DRIVERS-3019 Add ruff linter and apply fixes

.evergreen/auth_aws/aws_tester.py

@@ -1,17 +1,16 @@
-#!/usr/bin/env python3
 """
 Script for testing MONGDOB-AWS authentication.
 """
 import argparse
-import os
 import json
-import sys
+import os
 import subprocess
+import sys
 from functools import partial
+from urllib.parse import quote_plus
 
 from pymongo import MongoClient
 from pymongo.errors import OperationFailure
-from urllib.parse import quote_plus
 
 HERE = os.path.abspath(os.path.dirname(__file__))
 
@@ -20,10 +19,10 @@ def join(*parts):
 
 
 sys.path.insert(0, join(HERE, 'lib'))
-from util import get_key as _get_key
+from aws_assign_instance_profile import _assign_instance_policy
 from aws_assume_role import _assume_role
 from aws_assume_web_role import _assume_role_with_web_identity
-from aws_assign_instance_profile import _assign_instance_policy
+from util import get_key as _get_key
 
 ASSUMED_ROLE = "arn:aws:sts::557821124784:assumed-role/authtest_user_assume_role/*"
 ASSUMED_WEB_ROLE = "arn:aws:sts::857654397073:assumed-role/webIdentityTestRole/*"
@@ -44,7 +43,7 @@ def join(*parts):
 def run(args, env):
     """Run a python command in a subprocess."""
     env.update(os.environ.copy())
-    return subprocess.run([sys.executable] + args, env=env).returncode
+    return subprocess.run([sys.executable, *args], env=env, check=False).returncode
 
 
 def create_user(user, kwargs):

.evergreen/auth_aws/lib/aws_assign_instance_profile.py

@@ -1,20 +1,18 @@
-#!/usr/bin/env python3
 """
 Script for assign an instance policy to the current machine.
 """
 
 import argparse
-import urllib.request
-import logging
 import json
+import logging
 import os
 import sys
 import time
+import urllib.request
 from functools import partial
 
 import boto3
 import botocore
-
 from util import get_key as _get_key
 
 sys.path.insert(1, os.path.join(sys.path[0], '..'))
@@ -41,7 +39,7 @@ def _has_instance_profile():
     try:
         url = base_url + iam_role
         print("Reading: " + url)
-        req = urllib.request.urlopen(url)
+        urllib.request.urlopen(url)
         print("Assigned " + iam_role)
     except urllib.error.HTTPError as e:
         print(e)

.evergreen/auth_aws/lib/aws_assume_role.py

@@ -1,11 +1,10 @@
-#!/usr/bin/env python3
 """
 Script for assuming an aws role.
 """
 
 import argparse
-import uuid
 import logging
+import uuid
 
 import boto3
 

.evergreen/auth_aws/lib/aws_assume_web_role.py

@@ -1,12 +1,11 @@
-#!/usr/bin/env python3
 """
 Script for assuming an aws role using AssumeRoleWithWebIdentity.
 """
 
 import argparse
+import logging
 import os
 import uuid
-import logging
 
 import boto3
 

.evergreen/auth_aws/lib/aws_handle_oidc_creds.py

@@ -1,4 +1,3 @@
-#!/usr/bin/env python3
 """
 Script for handling OIDC credentials.
 """
@@ -15,7 +14,6 @@
 from pyop.userinfo import Userinfo
 
 
-
 class CustomSubjectIdentifierFactory(HashBasedSubjectIdentifierFactory):
     """
     Implements a hash based algorithm for creating a pairwise subject identifier.
@@ -33,7 +31,7 @@ def create_pairwise_identifier(self, user_id, sector_identifier):
 
 
 def get_default_config():
-    config = {
+    return {
         "issuer": os.getenv('IDP_ISSUER', ''),
         "jwks_uri": os.getenv('IDP_JWKS_URI', ''),
         'rsa_key': os.getenv('IDP_RSA_KEY', ''),
@@ -42,7 +40,6 @@ def get_default_config():
         'username': os.getenv("IDP_USERNAME", 'test_user'),
         'token_file': os.getenv('AWS_WEB_IDENTITY_TOKEN_FILE')
     }
-    return config
 
 
 def get_provider(config=None, expires=None):

.evergreen/auth_aws/lib/aws_unassign_instance_profile.py

@@ -1,14 +1,13 @@
-#!/usr/bin/env python3
 """
 Script for unassigning an instance policy from the current machine.
 """
 
 import argparse
-import urllib.error
-import urllib.request
 import logging
 import sys
 import time
+import urllib.error
+import urllib.request
 
 import boto3
 import botocore
@@ -32,7 +31,7 @@ def _has_instance_profile():
     try:
         url = base_url + iam_role
         print("Reading: " + url)
-        req = urllib.request.urlopen(url)
+        urllib.request.urlopen(url)
     except urllib.error.HTTPError as e:
         print(e)
         if e.code == 404:

.evergreen/auth_aws/lib/container_tester.py

@@ -1,4 +1,3 @@
-#!/usr/bin/env python3
 """
 Script for testing mongodb in containers.
 
@@ -41,7 +40,7 @@
 
 def _run_process(params, cwd=None):
     LOGGER.info("RUNNING COMMAND: %s", params)
-    ret = subprocess.run(params, cwd=cwd)
+    ret = subprocess.run(params, cwd=cwd, check=False)
     return ret.returncode
 
 def _userandhostandport(endpoint):
@@ -137,7 +136,7 @@ def remote_ps_container(cluster):
         assert private_ip_address
 
         eni = ec2_client.describe_network_interfaces(NetworkInterfaceIds=enis)
-        public_ip = [n["Association"]["PublicIp"] for n in eni["NetworkInterfaces"]][0]
+        public_ip = next(iter(n["Association"]["PublicIp"] for n in eni["NetworkInterfaces"]))
 
         for container in task['containers']:
             taskArn = container['taskArn']
@@ -146,7 +145,7 @@ def remote_ps_container(cluster):
             task_id = task_id + "/" + name
             lastStatus = container['lastStatus']
 
-        print("{:<43}{:<9}{:<25}{:<25}{:<16}".format(task_id, lastStatus, public_ip, private_ip_address, taskDefinition_short ))
+        print(f"{task_id:<43}{lastStatus:<9}{public_ip:<25}{private_ip_address:<25}{taskDefinition_short:<16}")
 
 def _remote_create_container_args(args):
     remote_create_container(args.cluster, args.task_definition, args.service, args.subnets, args.security_group)
@@ -247,7 +246,7 @@ def remote_get_public_endpoint_str(cluster, service_name):
         assert enis
 
         eni = ec2_client.describe_network_interfaces(NetworkInterfaceIds=enis)
-        public_ip = [n["Association"]["PublicIp"] for n in eni["NetworkInterfaces"]][0]
+        public_ip = next(iter(n["Association"]["PublicIp"] for n in eni["NetworkInterfaces"]))
         break
 
     return f"root@{public_ip}:22"

.evergreen/auth_aws/lib/util.py

@@ -1,5 +1,4 @@
 def get_key(key: str, uppercase: bool) -> str:
     if uppercase:
         return key.upper()
-    else:
-        return key
+    return key

.evergreen/auth_oidc/azure/handle_secrets.py

@@ -2,8 +2,8 @@
 import os
 from base64 import b64decode
 
-from azure.keyvault.secrets import SecretClient
 from azure.identity import DefaultAzureCredential
+from azure.keyvault.secrets import SecretClient
 
 
 def main():

.evergreen/auth_oidc/azure/remote-scripts/test.py

@@ -1,7 +1,8 @@
-from pymongo import MongoClient
-import os
 import json
-from urllib.request import urlopen, Request
+import os
+from urllib.request import Request, urlopen
+
+from pymongo import MongoClient
 from pymongo.auth_oidc import OIDCCallback, OIDCCallbackContext, OIDCCallbackResult
 
 app_id = os.environ['AZUREOIDC_APPID']
@@ -22,16 +23,16 @@ def fetch(self, context: OIDCCallbackContext) -> OIDCCallbackResult:
                 body = response.read().decode('utf8')
         except Exception as e:
             msg = "Failed to acquire IMDS access token: %s" % e
-            raise ValueError(msg)
+            raise ValueError(msg) from e
 
         if status != 200:
             print(body)
             msg = "Failed to acquire IMDS access token."
             raise ValueError(msg)
         try:
             data = json.loads(body)
-        except Exception:
-            raise ValueError("Azure IMDS response must be in JSON format.")
+        except Exception as e:
+            raise ValueError("Azure IMDS response must be in JSON format.") from e
 
         for key in ["access_token", "expires_in"]:
             if not data.get(key):

.evergreen/auth_oidc/azure_func/self-test/function_app.py

@@ -1,8 +1,9 @@
-import azure.functions as func
+import json
 import logging
 import os
-from urllib.request import urlopen, Request
-import json
+from urllib.request import Request, urlopen
+
+import azure.functions as func
 from pymongo import MongoClient
 from pymongo.auth_oidc import OIDCCallback, OIDCCallbackContext, OIDCCallbackResult
 

.evergreen/auth_oidc/gcp/remote-scripts/test.py

@@ -1,7 +1,7 @@
-from pymongo import MongoClient
 import os
-import json
-from urllib.request import urlopen, Request
+from urllib.request import Request, urlopen
+
+from pymongo import MongoClient
 from pymongo.auth_oidc import OIDCCallback, OIDCCallbackContext, OIDCCallbackResult
 
 audience = os.environ['GCPOIDC_AUDIENCE']
@@ -20,7 +20,7 @@ def fetch(self, context: OIDCCallbackContext) -> OIDCCallbackResult:
                 body = response.read().decode('utf8')
         except Exception as e:
             msg = "Failed to acquire IMDS access token: %s" % e
-            raise ValueError(msg)
+            raise ValueError(msg) from e
 
         if status != 200:
             print(body)

.evergreen/auth_oidc/k8s/remote-scripts/test.py

@@ -1,5 +1,6 @@
-from pymongo import MongoClient
 import os
+
+from pymongo import MongoClient
 from pymongo.auth_oidc import OIDCCallback, OIDCCallbackContext, OIDCCallbackResult
 
 atlas_uri = os.environ["MONGODB_URI"]

.evergreen/auth_oidc/oidc_get_tokens.py

@@ -3,7 +3,8 @@
 
 HERE = os.path.abspath(os.path.dirname(__file__))
 sys.path.insert(0, HERE)
-from utils import get_secrets, get_id_token, DEFAULT_CLIENT, join
+from utils import DEFAULT_CLIENT, get_id_token, get_secrets, join
+
 TOKEN_DIR = os.environ['OIDC_TOKEN_DIR'].replace(os.sep, '/')
 
 def generate_tokens(config, base_name):

.evergreen/auth_oidc/oidc_write_orchestration.py

@@ -1,15 +1,13 @@
-#!/usr/bin/env python3
 """
 Script for managing OIDC.
 """
-import os
 import json
+import os
 import sys
 
-
 HERE = os.path.abspath(os.path.dirname(__file__))
 sys.path.insert(0, HERE)
-from utils import get_secrets, MOCK_ENDPOINT, DEFAULT_CLIENT
+from utils import DEFAULT_CLIENT, get_secrets
 
 
 def azure():

.evergreen/auth_oidc/utils.py

@@ -1,17 +1,15 @@
-import json
 import os
 import sys
 
-import boto3
-
 HERE = os.path.abspath(os.path.dirname(__file__))
 
 def join(*args):
     return os.path.join(*args).replace(os.sep, '/')
 
 aws_lib = join(os.path.dirname(HERE), 'auth_aws', 'lib')
 sys.path.insert(0, aws_lib)
-from aws_handle_oidc_creds import get_id_token, MOCK_ENDPOINT
+from aws_handle_oidc_creds import MOCK_ENDPOINT, get_id_token  # noqa: F401
+
 secrets_root = join(os.path.dirname(HERE), 'secrets_handling')
 sys.path.insert(0, secrets_root)
 from setup_secrets import get_secrets as root_get_secrets

.evergreen/csfle/fake_azure.py

@@ -11,7 +11,8 @@
 imds = Bottle(autojson=True)
 """An Azure IMDS server"""
 
-from typing import TYPE_CHECKING, Any, Callable, Iterable, cast, overload
+from collections.abc import Iterable
+from typing import TYPE_CHECKING, Any, Callable, cast, overload
 
 if not TYPE_CHECKING:
     from bottle import request
@@ -115,7 +116,7 @@ def get_oauth2_token():
     if case == 'slow':
         return _slow()
 
-    assert case in (None, ''), 'Unknown HTTP test case "{}"'.format(case)
+    assert case in (None, ''), f'Unknown HTTP test case "{case}"'
 
     return {
         'access_token': 'magic-cookie',
@@ -148,7 +149,6 @@ def _slow() -> Iterable[bytes]:
 
 if __name__ == '__main__':
     print(
-        'RECOMMENDED: Run this script using bottle.py (e.g. [{} {}/bottle.py fake_azure:imds])'
-        .format(sys.executable,
-                Path(__file__).resolve().parent))
+        f'RECOMMENDED: Run this script using bottle.py (e.g. [{sys.executable} {Path(__file__).resolve().parent}/bottle.py fake_azure:imds])'
+        )
     imds.run()