Skip to content

Commit e254923

Browse files
committed
Add tenant skip policy alert
1 parent d58216f commit e254923

5 files changed

Lines changed: 10 additions & 2 deletions

File tree

cloud_governance/policy/common_policies/send_aggregated_alerts.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@ def __init__(self):
2020
self.__mail_to = self.__environment_variables.get('EMAIL_TO') # testing purposes
2121
self.__mail_cc = self.__environment_variables.get('EMAIL_CC', [])
2222
self.__alert_dry_run = self.__environment_variables.get('ALERT_DRY_RUN')
23+
self.__skip_policies_alert = self.__environment_variables.get('SKIP_POLICIES_ALERT')
2324
self.__mail_message = MailMessage()
2425
self.__postfix = Postfix()
2526
self.__es_operations = ElasticSearchOperations()
@@ -55,7 +56,7 @@ def __get_es_data(self):
5556
"ebs_in_use",
5657
"instance_run", "cluster_run", "optimize_resource_report",
5758
"optimize_resources_report", "skipped_resources"
58-
]
59+
] + self.__skip_policies_alert
5960
}
6061
}
6162
],

jenkins/tenant/aws/common/run_policies.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,7 @@ def run_cmd(cmd: str):
5757
GOOGLE_APPLICATION_CREDENTIALS = os.environ['GOOGLE_APPLICATION_CREDENTIALS']
5858
SPREADSHEET_ID = os.environ['AWS_IAM_USER_SPREADSHEET_ID']
5959
ADMIN_MAIL_LIST = os.environ.get('ADMIN_MAIL_LIST', '')
60+
SKIP_POLICIES_ALERT = os.environ.get('SKIP_POLICIES_ALERT', '')
6061

6162
# Set es_index if given
6263
ES_INDEX = os.environ.get('ES_INDEX', None)
@@ -127,4 +128,4 @@ def run_policies(policies: list, dry_run: str = 'yes'):
127128
# Run the AggMail
128129

129130
run_cmd(
130-
f"""podman run --rm --name cloud-governance-haim --net="host" -e account="{account_name}" -e policy="send_aggregated_alerts" -e AWS_ACCESS_KEY_ID="{access_key}" -e AWS_SECRET_ACCESS_KEY="{secret_key}" -e LDAP_HOST_NAME="{LDAP_HOST_NAME}" -e log_level="INFO" -e es_host="{ES_HOST}" -e es_port="{ES_PORT}" {env_es_index} -e ADMIN_MAIL_LIST="{ADMIN_MAIL_LIST}" -e ALERT_DRY_RUN="{ALERT_DRY_RUN}" {QUAY_CLOUD_GOVERNANCE_REPOSITORY}""")
131+
f"""podman run --rm --name cloud-governance-haim --net="host" -e account="{account_name}" -e policy="send_aggregated_alerts" -e AWS_ACCESS_KEY_ID="{access_key}" -e AWS_SECRET_ACCESS_KEY="{secret_key}" -e LDAP_HOST_NAME="{LDAP_HOST_NAME}" -e SKIP_POLICIES_ALERT="{SKIP_POLICIES_ALERT}" -e log_level="INFO" -e es_host="{ES_HOST}" -e es_port="{ES_PORT}" {env_es_index} -e ADMIN_MAIL_LIST="{ADMIN_MAIL_LIST}" -e ALERT_DRY_RUN="{ALERT_DRY_RUN}" {QUAY_CLOUD_GOVERNANCE_REPOSITORY}""")

jenkins/tenant/aws/ecoeng_01/PolicyJenkinsfileDaily

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -78,6 +78,10 @@ pipeline {
7878
string(credentialsId: "${account}-s3-bucket", variable: 's3_bucket')]) {
7979
// POLICIES_IN_ACTION: Policies that run in the dry_run="no" mode
8080
env.POLICIES_IN_ACTION = '["unattached_volume", "ip_unattached", "zombie_snapshots", "unused_nat_gateway", "s3_inactive", "empty_roles", "zombie_cluster_resource"]'
81+
env.SKIP_POLICIES_ALERT = '["unused_access_key"]'
82+
if (account == 'industry-partners') {
83+
env.SKIP_POLICIES_ALERT = ['']
84+
}
8185
env.account_name = "${account}"
8286
env.ADMIN_MAIL_LIST = "${accounts_list[account]}"
8387
sh 'python3 jenkins/tenant/aws/common/run_policies.py'

jenkins/tenant/aws/ecoeng_02/PolicyJenkinsfileDaily

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,7 @@ pipeline {
6464
withCredentials([string(credentialsId: "${account}-aws-access-key-id", variable: 'access_key'),
6565
string(credentialsId: "${account}-aws-secret-key-id", variable: 'secret_key'),
6666
string(credentialsId: "${account}-s3-bucket", variable: 's3_bucket')]) {
67+
env.SKIP_POLICIES_ALERT = '["unused_access_key"]'
6768
env.account_name = "${account}"
6869
env.ADMIN_MAIL_LIST = "${accounts_list[account]}"
6970
sh 'python3 jenkins/tenant/aws/common/run_policies.py'

jenkins/tenant/aws/ecoeng_03/PolicyJenkinsfileDaily

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,7 @@ pipeline {
6363
string(credentialsId: "${account}-s3-bucket", variable: 's3_bucket')]) {
6464
env.account_name = "${account}"
6565
env.ADMIN_MAIL_LIST = "${accounts_list[account]}"
66+
env.SKIP_POLICIES_ALERT = '["unused_access_key"]'
6667
sh 'python3 jenkins/tenant/aws/common/run_policies.py'
6768
}
6869
}

0 commit comments

Comments
 (0)