apply ruff-format to all files

Author: gruebel

.pre-commit-config.yaml

@@ -13,9 +13,8 @@ repos:
     rev: v0.5.3
     hooks:
       - id: ruff
-        files: ^(policy_sentry/|setup.py)
+        files: ^(examples/|policy_sentry/|utils/|setup.py)
       - id: ruff-format
-        files: ^(policy_sentry/|setup.py)
   - repo: https://github.com/Lucas-C/pre-commit-hooks-safety
     rev: v1.3.3
     hooks:

examples/library-usage/analysis/analyze_by_access_level.py

@@ -1,8 +1,9 @@
 #!/usr/bin/env python
-from policy_sentry.analysis.analyze import analyze_by_access_level
 import json
 
-if __name__ == '__main__':
+from policy_sentry.analysis.analyze import analyze_by_access_level
+
+if __name__ == "__main__":
     permissions_management_policy = {
         "Version": "2012-10-17",
         "Statement": [
@@ -19,9 +20,9 @@
                     "ecr:ListImages",
                     "ecr:DescribeImages",
                 ],
-                "Resource": "*"
+                "Resource": "*",
             }
-        ]
+        ],
     }
     permissions_management_actions = analyze_by_access_level(permissions_management_policy, "Permissions management")
     print(json.dumps(permissions_management_actions, indent=4))

examples/library-usage/analysis/expand_actions_from_policy.py

@@ -1,25 +1,25 @@
 #!/usr/bin/env python
 
-from policy_sentry.util.policy_files import get_actions_from_policy
-from policy_sentry.analysis.analyze import determine_actions_to_expand
 import json
 
+from policy_sentry.analysis.analyze import determine_actions_to_expand
+from policy_sentry.util.policy_files import get_actions_from_policy
+
 POLICY_JSON_TO_EXPAND = {
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Effect": "Allow",
-      "Action": [
-        "cloud9:*",
-      ],
-      "Resource": "*"
-    }
-  ]
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "cloud9:*",
+            ],
+            "Resource": "*",
+        }
+    ],
 }
 
 
-if __name__ == '__main__':
-
+if __name__ == "__main__":
     requested_actions = get_actions_from_policy(POLICY_JSON_TO_EXPAND)
     expanded_actions = determine_actions_to_expand(requested_actions)
     print(json.dumps(expanded_actions, indent=4))

examples/library-usage/example.py

@@ -1,16 +1,19 @@
 #! /usr/bin/env python
 
-from policy_sentry.querying.actions import get_actions_for_service, get_actions_with_access_level
+from policy_sentry.querying.actions import (
+    get_actions_for_service,
+    get_actions_with_access_level,
+)
 
 
-def example():
-    actions = get_actions_for_service('cloud9')
+def example() -> None:
+    actions = get_actions_for_service("cloud9")
     print(actions)
-    actions = get_actions_with_access_level('s3', 'Permissions management')
+    actions = get_actions_with_access_level("s3", "Permissions management")
     print(actions)
 
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     print("Executing example")
     example()
     print("Done with example")

examples/library-usage/querying/actions/get_action_data.py

@@ -1,11 +1,11 @@
 #!/usr/bin/env python
 
-from policy_sentry.querying.actions import get_action_data
 import json
 
-if __name__ == '__main__':
+from policy_sentry.querying.actions import get_action_data
 
-    output = get_action_data('ram', 'createresourceshare')
+if __name__ == "__main__":
+    output = get_action_data("ram", "createresourceshare")
     print(json.dumps(output, indent=4))
 
 """

examples/library-usage/querying/actions/get_actions_for_service.py

@@ -1,9 +1,10 @@
 #!/usr/bin/env python
-from policy_sentry.querying.actions import get_actions_for_service
 import json
 
-if __name__ == '__main__':
-    output = get_actions_for_service('cloud9')
+from policy_sentry.querying.actions import get_actions_for_service
+
+if __name__ == "__main__":
+    output = get_actions_for_service("cloud9")
     print(json.dumps(output, indent=4))
 
 """

examples/library-usage/querying/actions/get_actions_matching_condition_key.py

@@ -1,10 +1,10 @@
 #!/usr/bin/env python
 
-from policy_sentry.querying.actions import get_actions_matching_condition_key
 import json
 
-if __name__ == '__main__':
+from policy_sentry.querying.actions import get_actions_matching_condition_key
 
+if __name__ == "__main__":
     output = get_actions_matching_condition_key("ses", "ses:FeedbackAddress")
     print(json.dumps(output, indent=4))
 

examples/library-usage/querying/actions/get_actions_that_support_wildcard_arns_only.py

@@ -1,10 +1,10 @@
 #!/usr/bin/env python
 
-from policy_sentry.querying.actions import get_actions_that_support_wildcard_arns_only
 import json
 
-if __name__ == '__main__':
+from policy_sentry.querying.actions import get_actions_that_support_wildcard_arns_only
 
+if __name__ == "__main__":
     output = get_actions_that_support_wildcard_arns_only("secretsmanager")
     print(json.dumps(output, indent=4))
 

examples/library-usage/querying/actions/get_actions_with_access_level.py

@@ -1,11 +1,11 @@
 #!/usr/bin/env python
 
-from policy_sentry.querying.actions import get_actions_with_access_level
 import json
 
-if __name__ == '__main__':
+from policy_sentry.querying.actions import get_actions_with_access_level
 
-    output = get_actions_with_access_level('s3', 'Permissions management')
+if __name__ == "__main__":
+    output = get_actions_with_access_level("s3", "Permissions management")
     print(json.dumps(output, indent=4))
 
 """

examples/library-usage/querying/actions/get_actions_with_arn_type_and_access_level.py

@@ -1,10 +1,10 @@
 #!/usr/bin/env python
 
-from policy_sentry.querying.actions import get_actions_with_arn_type_and_access_level
 import json
 
-if __name__ == '__main__':
+from policy_sentry.querying.actions import get_actions_with_arn_type_and_access_level
 
+if __name__ == "__main__":
     output = get_actions_with_arn_type_and_access_level("ram", "resource-share", "Permissions management")
     print(json.dumps(output, indent=4))
 

examples/library-usage/querying/actions/get_all_actions_with_access_level.py

@@ -1,11 +1,11 @@
 #!/usr/bin/env python
 
-from policy_sentry.querying.actions import get_actions_with_access_level
 import json
 
-if __name__ == '__main__':
+from policy_sentry.querying.actions import get_actions_with_access_level
 
-    output = get_actions_with_access_level('all', 'Permissions management')
+if __name__ == "__main__":
+    output = get_actions_with_access_level("all", "Permissions management")
     print(json.dumps(output, indent=4))
 
 """

examples/library-usage/querying/actions/get_dependent_actions.py

@@ -1,10 +1,10 @@
 #!/usr/bin/env python
 
-from policy_sentry.querying.actions import get_dependent_actions
 import json
 
-if __name__ == '__main__':
+from policy_sentry.querying.actions import get_dependent_actions
 
+if __name__ == "__main__":
     output = get_dependent_actions(["ec2:associateiaminstanceprofile"])
     print(json.dumps(output, indent=4))
 

examples/library-usage/querying/all/get_all_actions.py

@@ -2,9 +2,7 @@
 
 from policy_sentry.querying.all import get_all_actions
 
-
-if __name__ == '__main__':
-
+if __name__ == "__main__":
     all_actions = get_all_actions()  # returns a set
     all_actions = list(all_actions)  # convert to list
     all_actions.sort()  # sort in alphabetical order

examples/library-usage/querying/all/get_all_service_prefixes.py

@@ -2,9 +2,7 @@
 
 from policy_sentry.querying.all import get_all_service_prefixes
 
-
-if __name__ == '__main__':
-
+if __name__ == "__main__":
     all_service_prefixes = get_all_service_prefixes()
     print(all_service_prefixes)
 

examples/library-usage/querying/arns/get_arn_type_details.py

@@ -1,10 +1,10 @@
 #!/usr/bin/env python
 
-from policy_sentry.querying.arns import get_arn_type_details
 import json
 
-if __name__ == '__main__':
+from policy_sentry.querying.arns import get_arn_type_details
 
+if __name__ == "__main__":
     output = get_arn_type_details("cloud9", "environment")
     print(json.dumps(output, indent=4))
 

examples/library-usage/querying/arns/get_arn_types_for_service.py

@@ -1,10 +1,10 @@
 #!/usr/bin/env python
 
-from policy_sentry.querying.arns import get_arn_types_for_service
 import json
 
-if __name__ == '__main__':
+from policy_sentry.querying.arns import get_arn_types_for_service
 
+if __name__ == "__main__":
     output = get_arn_types_for_service("s3")
     print(json.dumps(output, indent=4))
 

examples/library-usage/querying/arns/get_raw_arns_for_service.py

@@ -1,10 +1,10 @@
 #!/usr/bin/env python
 
-from policy_sentry.querying.arns import get_raw_arns_for_service
 import json
 
-if __name__ == '__main__':
+from policy_sentry.querying.arns import get_raw_arns_for_service
 
+if __name__ == "__main__":
     output = get_raw_arns_for_service("s3")
     print(json.dumps(output, indent=4))
 

examples/library-usage/querying/conditions/get_condition_key_details.py

@@ -1,10 +1,10 @@
 #!/usr/bin/env python
 
-from policy_sentry.querying.conditions import get_condition_key_details
 import json
 
-if __name__ == '__main__':
+from policy_sentry.querying.conditions import get_condition_key_details
 
+if __name__ == "__main__":
     output = get_condition_key_details("cloud9", "cloud9:Permissions")
     print(json.dumps(output, indent=4))
 

examples/library-usage/querying/conditions/get_condition_keys_for_service.py

@@ -1,10 +1,10 @@
 #!/usr/bin/env python
 
-from policy_sentry.querying.conditions import get_condition_keys_for_service
 import json
 
-if __name__ == '__main__':
+from policy_sentry.querying.conditions import get_condition_keys_for_service
 
+if __name__ == "__main__":
     output = get_condition_keys_for_service("cloud9")
     print(json.dumps(output, indent=4))
 

examples/library-usage/util/does_arn_match.py

@@ -1,13 +1,38 @@
 #!/usr/bin/env python
 from policy_sentry.util.arns import does_arn_match
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     print(does_arn_match("arn:aws:s3:::bucket_name", "arn:${Partition}:s3:::${BucketName}"))
-    print(does_arn_match("arn:aws:codecommit:us-east-1:123456789012:MyDemoRepo", "arn:${Partition}:codecommit:${Region}:${Account}:${RepositoryName}"))
-    print(does_arn_match("arn:aws:ssm:us-east-1:123456789012:parameter/test", "arn:${Partition}:ssm:${Region}:${Account}:parameter/${FullyQualifiedParameterName}"))
-    print(does_arn_match("arn:aws:batch:region:account-id:job-definition/job-name:revision", "arn:${Partition}:batch:${Region}:${Account}:job-definition/${JobDefinitionName}:${Revision}"))
-    print(does_arn_match("arn:aws:states:region:account-id:stateMachine:stateMachineName", "arn:${Partition}:states:${Region}:${Account}:stateMachine:${StateMachineName}"))
-    print(does_arn_match("arn:aws:states:region:account-id:execution:stateMachineName:executionName", "arn:${Partition}:states:${Region}:${Account}:execution:${StateMachineName}:${ExecutionId}"))
+    print(
+        does_arn_match(
+            "arn:aws:codecommit:us-east-1:123456789012:MyDemoRepo",
+            "arn:${Partition}:codecommit:${Region}:${Account}:${RepositoryName}",
+        )
+    )
+    print(
+        does_arn_match(
+            "arn:aws:ssm:us-east-1:123456789012:parameter/test",
+            "arn:${Partition}:ssm:${Region}:${Account}:parameter/${FullyQualifiedParameterName}",
+        )
+    )
+    print(
+        does_arn_match(
+            "arn:aws:batch:region:account-id:job-definition/job-name:revision",
+            "arn:${Partition}:batch:${Region}:${Account}:job-definition/${JobDefinitionName}:${Revision}",
+        )
+    )
+    print(
+        does_arn_match(
+            "arn:aws:states:region:account-id:stateMachine:stateMachineName",
+            "arn:${Partition}:states:${Region}:${Account}:stateMachine:${StateMachineName}",
+        )
+    )
+    print(
+        does_arn_match(
+            "arn:aws:states:region:account-id:execution:stateMachineName:executionName",
+            "arn:${Partition}:states:${Region}:${Account}:execution:${StateMachineName}:${ExecutionId}",
+        )
+    )
 
 
 """

examples/library-usage/writing/write_policy_with_access_levels.py

@@ -1,19 +1,19 @@
 #!/usr/bin/env python
 
-from policy_sentry.writing.template import get_crud_template_dict
-from policy_sentry.command.write_policy import write_policy_with_template
 import json
 
+from policy_sentry.command.write_policy import write_policy_with_template
+from policy_sentry.writing.template import get_crud_template_dict
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     crud_template = get_crud_template_dict()
-    crud_template['read'].append("arn:aws:secretsmanager:us-east-1:123456789012:secret:mysecret")
-    crud_template['write'].append("arn:aws:secretsmanager:us-east-1:123456789012:secret:mysecret")
-    crud_template['list'].append("arn:aws:s3:::mybucket/stuff")
-    crud_template['permissions-management'].append("arn:aws:kms:us-east-1:123456789012:key/123456")
+    crud_template["read"].append("arn:aws:secretsmanager:us-east-1:123456789012:secret:mysecret")
+    crud_template["write"].append("arn:aws:secretsmanager:us-east-1:123456789012:secret:mysecret")
+    crud_template["list"].append("arn:aws:s3:::mybucket/stuff")
+    crud_template["permissions-management"].append("arn:aws:kms:us-east-1:123456789012:key/123456")
     wildcard_actions_to_add = ["kms:createcustomkeystore", "cloudhsm:describeclusters"]
-    crud_template['wildcard-only']['single-actions'].extend(wildcard_actions_to_add)
-    crud_template['tagging'].append("arn:aws:ssm:us-east-1:123456789012:parameter/test")
+    crud_template["wildcard-only"]["single-actions"].extend(wildcard_actions_to_add)
+    crud_template["tagging"].append("arn:aws:ssm:us-east-1:123456789012:parameter/test")
     policy = write_policy_with_template(crud_template)
     print(json.dumps(policy, indent=4))
 

examples/library-usage/writing/write_policy_with_actions.py

@@ -1,16 +1,19 @@
 #!/usr/bin/env python
 
-from policy_sentry.writing.template import get_actions_template_dict
-from policy_sentry.command.write_policy import write_policy_with_template
 import json
 
+from policy_sentry.command.write_policy import write_policy_with_template
+from policy_sentry.writing.template import get_actions_template_dict
 
-if __name__ == '__main__':
-
+if __name__ == "__main__":
     actions_template = get_actions_template_dict()
-    actions_to_add = ['kms:CreateGrant', 'kms:CreateCustomKeyStore', 'ec2:AuthorizeSecurityGroupEgress',
-                      'ec2:AuthorizeSecurityGroupIngress']
-    actions_template['actions'].extend(actions_to_add)
+    actions_to_add = [
+        "kms:CreateGrant",
+        "kms:CreateCustomKeyStore",
+        "ec2:AuthorizeSecurityGroupEgress",
+        "ec2:AuthorizeSecurityGroupIngress",
+    ]
+    actions_template["actions"].extend(actions_to_add)
     policy = write_policy_with_template(actions_template)
     print(json.dumps(policy, indent=4))