Colin Watson has proposed merging ~cjwatson/launchpad:charm-admin-bot-account-actions into launchpad:master.
Commit message: charm: Add launchpad-admin actions to manage bot accounts Requested reviews: Launchpad code reviewers (launchpad-reviewers) For more details, see: https://code.launchpad.net/~cjwatson/launchpad/+git/launchpad/+merge/454630 This is for use by lp:canonical-is-service-manager. It seems to use all the options of the underlying scripts, so I've just passed them all through as action parameters. (The bits that seem unduly Canonical-specific are that way in the underlying scripts.) -- Your team Launchpad code reviewers is requested to review the proposed merge of ~cjwatson/launchpad:charm-admin-bot-account-actions into launchpad:master.
diff --git a/charm/launchpad-admin/actions.yaml b/charm/launchpad-admin/actions.yaml new file mode 100644 index 0000000..7fd7a21 --- /dev/null +++ b/charm/launchpad-admin/actions.yaml @@ -0,0 +1,38 @@ +create-bot-account: + description: > + Create a bot account. This is intended mainly for use within + Canonical's infrastructure, and so makes some assumptions around SSO + account creation and team membership that only hold there; people + running it elsewhere will need to set the "openid" and "teams" + parameters. + params: + username: + type: string + description: Username for the bot. + openid: + type: string + description: > + OpenID identifier suffix. When used from Canonical's service + manager infrastructure, this is unnecessary because SSO account + creation handles it. + email: + type: string + description: Email address. Defaults to [email protected]. + sshkey: + type: string + description: SSH public key. Defaults to no SSH key. + teams: + type: string + description: > + Add the bot to this comma-separated list of teams. Defaults to + canonical-is-devopsolution-bots. + required: + - username +suspend-bot-account: + description: Suspend a bot account. + params: + email: + type: string + description: Email address for the bot. + required: + - email diff --git a/charm/launchpad-admin/actions/actions.py b/charm/launchpad-admin/actions/actions.py new file mode 100755 index 0000000..8fb63a5 --- /dev/null +++ b/charm/launchpad-admin/actions/actions.py @@ -0,0 +1,84 @@ +#! /usr/bin/python3 +# Copyright 2023 Canonical Ltd. This software is licensed under the +# GNU Affero General Public License version 3 (see the file LICENSE). + +import subprocess +import sys +import traceback +from pathlib import Path + +sys.path.append("lib") + +from charms.layer import basic # noqa: E402 + +basic.bootstrap_charm_deps() +basic.init_config_states() + +from charmhelpers.core import hookenv # noqa: E402 +from ols import base # noqa: E402 + + +def create_bot_account(): + params = hookenv.action_get() + script = Path(base.code_dir(), "scripts", "create-bot-account.py") + command = [ + "sudo", + "-H", + "-u", + base.user(), + "LPCONFIG=launchpad-admin", + "--", + script, + "--username", + params["username"], + ] + if "openid" in params: + command.extend(["--openid", params["openid"]]) + if "email" in params: + command.extend(["--email", params["email"]]) + if "sshkey" in params: + command.extend(["--sshkey", params["sshkey"]]) + if "teams" in params: + command.extend(["--teams", params["teams"]]) + subprocess.run(command, check=True) + hookenv.action_set({"result": f"Created {params['username']}"}) + + +def suspend_bot_account(): + params = hookenv.action_get() + script = Path(base.code_dir(), "scripts", "suspend-bot-account.py") + command = [ + "sudo", + "-H", + "-u", + base.user(), + "LPCONFIG=launchpad-admin", + "--", + script, + "--email", + params["email"], + ] + subprocess.run(command, check=True) + hookenv.action_set({"result": f"Suspended {params['email']}"}) + + +def main(argv): + action = Path(argv[0]).name + try: + if action == "create-bot-account": + create_bot_account() + elif action == "suspend-bot-account": + suspend_bot_account() + else: + hookenv.action_fail(f"Action {action} not implemented.") + except Exception: + hookenv.action_fail("Unhandled exception") + tb = traceback.format_exc() + hookenv.action_set(dict(traceback=tb)) + hookenv.log(f"Unhandled exception in action {action}:") + for line in tb.splitlines(): + hookenv.log(line) + + +if __name__ == "__main__": + main(sys.argv) diff --git a/charm/launchpad-admin/actions/create-bot-account b/charm/launchpad-admin/actions/create-bot-account new file mode 120000 index 0000000..405a394 --- /dev/null +++ b/charm/launchpad-admin/actions/create-bot-account @@ -0,0 +1 @@ +actions.py \ No newline at end of file diff --git a/charm/launchpad-admin/actions/suspend-bot-account b/charm/launchpad-admin/actions/suspend-bot-account new file mode 120000 index 0000000..405a394 --- /dev/null +++ b/charm/launchpad-admin/actions/suspend-bot-account @@ -0,0 +1 @@ +actions.py \ No newline at end of file
_______________________________________________ Mailing list: https://launchpad.net/~launchpad-reviewers Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-reviewers More help : https://help.launchpad.net/ListHelp
