From 719515e77b7f3a295536c3e5b810f5d481e1855a Mon Sep 17 00:00:00 2001 From: Anton <125114167+EreminAnton@users.noreply.github.com> Date: Tue, 12 Nov 2024 14:03:44 +0500 Subject: [PATCH] fmt: pre-commit run -a --- examples/slack_app_configuration/main.tf | 8 ++++---- examples/slack_webhook_configuration/main.tf | 6 +++--- main.tf | 2 +- src/dynamodb.py | 2 +- src/main.py | 11 +++-------- src/requirements.txt | 6 +++--- 6 files changed, 15 insertions(+), 20 deletions(-) diff --git a/examples/slack_app_configuration/main.tf b/examples/slack_app_configuration/main.tf index 875f599..338fce9 100644 --- a/examples/slack_app_configuration/main.tf +++ b/examples/slack_app_configuration/main.tf @@ -74,7 +74,7 @@ locals { # Catch CloudTrail changes cloudtrail = "DeleteTrail,StopLogging,UpdateTrail" - + # All eventNames events_to_track = "${local.cloudtrail},${local.ec2},${local.config}" @@ -98,9 +98,9 @@ module "cloudtrail_to_slack" { # String of comma-separated eventNames that you want to track events_to_track = local.events_to_track - lambda_memory_size = 128 - lambda_timeout_seconds = 10 - log_level = "INFO" + lambda_memory_size = 128 + lambda_timeout_seconds = 10 + log_level = "INFO" push_access_denied_cloudwatch_metrics = true # Will push metrics to CloudWatch if access denied event is detected slack_bot_token = data.aws_ssm_parameter.slack_bot_token.value diff --git a/examples/slack_webhook_configuration/main.tf b/examples/slack_webhook_configuration/main.tf index 0ed763f..6cce5a3 100644 --- a/examples/slack_webhook_configuration/main.tf +++ b/examples/slack_webhook_configuration/main.tf @@ -107,9 +107,9 @@ module "cloudtrail_to_slack" { # String of comma-separated eventNames that you want to track events_to_track = local.events_to_track - lambda_memory_size = 128 - lambda_timeout_seconds = 10 - log_level = "INFO" + lambda_memory_size = 128 + lambda_timeout_seconds = 10 + log_level = "INFO" push_access_denied_cloudwatch_metrics = true # Will push metrics to CloudWatch if access denied event is detected default_slack_hook_url = data.aws_ssm_parameter.default_hook.value diff --git a/main.tf b/main.tf index 76d5d80..58996a3 100644 --- a/main.tf +++ b/main.tf @@ -51,7 +51,7 @@ module "lambda" { DYNAMODB_TIME_TO_LIVE = var.dynamodb_time_to_live DYNAMODB_TABLE_NAME = try(module.cloudtrail_to_slack_dynamodb_table[0].dynamodb_table_id, "") - USE_DEFAULT_RULES = var.use_default_rules + USE_DEFAULT_RULES = var.use_default_rules PUSH_ACCESS_DENIED_CLOUDWATCH_METRICS = var.push_access_denied_cloudwatch_metrics }, ) diff --git a/src/dynamodb.py b/src/dynamodb.py index 328743e..6fba294 100644 --- a/src/dynamodb.py +++ b/src/dynamodb.py @@ -20,7 +20,7 @@ def hash_user_identity_and_event_name(event: dict,) -> str | None: na_count = sum(x == "N/A" for x in [type, principalId, arn, accountId]) - # If more than 3 elements are "N/A", return None, cause we can't be shure that we will get a unique hash. + # If more than 3 elements are "N/A", return None, cause we can't be sure that we will get a unique hash. if na_count >= 3: # noqa: PLR2004 logger.info({"Not enough information to hash": {"event": event["userIdentity"]}}) return None diff --git a/src/main.py b/src/main.py index 9aa1831..dc6f082 100644 --- a/src/main.py +++ b/src/main.py @@ -43,7 +43,6 @@ def lambda_handler(s3_notification_event: Dict[str, List[Any]], _) -> int: # noqa: ANN001 - try: for record in s3_notification_event["Records"]: event_name: str = record["eventName"] @@ -107,7 +106,7 @@ def get_cloudtrail_log_records(record: Dict) -> Dict | None: # In case if we get something unexpected if "s3" not in record: - raise AssertionError(f"recieved record does not contain s3 section: {record}") + raise AssertionError(f"received record does not contain s3 section: {record}") bucket = record["s3"]["bucket"]["name"] key = urllib.parse.unquote_plus(record["s3"]["object"]["key"], encoding="utf-8") # type: ignore # noqa: PGH003, E501 # Do not process digest files @@ -151,11 +150,7 @@ def should_message_be_processed( logger.info( {"Event matched ignore rule and will not be processed": {"ignore_rule": ignore_rule, "flat_event": flat_event}} ) # noqa: E501 - return ProcessingResult( - should_be_processed=False, - errors=errors, - is_ignored=True - ) + return ProcessingResult(should_be_processed=False, errors=errors, is_ignored=True) except Exception as e: logger.exception({"Event parsing failed": {"error": e, "ignore_rule": ignore_rule, "flat_event": flat_event}}) # noqa: E501 errors.append({"error": e, "rule": ignore_rule}) @@ -231,7 +226,7 @@ def handle_event( slack_config=slack_config, ) - logger.debug({"Processing result": {"result":result}}) + logger.debug({"Processing result": {"result": result}}) if flatten_json(event).get("errorCode", "").startswith(("AccessDenied")): logger.info("Event is AccessDenied") diff --git a/src/requirements.txt b/src/requirements.txt index e366099..820ffae 100644 --- a/src/requirements.txt +++ b/src/requirements.txt @@ -96,6 +96,6 @@ tomli==2.0.1 ; python_full_version == "3.10.10" \ typing-extensions==4.10.0 ; python_full_version == "3.10.10" \ --hash=sha256:69b1a937c3a517342112fb4c6df7e72fc39a38e7891a5730ed4985b5214b5475 \ --hash=sha256:b0abd7c89e8fb96f98db18d86106ff1d90ab692004eb746cf6eda2682f91b3cb -urllib3==1.26.19 ; python_full_version == "3.10.10" \ - --hash=sha256:37a0344459b199fce0e80b0d3569837ec6b6937435c5244e7fd73fa6006830f3 \ - --hash=sha256:3e3d753a8618b86d7de333b4223005f68720bcd6a7d2bcb9fbd2229ec7c1e429 +urllib3==1.26.16 ; python_full_version == "3.10.10" \ + --hash=sha256:8d36afa7616d8ab714608411b4a3b13e58f463aee519024578e062e141dce20f \ + --hash=sha256:8f135f6502756bde6b2a9b28989df5fbe87c9970cecaa69041edcce7f0589b14