Note: The default ITS GitLab runner is a shared resource and is subject to slowdowns during heavy usage.
You can run your own GitLab runner that is dedicated just to your group if you need to avoid processing delays.

Commit 70ffa4eb authored by Rob Carleski's avatar Rob Carleski 🇮🇸
Browse files

Fix retry for groups which need ownership granted via the web UI

parent 9bddd8f4
......@@ -17,6 +17,7 @@ from secrets import choice
from subprocess import check_output as cmd
from subprocess import CalledProcessError
from subprocess import STDOUT
from time import sleep
devnull = open(os.devnull, 'w')
......@@ -201,7 +202,7 @@ https://documentation.its.umich.edu/node/339/
def set_up_mcommunity_group(self):
_control_group = self.config['mcommunity']['api_control_group']
self.control_group = self.config['mcommunity']['api_control_group']
_ext_addr = self.username + '@go.itd.umich.edu'
_needs_update = False
......@@ -210,25 +211,25 @@ https://documentation.its.umich.edu/node/339/
'Checking Mcommunity for associated group',
extra={'entity': self.account}
)
client = mcommunity.MCommClient(
self.mcomm_client = mcommunity.MCommClient(
self.config['mcommunity']['client_id'],
self.config['mcommunity']['secret']
)
mcomm_group = client.group(self.groupname)
self.mcomm_group = self.mcomm_client.group(self.groupname)
except mcommunity.core.MCommError as e:
self.logger.info(e, extra={'entity': self.account})
if mcomm_group.exists:
if self.mcomm_group.exists:
self.logger.info(
'Found associated MCommunity group',
extra={'entity': self.account}
)
if set(self.owners) - set(mcomm_group.owners):
if set(self.owners) - set(self.mcomm_group.owners):
_needs_update = True
if self.service in ['google', 'both']:
if _ext_addr not in mcomm_group.externalMembers:
if _ext_addr not in self.mcomm_group.externalMembers:
_needs_update = True
if _needs_update:
......@@ -236,14 +237,8 @@ https://documentation.its.umich.edu/node/339/
'Mcommunity group needs updating',
extra={'entity': self.account}
)
if _control_group not in mcomm_group.owners:
if not self.take_group_ownership():
self.logger.error(
'Failed to obtain group ownership',
extra={'entity': self.account}
)
exit(2)
mcomm_group.fetch()
if self.control_group not in self.mcomm_group.owners:
self.take_group_ownership()
else:
self.logger.info(
'Mcommunity group does not need an update',
......@@ -262,19 +257,19 @@ https://documentation.its.umich.edu/node/339/
'Reserving new Mcommunity group',
extra={'entity': self.account}
)
mcomm_group.reserve()
self.mcomm_group.reserve()
except mcommunity.core.MCommError as e:
self.logger.info(e, extra={'entity': self.account})
exit(2)
try:
if self.alias not in mcomm_group.aliases:
if self.alias not in self.mcomm_group.aliases:
self.logger.info(
'Adding Mcommunity group alias',
extra={'entity': self.account}
)
mcomm_group.aliases.append(self.alias)
mcomm_group.update_aliases()
self.mcomm_group.aliases.append(self.alias)
self.mcomm_group.update_aliases()
except mcommunity.core.MCommError as e:
self.logger.warning(e, extra={'entity': self.account})
......@@ -284,10 +279,10 @@ https://documentation.its.umich.edu/node/339/
extra={'entity': self.account}
)
if self.service in ['google', 'both']:
mcomm_group.externalMembers.append(_ext_addr)
if _control_group in mcomm_group.memberGroups:
mcomm_group.memberGroups.remove(_control_group)
mcomm_group.update_membership()
self.mcomm_group.externalMembers.append(_ext_addr)
if self.control_group in self.mcomm_group.memberGroups:
self.mcomm_group.memberGroups.remove(self.control_group)
self.mcomm_group.update_membership()
except mcommunity.core.MCommError as e:
self.logger.warning(e, extra={'entity': self.account})
......@@ -296,13 +291,13 @@ https://documentation.its.umich.edu/node/339/
'Updating Mcommunity group ownership',
extra={'entity': self.account}
)
mcomm_group.owners.extend(self.owners)
mcomm_group.owners.remove(
_control_group
self.mcomm_group.owners.extend(self.owners)
self.mcomm_group.owners.remove(
self.control_group
)
mcomm_group.update_ownership()
assert len(mcomm_group.owners) > 0
assert _control_group not in mcomm_group.owners
self.mcomm_group.update_ownership()
assert len(self.mcomm_group.owners) > 0
assert self.control_group not in self.mcomm_group.owners
except AssertionError as e:
self.logger.warning(e, extra={'entity': self.account})
except mcommunity.core.MCommError as e:
......@@ -310,7 +305,16 @@ https://documentation.its.umich.edu/node/339/
def take_group_ownership(self):
input('Add api controller as group owner, then press enter.')
return True
for i in range(5):
del(self.mcomm_group)
self.mcomm_group = self.mcomm_client.group(self.groupname)
if self.control_group in self.mcomm_group.owners:
return True
else:
sleep(2**i)
else:
self.logger.error('Failed to obtain group ownership.')
exit(2)
def set_kerberos_password(self):
try:
......
......@@ -63,16 +63,6 @@ def test_set_up_mcommunity_group_existing_owned(mock_client):
sa.set_up_mcommunity_group()
@mock.patch('collab_admin_kit.create_shared.input')
@mock.patch('mcommunity.MCommClient')
def test_set_up_mcommunity_group_existing_unowned(mock_client, mock_input):
mock_input.return_value(True)
mock_client.return_value.group.return_value.fetch.return_value = json.loads(
open(data_dir + '/mock_mcomm/profile_testgroup.json').read()
)
sa.set_up_mcommunity_group()
@mock.patch('kadmin.init_with_keytab')
def test_set_kerberos_password(kadmin):
sa.set_kerberos_password()
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment