def get_timestamp():
# Once pipelines are more strongly integrated with the installer, this table should be a variable
timestamp_query = f"""
SELECT EVENT_TIME from {OKTA_TABLE}
WHERE EVENT_TIME IS NOT NULL
order by EVENT_TIME desc
limit 1
"""
try:
_, ts = db.connect_and_fetchall(timestamp_query)
log.info(ts)
ts = ts[0][0]
ts = ts.strftime("%Y-%m-%dT%H:%M:%S.000Z")
log.info(ts)
if len(ts) < 1:
log.error(
"The okta timestamp is too short or doesn't exist; defaulting to one hour ago"
)
ts = datetime.datetime.now() - datetime.timedelta(hours=1)
ts = ts.strftime("%Y-%m-%dT%H:%M:%S.000Z")
except Exception as e:
log.error(
"Unable to find a timestamp of most recent okta log, defaulting to one hour ago",
e,
)
ts = datetime.datetime.now() - datetime.timedelta(hours=1)
ts = ts.strftime("%Y-%m-%dT%H:%M:%S.000Z")
ret = {'since': ts}
log.info(ret)
return ret
def message_template(vars):
payload = None
# if we have Slack user data, send it to template
if 'user' in vars:
params = {
'alert': vars['alert'],
'properties': vars['properties'],
'user': vars['user']
}
else:
params = {'alert': vars['alert'], 'properties': vars['properties']}
try:
# retrieve Slack message structure from javascript UDF
rows = db.connect_and_fetchall("select " + vars['template'] +
"(parse_json('" + json.dumps(params) +
"'))")
row = rows[1]
if len(row) > 0:
log.debug(f"Template {vars['template']}", ''.join(row[0]))
payload = json.loads(''.join(row[0]))
else:
log.error(f"Error loading javascript template {vars['template']}")
raise Exception("Error loading javascript template " +
{vars['template']})
except Exception as e:
log.error(f"Error loading javascript template", e)
raise
return payload
def message_template(vars):
payload = None
# remove handlers data, it might contain JSON incompatible strucutres
vars['alert'].pop('HANDLERS')
# if we have Slack user data, send it to template
if 'user' in vars:
params = {
'alert': vars['alert'],
'properties': vars['properties'],
'user': vars['user'],
}
else:
params = {'alert': vars['alert'], 'properties': vars['properties']}
log.debug(f"Javascript template parameters", params)
try:
# retrieve Slack message structure from javascript UDF
rows = db.connect_and_fetchall(
"select " + vars['template'] + "(parse_json(%s))",
params=[json.dumps(params)],
)
row = rows[1]
if len(row) > 0:
log.debug(f"Template {vars['template']}", ''.join(row[0]))
payload = json.loads(''.join(row[0]))
else:
log.error(f"Error loading javascript template {vars['template']}")
raise Exception(
f"Error loading javascript template {vars['template']}")
except Exception as e:
log.error(f"Error loading javascript template", e)
raise
log.debug(f"Template payload", payload)
return payload