def run(dry_run,
thread_pool_size=10,
internal=None,
use_jump_host=True,
defer=None):
settings = queries.get_app_interface_settings()
accounts = queries.get_aws_accounts()
clusters = [c for c in queries.get_clusters(minimal=True) if c.get('ocm')]
oc_map = OC_Map(clusters=clusters,
integration=QONTRACT_INTEGRATION,
settings=settings,
internal=internal,
use_jump_host=use_jump_host,
thread_pool_size=thread_pool_size)
defer(lambda: oc_map.cleanup())
state = State(integration=QONTRACT_INTEGRATION,
accounts=accounts,
settings=settings)
if not dry_run:
slack = init_slack_workspace(QONTRACT_INTEGRATION)
now = datetime.utcnow()
for cluster in oc_map.clusters():
oc = oc_map.get(cluster)
if not oc:
logging.log(level=oc.log_level, msg=oc.message)
continue
upgrade_config = oc.get(namespace='openshift-managed-upgrade-operator',
kind='UpgradeConfig',
name='osd-upgrade-config',
allow_not_found=True)
if not upgrade_config:
logging.debug(f'[{cluster}] UpgradeConfig not found.')
continue
upgrade_spec = upgrade_config['spec']
upgrade_at = upgrade_spec['upgradeAt']
version = upgrade_spec['desired']['version']
upgrade_at_obj = datetime.strptime(upgrade_at, '%Y-%m-%dT%H:%M:%SZ')
state_key = f'{cluster}-{upgrade_at}'
# if this is the first iteration in which 'now' had passed
# the upgrade at date time, we send a notification
if upgrade_at_obj < now:
if state.exists(state_key):
# already notified
continue
logging.info(['cluster_upgrade', cluster])
if not dry_run:
state.add(state_key)
usergroup = f'{cluster}-cluster'
usergroup_id = slack.get_usergroup_id(usergroup)
slack.chat_post_message(
f'Heads up <!subteam^{usergroup_id}>! ' +
f'cluster `{cluster}` is currently ' +
f'being upgraded to version `{version}`')
def fetch_desired_state(infer_clusters=True):
gqlapi = gql.get_api()
state = AggregatedList()
roles = gqlapi.query(ROLES_QUERY)['roles']
for role in roles:
permissions = list(filter(
lambda p: p.get('service') in ['github-org', 'github-org-team'],
role['permissions']
))
if not permissions:
continue
members = []
for user in role['users']:
members.append(user['github_username'])
for bot in role['bots']:
if 'github_username' in bot:
members.append(bot['github_username'])
members = [m.lower() for m in members]
for permission in permissions:
if permission['service'] == 'github-org':
state.add(permission, members)
elif permission['service'] == 'github-org-team':
state.add(permission, members)
state.add({
'service': 'github-org',
'org': permission['org'],
}, members)
if not infer_clusters:
return state
clusters = gqlapi.query(CLUSTERS_QUERY)['clusters']
settings = queries.get_app_interface_settings()
oc_map = OC_Map(clusters=clusters, settings=settings)
defer(lambda: oc_map.cleanup())
openshift_users_desired_state = \
openshift_users.fetch_desired_state(oc_map)
for cluster in clusters:
if not cluster['auth']:
continue
cluster_name = cluster['name']
members = [ou['user'].lower()
for ou in openshift_users_desired_state
if ou['cluster'] == cluster_name]
state.add({
'service': 'github-org',
'org': cluster['auth']['org'],
}, members)
if cluster['auth']['service'] == 'github-org-team':
state.add({
'service': 'github-org-team',
'org': cluster['auth']['org'],
'team': cluster['auth']['team'],
}, members)
return state