def push_empty_groups_to_cis(sender, instance, **kwargs):
"""Notify CIS about the profile deletion.
Remove all the access groups and tags from the profile.
"""
from mozillians.users.tasks import send_userprofile_to_cis
data = bundle_profile_data(instance.id, delete=True)
send_userprofile_to_cis.delay(profile_results=data)
def push_empty_groups_to_cis(sender, instance, **kwargs):
"""Notify CIS about the profile deletion.
Remove all the access groups and tags from the profile.
"""
from mozillians.users.tasks import send_userprofile_to_cis
data = bundle_profile_data(instance.id, delete=True)
send_userprofile_to_cis.delay(profile_results=data)
def send_userprofile_to_cis(instance_id=None, profile_results=[], **kwargs):
import boto3
from cis.publisher import ChangeDelegate
if is_test_environment() or settings.DINO_PARK_ACTIVE:
return []
if not instance_id and not profile_results:
return []
if instance_id:
profile_results = bundle_profile_data(instance_id)
sts = boto3.client('sts')
sts_response = sts.assume_role(
RoleArn=settings.CIS_IAM_ROLE_ARN,
RoleSessionName=settings.CIS_IAM_ROLE_SESSION_NAME
)
session = boto3.session.Session(
aws_access_key_id=sts_response['Credentials']['AccessKeyId'],
aws_secret_access_key=sts_response['Credentials']['SecretAccessKey'],
aws_session_token=sts_response['Credentials']['SessionToken'],
region_name=settings.CIS_AWS_REGION
)
publisher = {
'id': settings.CIS_PUBLISHER_NAME
}
results = []
for data in profile_results:
# Send data to sentry for debugging purposes
cis_change = ChangeDelegate(publisher, {}, data)
cis_change.boto_session = session
result = cis_change.send()
results.append(result)
log_name = 'CIS transaction - {}'.format(data['user_id'])
log_data = {
'level': logging.DEBUG,
'logger': 'mozillians.cis_transaction'
}
log_extra = {
'cis_transaction_data': json.dumps(data),
'cis_transaction_groups': json.dumps(data['groups']),
'cis_transaction_result': result
}
sentry_client.captureMessage(log_name, data=log_data, stack=True, extra=log_extra)
return results
def send_userprofile_to_cis(instance_id=None, profile_results=[], **kwargs):
import boto3
from cis.publisher import ChangeDelegate
if is_test_environment() or settings.DINO_PARK_ACTIVE:
return []
if not instance_id and not profile_results:
return []
if instance_id:
profile_results = bundle_profile_data(instance_id)
sts = boto3.client('sts')
sts_response = sts.assume_role(
RoleArn=settings.CIS_IAM_ROLE_ARN,
RoleSessionName=settings.CIS_IAM_ROLE_SESSION_NAME)
session = boto3.session.Session(
aws_access_key_id=sts_response['Credentials']['AccessKeyId'],
aws_secret_access_key=sts_response['Credentials']['SecretAccessKey'],
aws_session_token=sts_response['Credentials']['SessionToken'],
region_name=settings.CIS_AWS_REGION)
publisher = {'id': settings.CIS_PUBLISHER_NAME}
results = []
for data in profile_results:
# Send data to sentry for debugging purposes
cis_change = ChangeDelegate(publisher, {}, data)
cis_change.boto_session = session
result = cis_change.send()
results.append(result)
log_name = 'CIS transaction - {}'.format(data['user_id'])
log_data = {
'level': logging.DEBUG,
'logger': 'mozillians.cis_transaction'
}
log_extra = {
'cis_transaction_data': json.dumps(data),
'cis_transaction_groups': json.dumps(data['groups']),
'cis_transaction_result': result
}
sentry_client.captureMessage(log_name,
data=log_data,
stack=True,
extra=log_extra)
return results
def send_userprofile_to_cis(instance_id=None, profile_results=[], **kwargs):
import boto3
from cis.publisher import ChangeDelegate
if is_test_environment():
return []
if not instance_id and not profile_results:
return []
if instance_id:
profile_results = bundle_profile_data(instance_id)
sts = boto3.client('sts')
sts_response = sts.assume_role(
RoleArn=settings.CIS_IAM_ROLE_ARN,
RoleSessionName=settings.CIS_IAM_ROLE_SESSION_NAME)
session = boto3.session.Session(
aws_access_key_id=sts_response['Credentials']['AccessKeyId'],
aws_secret_access_key=sts_response['Credentials']['SecretAccessKey'],
aws_session_token=sts_response['Credentials']['SessionToken'],
region_name=settings.CIS_AWS_REGION)
publisher = {'id': settings.CIS_PUBLISHER_NAME}
results = []
for data in profile_results:
# Send data to sentry for debugging purposes
sentry_client.captureMessage('New CIS transaction',
data={
'level': 'debug',
'payload': data
},
stack=True)
cis_change = ChangeDelegate(publisher, {}, data)
cis_change.boto_session = session
result = cis_change.send()
results.append(result)
return results
def push_empty_groups_to_cis(sender, instance, **kwargs):
"""Notify CIS about the profile deletion.
Remove all the access groups and tags from the profile.
"""
from mozillians.users.tasks import send_userprofile_to_cis
data = bundle_profile_data(instance.id, delete=True)
for d in data:
log_name = 'CIS group deletion - {}'.format(d['user_id'])
log_data = {
'level': logging.DEBUG,
'logger': 'mozillians.cis_transaction'
}
log_extra = {
'cis_transaction_data': json.dumps(d)
}
sentry_client.captureMessage(log_name, data=log_data, stack=True, extra=log_extra)
send_userprofile_to_cis.delay(profile_results=data)
def push_empty_groups_to_cis(sender, instance, **kwargs):
"""Notify CIS about the profile deletion.
Remove all the access groups and tags from the profile.
"""
from mozillians.users.tasks import send_userprofile_to_cis
data = bundle_profile_data(instance.id, delete=True)
for d in data:
log_name = 'CIS group deletion - {}'.format(d['user_id'])
log_data = {
'level': logging.DEBUG,
'logger': 'mozillians.cis_transaction'
}
log_extra = {'cis_transaction_data': json.dumps(d)}
sentry_client.captureMessage(log_name,
data=log_data,
stack=True,
extra=log_extra)
send_userprofile_to_cis.delay(profile_results=data)