lint

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

website/docs/install-config/install/aws/app.py

@@ -3,24 +3,36 @@
 import json
 
 from aws_cdk import (
-    CfnCondition,
+    App,
     CfnOutput,
     CfnParameter,
     Duration,
-    Fn,
     RemovalPolicy,
-    aws_s3 as s3,
-    aws_iam as iam,
+    Stack,
+)
+from aws_cdk import (
+    aws_ec2 as ec2,
+)
+from aws_cdk import (
+    aws_ecs as ecs,
+)
+from aws_cdk import (
+    aws_elasticache as elasticache,
+)
+from aws_cdk import (
     aws_elasticloadbalancingv2 as elbv2,
-    aws_autoscaling as autoscaling,
+)
+from aws_cdk import (
+    aws_iam as iam,
+)
+from aws_cdk import (
     aws_rds as rds,
+)
+from aws_cdk import (
+    aws_s3 as s3,
+)
+from aws_cdk import (
     aws_secretsmanager as secretsmanager,
-    aws_elasticache as elasticache,
-    aws_ec2 as ec2,
-    aws_ecs as ecs,
-    aws_ecs_patterns as ecs_patterns,
-    App,
-    Stack,
 )
 from constructs import Construct
 
@@ -136,13 +148,15 @@ def __init__(self, scope: Construct, id: str, **kwargs):
         )
 
         certificate_arn = CfnParameter(
-            self, "CertificateARN",
+            self,
+            "CertificateARN",
             type="String",
             description="ACM certificate ARN for HTTPS access",
         )
 
         authentik_domains = CfnParameter(
-            self, "AuthentikDomains",
+            self,
+            "AuthentikDomains",
             type="CommaDelimitedList",
             description="List of comma-separated domains from which authentik will be accessed",
         )
@@ -241,22 +255,26 @@ def __init__(self, scope: Construct, id: str, **kwargs):
         # S3
 
         storage_media_s3_bucket = s3.Bucket(
-            self, "AuthentikS3MediaBucket",
+            self,
+            "AuthentikS3MediaBucket",
             bucket_name=storage_media_s3_bucket_name.value_as_string,
             removal_policy=RemovalPolicy.RETAIN,
             encryption=s3.BucketEncryption.S3_MANAGED,
             block_public_access=s3.BlockPublicAccess.BLOCK_ALL,
             enforce_ssl=True,
-            cors=[s3.CorsRule(
-                allowed_methods=[s3.HttpMethods.GET],
-                allowed_headers=["Authorization"],
-                allowed_origins=authentik_domains.value_as_list,
-                max_age=3000,
-            )],
+            cors=[
+                s3.CorsRule(
+                    allowed_methods=[s3.HttpMethods.GET],
+                    allowed_headers=["Authorization"],
+                    allowed_origins=authentik_domains.value_as_list,
+                    max_age=3000,
+                )
+            ],
         )
 
         s3_access_role = iam.Role(
-            self, "AuthentikS3AccessRole",
+            self,
+            "AuthentikS3AccessRole",
             assumed_by=iam.ServicePrincipal("ecs-tasks.amazonaws.com"),
         )
         storage_media_s3_bucket.grant_read_write(s3_access_role)
@@ -274,18 +292,23 @@ def __init__(self, scope: Construct, id: str, **kwargs):
         }
 
         secrets = {
-            "AUTHENTIK_POSTGRESQL__PASSWORD": ecs.Secret.from_secrets_manager(db_password, field="password"),
+            "AUTHENTIK_POSTGRESQL__PASSWORD": ecs.Secret.from_secrets_manager(
+                db_password, field="password"
+            ),
             "AUTHENTIK_SECRET_KEY": ecs.Secret.from_secrets_manager(secret_key),
         }
 
         server_task = ecs.FargateTaskDefinition(
-            self, "AuthentikServerTask",
+            self,
+            "AuthentikServerTask",
             cpu=server_cpu.value_as_number,
             memory_limit_mib=server_memory.value_as_number,
         )
         server_container = server_task.add_container(
             "AuthentikServerContainer",
-            image=ecs.ContainerImage.from_registry(f"{authentik_image.value_as_string}:{authentik_version.value_as_string}"),
+            image=ecs.ContainerImage.from_registry(
+                f"{authentik_image.value_as_string}:{authentik_version.value_as_string}"
+            ),
             command=["server"],
             environment=environment,
             secrets=secrets,
@@ -301,7 +324,8 @@ def __init__(self, scope: Construct, id: str, **kwargs):
         )
         server_container.add_port_mappings(ecs.PortMapping(container_port=9000))
         server_service = ecs.FargateService(
-            self, "AuthentikServerService",
+            self,
+            "AuthentikServerService",
             cluster=cluster,
             task_definition=server_task,
             desired_count=server_desired_count.value_as_number,
@@ -325,13 +349,16 @@ def __init__(self, scope: Construct, id: str, **kwargs):
         )
 
         worker_task = ecs.FargateTaskDefinition(
-            self, "AuthentikWorkerTask",
+            self,
+            "AuthentikWorkerTask",
             cpu=worker_cpu.value_as_number,
             memory_limit_mib=worker_memory.value_as_number,
         )
-        worker_container = worker_task.add_container(
+        worker_container = worker_task.add_container(  # noqa: F841
             "AuthentikWorkerContainer",
-            image=ecs.ContainerImage.from_registry(f"{authentik_image.value_as_string}:{authentik_version.value_as_string}"),
+            image=ecs.ContainerImage.from_registry(
+                f"{authentik_image.value_as_string}:{authentik_version.value_as_string}"
+            ),
             command=["worker"],
             environment=environment,
             secrets=secrets,
@@ -345,8 +372,9 @@ def __init__(self, scope: Construct, id: str, **kwargs):
                 timeout=Duration.seconds(30),
             ),
         )
-        worker_service = ecs.FargateService(
-            self, "AuthentikWorkerService",
+        worker_service = ecs.FargateService(  # noqa: F841
+            self,
+            "AuthentikWorkerService",
             cluster=cluster,
             task_definition=worker_task,
             desired_count=worker_desired_count.value_as_number,
@@ -372,21 +400,24 @@ def __init__(self, scope: Construct, id: str, **kwargs):
         # Load balancer
 
         lb = elbv2.ApplicationLoadBalancer(
-            self, "AuthentikALB",
+            self,
+            "AuthentikALB",
             vpc=vpc,
             internet_facing=True,
         )
-        https_redirect = lb.add_listener(
+        https_redirect = lb.add_listener(  # noqa: F841
             "AuthentikHttpListener",
             port=80,
-            default_action=elbv2.ListenerAction.redirect(permanent=True, protocol="HTTPS")
+            default_action=elbv2.ListenerAction.redirect(permanent=True, protocol="HTTPS"),
         )
         listener = lb.add_listener(
             "AuthentikHttpsListener",
             port=443,
-            certificates=[elbv2.ListenerCertificate(certificate_arn=certificate_arn.value_as_string)],
+            certificates=[
+                elbv2.ListenerCertificate(certificate_arn=certificate_arn.value_as_string)
+            ],
         )
-        target_group = listener.add_targets(
+        target_group = listener.add_targets(  # noqa: F841
             "AuthentikServerTarget",
             protocol=elbv2.ApplicationProtocol.HTTP,
             port=9000,
@@ -398,7 +429,8 @@ def __init__(self, scope: Construct, id: str, **kwargs):
         )
 
         CfnOutput(
-            self, "LoadBalancerDNS",
+            self,
+            "LoadBalancerDNS",
             value=lb.load_balancer_dns_name,
         )
 

website/docs/install-config/install/aws/fix_template.py

@@ -2,7 +2,7 @@
 
 import yaml
 
-with open("template.yaml", "r") as file:
+with open("template.yaml") as file:
     template = yaml.safe_load(file)
     del template["Parameters"]["BootstrapVersion"]
 with open("template.yaml", "w") as file: