def get_desired_state(slack): desired_state = [] all_users = queries.get_roles() all_clusters = queries.get_clusters(minimal=True) clusters = [c for c in all_clusters if c.get('auth') and c['auth'].get('team') and c.get('ocm')] openshift_users_desired_state = \ openshift_users.fetch_desired_state(oc_map=None) for cluster in clusters: cluster_name = cluster['name'] cluster_users = [u['user'] for u in openshift_users_desired_state if u['cluster'] == cluster_name] usergroup = cluster['auth']['team'] try: ugid = slack.get_usergroup_id(usergroup) except UsergroupNotFoundException: logging.warning(f'Usergroup {usergroup} not found') continue user_names = [slack_usergroups.get_slack_username(u) for u in all_users if include_user(u, cluster_name, cluster_users)] users = slack.get_users_by_names(user_names) channels = slack.get_channels_by_names([slack.chat_kwargs['channel']]) desired_state.append({ "workspace": slack.workspace_name, "usergroup": usergroup, "usergroup_id": ugid, "users": users, "channels": channels, "description": f'Users with access to the {cluster_name} cluster', }) return desired_state
def get_desired_state(slack): """ Get the desired state of the Slack cluster usergroups. :param slack: client for calling Slack API :type slack: reconcile.utils.slack_api.SlackApi :return: desired state data, keys are workspace -> usergroup (ex. state['coreos']['app-sre-ic'] :rtype: dict """ desired_state = {} all_users = queries.get_roles() all_clusters = queries.get_clusters(minimal=True) clusters = [ c for c in all_clusters if c.get("auth") and c["auth"].get("team") and c.get("ocm") ] openshift_users_desired_state = openshift_users.fetch_desired_state( oc_map=None) for cluster in clusters: cluster_name = cluster["name"] cluster_users = [ u["user"] for u in openshift_users_desired_state if u["cluster"] == cluster_name ] usergroup = cluster["auth"]["team"] try: ugid = slack.get_usergroup_id(usergroup) except UsergroupNotFoundException: logging.warning(f"Usergroup {usergroup} not found") continue user_names = [ slack_usergroups.get_slack_username(u) for u in all_users if include_user(u, cluster_name, cluster_users) ] users = slack.get_users_by_names(user_names) channels = slack.get_channels_by_names([slack.channel]) desired_state.setdefault(slack.workspace_name, {})[usergroup] = { "workspace": slack.workspace_name, "usergroup": usergroup, "usergroup_id": ugid, "users": users, "channels": channels, "description": f"Users with access to the {cluster_name} cluster", } return desired_state
def fetch_desired_state(infer_clusters=True): gqlapi = gql.get_api() state = AggregatedList() roles = gqlapi.query(ROLES_QUERY)['roles'] for role in roles: permissions = list(filter( lambda p: p.get('service') in ['github-org', 'github-org-team'], role['permissions'] )) if not permissions: continue members = [] for user in role['users']: members.append(user['github_username']) for bot in role['bots']: if 'github_username' in bot: members.append(bot['github_username']) members = [m.lower() for m in members] for permission in permissions: if permission['service'] == 'github-org': state.add(permission, members) elif permission['service'] == 'github-org-team': state.add(permission, members) state.add({ 'service': 'github-org', 'org': permission['org'], }, members) if not infer_clusters: return state clusters = gqlapi.query(CLUSTERS_QUERY)['clusters'] openshift_users_desired_state = \ openshift_users.fetch_desired_state(oc_map=None) for cluster in clusters: if not cluster['auth']: continue cluster_name = cluster['name'] members = [ou['user'].lower() for ou in openshift_users_desired_state if ou['cluster'] == cluster_name] state.add({ 'service': 'github-org', 'org': cluster['auth']['org'], }, members) if cluster['auth']['service'] == 'github-org-team': state.add({ 'service': 'github-org-team', 'org': cluster['auth']['org'], 'team': cluster['auth']['team'], }, members) return state
def fetch_desired_state(infer_clusters=True): gqlapi = gql.get_api() state = AggregatedList() roles = expiration.filter(gqlapi.query(ROLES_QUERY)["roles"]) for role in roles: permissions = list( filter( lambda p: p.get("service") in ["github-org", "github-org-team"], role["permissions"], )) if not permissions: continue members = [] for user in role["users"]: members.append(user["github_username"]) for bot in role["bots"]: if "github_username" in bot: members.append(bot["github_username"]) members = [m.lower() for m in members] for permission in permissions: if permission["service"] == "github-org": state.add(permission, members) elif permission["service"] == "github-org-team": state.add(permission, members) state.add( { "service": "github-org", "org": permission["org"], }, members, ) if not infer_clusters: return state clusters = gqlapi.query(CLUSTERS_QUERY)["clusters"] openshift_users_desired_state = openshift_users.fetch_desired_state( oc_map=None) for cluster in clusters: if not cluster["auth"]: continue cluster_name = cluster["name"] members = [ ou["user"].lower() for ou in openshift_users_desired_state if ou["cluster"] == cluster_name ] state.add( { "service": "github-org", "org": cluster["auth"]["org"], }, members, ) if cluster["auth"]["service"] == "github-org-team": state.add( { "service": "github-org-team", "org": cluster["auth"]["org"], "team": cluster["auth"]["team"], }, members, ) return state