awslabs · LeonLuttenberger · Sep 4, 2024 · Aug 6, 2024 · Aug 14, 2024 · Aug 14, 2024
diff --git a/requirements-dev.in b/requirements-dev.in
@@ -15,6 +15,7 @@ types-PyYAML~=6.0.12
 types-requests~=2.31.0.6
 types-setuptools~=74.0.0
 wheel~=0.44.0
+boto3-stubs[codebuild,iam,s3,secretsmanager,ssm,sts]~=1.35.2
 moto[s3,sts,iam,codebuild,secretsmanager,ssm]~=5.0.13
 requests~=2.32.3
 werkzeug~=3.0.4
diff --git a/requirements-dev.txt b/requirements-dev.txt
@@ -12,13 +12,17 @@ boto3==1.35.10
     # via
     #   -c requirements.txt
     #   moto
+boto3-stubs[codebuild,iam,s3,secretsmanager,ssm,sts]==1.35.2
+    # via -r requirements-dev.in
 botocore==1.35.10
     # via
     #   -c requirements.txt
     #   awscli
     #   boto3
     #   moto
     #   s3transfer
+botocore-stubs==1.34.154
+    # via boto3-stubs
 build==1.2.1
     # via
     #   check-manifest
@@ -103,6 +107,18 @@ moto[codebuild,iam,s3,secretsmanager,ssm,sts]==5.0.13
     # via -r requirements-dev.in
 mypy==1.11.2
     # via -r requirements-dev.in
+mypy-boto3-codebuild==1.35.1
+    # via boto3-stubs
+mypy-boto3-iam==1.35.0
+    # via boto3-stubs
+mypy-boto3-s3==1.35.2
+    # via boto3-stubs
+mypy-boto3-secretsmanager==1.35.0
+    # via boto3-stubs
+mypy-boto3-ssm==1.35.0
+    # via boto3-stubs
+mypy-boto3-sts==1.35.0
+    # via boto3-stubs
 mypy-extensions==1.0.0
     # via
     #   -c requirements.txt
@@ -212,18 +228,29 @@ trove-classifiers==2024.7.2
     # via pyroma
 twine==5.1.1
     # via -r requirements-dev.in
+types-awscrt==0.21.2
+    # via botocore-stubs
 types-pyyaml==6.0.12.20240808
     # via -r requirements-dev.in
 types-requests==2.31.0.6
     # via -r requirements-dev.in
+types-s3transfer==0.10.1
+    # via boto3-stubs
 types-setuptools==74.0.0.20240831
     # via -r requirements-dev.in
 types-urllib3==1.26.25.14
     # via types-requests
 typing-extensions==4.12.2
     # via
     #   -c requirements.txt
+    #   boto3-stubs
     #   mypy
+    #   mypy-boto3-codebuild
+    #   mypy-boto3-iam
+    #   mypy-boto3-s3
+    #   mypy-boto3-secretsmanager
+    #   mypy-boto3-ssm
+    #   mypy-boto3-sts
 urllib3==1.26.19
     # via
     #   -c requirements.txt

diff --git a/seedfarmer/cli_groups/_list_group.py b/seedfarmer/cli_groups/_list_group.py
@@ -17,6 +17,7 @@
 import sys
 from typing import List, Optional
 
+import boto3
 import click
 
 import seedfarmer.messages as messages
@@ -32,7 +33,7 @@
     print_manifest_inventory,
 )
 from seedfarmer.services import get_sts_identity_info
-from seedfarmer.services.session_manager import SessionManager
+from seedfarmer.services.session_manager import ISessionManager, SessionManager
 from seedfarmer.utils import load_dotenv_files
 
 _logger: logging.Logger = logging.getLogger(__name__)
@@ -255,7 +256,7 @@ def list_deployspec(
 
     load_dotenv_files(config.OPS_ROOT, env_files=env_files)
 
-    session = SessionManager().get_or_create(
+    session_manager: ISessionManager = SessionManager().get_or_create(
         project_name=project, profile=profile, region_name=region, qualifier=qualifier
     )
     dep_manifest = du.generate_deployed_manifest(deployment_name=deployment, skip_deploy_spec=True)
@@ -266,7 +267,7 @@ def list_deployspec(
 
     dep_manifest.validate_and_set_module_defaults()
     try:
-        session = session.get_deployment_session(
+        session = session_manager.get_deployment_session(
             account_id=dep_manifest.get_module(group=group, module=module).get_target_account_id(),  # type: ignore
             region_name=dep_manifest.get_module(group=group, module=module).target_region,  # type: ignore
         )
@@ -370,7 +371,7 @@ def list_module_metadata(
 
     load_dotenv_files(config.OPS_ROOT, env_files=env_files)
 
-    session = SessionManager().get_or_create(
+    session_manager: ISessionManager = SessionManager().get_or_create(
         project_name=project, profile=profile, region_name=region, qualifier=qualifier
     )
     dep_manifest = du.generate_deployed_manifest(deployment_name=deployment, skip_deploy_spec=True)
@@ -381,7 +382,7 @@ def list_module_metadata(
 
     dep_manifest.validate_and_set_module_defaults()
     try:
-        session = session.get_deployment_session(
+        session = session_manager.get_deployment_session(
             account_id=dep_manifest.get_module(group=group, module=module).get_target_account_id(),  # type: ignore
             region_name=dep_manifest.get_module(group=group, module=module).target_region,  # type: ignore
         )
@@ -742,7 +743,7 @@ def list_build_env_params(
 
     load_dotenv_files(config.OPS_ROOT, env_files=env_files)
 
-    session = SessionManager().get_or_create(
+    session_manager: ISessionManager = SessionManager().get_or_create(
         project_name=project, profile=profile, region_name=region, qualifier=qualifier
     )
     dep_manifest = du.generate_deployed_manifest(
@@ -755,7 +756,7 @@ def list_build_env_params(
 
     dep_manifest.validate_and_set_module_defaults()
     try:
-        session = session.get_deployment_session(
+        session: boto3.Session = session_manager.get_deployment_session(
             account_id=dep_manifest.get_module(group=group, module=module).get_target_account_id(),  # type: ignore
             region_name=dep_manifest.get_module(group=group, module=module).target_region,  # type: ignore
         )

diff --git a/seedfarmer/commands/_stack_commands.py b/seedfarmer/commands/_stack_commands.py
@@ -59,7 +59,7 @@ def SEEDFARMER_BUCKET_STACK_NAME(self) -> str:
 info = StackInfo()
 
 
-def _get_project_managed_policy_arn(session: boto3.Session) -> str:
+def _get_project_managed_policy_arn(session: Optional[boto3.Session]) -> str:
     def _check_stack_status() -> Tuple[bool, Dict[str, str]]:
         return cast(
             Tuple[bool, Dict[str, str]],
@@ -90,7 +90,7 @@ def _check_stack_status() -> Tuple[bool, Dict[str, str]]:
         return project_managed_policy_arn
 
 
-def _get_seedkit_resources_policy_arn(session: boto3.Session) -> Optional[str]:
+def _get_seedkit_resources_policy_arn(session: Optional[boto3.Session]) -> Optional[str]:
     seedkit_stack_exists, seedkit_stack_name, stack_outputs = commands.seedkit_deployed(
         seedkit_name=config.PROJECT, session=session
     )
@@ -99,7 +99,7 @@ def _get_seedkit_resources_policy_arn(session: boto3.Session) -> Optional[str]:
     return None
 
 
-def _get_docker_secret_inline_policy(docker_credentials_secret: str, session: boto3.Session) -> str:
+def _get_docker_secret_inline_policy(docker_credentials_secret: str, session: Optional[boto3.Session]) -> str:
     account_id, region, partition = get_sts_identity_info(session=session)
     return json.dumps(
         {

diff --git a/seedfarmer/mgmt/archive_support.py b/seedfarmer/mgmt/archive_support.py
@@ -49,7 +49,7 @@ def _download_archive(archive_url: str, secret_name: Optional[str]) -> Response:
             credentials=credentials,
             headers={"x-amz-content-sha256": hashlib.sha256("".encode("utf-8")).hexdigest()},
         )
-        return requests.get(url=signed_request.url, headers=signed_request.headers, allow_redirects=True)
+        return requests.get(url=signed_request.url, headers=signed_request.headers, allow_redirects=True)  # type: ignore[arg-type]
 
     if secret_name:
         session: boto3.Session = SessionManager().get_or_create().toolchain_session  # type: ignore[no-redef]

diff --git a/seedfarmer/services/_iam.py b/seedfarmer/services/_iam.py
@@ -48,7 +48,7 @@ def create_check_iam_role(
     try:
         iam_client.get_role(RoleName=role_name)
     except iam_client.exceptions.NoSuchEntityException:
-        args = {
+        args: Dict[str, Any] = {
             "RoleName": role_name,
             "AssumeRolePolicyDocument": json.dumps(trust_policy),
             "Description": f"deployment-role for {role_name}",
@@ -59,7 +59,7 @@ def create_check_iam_role(
             ],
         }
         if group_name and module_name:
-            args["Tags"].append({"Key": "SeedFarmerModule", "Value": f"{group_name}-{module_name}"})  # type: ignore[attr-defined]
+            args["Tags"].append({"Key": "SeedFarmerModule", "Value": f"{group_name}-{module_name}"})
         if permissions_boundary_arn:
             args["PermissionsBoundary"] = permissions_boundary_arn
         iam_client.create_role(**args)
@@ -117,7 +117,7 @@ def delete_role(role_name: str, session: Optional[Session] = None) -> None:
 
 
 def detach_inline_policy_from_role(role_name: str, policy_name: str, session: Optional[Session] = None) -> None:
-    iam_resource = boto3_resource("iam", session=session)
+    iam_resource = boto3_resource("iam", session)
     try:
         iam_resource.RolePolicy(role_name, policy_name).delete()
     except Exception as e:

diff --git a/seedfarmer/services/_secrets_manager.py b/seedfarmer/services/_secrets_manager.py
@@ -24,7 +24,7 @@ def get_secrets_manager_value(name: str, session: Optional[Session] = None) -> D
     account_id, _, partition = get_sts_identity_info(session=session)
     client = boto3_client(service_name="secretsmanager", session=session)
     secret_arn = f"arn:{partition}:secretsmanager:{get_region(session=session)}:{account_id}:secret:{name}"
-    json_str: str = client.get_secret_value(SecretId=secret_arn).get("SecretString")
+    json_str: str = client.get_secret_value(SecretId=secret_arn)["SecretString"]
     return cast(Dict[str, Any], json.loads(json_str))