code style

mprzytulski · mprzytulski · commit 15f9feffffeb · 2022-09-30T08:49:13.000+02:00
diff --git a/serverless/aws/features/encryption.py b/serverless/aws/features/encryption.py
@@ -8,34 +8,34 @@
 
 class Encryption(Feature):
     POLICY = {
-                 "Version": "2012-10-17",
-                 "Statement": [
-                     {
-                         "Sid": "RootPermissions",
-                         "Effect": "Allow",
-                         "Principal": {"AWS": "arn:aws:iam::${aws:accountId}:root"},
-                         "Action": "kms:*",
-                         "Resource": "*",
-                     },
-                     {
-                         "Effect": "Allow",
-                         "Principal": {"Service": "logs.${aws:region}.amazonaws.com"},
-                         "Action": [
-                             "kms:Encrypt*",
-                             "kms:Decrypt*",
-                             "kms:ReEncrypt*",
-                             "kms:GenerateDataKey*",
-                             "kms:Describe*",
-                         ],
-                         "Resource": "*",
-                         "Condition": {
-                             "ArnLike": {
-                                 "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:${aws:region}:${aws:accountId}:log-group:/services/${self:service}/*"
-                             }
-                         },
-                     },
-                 ],
-             }
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Sid": "RootPermissions",
+                "Effect": "Allow",
+                "Principal": {"AWS": "arn:aws:iam::${aws:accountId}:root"},
+                "Action": "kms:*",
+                "Resource": "*",
+            },
+            {
+                "Effect": "Allow",
+                "Principal": {"Service": "logs.${aws:region}.amazonaws.com"},
+                "Action": [
+                    "kms:Encrypt*",
+                    "kms:Decrypt*",
+                    "kms:ReEncrypt*",
+                    "kms:GenerateDataKey*",
+                    "kms:Describe*",
+                ],
+                "Resource": "*",
+                "Condition": {
+                    "ArnLike": {
+                        "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:${aws:region}:${aws:accountId}:log-group:/services/${self:service}/*"
+                    }
+                },
+            },
+        ],
+    }
 
     def __init__(self):
         super().__init__()
@@ -45,7 +45,7 @@ def __init__(self):
             Enabled=True,
             PendingWindowInDays=14,
             EnableKeyRotation=True,
-            KeyPolicy=Encryption.POLICY
+            KeyPolicy=Encryption.POLICY,
         )
 
         self.alias = Alias(
@@ -68,12 +68,20 @@ def pre_render(self, service):
                 resource.DependsOn = "ServiceEncryptionKeyAlias"
 
         for fn in service.functions.all():
-            self.key.KeyPolicy["Statement"].append(self.create_log_group_kms_statement("arn:aws:logs:${aws:region}:${aws:accountId}:log-group:/aws/lambda/" + fn.name.spinal))
+            self.key.KeyPolicy["Statement"].append(
+                self.create_log_group_kms_statement(
+                    "arn:aws:logs:${aws:region}:${aws:accountId}:log-group:/aws/lambda/" + fn.name.spinal
+                )
+            )
 
         for resource in service.resources.all():
             if isinstance(resource, LogGroup):
                 if resource.properties.get("KmsKeyId") is not None:
-                    self.key.KeyPolicy["Statement"].append(self.create_log_group_kms_statement("arn:aws:logs:${aws:region}:${aws:accountId}:log-group:" + resource.LogGroupName))
+                    self.key.KeyPolicy["Statement"].append(
+                        self.create_log_group_kms_statement(
+                            "arn:aws:logs:${aws:region}:${aws:accountId}:log-group:" + resource.LogGroupName
+                        )
+                    )
 
     def create_log_group_kms_statement(self, log_group):
         return {
@@ -87,11 +95,7 @@ def create_log_group_kms_statement(self, log_group):
                 "kms:Describe*",
             ],
             "Resource": "*",
-            "Condition": {
-                "ArnLike": {
-                    "kms:EncryptionContext:aws:logs:arn": log_group
-                }
-            },
+            "Condition": {"ArnLike": {"kms:EncryptionContext:aws:logs:arn": log_group}},
         }
 
     def enable(self, service):
diff --git a/serverless/aws/functions/dynamodb.py b/serverless/aws/functions/dynamodb.py
@@ -20,7 +20,7 @@ def __init__(
         self.maximumRecordAgeInSeconds = maximumRecordAgeInSeconds
         self.maximumRetryAttempts = maximumRetryAttempts
         self.startingPosition = startingPosition
-        self.type="dynamodb"
+        self.type = "dynamodb"
 
         if destinations:
             self.destinations = destinations
diff --git a/serverless/aws/functions/generic.py b/serverless/aws/functions/generic.py
@@ -77,7 +77,9 @@ def __init__(
 
             layers.append({"Ref": "PythonRequirementsLambdaLayer"})
 
-        self._service.resources.export(self.resource_name() + "ArnOutput",  self.name.spinal + "-arn", self.arn(), append=False)
+        self._service.resources.export(
+            self.resource_name() + "ArnOutput", self.name.spinal + "-arn", self.arn(), append=False
+        )
 
         if layers:
             self.layers = layers
@@ -224,7 +226,7 @@ def with_vpc(self, security_group_names=None, subnet_names=None):
         return self
 
     def with_idempotency(self, table_name=None):
-        table_name = table_name or f"{self.name.pascal.replace('${sls:stage}', '')}Idempotency-" + '${sls:stage}'
+        table_name = table_name or f"{self.name.pascal.replace('${sls:stage}', '')}Idempotency-" + "${sls:stage}"
 
         idempotency_table = Table(
             TableName=table_name,
diff --git a/serverless/aws/provider.py b/serverless/aws/provider.py
@@ -150,8 +150,22 @@ def event_bridge(
 
         return fn
 
-    def s3(self, name, description, bucket, event, rules=None, existing=None, handler=None, timeout=None, layers=None, **kwargs):
-        fn = S3Function(self.service, name, description, bucket, event, rules, existing, handler, timeout, layers, **kwargs)
+    def s3(
+        self,
+        name,
+        description,
+        bucket,
+        event,
+        rules=None,
+        existing=None,
+        handler=None,
+        timeout=None,
+        layers=None,
+        **kwargs,
+    ):
+        fn = S3Function(
+            self.service, name, description, bucket, event, rules, existing, handler, timeout, layers, **kwargs
+        )
         self.service.functions.add(fn)
 
         return fn
diff --git a/serverless/aws/resources/dynamodb.py b/serverless/aws/resources/dynamodb.py
@@ -1,5 +1,12 @@
-from troposphere.dynamodb import PointInTimeRecoverySpecification, SSESpecification, GlobalTable, ReplicaSpecification, \
-    ReplicaSSESpecification, StreamSpecification, GlobalTableSSESpecification
+from troposphere.dynamodb import (
+    PointInTimeRecoverySpecification,
+    SSESpecification,
+    GlobalTable,
+    ReplicaSpecification,
+    ReplicaSSESpecification,
+    StreamSpecification,
+    GlobalTableSSESpecification,
+)
 from troposphere.dynamodb import Table as DynamoDBTable, GlobalTable
 
 from serverless.aws.iam.dynamodb import (
@@ -38,9 +45,7 @@ def __init__(self, TableName, with_full_access=False, with_read_access=False, is
             "PointInTimeRecoverySpecification", PointInTimeRecoverySpecification(PointInTimeRecoveryEnabled=True)
         )
 
-        super().__init__(
-            cls(title=TableName.replace("${sls:stage}", "").strip("-"), TableName=TableName, **kwargs)
-        )
+        super().__init__(cls(title=TableName.replace("${sls:stage}", "").strip("-"), TableName=TableName, **kwargs))
         self.access = None
         self.is_global = is_global
 
@@ -52,7 +57,12 @@ def __init__(self, TableName, with_full_access=False, with_read_access=False, is
 
     def configure(self, service):
         if service.regions and self.is_global:
-            self.resource.Replicas = [ReplicaSpecification(Region=region, PointInTimeRecoverySpecification=self.PointInTimeRecoverySpecification) for region in service.regions]
+            self.resource.Replicas = [
+                ReplicaSpecification(
+                    Region=region, PointInTimeRecoverySpecification=self.PointInTimeRecoverySpecification
+                )
+                for region in service.regions
+            ]
             self.resource.StreamSpecification = StreamSpecification(StreamViewType="NEW_AND_OLD_IMAGES")
 
         if service.has(Encryption):
@@ -62,7 +72,9 @@ def configure(self, service):
                 sse_kwargs["KMSMasterKeyId"] = EncryptableResource.encryption_key()
             else:
                 for replica in self.resource.Replicas:
-                    replica.SSESpecification = ReplicaSSESpecification(KMSMasterKeyId=EncryptableResource.encryption_alias())
+                    replica.SSESpecification = ReplicaSSESpecification(
+                        KMSMasterKeyId=EncryptableResource.encryption_alias()
+                    )
 
             cls = GlobalTableSSESpecification if self.is_global else SSESpecification
             self.resource.SSESpecification = cls(**sse_kwargs)
diff --git a/serverless/aws/resources/iam.py b/serverless/aws/resources/iam.py
@@ -18,7 +18,9 @@ def __init__(self, RoleName, **kwargs):
         )
 
         if "${self:service}" not in RoleName:
-            self.role.properties.__setitem__("RoleName", str(ResourceName("${self:service}-${sls:stage}-${aws:region}-" + RoleName)))
+            self.role.properties.__setitem__(
+                "RoleName", str(ResourceName("${self:service}-${sls:stage}-${aws:region}-" + RoleName))
+            )
 
         self.policy = PolicyBuilder()
 
diff --git a/serverless/aws/resources/s3.py b/serverless/aws/resources/s3.py
@@ -37,9 +37,7 @@ def __init__(self, BucketName="${self:service}", domain=None, ForceName=False, *
         if ForceName:
             final_name = BucketName
 
-        bucket.properties.__setitem__(
-            "BucketName", final_name
-        )
+        bucket.properties.__setitem__("BucketName", final_name)
 
         super().__init__(bucket)
 
diff --git a/serverless/cli.py b/serverless/cli.py
@@ -49,50 +49,49 @@ def replace_variables(variables, string):
 @kms.command(name="create")
 @click.argument("service")
 @click.option("-p", "--path", default=join(getcwd(), "serverless.yml"), type=click.Path(exists=True))
-@click.option('-s', '--stage', required=True)
-@click.option('-r', '--region', multiple=True)
+@click.option("-s", "--stage", required=True)
+@click.option("-r", "--region", multiple=True)
 def kms_create(service, region, stage, path):
-    client = boto3.client('kms')
+    client = boto3.client("kms")
 
     variables = {
-        "${aws:accountId}": boto3.client('sts').get_caller_identity().get('Account'),
+        "${aws:accountId}": boto3.client("sts").get_caller_identity().get("Account"),
         "${aws:region}": client.meta.region_name,
         "${self:service}": service,
-        "${sls:stage}": stage
+        "${sls:stage}": stage,
     }
 
     POLICY_TEMPLATE = Encryption.POLICY
     with open(path, "r") as f:
         definition = yaml.load(f, Loader=yaml.Loader)
         for fn in definition.get("functions").values():
-            POLICY_TEMPLATE["Statement"].append({
-                "Effect": "Allow",
-                "Principal": {"Service": "logs.${aws:region}.amazonaws.com"},
-                "Action": [
-                    "kms:Encrypt*",
-                    "kms:Decrypt*",
-                    "kms:ReEncrypt*",
-                    "kms:GenerateDataKey*",
-                    "kms:Describe*",
-                ],
-                "Resource": "*",
-                "Condition": {
-                    "ArnLike": {
-                        "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:${aws:region}:${aws:accountId}:log-group:/aws/lambda/"
-                                                              + fn.get("name")
-                    }
-                },
-            })
+            POLICY_TEMPLATE["Statement"].append(
+                {
+                    "Effect": "Allow",
+                    "Principal": {"Service": "logs.${aws:region}.amazonaws.com"},
+                    "Action": [
+                        "kms:Encrypt*",
+                        "kms:Decrypt*",
+                        "kms:ReEncrypt*",
+                        "kms:GenerateDataKey*",
+                        "kms:Describe*",
+                    ],
+                    "Resource": "*",
+                    "Condition": {
+                        "ArnLike": {
+                            "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:${aws:region}:${aws:accountId}:log-group:/aws/lambda/"
+                            + fn.get("name")
+                        }
+                    },
+                }
+            )
 
     POLICY_TEMPLATE = json.dumps(POLICY_TEMPLATE)
 
     defaults = dict(
         Description=f"Encryption Key for {service}",
         Tags=[
-            {
-                'TagKey': 'SERVICE',
-                'TagValue': service
-            },
+            {"TagKey": "SERVICE", "TagValue": service},
         ],
     )
 
@@ -101,26 +100,18 @@ def kms_create(service, region, stage, path):
     key_id, key_arn = retrieve_key(service)
     if not key_id:
         logger.info("Master key not found. Creating a new one.")
-        response = client.create_key(
-            Policy=replace_variables(variables, POLICY_TEMPLATE),
-            MultiRegion=True,
-            **defaults
-        )
+        response = client.create_key(Policy=replace_variables(variables, POLICY_TEMPLATE), MultiRegion=True, **defaults)
 
         key_id = response.get("KeyMetadata").get("KeyId")
         key_arn = response.get("KeyMetadata").get("Arn")
     else:
         logger.info("Update key policy")
-        client.put_key_policy(
-            KeyId=key_id,
-            PolicyName="default",
-            Policy=replace_variables(variables, POLICY_TEMPLATE)
-        )
+        client.put_key_policy(KeyId=key_id, PolicyName="default", Policy=replace_variables(variables, POLICY_TEMPLATE))
 
     logger.info(f"Using key: {key_id}")
 
     try:
-        alias = f'alias/{service}-{stage}'
+        alias = f"alias/{service}-{stage}"
         client.create_alias(
             AliasName=alias,
             TargetKeyId=key_id,
@@ -133,7 +124,7 @@ def kms_create(service, region, stage, path):
         logger.info(f"Replicating key to: {target_region}")
         variables["${aws:region}"] = target_region
 
-        target_session = boto3.client('kms', region_name=target_region)
+        target_session = boto3.client("kms", region_name=target_region)
 
         try:
             replica = target_session.describe_key(KeyId=key_id).get("KeyMetadata")
@@ -143,20 +134,18 @@ def kms_create(service, region, stage, path):
                 Policy=replace_variables(variables, POLICY_TEMPLATE),
                 KeyId=key_id,
                 ReplicaRegion=target_region,
-                **defaults
+                **defaults,
             ).get("ReplicaKeyMetadata")
             logger.info(f"Replicate key created in {target_region}")
 
         logger.info(f"Update key policy in {target_region}")
         target_session.put_key_policy(
-            KeyId=key_id,
-            PolicyName="default",
-            Policy=replace_variables(variables, POLICY_TEMPLATE)
+            KeyId=key_id, PolicyName="default", Policy=replace_variables(variables, POLICY_TEMPLATE)
         )
 
         try:
             target_session.create_alias(
-                AliasName=f'alias/{service}-{stage}',
+                AliasName=f"alias/{service}-{stage}",
                 TargetKeyId=replica.get("KeyId"),
             )
             logger.info(f"Created key alias in {target_region}")
diff --git a/serverless/service/__init__.py b/serverless/service/__init__.py
@@ -127,6 +127,9 @@ def __str__(self):
     def has(self, feature):
         return len(list(filter(lambda x: isinstance(x, feature), self.features))) > 0
 
+    def get_feature(self, feature):
+        return next(filter(lambda x: isinstance(x, feature), self.features), None)
+
     @classmethod
     def to_yaml(cls, dumper, data):
         data.pop("builder", None)
diff --git a/serverless/service/plugins/domain_manager.py b/serverless/service/plugins/domain_manager.py
diff --git a/serverless/service/plugins/export_env.py b/serverless/service/plugins/export_env.py
diff --git a/serverless/service/resources.py b/serverless/service/resources.py

Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,9 @@ def __init__(self, RoleName, **kwargs):`
`18`	`18`	`)`
`19`	`19`
`20`	`20`	`if "${self:service}" not in RoleName:`
`21`		`- self.role.properties.__setitem__("RoleName", str(ResourceName("${self:service}-${sls:stage}-${aws:region}-" + RoleName)))`
	`21`	`+ self.role.properties.__setitem__(`
	`22`	`+ "RoleName", str(ResourceName("${self:service}-${sls:stage}-${aws:region}-" + RoleName))`
	`23`	`+ )`
`22`	`24`
`23`	`25`	`self.policy = PolicyBuilder()`
`24`	`26`