def get_desired_state(slack): desired_state = [] all_users = queries.get_roles() all_clusters = queries.get_clusters(minimal=True) clusters = [c for c in all_clusters if c.get('auth') and c['auth'].get('team') and c.get('ocm')] openshift_users_desired_state = \ openshift_users.fetch_desired_state(oc_map=None) for cluster in clusters: cluster_name = cluster['name'] cluster_users = [u['user'] for u in openshift_users_desired_state if u['cluster'] == cluster_name] usergroup = cluster['auth']['team'] try: ugid = slack.get_usergroup_id(usergroup) except UsergroupNotFoundException: logging.warning(f'Usergroup {usergroup} not found') continue user_names = [slack_usergroups.get_slack_username(u) for u in all_users if include_user(u, cluster_name, cluster_users)] users = slack.get_users_by_names(user_names) channels = slack.get_channels_by_names([slack.chat_kwargs['channel']]) desired_state.append({ "workspace": slack.workspace_name, "usergroup": usergroup, "usergroup_id": ugid, "users": users, "channels": channels, "description": f'Users with access to the {cluster_name} cluster', }) return desired_state
def get_desired_state(slack): """ Get the desired state of the Slack cluster usergroups. :param slack: client for calling Slack API :type slack: reconcile.utils.slack_api.SlackApi :return: desired state data, keys are workspace -> usergroup (ex. state['coreos']['app-sre-ic'] :rtype: dict """ desired_state = {} all_users = queries.get_roles() all_clusters = queries.get_clusters(minimal=True) clusters = [ c for c in all_clusters if c.get("auth") and c["auth"].get("team") and c.get("ocm") ] openshift_users_desired_state = openshift_users.fetch_desired_state( oc_map=None) for cluster in clusters: cluster_name = cluster["name"] cluster_users = [ u["user"] for u in openshift_users_desired_state if u["cluster"] == cluster_name ] usergroup = cluster["auth"]["team"] try: ugid = slack.get_usergroup_id(usergroup) except UsergroupNotFoundException: logging.warning(f"Usergroup {usergroup} not found") continue user_names = [ slack_usergroups.get_slack_username(u) for u in all_users if include_user(u, cluster_name, cluster_users) ] users = slack.get_users_by_names(user_names) channels = slack.get_channels_by_names([slack.channel]) desired_state.setdefault(slack.workspace_name, {})[usergroup] = { "workspace": slack.workspace_name, "usergroup": usergroup, "usergroup_id": ugid, "users": users, "channels": channels, "description": f"Users with access to the {cluster_name} cluster", } return desired_state
def run(dry_run): settings = queries.get_app_interface_settings() secret_reader = SecretReader(settings=settings) users = queries.get_roles(aws=False, saas_files=False, sendgrid=True) desired_state_all = fetch_desired_state(users) sendgrid_accounts = queries.get_sendgrid_accounts() for sg_account in sendgrid_accounts: token = secret_reader.read(sg_account['token']) sg_client = sendgrid.SendGridAPIClient(api_key=token).client current_state = fetch_current_state(sg_client) desired_state = desired_state_all.get(sg_account['name'], []) error = act(dry_run, sg_client, desired_state, current_state) if error: sys.exit(ExitCodes.ERROR)
def roles(ctx, org_username): users = queries.get_roles() users = [u for u in users if u['org_username'] == org_username] if len(users) == 0: print("User not found") return user = users[0] roles = [] def add(d): for i, r in enumerate(roles): if all(d[k] == r[k] for k in ("type", "name", "resource")): roles.insert(i + 1, { "type": "", "name": "", "resource": "", "ref": d["ref"] }) return roles.append(d) for role in user["roles"]: role_name = role["path"] for p in role.get("permissions") or []: r_name = p["service"] if "org" in p or "team" in p: r_name = r_name.split("-")[0] if "org" in p: r_name += "/" + p["org"] if "team" in p: r_name += "/" + p["team"] add({ "type": "permission", "name": p["name"], "resource": r_name, "ref": role_name }) for aws in role.get("aws_groups") or []: for policy in aws["policies"]: add({ "type": "aws", "name": policy, "resource": aws["account"]["name"], "ref": aws["path"] }) for a in role.get("access") or []: if a["cluster"]: cluster_name = a["cluster"]["name"] add({ "type": "cluster", "name": a["clusterRole"], "resource": cluster_name, "ref": role_name }) elif a["namespace"]: ns_name = a["namespace"]["name"] add({ "type": "namespace", "name": a["role"], "resource": ns_name, "ref": role_name }) for s in role.get("owned_saas_files") or []: add({ "type": "saas_file", "name": "owner", "resource": s["name"], "ref": role_name }) columns = ['type', 'name', 'resource', 'ref'] print_output(ctx.obj['output'], roles, columns)