def get_desired_state(slack):
desired_state = []
all_users = queries.get_roles()
all_clusters = queries.get_clusters(minimal=True)
clusters = [c for c in all_clusters
if c.get('auth') and c['auth'].get('team')
and c.get('ocm')]
openshift_users_desired_state = \
openshift_users.fetch_desired_state(oc_map=None)
for cluster in clusters:
cluster_name = cluster['name']
cluster_users = [u['user'] for u in openshift_users_desired_state
if u['cluster'] == cluster_name]
usergroup = cluster['auth']['team']
try:
ugid = slack.get_usergroup_id(usergroup)
except UsergroupNotFoundException:
logging.warning(f'Usergroup {usergroup} not found')
continue
user_names = [slack_usergroups.get_slack_username(u)
for u in all_users
if include_user(u, cluster_name, cluster_users)]
users = slack.get_users_by_names(user_names)
channels = slack.get_channels_by_names([slack.chat_kwargs['channel']])
desired_state.append({
"workspace": slack.workspace_name,
"usergroup": usergroup,
"usergroup_id": ugid,
"users": users,
"channels": channels,
"description": f'Users with access to the {cluster_name} cluster',
})
return desired_state
def get_desired_state(slack):
"""
Get the desired state of the Slack cluster usergroups.
:param slack: client for calling Slack API
:type slack: reconcile.utils.slack_api.SlackApi
:return: desired state data, keys are workspace -> usergroup
(ex. state['coreos']['app-sre-ic']
:rtype: dict
"""
desired_state = {}
all_users = queries.get_roles()
all_clusters = queries.get_clusters(minimal=True)
clusters = [
c for c in all_clusters
if c.get("auth") and c["auth"].get("team") and c.get("ocm")
]
openshift_users_desired_state = openshift_users.fetch_desired_state(
oc_map=None)
for cluster in clusters:
cluster_name = cluster["name"]
cluster_users = [
u["user"] for u in openshift_users_desired_state
if u["cluster"] == cluster_name
]
usergroup = cluster["auth"]["team"]
try:
ugid = slack.get_usergroup_id(usergroup)
except UsergroupNotFoundException:
logging.warning(f"Usergroup {usergroup} not found")
continue
user_names = [
slack_usergroups.get_slack_username(u) for u in all_users
if include_user(u, cluster_name, cluster_users)
]
users = slack.get_users_by_names(user_names)
channels = slack.get_channels_by_names([slack.channel])
desired_state.setdefault(slack.workspace_name, {})[usergroup] = {
"workspace": slack.workspace_name,
"usergroup": usergroup,
"usergroup_id": ugid,
"users": users,
"channels": channels,
"description": f"Users with access to the {cluster_name} cluster",
}
return desired_state
def fetch_desired_state(infer_clusters=True):
gqlapi = gql.get_api()
state = AggregatedList()
roles = gqlapi.query(ROLES_QUERY)['roles']
for role in roles:
permissions = list(filter(
lambda p: p.get('service') in ['github-org', 'github-org-team'],
role['permissions']
))
if not permissions:
continue
members = []
for user in role['users']:
members.append(user['github_username'])
for bot in role['bots']:
if 'github_username' in bot:
members.append(bot['github_username'])
members = [m.lower() for m in members]
for permission in permissions:
if permission['service'] == 'github-org':
state.add(permission, members)
elif permission['service'] == 'github-org-team':
state.add(permission, members)
state.add({
'service': 'github-org',
'org': permission['org'],
}, members)
if not infer_clusters:
return state
clusters = gqlapi.query(CLUSTERS_QUERY)['clusters']
openshift_users_desired_state = \
openshift_users.fetch_desired_state(oc_map=None)
for cluster in clusters:
if not cluster['auth']:
continue
cluster_name = cluster['name']
members = [ou['user'].lower()
for ou in openshift_users_desired_state
if ou['cluster'] == cluster_name]
state.add({
'service': 'github-org',
'org': cluster['auth']['org'],
}, members)
if cluster['auth']['service'] == 'github-org-team':
state.add({
'service': 'github-org-team',
'org': cluster['auth']['org'],
'team': cluster['auth']['team'],
}, members)
return state
def fetch_desired_state(infer_clusters=True):
gqlapi = gql.get_api()
state = AggregatedList()
roles = expiration.filter(gqlapi.query(ROLES_QUERY)["roles"])
for role in roles:
permissions = list(
filter(
lambda p: p.get("service") in
["github-org", "github-org-team"],
role["permissions"],
))
if not permissions:
continue
members = []
for user in role["users"]:
members.append(user["github_username"])
for bot in role["bots"]:
if "github_username" in bot:
members.append(bot["github_username"])
members = [m.lower() for m in members]
for permission in permissions:
if permission["service"] == "github-org":
state.add(permission, members)
elif permission["service"] == "github-org-team":
state.add(permission, members)
state.add(
{
"service": "github-org",
"org": permission["org"],
},
members,
)
if not infer_clusters:
return state
clusters = gqlapi.query(CLUSTERS_QUERY)["clusters"]
openshift_users_desired_state = openshift_users.fetch_desired_state(
oc_map=None)
for cluster in clusters:
if not cluster["auth"]:
continue
cluster_name = cluster["name"]
members = [
ou["user"].lower() for ou in openshift_users_desired_state
if ou["cluster"] == cluster_name
]
state.add(
{
"service": "github-org",
"org": cluster["auth"]["org"],
},
members,
)
if cluster["auth"]["service"] == "github-org-team":
state.add(
{
"service": "github-org-team",
"org": cluster["auth"]["org"],
"team": cluster["auth"]["team"],
},
members,
)
return state