wfile.write("Unknown URL".encode())
+            self.wfile.write(b"Unknown URL")
 
     def _do_post(self):
         c_len = int(self.headers.get('content-length'))
@@ -133,31 +133,31 @@ def _do_encrypt(self, raw_input):
         }
 
         self._send_reply(json.dumps(response).encode('utf-8'))
-        return
+        return None
 
     def _do_encrypt_faults(self, raw_ciphertext):
         kms_http_common.stats.fault_calls += 1
 
         if kms_http_common.fault_type == kms_http_common.FAULT_ENCRYPT:
-            self._send_reply("Internal Error of some sort.".encode(), http.HTTPStatus.INTERNAL_SERVER_ERROR)
+            self._send_reply(b"Internal Error of some sort.", http.HTTPStatus.INTERNAL_SERVER_ERROR)
             return
-        elif kms_http_common.fault_type == kms_http_common.FAULT_ENCRYPT_WRONG_FIELDS:
+        if kms_http_common.fault_type == kms_http_common.FAULT_ENCRYPT_WRONG_FIELDS:
             response = {
                 "SomeBlob" : raw_ciphertext,
                 "KeyId" : "foo",
             }
 
             self._send_reply(json.dumps(response).encode('utf-8'))
             return
-        elif kms_http_common.fault_type == kms_http_common.FAULT_ENCRYPT_BAD_BASE64:
+        if kms_http_common.fault_type == kms_http_common.FAULT_ENCRYPT_BAD_BASE64:
             response = {
                 "CiphertextBlob" : "foo",
                 "KeyId" : "foo",
             }
 
             self._send_reply(json.dumps(response).encode('utf-8'))
             return
-        elif kms_http_common.fault_type == kms_http_common.FAULT_ENCRYPT_CORRECT_FORMAT:
+        if kms_http_common.fault_type == kms_http_common.FAULT_ENCRYPT_CORRECT_FORMAT:
             response = {
                 "__type" : "NotFoundException",
                 "Message" : "Error encrypting message",
@@ -190,23 +190,23 @@ def _do_decrypt(self, raw_input):
         }
 
         self._send_reply(json.dumps(response).encode('utf-8'))
-        return
+        return None
 
     def _do_decrypt_faults(self, blob):
         kms_http_common.stats.fault_calls += 1
 
         if kms_http_common.fault_type == kms_http_common.FAULT_DECRYPT:
-            self._send_reply("Internal Error of some sort.".encode(), http.HTTPStatus.INTERNAL_SERVER_ERROR)
+            self._send_reply(b"Internal Error of some sort.", http.HTTPStatus.INTERNAL_SERVER_ERROR)
             return
-        elif kms_http_common.fault_type == kms_http_common.FAULT_DECRYPT_WRONG_KEY:
+        if kms_http_common.fault_type == kms_http_common.FAULT_DECRYPT_WRONG_KEY:
             response = {
                 "Plaintext" : "ta7DXE7J0OiCRw03dYMJSeb8nVF5qxTmZ9zWmjuX4zW/SOorSCaY8VMTWG+cRInMx/rr/+QeVw2WjU2IpOSvMg==",
                 "KeyId" : "Not a clue",
             }
 
             self._send_reply(json.dumps(response).encode('utf-8'))
             return
-        elif kms_http_common.fault_type == kms_http_common.FAULT_DECRYPT_CORRECT_FORMAT:
+        if kms_http_common.fault_type == kms_http_common.FAULT_DECRYPT_CORRECT_FORMAT:
             response = {
                 "__type" : "NotFoundException",
                 "Message" : "Error decrypting message",

.evergreen/csfle/setup_secrets.py

@@ -15,13 +15,13 @@
 credentials = client.get_session_token()["Credentials"]
 
 with open('secrets-export.sh', 'ab') as fid:
-    fid.write(f'\nexport CSFLE_AWS_TEMP_ACCESS_KEY_ID="{credentials["AccessKeyId"]}"'.encode('utf8'))
-    fid.write(f'\nexport CSFLE_AWS_TEMP_SECRET_ACCESS_KEY="{credentials["SecretAccessKey"]}"'.encode('utf8'))
-    fid.write(f'\nexport CSFLE_AWS_TEMP_SESSION_TOKEN="{credentials["SessionToken"]}"'.encode('utf8'))
+    fid.write(f'\nexport CSFLE_AWS_TEMP_ACCESS_KEY_ID="{credentials["AccessKeyId"]}"'.encode())
+    fid.write(f'\nexport CSFLE_AWS_TEMP_SECRET_ACCESS_KEY="{credentials["SecretAccessKey"]}"'.encode())
+    fid.write(f'\nexport CSFLE_AWS_TEMP_SESSION_TOKEN="{credentials["SessionToken"]}"'.encode())
     for key in ['AWS_ACCESS_KEY_ID', 'AWS_SECRET_ACCESS_KEY', 'AWS_DEFAULT_REGION',
                 'AWS_SESSION_TOKEN', 'CSFLE_TLS_CA_FILE', 'CSFLE_TLS_CERT_FILE',
                 'CSFLE_TLS_CLIENT_CERT_FILE']:
-        fid.write(f'\nexport {key}="{os.environ[key]}"'.encode('utf8'))
-    fid.write('\n'.encode('utf8'))
+        fid.write(f'\nexport {key}="{os.environ[key]}"'.encode())
+    fid.write(b'\n')
 
 print("Getting CSFLE temp creds...done")