Merge branch 'main' into gcp-pack-refresh

.github/workflows/sync-from-upstream.yml

@@ -40,6 +40,7 @@ jobs:
         uses: actions/checkout@v4
         with:
           ref: 'sync_upstream_${{steps.set_upstream.outputs.latest-release}}'
+          token: ${{ secrets.GITHUB_TOKEN }}
       # Sync this branch with upstream
       - name: Sync upstream changes into PR branch
         id: sync

.vscode/example_settings.json

@@ -1,8 +1,18 @@
 {
     "python.defaultInterpreterPath": "XXX_pipenv_py_output_XXX",
     "yaml.schemas": {
-        "https://panther-community-us-east-1.s3.amazonaws.com/latest/logschema/schema.json": [ "schemas/*.yml", "schemas/*.yaml", "schemas/**/*yaml", "schemas/**/*.yaml"],
-        ".vscode/rule_jsonschema.json": [ "rules/*.yml", "rules/*.yaml", "rules/**/*.yaml", "rules/**/*.yml"]
+        "https://panther-community-us-east-1.s3.amazonaws.com/latest/logschema/schema.json": [
+            "schemas/*.yml",
+            "schemas/*.yaml",
+            "schemas/**/*yaml",
+            "schemas/**/*.yaml"
+        ],
+        ".vscode/rule_jsonschema.json": [
+            "rules/*.yml",
+            "rules/*.yaml",
+            "rules/**/*.yaml",
+            "rules/**/*.yml"
+        ]
     },
     "python.analysis.extraPaths": [
         "global_helpers"
@@ -16,5 +26,12 @@
     //"makefile.extensionOutputFolder": "./.vscode",
     "files.associations": {
         "panther_analysis_tool": "python"
+    },
+    "[python]": {
+        "editor.defaultFormatter": "ms-python.black-formatter",
+        "editor.formatOnSave": true,
+        "editor.codeActionsOnSave": {
+            "source.organizeImports": true
+        }
     }
-}
+}

README.md

@@ -119,7 +119,8 @@ If you are comfortable using the Visual Studio Code IDE, the `make vscode-config
 In addition to this command, you will need to install these vscode add-ons:
 
 1. [Python](https://marketplace.visualstudio.com/items?itemName=ms-python.python)
-2. [YAML](https://marketplace.visualstudio.com/items?itemName=redhat.vscode-yaml)
+2. [Black Formatter](https://marketplace.visualstudio.com/items?itemName=ms-python.black-formatter)
+3. [YAML](https://marketplace.visualstudio.com/items?itemName=redhat.vscode-yaml)
 
 You will also need Visual Studio's [code](https://code.visualstudio.com/docs/setup/mac#_launching-from-the-command-line) configured to open Visual Studio from your CLI.
 
@@ -130,6 +131,7 @@ You will also need Visual Studio's [code](https://code.visualstudio.com/docs/set
 1. Creates two debugging targets, which will give you single-button push support for running `panther_analysis_tool test` through the debugger.
 1. Installs JSONSchema support for your custom panther-analysis schemas in the `schemas/` directory. This brings IDE hints about which fields are necessary for schemas/custom-schema.yml files.
 1. Installs JSONSchema support for panther-analysis rules in the `rules/` directory. This brings IDE hints about which fields are necessary for rules/my-rule.yml files.
+1. Configures `Black` and `isort` settings for auto-formatting on save (thus reducing the need to run `make fmt` on all files)
 
 ```shell
 user@computer:panther-analysis: make vscode-config

data_models/github_data_model.py

@@ -1,14 +1,20 @@
 import panther_event_type_helpers as event_type
 
+ADMIN_EVENTS = {
+    "business.add_admin",
+    "business.invite_admin",
+    "team.promote_maintainer",
+}
 
-def get_admin_role(_):
-    # github doesn't record the admin role in the event
-    return "<UNKNOWN_ROLE>"
+
+def get_admin_role(event):
+    action = event.get("action", "")
+    return action if action in ADMIN_EVENTS else "<UNKNOWN_ADMIN_ROLE>"
 
 
 def get_event_type(event):
-    if event.get("action") == "team.promote_maintainer":
+    if event.get("action", "") in ADMIN_EVENTS:
         return event_type.ADMIN_ROLE_ASSIGNED
-    if event.get("action") == "org.disable_two_factor_requirement":
+    if event.get("action", "") == "org.disable_two_factor_requirement":
         return event_type.MFA_DISABLED
     return None