def run(dry_run):
settings = queries.get_app_interface_settings()
accounts = queries.get_aws_accounts()
users = queries.get_users()
state = State(integration=QONTRACT_INTEGRATION,
accounts=accounts,
settings=settings)
mails = smtp_client.get_mails(criteria='SUBJECT "Sentry Access Request"',
folder='[Gmail]/Sent Mail',
settings=settings)
user_names = get_sentry_users_from_mails(mails)
if not dry_run:
slack = init_slack_workspace(QONTRACT_INTEGRATION)
for user_name in user_names:
guesses = guess_user(user_name, users)
if not guesses:
logging.debug(f'no users guessed for {user_name}')
continue
slack_username = \
guesses[0].get('slack_username') or guesses[0]['org_username']
if state.exists(slack_username):
continue
logging.info(['help_user', slack_username])
if not dry_run:
state.add(slack_username)
slack.chat_post_message(
f'yo <@{slack_username}>! it appears that you have ' +
'requested access to a project in Sentry. ' +
'access is managed automatically via app-interface. '
'checkout https://url.corp.redhat.com/sentry-help')
def run(dry_run):
settings = queries.get_app_interface_settings()
accounts = queries.get_aws_accounts()
state = State(
integration=QONTRACT_INTEGRATION,
accounts=accounts,
settings=settings
)
emails = queries.get_app_interface_emails()
smtp_client = SmtpClient(settings=settings)
# validate no 2 emails have the same name
email_names = set([e['name'] for e in emails])
if len(emails) != len(email_names):
logging.error('email names must be unique.')
sys.exit(1)
emails_to_send = [e for e in emails if not state.exists(e['name'])]
for email in emails_to_send:
logging.info(['send_email', email['name'], email['subject']])
if not dry_run:
names = collect_to(email['to'])
subject = email['subject']
body = email['body']
smtp_client.send_mail(names, subject, body)
state.add(email['name'])
def run(dry_run,
thread_pool_size=10,
internal=None,
use_jump_host=True,
defer=None):
settings = queries.get_app_interface_settings()
accounts = queries.get_aws_accounts()
clusters = [c for c in queries.get_clusters(minimal=True) if c.get('ocm')]
oc_map = OC_Map(clusters=clusters,
integration=QONTRACT_INTEGRATION,
settings=settings,
internal=internal,
use_jump_host=use_jump_host,
thread_pool_size=thread_pool_size)
defer(lambda: oc_map.cleanup())
state = State(integration=QONTRACT_INTEGRATION,
accounts=accounts,
settings=settings)
if not dry_run:
slack = init_slack_workspace(QONTRACT_INTEGRATION)
now = datetime.utcnow()
for cluster in oc_map.clusters():
oc = oc_map.get(cluster)
if not oc:
logging.log(level=oc.log_level, msg=oc.message)
continue
upgrade_config = oc.get(namespace='openshift-managed-upgrade-operator',
kind='UpgradeConfig',
name='osd-upgrade-config',
allow_not_found=True)
if not upgrade_config:
logging.debug(f'[{cluster}] UpgradeConfig not found.')
continue
upgrade_spec = upgrade_config['spec']
upgrade_at = upgrade_spec['upgradeAt']
version = upgrade_spec['desired']['version']
upgrade_at_obj = datetime.strptime(upgrade_at, '%Y-%m-%dT%H:%M:%SZ')
state_key = f'{cluster}-{upgrade_at}'
# if this is the first iteration in which 'now' had passed
# the upgrade at date time, we send a notification
if upgrade_at_obj < now:
if state.exists(state_key):
# already notified
continue
logging.info(['cluster_upgrade', cluster])
if not dry_run:
state.add(state_key)
usergroup = f'{cluster}-cluster'
usergroup_id = slack.get_usergroup_id(usergroup)
slack.chat_post_message(
f'Heads up <!subteam^{usergroup_id}>! ' +
f'cluster `{cluster}` is currently ' +
f'being upgraded to version `{version}`')
def run(dry_run=False):
settings = queries.get_app_interface_settings()
accounts = queries.get_aws_accounts()
state = State(
integration=QONTRACT_INTEGRATION,
accounts=accounts,
settings=settings
)
credentials_requests = queries.get_credentials_requests()
# validate no 2 requests have the same name
credentials_requests_names = \
set([r['name'] for r in credentials_requests])
if len(credentials_requests) != len(credentials_requests_names):
logging.error('request names must be unique.')
sys.exit(1)
error = False
credentials_requests_to_send = \
[r for r in credentials_requests if not state.exists(r['name'])]
for credentials_request_to_send in credentials_requests_to_send:
user = credentials_request_to_send['user']
org_username = user['org_username']
public_gpg_key = user.get('public_gpg_key')
credentials_name = credentials_request_to_send['credentials']
if not public_gpg_key:
error = True
logging.error(
f"user {org_username} does not have a public gpg key")
continue
logging.info(['send_credentials', org_username, credentials_name])
if not dry_run:
request_name = credentials_request_to_send['name']
names = [org_username]
subject = request_name
ecrypted_credentials = \
get_ecrypted_credentials(credentials_name, user, settings)
if not ecrypted_credentials:
error = True
logging.error(
f"could not get encrypted credentials {credentials_name}")
continue
body = MESSAGE_TEMPLATE.format(
request_name, credentials_name, ecrypted_credentials)
smtp_client.send_mail(names, subject, body, settings=settings)
state.add(request_name)
if error:
sys.exit(1)
