launchpad-reviewers team mailing list archive

Thread
Date

[Merge] ~cjwatson/launchpad:charm-admin-bot-account-actions into launchpad:master

To: mp+454630@xxxxxxxxxxxxxxxxxx
From: Colin Watson <mp+454630@xxxxxxxxxxxxxxxxxx>
Date: Thu, 26 Oct 2023 13:27:20 -0000
Reply-to: mp+454630@xxxxxxxxxxxxxxxxxx
Sender: noreply@xxxxxxxxxxxxx

Colin Watson has proposed merging ~cjwatson/launchpad:charm-admin-bot-account-actions into launchpad:master.

Commit message:
charm: Add launchpad-admin actions to manage bot accounts

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~cjwatson/launchpad/+git/launchpad/+merge/454630

This is for use by lp:canonical-is-service-manager.  It seems to use all the options of the underlying scripts, so I've just passed them all through as action parameters.  (The bits that seem unduly Canonical-specific are that way in the underlying scripts.)
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~cjwatson/launchpad:charm-admin-bot-account-actions into launchpad:master.

diff --git a/charm/launchpad-admin/actions.yaml b/charm/launchpad-admin/actions.yaml
new file mode 100644
index 0000000..7fd7a21
--- /dev/null
+++ b/charm/launchpad-admin/actions.yaml
@@ -0,0 +1,38 @@
+create-bot-account:
+  description: >
+    Create a bot account.  This is intended mainly for use within
+    Canonical's infrastructure, and so makes some assumptions around SSO
+    account creation and team membership that only hold there; people
+    running it elsewhere will need to set the "openid" and "teams"
+    parameters.
+  params:
+    username:
+      type: string
+      description: Username for the bot.
+    openid:
+      type: string
+      description: >
+        OpenID identifier suffix.  When used from Canonical's service
+        manager infrastructure, this is unnecessary because SSO account
+        creation handles it.
+    email:
+      type: string
+      description: Email address.  Defaults to webops+username@xxxxxxxxxxxxx.
+    sshkey:
+      type: string
+      description: SSH public key.  Defaults to no SSH key.
+    teams:
+      type: string
+      description: >
+        Add the bot to this comma-separated list of teams.  Defaults to
+        canonical-is-devopsolution-bots.
+  required:
+    - username
+suspend-bot-account:
+  description: Suspend a bot account.
+  params:
+    email:
+      type: string
+      description: Email address for the bot.
+  required:
+    - email
diff --git a/charm/launchpad-admin/actions/actions.py b/charm/launchpad-admin/actions/actions.py
new file mode 100755
index 0000000..8fb63a5
--- /dev/null
+++ b/charm/launchpad-admin/actions/actions.py
@@ -0,0 +1,84 @@
+#! /usr/bin/python3
+# Copyright 2023 Canonical Ltd.  This software is licensed under the
+# GNU Affero General Public License version 3 (see the file LICENSE).
+
+import subprocess
+import sys
+import traceback
+from pathlib import Path
+
+sys.path.append("lib")
+
+from charms.layer import basic  # noqa: E402
+
+basic.bootstrap_charm_deps()
+basic.init_config_states()
+
+from charmhelpers.core import hookenv  # noqa: E402
+from ols import base  # noqa: E402
+
+
+def create_bot_account():
+    params = hookenv.action_get()
+    script = Path(base.code_dir(), "scripts", "create-bot-account.py")
+    command = [
+        "sudo",
+        "-H",
+        "-u",
+        base.user(),
+        "LPCONFIG=launchpad-admin",
+        "--",
+        script,
+        "--username",
+        params["username"],
+    ]
+    if "openid" in params:
+        command.extend(["--openid", params["openid"]])
+    if "email" in params:
+        command.extend(["--email", params["email"]])
+    if "sshkey" in params:
+        command.extend(["--sshkey", params["sshkey"]])
+    if "teams" in params:
+        command.extend(["--teams", params["teams"]])
+    subprocess.run(command, check=True)
+    hookenv.action_set({"result": f"Created {params['username']}"})
+
+
+def suspend_bot_account():
+    params = hookenv.action_get()
+    script = Path(base.code_dir(), "scripts", "suspend-bot-account.py")
+    command = [
+        "sudo",
+        "-H",
+        "-u",
+        base.user(),
+        "LPCONFIG=launchpad-admin",
+        "--",
+        script,
+        "--email",
+        params["email"],
+    ]
+    subprocess.run(command, check=True)
+    hookenv.action_set({"result": f"Suspended {params['email']}"})
+
+
+def main(argv):
+    action = Path(argv[0]).name
+    try:
+        if action == "create-bot-account":
+            create_bot_account()
+        elif action == "suspend-bot-account":
+            suspend_bot_account()
+        else:
+            hookenv.action_fail(f"Action {action} not implemented.")
+    except Exception:
+        hookenv.action_fail("Unhandled exception")
+        tb = traceback.format_exc()
+        hookenv.action_set(dict(traceback=tb))
+        hookenv.log(f"Unhandled exception in action {action}:")
+        for line in tb.splitlines():
+            hookenv.log(line)
+
+
+if __name__ == "__main__":
+    main(sys.argv)
diff --git a/charm/launchpad-admin/actions/create-bot-account b/charm/launchpad-admin/actions/create-bot-account
new file mode 120000
index 0000000..405a394
--- /dev/null
+++ b/charm/launchpad-admin/actions/create-bot-account
@@ -0,0 +1 @@
+actions.py
\ No newline at end of file
diff --git a/charm/launchpad-admin/actions/suspend-bot-account b/charm/launchpad-admin/actions/suspend-bot-account
new file mode 120000
index 0000000..405a394
--- /dev/null
+++ b/charm/launchpad-admin/actions/suspend-bot-account
@@ -0,0 +1 @@
+actions.py
\ No newline at end of file