def run(dry_run): settings = queries.get_app_interface_settings() gqlapi = gql.get_api() github = init_github() secret_reader = SecretReader(settings=settings) # Reconcile against all sentry instances instances = gqlapi.query(SENTRY_INSTANCES_QUERY)["instances"] tokens = { i["name"]: secret_reader.read(i["automationToken"]) for i in instances } skip_users = { i["name"]: secret_reader.read(i["adminUser"]) for i in instances } for instance in instances: instance_name = instance["name"] token = tokens[instance_name] host = instance["consoleUrl"] sentry_client = SentryClient(host, token) skip_user = skip_users[instance_name] current_state = fetch_current_state(sentry_client, [skip_user]) desired_state = fetch_desired_state(gqlapi, instance, github) reconciler = SentryReconciler(sentry_client, dry_run) reconciler.reconcile(current_state, desired_state)
def lookup_github_file_content(repo, path, ref, tvars=None): if tvars is not None: repo = process_jinja2_template(repo, vars=tvars) path = process_jinja2_template(path, vars=tvars) ref = process_jinja2_template(ref, vars=tvars) gh = init_github() c = gh.get_repo(repo).get_contents(path, ref).decoded_content return c.decode("utf-8")
def validate_users_github(users, thread_pool_size): ok = True g = init_github() results = threaded.run(get_github_user, users, thread_pool_size, github=g) for org_username, gb_username, gh_login in results: if gb_username != gh_login: logging.error( "Github username is case sensitive in OSD. " f"User {org_username} github_username should be: {gh_login}.") ok = False return ok
def validate_users_github(users, thread_pool_size): ok = True g = init_github() results = threaded.run(get_github_user, users, thread_pool_size, github=g) for org_username, gb_username, gh_login in results: if gb_username != gh_login: logging.error("Github username is case sensitive in OSD. " f"User {org_username} is expecting to have " f"the github username of {gh_login}, " f"but the username specified in " f"app-interface is {gb_username}") ok = False return ok
def get_all_repos_to_scan(repos): logging.info("getting full list of repos") all_repos = [] all_repos.extend([strip_repo_url(r) for r in repos]) g = init_github() for r in repos: logging.debug("getting forks: {}".format(r)) repo_name = r.replace("https://github.com/", "") try: repo = g.get_repo(repo_name) forks = repo.get_forks() all_repos.extend([strip_repo_url(f.clone_url) for f in forks]) except UnknownObjectException: logging.error("not found {}".format(r)) return all_repos
def run(dry_run): settings = queries.get_app_interface_settings() gqlapi = gql.get_api() github = init_github() secret_reader = SecretReader(settings=settings) # Reconcile against all sentry instances result = gqlapi.query(SENTRY_INSTANCES_QUERY) for instance in result['instances']: token = secret_reader.read(instance['automationToken']) host = instance['consoleUrl'] sentry_client = SentryClient(host, token) skip_user = secret_reader.read(instance['adminUser']) current_state = fetch_current_state(sentry_client, [skip_user]) desired_state = fetch_desired_state(gqlapi, instance, github) reconciler = SentryReconciler(sentry_client, dry_run) reconciler.reconcile(current_state, desired_state)