From bf3835367d37f05b9511d91221aef926614b5b66 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 2 Jun 2026 14:21:36 +0000 Subject: [PATCH] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- pre_commit_hooks/detect_aws_credentials.py | 18 +++++++++++------ testing/resources/aws_temp_secrets_file.json | 2 +- tests/detect_aws_credentials_test.py | 21 ++++++++++---------- 3 files changed, 24 insertions(+), 17 deletions(-) diff --git a/pre_commit_hooks/detect_aws_credentials.py b/pre_commit_hooks/detect_aws_credentials.py index b704bf8..93077f3 100644 --- a/pre_commit_hooks/detect_aws_credentials.py +++ b/pre_commit_hooks/detect_aws_credentials.py @@ -2,15 +2,17 @@ from __future__ import annotations import argparse import configparser +import json import os from collections.abc import Sequence from typing import NamedTuple -import json + class BadFile(NamedTuple): filename: str key: str + def get_aws_cred_files_from_env() -> set[str]: """Extract credential file paths from environment variables.""" return { @@ -22,6 +24,7 @@ def get_aws_cred_files_from_env() -> set[str]: if env_var in os.environ } + def get_aws_secrets_from_env() -> set[str]: """Extract AWS secrets from environment variables.""" keys = set() @@ -32,6 +35,7 @@ def get_aws_secrets_from_env() -> set[str]: keys.add(os.environ[env_var]) return keys + def get_aws_secrets_from_json_file(json_credentials_file: str) -> set[str]: """Extract AWS secrets from JSON configuration files. @@ -42,7 +46,7 @@ def get_aws_secrets_from_json_file(json_credentials_file: str) -> set[str]: if not os.path.exists(aws_credentials_file_path): return set() - with open(aws_credentials_file_path, 'r') as f: + with open(aws_credentials_file_path) as f: try: data = json.load(f) except json.JSONDecodeError: @@ -55,7 +59,7 @@ def get_aws_secrets_from_json_file(json_credentials_file: str) -> set[str]: 'SessionToken', 'aws_secret_access_key', 'aws_security_token', - 'aws_session_token' + 'aws_session_token', ): if var in data.get('Credentials', {}): keys.add(data['Credentials'][var]) @@ -156,8 +160,10 @@ def main(argv: Sequence[str] | None = None) -> int: if os.path.isdir(os.path.expanduser(json_credential_dir)): for file in os.listdir(os.path.expanduser(json_credential_dir)): if file.endswith('.json'): - (json_credential_files - .add(os.path.join(json_credential_dir, file))) + ( + json_credential_files + .add(os.path.join(json_credential_dir, file)) + ) # Add the credentials files configured via environment variables to the set # of files to to gather AWS secrets from. @@ -195,4 +201,4 @@ def main(argv: Sequence[str] | None = None) -> int: if __name__ == '__main__': - raise SystemExit(main()) \ No newline at end of file + raise SystemExit(main()) diff --git a/testing/resources/aws_temp_secrets_file.json b/testing/resources/aws_temp_secrets_file.json index fbf14c9..a7b106c 100644 --- a/testing/resources/aws_temp_secrets_file.json +++ b/testing/resources/aws_temp_secrets_file.json @@ -4,4 +4,4 @@ "secretAccessKey": "tempSecretAccessKey", "sessionToken": "tempSessionToken" } -} \ No newline at end of file +} diff --git a/tests/detect_aws_credentials_test.py b/tests/detect_aws_credentials_test.py index fc0ade5..c3bfea0 100644 --- a/tests/detect_aws_credentials_test.py +++ b/tests/detect_aws_credentials_test.py @@ -68,19 +68,20 @@ def test_get_aws_secrets_from_env(env_vars, values): with patch.dict('os.environ', env_vars, clear=True): assert get_aws_secrets_from_env() == values + @pytest.mark.parametrize( ('filename', 'expected_keys'), ( - ( - 'aws_temp_secrets_file.json', - { - "tempAccessKeyId", - "tempSecretAccessKey", - "tempSessionToken" - }, - ), - ('nonsense.txt', set()), - ('ok_json.json', set()), + ( + 'aws_temp_secrets_file.json', + { + 'tempAccessKeyId', + 'tempSecretAccessKey', + 'tempSessionToken', + }, + ), + ('nonsense.txt', set()), + ('ok_json.json', set()), ), ) def test_get_aws_secrets_from_json_file(filename, expected_keys):