def push_empty_groups_to_cis(sender, instance, **kwargs): """Notify CIS about the profile deletion. Remove all the access groups and tags from the profile. """ from mozillians.users.tasks import send_userprofile_to_cis data = bundle_profile_data(instance.id, delete=True) send_userprofile_to_cis.delay(profile_results=data)
def send_userprofile_to_cis(instance_id=None, profile_results=[], **kwargs): import boto3 from cis.publisher import ChangeDelegate if is_test_environment() or settings.DINO_PARK_ACTIVE: return [] if not instance_id and not profile_results: return [] if instance_id: profile_results = bundle_profile_data(instance_id) sts = boto3.client('sts') sts_response = sts.assume_role( RoleArn=settings.CIS_IAM_ROLE_ARN, RoleSessionName=settings.CIS_IAM_ROLE_SESSION_NAME ) session = boto3.session.Session( aws_access_key_id=sts_response['Credentials']['AccessKeyId'], aws_secret_access_key=sts_response['Credentials']['SecretAccessKey'], aws_session_token=sts_response['Credentials']['SessionToken'], region_name=settings.CIS_AWS_REGION ) publisher = { 'id': settings.CIS_PUBLISHER_NAME } results = [] for data in profile_results: # Send data to sentry for debugging purposes cis_change = ChangeDelegate(publisher, {}, data) cis_change.boto_session = session result = cis_change.send() results.append(result) log_name = 'CIS transaction - {}'.format(data['user_id']) log_data = { 'level': logging.DEBUG, 'logger': 'mozillians.cis_transaction' } log_extra = { 'cis_transaction_data': json.dumps(data), 'cis_transaction_groups': json.dumps(data['groups']), 'cis_transaction_result': result } sentry_client.captureMessage(log_name, data=log_data, stack=True, extra=log_extra) return results
def send_userprofile_to_cis(instance_id=None, profile_results=[], **kwargs): import boto3 from cis.publisher import ChangeDelegate if is_test_environment() or settings.DINO_PARK_ACTIVE: return [] if not instance_id and not profile_results: return [] if instance_id: profile_results = bundle_profile_data(instance_id) sts = boto3.client('sts') sts_response = sts.assume_role( RoleArn=settings.CIS_IAM_ROLE_ARN, RoleSessionName=settings.CIS_IAM_ROLE_SESSION_NAME) session = boto3.session.Session( aws_access_key_id=sts_response['Credentials']['AccessKeyId'], aws_secret_access_key=sts_response['Credentials']['SecretAccessKey'], aws_session_token=sts_response['Credentials']['SessionToken'], region_name=settings.CIS_AWS_REGION) publisher = {'id': settings.CIS_PUBLISHER_NAME} results = [] for data in profile_results: # Send data to sentry for debugging purposes cis_change = ChangeDelegate(publisher, {}, data) cis_change.boto_session = session result = cis_change.send() results.append(result) log_name = 'CIS transaction - {}'.format(data['user_id']) log_data = { 'level': logging.DEBUG, 'logger': 'mozillians.cis_transaction' } log_extra = { 'cis_transaction_data': json.dumps(data), 'cis_transaction_groups': json.dumps(data['groups']), 'cis_transaction_result': result } sentry_client.captureMessage(log_name, data=log_data, stack=True, extra=log_extra) return results
def send_userprofile_to_cis(instance_id=None, profile_results=[], **kwargs): import boto3 from cis.publisher import ChangeDelegate if is_test_environment(): return [] if not instance_id and not profile_results: return [] if instance_id: profile_results = bundle_profile_data(instance_id) sts = boto3.client('sts') sts_response = sts.assume_role( RoleArn=settings.CIS_IAM_ROLE_ARN, RoleSessionName=settings.CIS_IAM_ROLE_SESSION_NAME) session = boto3.session.Session( aws_access_key_id=sts_response['Credentials']['AccessKeyId'], aws_secret_access_key=sts_response['Credentials']['SecretAccessKey'], aws_session_token=sts_response['Credentials']['SessionToken'], region_name=settings.CIS_AWS_REGION) publisher = {'id': settings.CIS_PUBLISHER_NAME} results = [] for data in profile_results: # Send data to sentry for debugging purposes sentry_client.captureMessage('New CIS transaction', data={ 'level': 'debug', 'payload': data }, stack=True) cis_change = ChangeDelegate(publisher, {}, data) cis_change.boto_session = session result = cis_change.send() results.append(result) return results
def push_empty_groups_to_cis(sender, instance, **kwargs): """Notify CIS about the profile deletion. Remove all the access groups and tags from the profile. """ from mozillians.users.tasks import send_userprofile_to_cis data = bundle_profile_data(instance.id, delete=True) for d in data: log_name = 'CIS group deletion - {}'.format(d['user_id']) log_data = { 'level': logging.DEBUG, 'logger': 'mozillians.cis_transaction' } log_extra = { 'cis_transaction_data': json.dumps(d) } sentry_client.captureMessage(log_name, data=log_data, stack=True, extra=log_extra) send_userprofile_to_cis.delay(profile_results=data)
def push_empty_groups_to_cis(sender, instance, **kwargs): """Notify CIS about the profile deletion. Remove all the access groups and tags from the profile. """ from mozillians.users.tasks import send_userprofile_to_cis data = bundle_profile_data(instance.id, delete=True) for d in data: log_name = 'CIS group deletion - {}'.format(d['user_id']) log_data = { 'level': logging.DEBUG, 'logger': 'mozillians.cis_transaction' } log_extra = {'cis_transaction_data': json.dumps(d)} sentry_client.captureMessage(log_name, data=log_data, stack=True, extra=log_extra) send_userprofile_to_cis.delay(profile_results=data)