From 13def1f0b41990d6656e2f6921c8659f83f590cf Mon Sep 17 00:00:00 2001 From: Marc 'risson' Schmitt Date: Tue, 19 Nov 2024 18:50:01 +0100 Subject: [PATCH] lint Signed-off-by: Marc 'risson' Schmitt --- .../docs/install-config/install/aws/app.py | 104 ++++++++++++------ .../install/aws/fix_template.py | 2 +- 2 files changed, 69 insertions(+), 37 deletions(-) diff --git a/website/docs/install-config/install/aws/app.py b/website/docs/install-config/install/aws/app.py index 6201b0da5853e..7adc62e9ba48f 100755 --- a/website/docs/install-config/install/aws/app.py +++ b/website/docs/install-config/install/aws/app.py @@ -3,24 +3,36 @@ import json from aws_cdk import ( - CfnCondition, + App, CfnOutput, CfnParameter, Duration, - Fn, RemovalPolicy, - aws_s3 as s3, - aws_iam as iam, + Stack, +) +from aws_cdk import ( + aws_ec2 as ec2, +) +from aws_cdk import ( + aws_ecs as ecs, +) +from aws_cdk import ( + aws_elasticache as elasticache, +) +from aws_cdk import ( aws_elasticloadbalancingv2 as elbv2, - aws_autoscaling as autoscaling, +) +from aws_cdk import ( + aws_iam as iam, +) +from aws_cdk import ( aws_rds as rds, +) +from aws_cdk import ( + aws_s3 as s3, +) +from aws_cdk import ( aws_secretsmanager as secretsmanager, - aws_elasticache as elasticache, - aws_ec2 as ec2, - aws_ecs as ecs, - aws_ecs_patterns as ecs_patterns, - App, - Stack, ) from constructs import Construct @@ -136,13 +148,15 @@ def __init__(self, scope: Construct, id: str, **kwargs): ) certificate_arn = CfnParameter( - self, "CertificateARN", + self, + "CertificateARN", type="String", description="ACM certificate ARN for HTTPS access", ) authentik_domains = CfnParameter( - self, "AuthentikDomains", + self, + "AuthentikDomains", type="CommaDelimitedList", description="List of comma-separated domains from which authentik will be accessed", ) @@ -241,22 +255,26 @@ def __init__(self, scope: Construct, id: str, **kwargs): # S3 storage_media_s3_bucket = s3.Bucket( - self, "AuthentikS3MediaBucket", + self, + "AuthentikS3MediaBucket", bucket_name=storage_media_s3_bucket_name.value_as_string, removal_policy=RemovalPolicy.RETAIN, encryption=s3.BucketEncryption.S3_MANAGED, block_public_access=s3.BlockPublicAccess.BLOCK_ALL, enforce_ssl=True, - cors=[s3.CorsRule( - allowed_methods=[s3.HttpMethods.GET], - allowed_headers=["Authorization"], - allowed_origins=authentik_domains.value_as_list, - max_age=3000, - )], + cors=[ + s3.CorsRule( + allowed_methods=[s3.HttpMethods.GET], + allowed_headers=["Authorization"], + allowed_origins=authentik_domains.value_as_list, + max_age=3000, + ) + ], ) s3_access_role = iam.Role( - self, "AuthentikS3AccessRole", + self, + "AuthentikS3AccessRole", assumed_by=iam.ServicePrincipal("ecs-tasks.amazonaws.com"), ) storage_media_s3_bucket.grant_read_write(s3_access_role) @@ -274,18 +292,23 @@ def __init__(self, scope: Construct, id: str, **kwargs): } secrets = { - "AUTHENTIK_POSTGRESQL__PASSWORD": ecs.Secret.from_secrets_manager(db_password, field="password"), + "AUTHENTIK_POSTGRESQL__PASSWORD": ecs.Secret.from_secrets_manager( + db_password, field="password" + ), "AUTHENTIK_SECRET_KEY": ecs.Secret.from_secrets_manager(secret_key), } server_task = ecs.FargateTaskDefinition( - self, "AuthentikServerTask", + self, + "AuthentikServerTask", cpu=server_cpu.value_as_number, memory_limit_mib=server_memory.value_as_number, ) server_container = server_task.add_container( "AuthentikServerContainer", - image=ecs.ContainerImage.from_registry(f"{authentik_image.value_as_string}:{authentik_version.value_as_string}"), + image=ecs.ContainerImage.from_registry( + f"{authentik_image.value_as_string}:{authentik_version.value_as_string}" + ), command=["server"], environment=environment, secrets=secrets, @@ -301,7 +324,8 @@ def __init__(self, scope: Construct, id: str, **kwargs): ) server_container.add_port_mappings(ecs.PortMapping(container_port=9000)) server_service = ecs.FargateService( - self, "AuthentikServerService", + self, + "AuthentikServerService", cluster=cluster, task_definition=server_task, desired_count=server_desired_count.value_as_number, @@ -325,13 +349,16 @@ def __init__(self, scope: Construct, id: str, **kwargs): ) worker_task = ecs.FargateTaskDefinition( - self, "AuthentikWorkerTask", + self, + "AuthentikWorkerTask", cpu=worker_cpu.value_as_number, memory_limit_mib=worker_memory.value_as_number, ) - worker_container = worker_task.add_container( + worker_container = worker_task.add_container( # noqa: F841 "AuthentikWorkerContainer", - image=ecs.ContainerImage.from_registry(f"{authentik_image.value_as_string}:{authentik_version.value_as_string}"), + image=ecs.ContainerImage.from_registry( + f"{authentik_image.value_as_string}:{authentik_version.value_as_string}" + ), command=["worker"], environment=environment, secrets=secrets, @@ -345,8 +372,9 @@ def __init__(self, scope: Construct, id: str, **kwargs): timeout=Duration.seconds(30), ), ) - worker_service = ecs.FargateService( - self, "AuthentikWorkerService", + worker_service = ecs.FargateService( # noqa: F841 + self, + "AuthentikWorkerService", cluster=cluster, task_definition=worker_task, desired_count=worker_desired_count.value_as_number, @@ -372,21 +400,24 @@ def __init__(self, scope: Construct, id: str, **kwargs): # Load balancer lb = elbv2.ApplicationLoadBalancer( - self, "AuthentikALB", + self, + "AuthentikALB", vpc=vpc, internet_facing=True, ) - https_redirect = lb.add_listener( + https_redirect = lb.add_listener( # noqa: F841 "AuthentikHttpListener", port=80, - default_action=elbv2.ListenerAction.redirect(permanent=True, protocol="HTTPS") + default_action=elbv2.ListenerAction.redirect(permanent=True, protocol="HTTPS"), ) listener = lb.add_listener( "AuthentikHttpsListener", port=443, - certificates=[elbv2.ListenerCertificate(certificate_arn=certificate_arn.value_as_string)], + certificates=[ + elbv2.ListenerCertificate(certificate_arn=certificate_arn.value_as_string) + ], ) - target_group = listener.add_targets( + target_group = listener.add_targets( # noqa: F841 "AuthentikServerTarget", protocol=elbv2.ApplicationProtocol.HTTP, port=9000, @@ -398,7 +429,8 @@ def __init__(self, scope: Construct, id: str, **kwargs): ) CfnOutput( - self, "LoadBalancerDNS", + self, + "LoadBalancerDNS", value=lb.load_balancer_dns_name, ) diff --git a/website/docs/install-config/install/aws/fix_template.py b/website/docs/install-config/install/aws/fix_template.py index e1d02a3e4ada4..6fc3a367b916b 100755 --- a/website/docs/install-config/install/aws/fix_template.py +++ b/website/docs/install-config/install/aws/fix_template.py @@ -2,7 +2,7 @@ import yaml -with open("template.yaml", "r") as file: +with open("template.yaml") as file: template = yaml.safe_load(file) del template["Parameters"]["BootstrapVersion"] with open("template.yaml", "w") as file: