[pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci
This commit is contained in:
pre-commit-ci[bot] 2026-06-02 14:21:36 +00:00
parent 6f0f112e53
commit bf3835367d
3 changed files with 24 additions and 17 deletions

View file

@ -2,15 +2,17 @@ from __future__ import annotations
import argparse import argparse
import configparser import configparser
import json
import os import os
from collections.abc import Sequence from collections.abc import Sequence
from typing import NamedTuple from typing import NamedTuple
import json
class BadFile(NamedTuple): class BadFile(NamedTuple):
filename: str filename: str
key: str key: str
def get_aws_cred_files_from_env() -> set[str]: def get_aws_cred_files_from_env() -> set[str]:
"""Extract credential file paths from environment variables.""" """Extract credential file paths from environment variables."""
return { return {
@ -22,6 +24,7 @@ def get_aws_cred_files_from_env() -> set[str]:
if env_var in os.environ if env_var in os.environ
} }
def get_aws_secrets_from_env() -> set[str]: def get_aws_secrets_from_env() -> set[str]:
"""Extract AWS secrets from environment variables.""" """Extract AWS secrets from environment variables."""
keys = set() keys = set()
@ -32,6 +35,7 @@ def get_aws_secrets_from_env() -> set[str]:
keys.add(os.environ[env_var]) keys.add(os.environ[env_var])
return keys return keys
def get_aws_secrets_from_json_file(json_credentials_file: str) -> set[str]: def get_aws_secrets_from_json_file(json_credentials_file: str) -> set[str]:
"""Extract AWS secrets from JSON configuration files. """Extract AWS secrets from JSON configuration files.
@ -42,7 +46,7 @@ def get_aws_secrets_from_json_file(json_credentials_file: str) -> set[str]:
if not os.path.exists(aws_credentials_file_path): if not os.path.exists(aws_credentials_file_path):
return set() return set()
with open(aws_credentials_file_path, 'r') as f: with open(aws_credentials_file_path) as f:
try: try:
data = json.load(f) data = json.load(f)
except json.JSONDecodeError: except json.JSONDecodeError:
@ -55,7 +59,7 @@ def get_aws_secrets_from_json_file(json_credentials_file: str) -> set[str]:
'SessionToken', 'SessionToken',
'aws_secret_access_key', 'aws_secret_access_key',
'aws_security_token', 'aws_security_token',
'aws_session_token' 'aws_session_token',
): ):
if var in data.get('Credentials', {}): if var in data.get('Credentials', {}):
keys.add(data['Credentials'][var]) keys.add(data['Credentials'][var])
@ -156,8 +160,10 @@ def main(argv: Sequence[str] | None = None) -> int:
if os.path.isdir(os.path.expanduser(json_credential_dir)): if os.path.isdir(os.path.expanduser(json_credential_dir)):
for file in os.listdir(os.path.expanduser(json_credential_dir)): for file in os.listdir(os.path.expanduser(json_credential_dir)):
if file.endswith('.json'): if file.endswith('.json'):
(json_credential_files (
.add(os.path.join(json_credential_dir, file))) json_credential_files
.add(os.path.join(json_credential_dir, file))
)
# Add the credentials files configured via environment variables to the set # Add the credentials files configured via environment variables to the set
# of files to to gather AWS secrets from. # of files to to gather AWS secrets from.

View file

@ -68,19 +68,20 @@ def test_get_aws_secrets_from_env(env_vars, values):
with patch.dict('os.environ', env_vars, clear=True): with patch.dict('os.environ', env_vars, clear=True):
assert get_aws_secrets_from_env() == values assert get_aws_secrets_from_env() == values
@pytest.mark.parametrize( @pytest.mark.parametrize(
('filename', 'expected_keys'), ('filename', 'expected_keys'),
( (
( (
'aws_temp_secrets_file.json', 'aws_temp_secrets_file.json',
{ {
"tempAccessKeyId", 'tempAccessKeyId',
"tempSecretAccessKey", 'tempSecretAccessKey',
"tempSessionToken" 'tempSessionToken',
}, },
), ),
('nonsense.txt', set()), ('nonsense.txt', set()),
('ok_json.json', set()), ('ok_json.json', set()),
), ),
) )
def test_get_aws_secrets_from_json_file(filename, expected_keys): def test_get_aws_secrets_from_json_file(filename, expected_keys):