Manual fixes for code and CI

Updates CI, and fixes f-string linting issues

.github/workflows/ci.yml

@@ -1,3 +1,3 @@
 # WARNING: Do not edit this file manually! Edit ci/spec.yml and run ci/regen-workflow.py.
 
-{"name": "CI", "on": ["push", "pull_request"], "defaults": {"run": {"shell": "bash"}}, "jobs": {"lint": {"runs-on": "ubuntu-latest", "strategy": {"matrix": {"python-version": [3.7, 3.8]}}, "steps": [{"name": "Set up repo", "uses": "actions/checkout@v2"}, {"name": "Set up Python ${{ matrix.python-version }}", "uses": "actions/setup-python@v2", "with": {"python-version": "${{ matrix.python-version }}"}}, {"name": "Set up cache", "uses": "actions/cache@v2", "with": {"path": "~/.cache/pip\n~/.cache/pipenv\n", "key": "${{ matrix.python-version }}"}}, {"name": "Install pipenv", "run": "pip install pipenv"}, {"name": "Install manager dependencies", "working-directory": "./manager", "run": "pipenv install --dev --deploy"}, {"name": "Install orchestrator dependencies", "working-directory": "./orchestrator", "run": "pipenv install --dev --deploy"}, {"name": "Install router dependencies", "working-directory": "./router", "run": "pipenv install --dev --deploy"}, {"name": "Install shell dependencies", "working-directory": "./shell", "run": "pipenv install --dev --deploy"}, {"name": "generate shell signing keys", "working-directory": "./manager", "run": "sudo mkdir -p /etc/director-shell-keys/etc/ssh\nsudo chown -R $USER:$(id -gn) /etc/director-shell-keys\npipenv run ../scripts/generate-rsa-key.py 4096 /etc/director-shell-keys/shell-signing-token-pubkey.pem /etc/director-shell-keys/shell-signing-token-privkey.pem\npipenv run ../scripts/generate-rsa-key.py 4096 /etc/director-shell-keys/shell-encryption-token-pubkey.pem /etc/director-shell-keys/shell-encryption-token-privkey.pem\nssh-keygen -A -f /etc/director-shell-keys\n"}, {"name": "Check shared formatting with format.sh", "run": "cd manager && pipenv run ../shared/scripts/format.sh && cd ../shared && test -z \"$(git status --porcelain=v1 .)\""}, {"name": "check shared formatting with check.sh", "working-directory": "./manager", "run": "pipenv run ../shared/scripts/check.sh"}, {"name": "Check manager formatting with format.sh and static_templates_format.sh", "working-directory": "./manager", "run": "pipenv run ./scripts/format.sh && pipenv run ./scripts/static_templates_format.sh && test -z \"$(git status --porcelain=v1 .)\""}, {"name": "Check manager formatting with check.sh", "working-directory": "./manager", "run": "pipenv run ./scripts/check.sh"}, {"name": "Check orchestrator formatting with format.sh", "working-directory": "./orchestrator", "run": "pipenv run ./scripts/format.sh && test -z \"$(git status --porcelain=v1 .)\""}, {"name": "Check orchestrator formatting with check.sh", "working-directory": "./orchestrator", "run": "pipenv run ./scripts/check.sh"}, {"name": "Check router formatting with format.sh", "working-directory": "./router", "run": "pipenv run ./scripts/format.sh && test -z \"$(git status --porcelain=v1 .)\""}, {"name": "Check router formatting with check.sh", "working-directory": "./router", "run": "pipenv run ./scripts/check.sh"}, {"name": "Check shell formatting with format.sh", "working-directory": "./shell", "run": "pipenv run ./scripts/format.sh && test -z \"$(git status --porcelain=v1 .)\""}, {"name": "Check shell formatting with check.sh", "working-directory": "./shell", "run": "pipenv run ./scripts/check.sh"}]}, "test": {"runs-on": "ubuntu-latest", "strategy": {"matrix": {"python-version": [3.7, 3.8]}}, "services": {"redis": {"image": "redis:latest", "ports": ["6379:6379"], "options": "--entrypoint redis-server"}}, "steps": [{"name": "Set up repo", "uses": "actions/checkout@v2"}, {"name": "Set up Python ${{ matrix.python-version }}", "uses": "actions/setup-python@v2", "with": {"python-version": "${{ matrix.python-version }}"}}, {"name": "Set up cache", "uses": "actions/cache@v2", "with": {"path": "~/.cache/pip\n~/.cache/pipenv\n", "key": "${{ matrix.python-version }}"}}, {"name": "Install pipenv", "run": "pip install pipenv"}, {"name": "Install manager dependencies", "working-directory": "./manager", "run": "pipenv install --dev --deploy"}, {"name": "Install orchestrator dependencies", "working-directory": "./orchestrator", "run": "pipenv install --dev --deploy"}, {"name": "Install router dependencies", "working-directory": "./router", "run": "pipenv install --dev --deploy"}, {"name": "Install shell dependencies", "working-directory": "./shell", "run": "pipenv install --dev --deploy"}, {"name": "generate shell signing keys", "working-directory": "./manager", "run": "sudo mkdir -p /etc/director-shell-keys/etc/ssh\nsudo chown -R $USER:$(id -gn) /etc/director-shell-keys\npipenv run ../scripts/generate-rsa-key.py 4096 /etc/director-shell-keys/shell-signing-token-pubkey.pem /etc/director-shell-keys/shell-signing-token-privkey.pem\npipenv run ../scripts/generate-rsa-key.py 4096 /etc/director-shell-keys/shell-encryption-token-pubkey.pem /etc/director-shell-keys/shell-encryption-token-privkey.pem\nssh-keygen -A -f /etc/director-shell-keys\n"}, {"name": "install Kerberos", "run": "sudo apt install -y krb5-user"}, {"name": "copy manager secret.py", "working-directory": "./manager", "run": "cp director/settings/secret.sample director/settings/secret.py"}, {"name": "run Manager test suite", "working-directory": "./manager", "run": "pipenv run coverage run manage.py test"}, {"name": "run Orchestrator test suite", "working-directory": "./orchestrator", "run": "pipenv run coverage run -m unittest discover"}, {"name": "run Router test suite", "working-directory": "./router", "run": "pipenv run coverage run -m unittest discover"}, {"name": "run Shell test suite", "working-directory": "./shell", "run": "cp shell/settings/secret_dev.py shell/settings/secret.py\npipenv run coverage run -m unittest discover\npipenv run coverage combine\n"}, {"name": "Combine coverage reports", "run": "pip3 install coverage\ncoverage combine manager/.coverage orchestrator/.coverage router/.coverage shell/.coverage\n"}, {"name": "Report combined coverage report to Coveralls", "env": {"GITHUB_TOKEN": "${{ secrets.GITHUB_TOKEN }}", "COVERALLS_FLAG_NAME": "${{ matrix.python-version }}", "COVERALLS_PARALLEL": true}, "run": "pip3 install coveralls\ncoveralls --service=github\n"}]}, "finish_success": {"needs": ["lint", "test"], "runs-on": "ubuntu-latest", "steps": [{"name": "Tell Coveralls that parallel jobs have finished", "uses": "coverallsapp/github-action@master", "with": {"github-token": "${{ secrets.GITHUB_TOKEN }}", "parallel-finished": true}}]}}}
+{"name": "CI", "on": ["push", "pull_request"], "defaults": {"run": {"shell": "bash"}}, "jobs": {"lint": {"runs-on": "ubuntu-latest", "strategy": {"matrix": {"python-version": [3.11]}}, "steps": [{"name": "Set up repo", "uses": "actions/checkout@v2"}, {"name": "Set up Python ${{ matrix.python-version }}", "uses": "actions/setup-python@v2", "with": {"python-version": "${{ matrix.python-version }}"}}, {"name": "Set up cache", "uses": "actions/cache@v2", "with": {"path": "~/.cache/pip\n~/.cache/pipenv\n", "key": "${{ matrix.python-version }}"}}, {"name": "Install pipenv", "run": "pip install pipenv"}, {"name": "Install manager dependencies", "working-directory": "./manager", "run": "pipenv install --dev --deploy"}, {"name": "Install orchestrator dependencies", "working-directory": "./orchestrator", "run": "pipenv install --dev --deploy"}, {"name": "Install router dependencies", "working-directory": "./router", "run": "pipenv install --dev --deploy"}, {"name": "Install shell dependencies", "working-directory": "./shell", "run": "pipenv install --dev --deploy"}, {"name": "generate shell signing keys", "working-directory": "./manager", "run": "sudo mkdir -p /etc/director-shell-keys/etc/ssh\nsudo chown -R $USER:$(id -gn) /etc/director-shell-keys\npipenv run ../scripts/generate-rsa-key.py 4096 /etc/director-shell-keys/shell-signing-token-pubkey.pem /etc/director-shell-keys/shell-signing-token-privkey.pem\npipenv run ../scripts/generate-rsa-key.py 4096 /etc/director-shell-keys/shell-encryption-token-pubkey.pem /etc/director-shell-keys/shell-encryption-token-privkey.pem\nssh-keygen -A -f /etc/director-shell-keys\n"}, {"name": "Check shared formatting with format.sh", "run": "cd manager && pipenv run ../shared/scripts/format.sh && cd ../shared && test -z \"$(git status --porcelain=v1 .)\""}, {"name": "check shared formatting with check.sh", "working-directory": "./manager", "run": "pipenv run ../shared/scripts/check.sh"}, {"name": "Check manager formatting with format.sh and static_templates_format.sh", "working-directory": "./manager", "run": "pipenv run ./scripts/format.sh && pipenv run ./scripts/static_templates_format.sh && test -z \"$(git status --porcelain=v1 .)\""}, {"name": "Check manager formatting with check.sh", "working-directory": "./manager", "run": "pipenv run ./scripts/check.sh"}, {"name": "Check orchestrator formatting with format.sh", "working-directory": "./orchestrator", "run": "pipenv run ./scripts/format.sh && test -z \"$(git status --porcelain=v1 .)\""}, {"name": "Check orchestrator formatting with check.sh", "working-directory": "./orchestrator", "run": "pipenv run ./scripts/check.sh"}, {"name": "Check router formatting with format.sh", "working-directory": "./router", "run": "pipenv run ./scripts/format.sh && test -z \"$(git status --porcelain=v1 .)\""}, {"name": "Check router formatting with check.sh", "working-directory": "./router", "run": "pipenv run ./scripts/check.sh"}, {"name": "Check shell formatting with format.sh", "working-directory": "./shell", "run": "pipenv run ./scripts/format.sh && test -z \"$(git status --porcelain=v1 .)\""}, {"name": "Check shell formatting with check.sh", "working-directory": "./shell", "run": "pipenv run ./scripts/check.sh"}]}, "test": {"runs-on": "ubuntu-latest", "strategy": {"matrix": {"python-version": [3.11]}}, "services": {"redis": {"image": "redis:latest", "ports": ["6379:6379"], "options": "--entrypoint redis-server"}}, "steps": [{"name": "Set up repo", "uses": "actions/checkout@v2"}, {"name": "Set up Python ${{ matrix.python-version }}", "uses": "actions/setup-python@v2", "with": {"python-version": "${{ matrix.python-version }}"}}, {"name": "Set up cache", "uses": "actions/cache@v2", "with": {"path": "~/.cache/pip\n~/.cache/pipenv\n", "key": "${{ matrix.python-version }}"}}, {"name": "Install pipenv", "run": "pip install pipenv"}, {"name": "Install manager dependencies", "working-directory": "./manager", "run": "pipenv install --dev --deploy"}, {"name": "Install orchestrator dependencies", "working-directory": "./orchestrator", "run": "pipenv install --dev --deploy"}, {"name": "Install router dependencies", "working-directory": "./router", "run": "pipenv install --dev --deploy"}, {"name": "Install shell dependencies", "working-directory": "./shell", "run": "pipenv install --dev --deploy"}, {"name": "generate shell signing keys", "working-directory": "./manager", "run": "sudo mkdir -p /etc/director-shell-keys/etc/ssh\nsudo chown -R $USER:$(id -gn) /etc/director-shell-keys\npipenv run ../scripts/generate-rsa-key.py 4096 /etc/director-shell-keys/shell-signing-token-pubkey.pem /etc/director-shell-keys/shell-signing-token-privkey.pem\npipenv run ../scripts/generate-rsa-key.py 4096 /etc/director-shell-keys/shell-encryption-token-pubkey.pem /etc/director-shell-keys/shell-encryption-token-privkey.pem\nssh-keygen -A -f /etc/director-shell-keys\n"}, {"name": "install Kerberos", "run": "sudo apt install -y krb5-user"}, {"name": "copy manager secret.py", "working-directory": "./manager", "run": "cp director/settings/secret.sample director/settings/secret.py"}, {"name": "run Manager test suite", "working-directory": "./manager", "run": "pipenv run coverage run manage.py test"}, {"name": "run Orchestrator test suite", "working-directory": "./orchestrator", "run": "pipenv run coverage run -m unittest discover"}, {"name": "run Router test suite", "working-directory": "./router", "run": "pipenv run coverage run -m unittest discover"}, {"name": "run Shell test suite", "working-directory": "./shell", "run": "cp shell/settings/secret_dev.py shell/settings/secret.py\npipenv run coverage run -m unittest discover\npipenv run coverage combine\n"}, {"name": "Combine coverage reports", "run": "pip3 install coverage\ncoverage combine manager/.coverage orchestrator/.coverage router/.coverage shell/.coverage\n"}, {"name": "Report combined coverage report to Coveralls", "env": {"GITHUB_TOKEN": "${{ secrets.GITHUB_TOKEN }}", "COVERALLS_FLAG_NAME": "${{ matrix.python-version }}", "COVERALLS_PARALLEL": true}, "run": "pip3 install coveralls\ncoveralls --service=github\n"}]}, "finish_success": {"needs": ["lint", "test"], "runs-on": "ubuntu-latest", "steps": [{"name": "Tell Coveralls that parallel jobs have finished", "uses": "coverallsapp/github-action@master", "with": {"github-token": "${{ secrets.GITHUB_TOKEN }}", "parallel-finished": true}}]}}}

ci/spec.yml

@@ -9,9 +9,8 @@ defaults:
     shell: bash
 
 .anchors:
-  python_versions: &python_versions
-    - 3.7
-    - 3.8
+  python_versions:
+    - 3.11
 
   python_setup: &python_setup
     name: Set up Python ${{ matrix.python-version }}
@@ -72,7 +71,8 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: *python_versions
+        python-version:
+          - 3.11
 
     steps:
       - *repo_setup
@@ -133,7 +133,8 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: *python_versions
+        python-version:
+          - 3.11
 
     services:
       redis:

manager/director/apps/sites/helpers.py

@@ -28,8 +28,7 @@ def add_action(  # pylint: disable=no-self-use # noqa
         *,
         slug: Optional[str] = None,
         user_recoverable: bool = False,
-    ) -> Callable[[ActionCallback], ActionCallback]:
-        ...
+    ) -> Callable[[ActionCallback], ActionCallback]: ...
 
     @overload  # noqa
     def add_action(  # pylint: disable=no-self-use # noqa
@@ -39,8 +38,7 @@ def add_action(  # pylint: disable=no-self-use # noqa
         *,
         slug: Optional[str] = None,
         user_recoverable: bool = False,
-    ) -> ActionCallback:
-        ...
+    ) -> ActionCallback: ...
 
     def add_action(  # noqa
         self,

orchestrator/pyproject.toml

@@ -17,3 +17,8 @@ exclude = '''
   | secret.*
 )/
 '''
+
+[tool.coverage.run]
+omit = [
+  "*/Dockerfile",
+]

shared/directorutil/crypto.py

@@ -86,21 +86,21 @@ def verify_message_hash(
         try:
             verifier = algo_cls.new(public_key, **algo_kwargs)
         except Exception as ex:
-            raise DirectorCryptoError("Error constructing signature object: {}".format(ex)) from ex
+            raise DirectorCryptoError(f"Error constructing signature object: {ex}") from ex
 
         try:
             verifier.verify(msg_hash_obj, signature)
         except ValueError as ex:
             verify_exc = ex
             continue
         except Exception as ex:
-            raise DirectorCryptoError("Error verifying message signature: {}".format(ex)) from ex
+            raise DirectorCryptoError(f"Error verifying message signature: {ex}") from ex
         else:
             return
 
     if verify_exc is not None:
         raise DirectorCryptoVerifyError(
-            "Error verifying message signature: {}".format(verify_exc)
+            f"Error verifying message signature: {verify_exc}"
         ) from verify_exc
     else:
         raise DirectorCryptoVerifyError("Error verifying message signature")
@@ -110,14 +110,14 @@ def encrypt_short_message_pkcs1(*, msg: bytes, public_key: Crypto.PublicKey.RSA.
     try:
         return Crypto.Cipher.PKCS1_OAEP.new(public_key).encrypt(msg)
     except Exception as ex:
-        raise DirectorCryptoError("Error encrypting message: {}".format(ex)) from ex
+        raise DirectorCryptoError(f"Error encrypting message: {ex}") from ex
 
 
 def decrypt_short_message_pkcs1(*, msg: bytes, private_key: Crypto.PublicKey.RSA.RsaKey) -> bytes:
     try:
         return Crypto.Cipher.PKCS1_OAEP.new(private_key).decrypt(msg)
     except Exception as ex:
-        raise DirectorCryptoError("Error decrypting message: {}".format(ex)) from ex
+        raise DirectorCryptoError(f"Error decrypting message: {ex}") from ex
 
 
 def encrypt_message(
@@ -179,4 +179,4 @@ def decrypt_message(
 
         return cipher_aes.decrypt_and_verify(msg, tag)  # type: ignore
     except Exception as ex:
-        raise DirectorCryptoError("Error decrypting message: {}".format(ex)) from ex
+        raise DirectorCryptoError(f"Error decrypting message: {ex}") from ex