Introduce CSpell linter

.cspell.json

@@ -0,0 +1,30 @@
+{
+    "version": "0.2",
+    "language": "en",
+    "dictionaries": [
+        "custom-adf",
+        "bash",
+        "python",
+        "en-US",
+        "corp-terms",
+        "softwareTerms",
+        "typescript",
+        "node",
+        "npm"
+    ],
+    "ignorePaths": [
+        "requirements.txt",
+        "maven-wrapper.jar",
+        ".cspell.json",
+        ".gitignore",
+        "custom-adf-dict.txt"
+    ],
+    "allowCompoundWords": true,
+    "dictionaryDefinitions": [
+        {
+            "name": "custom-adf",
+            "path": "./linters/custom-adf-dict.txt",
+            "addWords": true
+        }
+    ]
+}

.mega-linter.yml

@@ -20,6 +20,7 @@ ENABLE_LINTERS:
   - MARKDOWN_MARKDOWN_LINK_CHECK
   - MARKDOWN_MARKDOWNLINT
   - MARKDOWN_MARKDOWN_TABLE_FORMATTER
+  - SPELL_CSPELL
   - SPELL_MISSPELL
   - TERRAFORM_TFLINT
   - YAML_YAMLLINT
@@ -42,3 +43,5 @@ CLOUDFORMATION_CFN_LINT_FILE_EXTENSIONS: [".yml", ".yaml"]
 EDITORCONFIG_EDITORCONFIG_CHECKER_CONFIG_FILE: '.ecrc.json'
 MARKDOWN_MARKDOWN_LINK_CHECK_ARGUMENTS: '-q'
 MARKDOWN_MARKDOWNLINT_DISABLE_ERRORS: false
+SPELL_CSPELL_ARGUMENTS: '--unique --words-only --gitignore'
+SPELL_CSPELL_FILE_EXTENSIONS: ["*"]

.pylintrc

@@ -1,4 +1,4 @@
-[MASTER]
+[MAIN]
 
 # Specify a configuration file.
 #rcfile=
@@ -7,7 +7,7 @@
 # pygtk.require().
 #init-hook=
 
-# Add files or directories to the blacklist. They should be base names, not
+# Files or directories to be skipped. They should be base names, not
 # paths.
 ignore=compat.py, __main__.py
 
@@ -28,7 +28,7 @@ unsafe-load-any-extension=no
 # A comma-separated list of package or module names from where C extensions may
 # be loaded. Extensions are loading into the active Python interpreter and may
 # run arbitrary code
-extension-pkg-whitelist=
+extension-pkg-allow-list=
 
 # Allow optimization of some AST trees. This will activate a peephole AST
 # optimizer, which will apply various small optimizations. For instance, it can

docs/admin-guide.md

@@ -1067,10 +1067,10 @@ please replace:
 
 - the account ids with simple account ids like: `111111111111`, `222222222222`,
   etc.
-- the organization id with a simple one, `o-theorgid`.
+- the organization id with a simple one, `o-aa111bb222`.
 - the organization unit identifiers and names.
 - the email addresses by hiding them behind
-  `--some-notifcation-email-address--`.
+  `--some-notification-email-address--`.
 - the Slack channel identifier and SNS topics configured with simplified ones.
 - the cross-account access role with the default
   `OrganizationAccountAccessRole`.

docs/providers-guide.md

@@ -305,7 +305,7 @@ Provider type: `codebuild`.
   If you wish to pass in a custom Buildspec file that is within the
   repository. This is useful for custom deploy type actions where CodeBuild
   will perform the execution of the commands. Path is relational to the
-  root of the repository, so `build/buidlspec.yml` refers to the
+  root of the repository, so `build/buildspec.yml` refers to the
   `buildspec.yml` stored in the `build` directory of the repository.
 
   In case CodeBuild is used as a deployment provider, the default BuildSpec

docs/user-guide.md

@@ -26,11 +26,11 @@
     - [Deploying Serverless Applications with SAM](#deploying-serverless-applications-with-sam)
     - [Using YAML Anchors and Aliases](#using-yaml-anchors-and-aliases)
     - [One to many relationships](#one-to-many-relationships)
-  - [Terraform pipeline](#terraform-pipeline)
-    - [Prerequisites](#prerequisites)
-    - [Overview](#overview)
-    - [Parameters](#parameters)
-    - [Deployment procedure](#deployment-procedure)
+    - [Terraform pipeline](#terraform-pipeline)
+      - [Prerequisites](#prerequisites)
+      - [Overview](#overview)
+      - [Parameters](#parameters)
+      - [Deployment procedure](#deployment-procedure)
 
 ## Deployment Map
 
@@ -1180,13 +1180,13 @@ e.g.
 The following state files are created:
 
 - 111111111111 main region (eu-west-1)
-  -> adf-global-base-deployment-pipelinebucketxyz/sample-tf-module/111111111111.tfstate
+  -> `adf-global-base-deployment-pipeline-bucket-xyz/sample-tf-module/111111111111.tfstate`
 - 111111111111 secondary region (us-east-1)
-  -> adf-regional-base-deploy-deploymentframeworkregio-jsm/sample-tf-module/111111111111.tfstate
+  -> `adf-regional-base-deploy-deployment-framework-region-jsm/sample-tf-module/111111111111.tfstate`
 - 222222222222 main region (eu-west-1)
-  -> adf-global-base-deployment-pipelinebucketxyz/sample-tf-module/222222222222.tfstate
+  -> `adf-global-base-deployment-pipeline-bucket-xyz/sample-tf-module/222222222222.tfstate`
 - 222222222222 secondary region (us-east-1)
-  -> adf-regional-base-deploy-deploymentframeworkregio-jsm/sample-tf-module/222222222222.tfstate
+  -> `adf-regional-base-deploy-deployment-framework-region-jsm/sample-tf-module/222222222222.tfstate`
 
 A DynamoDB table is created to manage the lock of the state file. It is
 deployed in every ADF regions named `adf_locktable`. **Please note**: usage

linters/custom-adf-dict.txt

@@ -0,0 +1,58 @@
+!blacklist
+!whitelist
+adf
+adfconfig
+awscli
+backoff
+bitnami
+boto
+boto3
+botocore
+bundyfx
+cfnlintrc
+chattr
+chkconfig
+chsh
+cicd
+codepipelinecodeartifactpipelinetriggermytestrepoall
+codepipelinecodeartifactpipelinetriggermytestrepomytestpackage
+corretto
+crhelper
+datacls
+deregistration
+devsecops
+drawio
+dserver
+ecrc
+epel
+fargate
+hadolint
+iname
+infinidash
+msvs
+mymodule
+mypackage
+norecursedirs
+ouid
+oxsecurity
+pipelinenoti
+pygtk
+pylintrc
+rcfile
+releasever
+rexec
+runas
+sdkman
+stefanzweifel
+stubber
+tfapply
+tfinit
+tflint
+tflocktable
+tfrun
+tfstate
+tfvars
+toxinidir
+unconfigured
+vpcid
+zstd

samples/sample-rdk-rules/README.md

@@ -131,4 +131,4 @@ account. If not lambda execution will be failed.
   have the `lambda-function-account-id` (`1111111111`) as trusted entity as
   below.
 
-![Trusted entiry](./meta/lambda-account-id-trusted-entiry.png)
+![Trusted entity](./meta/lambda-account-id-trusted-entity.png)

samples/sample-rdk-rules/config-rules/EC2_CHECKS_TERMINIATION_PROTECTION_ADF/EC2_CHECKS_TERMINIATION_PROTECTION_ADF.py → samples/sample-rdk-rules/config-rules/EC2_CHECKS_TERMINATION_PROTECTION_ADF/EC2_CHECKS_TERMINATION_PROTECTION_ADF.py

@@ -68,7 +68,7 @@ def is_applicable_ec2(configuration_item, event):
     if configuration_item["resourceType"] not in APPLICABLE_RESOURCES:
         return False
 
-    # If instance is not in a valid Environtment its not applicable
+    # If instance is not in a valid environment its not applicable
     if not is_valid_environment(configuration_item["resourceId"], event):
         return False
 
@@ -79,7 +79,7 @@ def is_applicable_ec2(configuration_item, event):
     return True
 
 
-# If instance not in a valid Environtment its not applicable
+# If instance not in a valid environment its not applicable
 def is_valid_environment(instance_id, event):
     ec2 = get_resource("ec2", event)
     instance = ec2.Instance(instance_id)
@@ -310,7 +310,7 @@ def convert_api_configuration(configuration_item):
 
 # Based on the type of message get the configuration item
 # either from configurationItem in the invoking event
-# or using the getResourceConfigHistiry API in getConfiguration function.
+# or using the getResourceConfigHistory API in getConfiguration function.
 def get_configuration_item(invoking_event):
     check_defined(invoking_event, "invokingEvent")
     if is_oversized_changed_notification(invoking_event["messageType"]):

samples/sample-rdk-rules/config-rules/EC2_CHECKS_TERMINIATION_PROTECTION_ADF/EC2_CHECKS_TERMINIATION_PROTECTION_ADF_test.py → samples/sample-rdk-rules/config-rules/EC2_CHECKS_TERMINATION_PROTECTION_ADF/EC2_CHECKS_TERMINATION_PROTECTION_ADF_test.py

@@ -28,7 +28,7 @@ def client(client_name, *args, **kwargs):
 
 sys.modules['boto3'] = Boto3Mock()
 
-RULE = __import__('EC2_CHECKS_TERMINIATION_PROTECTION_ADF')
+RULE = __import__('EC2_CHECKS_TERMINATION_PROTECTION_ADF')
 
 class ComplianceTest(unittest.TestCase):
 
@@ -48,12 +48,12 @@ def test_sample(self):
 
 def build_lambda_configurationchange_event(invoking_event, rule_parameters=None):
     event_to_return = {
-        'configRuleName':'myrule',
+        'configRuleName':'myRule',
         'executionRoleArn':'roleArn',
         'eventLeftScope': False,
         'invokingEvent': invoking_event,
         'accountId': '123456789012',
-        'configRuleArn': 'arn:aws:config:us-east-1:123456789012:config-rule/config-rule-8fngan',
+        'configRuleArn': 'arn:aws:config:us-east-1:123456789012:config-rule/config-rule-abc',
         'resultToken':'token'
     }
     if rule_parameters:
@@ -63,12 +63,12 @@ def build_lambda_configurationchange_event(invoking_event, rule_parameters=None)
 def build_lambda_scheduled_event(rule_parameters=None):
     invoking_event = '{"messageType":"ScheduledNotification","notificationCreationTime":"2017-12-23T22:11:18.158Z"}'
     event_to_return = {
-        'configRuleName':'myrule',
+        'configRuleName':'myRule',
         'executionRoleArn':'roleArn',
         'eventLeftScope': False,
         'invokingEvent': invoking_event,
         'accountId': '123456789012',
-        'configRuleArn': 'arn:aws:config:us-east-1:123456789012:config-rule/config-rule-8fngan',
+        'configRuleArn': 'arn:aws:config:us-east-1:123456789012:config-rule/config-rule-abc',
         'resultToken':'token'
     }
     if rule_parameters:

samples/sample-rdk-rules/config-rules/EC2_CHECKS_TERMINIATION_PROTECTION_ADF/parameters.json → samples/sample-rdk-rules/config-rules/EC2_CHECKS_TERMINATION_PROTECTION_ADF/parameters.json

@@ -1,10 +1,10 @@
 {
     "Version": "1.0",
     "Parameters": {
-        "RuleName": "EC2_CHECKS_TERMINIATION_PROTECTION_ADF",
-        "Description": "EC2_CHECKS_TERMINIATION_PROTECTION_ADF",
+        "RuleName": "EC2_CHECKS_TERMINATION_PROTECTION_ADF",
+        "Description": "EC2_CHECKS_TERMINATION_PROTECTION_ADF",
         "SourceRuntime": "python3.9",
-        "CodeKey": "EC2_CHECKS_TERMINIATION_PROTECTION_ADFeu-central-1.zip",
+        "CodeKey": "EC2_CHECKS_TERMINATION_PROTECTION_ADFeu-central-1.zip",
         "InputParameters": "{}",
         "OptionalParameters": "{}",
         "SourceEvents": "AWS::EC2::Instance",

src/lambda_codebase/account_processing/create_account.py

@@ -2,7 +2,7 @@
 # SPDX-License-Identifier: MIT-0
 
 """
-Creates an account within your organisation.
+Creates an account within your organization.
 """
 
 import os

src/lambda_codebase/account_processing/tests/test_account_file_processing.py

@@ -10,50 +10,50 @@ class SuccessTestCase(unittest.TestCase):
     def test_process_account_when_account_exists(self):
         test_account = {
             "alias": "MyCoolAlias",
-            "account_full_name": "mytestaccountname",
+            "account_full_name": "myTestAccountName",
         }
-        account_lookup = {"mytestaccountname": 123456789012}
+        account_lookup = {"myTestAccountName": 123456789012}
         self.assertDictEqual(
             process_account(account_lookup, test_account),
             {
                 "alias": "MyCoolAlias",
-                "account_full_name": "mytestaccountname",
+                "account_full_name": "myTestAccountName",
                 "account_id": 123456789012,
                 "needs_created": False,
             }
         )
 
-    def test_process_account_when_account_doesnt_exist(self):
+    def test_process_account_when_account_does_not_exist(self):
         test_account = {
             "alias": "MyCoolAlias",
-            "account_full_name": "mytestaccountname",
+            "account_full_name": "myTestAccountName",
         }
-        account_lookup = {"mydifferentaccount": 123456789012}
+        account_lookup = {"myDifferentAccount": 123456789012}
         self.assertDictEqual(
             process_account(account_lookup, test_account),
             {
                 "alias": "MyCoolAlias",
-                "account_full_name": "mytestaccountname",
+                "account_full_name": "myTestAccountName",
                 "needs_created": True,
             }
         )
 
     def test_process_account_list(self):
-        all_accounts = [{"Name": "mytestaccountname", "Id": 123456789012}]
+        all_accounts = [{"Name": "myTestAccountName", "Id": 123456789012}]
         accounts_in_file = [
-            {"account_full_name": "mytestaccountname"},
-            {"account_full_name": "mynewaccountname"},
+            {"account_full_name": "myTestAccountName"},
+            {"account_full_name": "myNewAccountName"},
         ]
         self.assertListEqual(
             process_account_list(all_accounts, accounts_in_file),
             [
                 {
-                    "account_full_name": "mytestaccountname",
+                    "account_full_name": "myTestAccountName",
                     "needs_created": False,
                     "account_id": 123456789012,
                 },
                 {
-                    "account_full_name": "mynewaccountname",
+                    "account_full_name": "myNewAccountName",
                     "needs_created": True,
                 },
             ],

src/lambda_codebase/initial_commit/bootstrap_repository/adf-bootstrap/deployment/lambda_codebase/pipeline_management/create_or_update_rule.py

@@ -1,7 +1,7 @@
 """
 Pipeline Management Lambda Function
 Creates or Updates an Event Rule for forwarding events
-If the source account != the Deplyment account
+If the source account != the Deployment account
 """
 
 import os
@@ -32,7 +32,7 @@ def lambda_handler(pipeline, _):
     if not _cache:
         _cache = Cache()
         METRICS.put_metric_data(
-            {"MetricName": "CacheInitalised", "Value": 1, "Unit": "Count"}
+            {"MetricName": "CacheInitialized", "Value": 1, "Unit": "Count"}
         )
 
     LOGGER.info(pipeline)

src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/organization_policy.py

@@ -58,9 +58,9 @@ def _is_govcloud(region: str) -> bool:
         return region.startswith("us-gov")
 
     @staticmethod
-    def set_scp_attachment(access_identifer, organization_mapping, path, organizations):
-        if access_identifer:
-            if access_identifer.get("keep-default-scp") != "enabled":
+    def set_scp_attachment(access_identifier, organization_mapping, path, organizations):
+        if access_identifier:
+            if access_identifier.get("keep-default-scp") != "enabled":
                 try:
                     organizations.detach_policy(
                         "p-FullAWSAccess", organization_mapping[path]