add github action to format and lint code

Author: Qingping Hou

.github/workflows/build.yml

@@ -0,0 +1,42 @@
+name: 'CI'
+on:
+  push:
+    branches: [ main ]
+    tags: [ '*' ]
+  pull_request:
+    branches: [ main ]
+jobs:
+  terraform:
+    name: 'Terraform'
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@v2
+
+      - uses: hashicorp/setup-terraform@v1
+        with:
+          terraform_version: 0.12.25
+      - run: terraform fmt
+      - run: terraform init
+
+      - name: tflint
+        uses: reviewdog/[email protected]
+        with:
+          github_token: ${{ secrets.github_token }}
+  python:
+    name: 'Python'
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@v2
+      - name: Set up Python environment
+        uses: actions/setup-python@v1
+        with:
+          python-version: "3.8"
+      - run: pip install flake8 mypy black
+      - name: black format
+        run: black --check lambdas
+      - name: flake8
+        run: flake8 --ignore E501
+      - name: mypy static analysis
+        run: mypy --ignore-missing-imports --follow-imports skip ./lambdas

lambdas/checkNodesForRunningPods.py

@@ -14,47 +14,35 @@
 logger = logging.getLogger(__name__)
 logger.setLevel(logging.DEBUG)
 # Configure your cluster name and region here
-KUBE_FILEPATH = '/tmp/kubeconfig'
+KUBE_FILEPATH = "/tmp/kubeconfig"
 MIRROR_POD_ANNOTATION_KEY = "kubernetes.io/config.mirror"
 CONTROLLER_KIND_DAEMON_SET = "DaemonSet"
 
+
 def create_kube_config(eks, cluster_name):
     """Creates the Kubernetes config file required when instantiating the API client."""
-    cluster_info = eks.describe_cluster(name=cluster_name)['cluster']
-    certificate = cluster_info['certificateAuthority']['data']
-    endpoint = cluster_info['endpoint']
+    cluster_info = eks.describe_cluster(name=cluster_name)["cluster"]
+    certificate = cluster_info["certificateAuthority"]["data"]
+    endpoint = cluster_info["endpoint"]
 
     kube_config = {
-        'apiVersion': 'v1',
-        'clusters': [
-            {
-                'cluster':
-                    {
-                        'server': endpoint,
-                        'certificate-authority-data': certificate
-                    },
-                'name': 'k8s'
-
-            }],
-        'contexts': [
+        "apiVersion": "v1",
+        "clusters": [
             {
-                'context':
-                    {
-                        'cluster': 'k8s',
-                        'user': 'aws'
-                    },
-                'name': 'aws'
-            }],
-        'current-context': 'aws',
-        'Kind': 'config',
-        'users': [
-            {
-                'name': 'aws',
-                'user': 'lambda'
-            }]
+                "cluster": {
+                    "server": endpoint,
+                    "certificate-authority-data": certificate,
+                },
+                "name": "k8s",
+            }
+        ],
+        "contexts": [{"context": {"cluster": "k8s", "user": "aws"}, "name": "aws"}],
+        "current-context": "aws",
+        "Kind": "config",
+        "users": [{"name": "aws", "user": "lambda"}],
     }
 
-    with open(KUBE_FILEPATH, 'w') as kube_file_content:
+    with open(KUBE_FILEPATH, "w") as kube_file_content:
         yaml.dump(kube_config, kube_file_content, default_flow_style=False)
 
 
@@ -68,81 +56,87 @@ def get_bearer_token(cluster, region):
     STS_TOKEN_EXPIRES_IN = 60
     session = boto3.session.Session()
 
-    client = session.client('sts', region_name=region)
+    client = session.client("sts", region_name=region)
     service_id = client.meta.service_model.service_id
 
     signer = RequestSigner(
-        service_id,
-        region,
-        'sts',
-        'v4',
-        session.get_credentials(),
-        session.events
+        service_id, region, "sts", "v4", session.get_credentials(), session.events
     )
 
     params = {
-        'method': 'GET',
-        'url': 'https://sts.{}.amazonaws.com/?Action=GetCallerIdentity&Version=2011-06-15'.format(region),
-        'body': {},
-        'headers': {
-            'x-k8s-aws-id': cluster
-        },
-        'context': {}
+        "method": "GET",
+        "url": "https://sts.{}.amazonaws.com/?Action=GetCallerIdentity&Version=2011-06-15".format(
+            region
+        ),
+        "body": {},
+        "headers": {"x-k8s-aws-id": cluster},
+        "context": {},
     }
 
     signed_url = signer.generate_presigned_url(
-        params,
-        region_name=region,
-        expires_in=STS_TOKEN_EXPIRES_IN,
-        operation_name=''
+        params, region_name=region, expires_in=STS_TOKEN_EXPIRES_IN, operation_name=""
     )
 
-    base64_url = base64.urlsafe_b64encode(signed_url.encode('utf-8')).decode('utf-8')
+    base64_url = base64.urlsafe_b64encode(signed_url.encode("utf-8")).decode("utf-8")
 
     # need to remove base64 encoding padding:
     # https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/202
-    return 'k8s-aws-v1.' + re.sub(r'=*', '', base64_url)
+    return "k8s-aws-v1." + re.sub(r"=*", "", base64_url)
+
 
-def get_evictable_pods(api, node_name,label_selector):
-    '''
+def get_evictable_pods(api, node_name, label_selector):
+    """
     This method will ensure we are only waiting for pods that matters based on
     label_selector
-    '''
-    field_selector = 'spec.nodeName=' + node_name
-    pods = api.list_pod_for_all_namespaces(watch=False, field_selector=field_selector,
-        label_selector = label_selector, include_uninitialized=True)
+    """
+    field_selector = "spec.nodeName=" + node_name
+    pods = api.list_pod_for_all_namespaces(
+        watch=False,
+        field_selector=field_selector,
+        label_selector=label_selector,
+        include_uninitialized=True,
+    )
     return [pod for pod in pods.items]
 
-def count_running_pods(api, node_name,label_selector):
-    '''
+
+def count_running_pods(api, node_name, label_selector):
+    """
     Report count for total running pods based on the label
-    '''
-    pods = get_evictable_pods(api, node_name,label_selector)
+    """
+    pods = get_evictable_pods(api, node_name, label_selector)
     return len(pods)
 
+
 def handler(event, context):
-    '''
+    """
     Lambda handler, this function will call the
     private functions to get the running pod count based on the label selector provided
-    '''
-    eks = boto3.client('eks', region_name=event['region'])
-    #loading Kube Config
+    """
+    eks = boto3.client("eks", region_name=event["region"])
+    # loading Kube Config
     if not os.path.exists(KUBE_FILEPATH):
-        create_kube_config(eks, event['cluster_name'])
+        create_kube_config(eks, event["cluster_name"])
     k8s.config.load_kube_config(KUBE_FILEPATH)
     configuration = k8s.client.Configuration()
-    #getting the auth token
-    token = get_bearer_token(event['cluster_name'],event['region'])
-    configuration.api_key['authorization'] = token
-    configuration.api_key_prefix['authorization'] = 'Bearer'
+    # getting the auth token
+    token = get_bearer_token(event["cluster_name"], event["region"])
+    configuration.api_key["authorization"] = token
+    configuration.api_key_prefix["authorization"] = "Bearer"
     # API
     api = k8s.client.ApiClient(configuration)
     core_v1_api = k8s.client.CoreV1Api(api)
 
     # Get all the pods
-    running_pod_count=count_running_pods(core_v1_api,node_name=event['node_name'],
-        label_selector=event['label_selector'])
-    output_json = {"region": event['region'], "node_name" : event['node_name'] ,
-                    "instance_id" : event['instance_id'], "cluster_name": event['cluster_name'],
-                     "activePodCount": running_pod_count}
+    running_pod_count = count_running_pods(
+        core_v1_api,
+        node_name=event["node_name"],
+        label_selector=event["label_selector"],
+    )
+    output_json = {
+        "region": event["region"],
+        "node_name": event["node_name"],
+        "instance_id": event["instance_id"],
+        "cluster_name": event["cluster_name"],
+        "activePodCount": running_pod_count,
+    }
     return output_json

lambdas/detachAndTerminateNode.py

@@ -4,88 +4,81 @@
 import time
 import boto3
 
-ec2_client = boto3.client('ec2')
-asg_client = boto3.client('autoscaling')
+ec2_client = boto3.client("ec2")
+asg_client = boto3.client("autoscaling")
 
 
 def lambda_handler(event, context):
-    ''' The base lambda handler function
+    """The base lambda handler function
     This function, get the instance id, check for ASG tag
     put it back in Inservice state
     and detach it from the corresponding ASG
-    '''
-    instance_id = event['instance_id']
+    """
+    instance_id = event["instance_id"]
     # Capture all the info about the instance so we can extract the ASG name later
     response = ec2_client.describe_instances(
         Filters=[
-            {
-                'Name': 'instance-id',
-                'Values': [instance_id]
-            },
+            {"Name": "instance-id", "Values": [instance_id]},
         ],
     )
 
     # Get the ASG name from the response JSON
-    tags = response['Reservations'][0]['Instances'][0]['Tags']
-    autoscaling_name = next(t["Value"] for t in tags if t["Key"] == "aws:autoscaling:groupName")
+    tags = response["Reservations"][0]["Instances"][0]["Tags"]
+    autoscaling_name = next(
+        t["Value"] for t in tags if t["Key"] == "aws:autoscaling:groupName"
+    )
 
-    #Put the instance in standby
+    # Put the instance in standby
     response = asg_client.exit_standby(
         InstanceIds=[
             instance_id,
         ],
-        AutoScalingGroupName=autoscaling_name
+        AutoScalingGroupName=autoscaling_name,
     )
 
     response = asg_client.describe_auto_scaling_instances(
         InstanceIds=[
             instance_id,
         ]
     )
-    while response['AutoScalingInstances'][0]['LifecycleState']!='InService':
+    while response["AutoScalingInstances"][0]["LifecycleState"] != "InService":
         print(" The node is not yet in service state, waiting for 5 more seconds")
         time.sleep(5)
         response = asg_client.describe_auto_scaling_instances(
-        InstanceIds=[
-            instance_id,
-        ]
-    )
-        if response['AutoScalingInstances'][0]['LifecycleState']=='InService':
+            InstanceIds=[
+                instance_id,
+            ]
+        )
+        if response["AutoScalingInstances"][0]["LifecycleState"] == "InService":
             break
-   # Detach the instance
+    # Detach the instance
     response = asg_client.detach_instances(
         InstanceIds=[
             instance_id,
         ],
         AutoScalingGroupName=autoscaling_name,
-        ShouldDecrementDesiredCapacity=True
+        ShouldDecrementDesiredCapacity=True,
     )
 
     response = ec2_client.describe_instances(
         Filters=[
-            {
-                'Name': 'instance-id',
-                'Values': [instance_id]
-            },
+            {"Name": "instance-id", "Values": [instance_id]},
         ],
     )
 
-    while response['Reservations'][0]['Instances'][0]['Tags']==autoscaling_name:
+    while response["Reservations"][0]["Instances"][0]["Tags"] == autoscaling_name:
         # sleep added to reduce the number of api calls for checking the status
         print(" The node is not yet detached, waiting for 10 more seconds")
         time.sleep(10)
         response = ec2_client.describe_instances(
-        Filters=[
-            {
-                'Name': 'instance-id',
-                'Values': [instance_id]
-            },
-        ],
-    )
-        if response['Reservations'][0]['Instances'][0]['Tags']!=autoscaling_name:
+            Filters=[
+                {"Name": "instance-id", "Values": [instance_id]},
+            ],
+        )
+        if response["Reservations"][0]["Instances"][0]["Tags"] != autoscaling_name:
             break
 
-#if the node is detqched then stop the instance
+    # if the node is detqched then stop the instance
 
     response = ec2_client.stop_instances(
         InstanceIds=[