diff --git a/cloud_governance/main/environment_variables.py b/cloud_governance/main/environment_variables.py index 1df73fa1e..10919de3d 100644 --- a/cloud_governance/main/environment_variables.py +++ b/cloud_governance/main/environment_variables.py @@ -283,6 +283,8 @@ def __init__(self): self._environment_variables_dict['POLICIES_TO_ALERT'] = literal_eval( EnvironmentVariables.get_env('POLICIES_TO_ALERT', '[]')) self._environment_variables_dict['ADMIN_MAIL_LIST'] = EnvironmentVariables.get_env('ADMIN_MAIL_LIST', '') + self._environment_variables_dict['SKIP_POLICIES_ALERT'] = literal_eval( + EnvironmentVariables.get_env('SKIP_POLICIES_ALERT', "['']")) if self._environment_variables_dict.get('policy') in ['send_aggregated_alerts', 'cloudability_cost_reports']: self._environment_variables_dict['COMMON_POLICIES'] = True # CRO -- Cloud Resource Orch diff --git a/cloud_governance/policy/common_policies/send_aggregated_alerts.py b/cloud_governance/policy/common_policies/send_aggregated_alerts.py index dde2f614b..7c29934ad 100644 --- a/cloud_governance/policy/common_policies/send_aggregated_alerts.py +++ b/cloud_governance/policy/common_policies/send_aggregated_alerts.py @@ -20,6 +20,7 @@ def __init__(self): self.__mail_to = self.__environment_variables.get('EMAIL_TO') # testing purposes self.__mail_cc = self.__environment_variables.get('EMAIL_CC', []) self.__alert_dry_run = self.__environment_variables.get('ALERT_DRY_RUN') + self.__skip_policies_alert = self.__environment_variables.get('SKIP_POLICIES_ALERT') self.__mail_message = MailMessage() self.__postfix = Postfix() self.__es_operations = ElasticSearchOperations() @@ -55,7 +56,7 @@ def __get_es_data(self): "ebs_in_use", "instance_run", "cluster_run", "optimize_resource_report", "optimize_resources_report", "skipped_resources" - ] + ] + self.__skip_policies_alert } } ], diff --git a/jenkins/tenant/aws/common/run_policies.py b/jenkins/tenant/aws/common/run_policies.py index 103533837..e521b0956 100644 --- a/jenkins/tenant/aws/common/run_policies.py +++ b/jenkins/tenant/aws/common/run_policies.py @@ -57,6 +57,7 @@ def run_cmd(cmd: str): GOOGLE_APPLICATION_CREDENTIALS = os.environ['GOOGLE_APPLICATION_CREDENTIALS'] SPREADSHEET_ID = os.environ['AWS_IAM_USER_SPREADSHEET_ID'] ADMIN_MAIL_LIST = os.environ.get('ADMIN_MAIL_LIST', '') +SKIP_POLICIES_ALERT = os.environ.get('SKIP_POLICIES_ALERT', '') # Set es_index if given ES_INDEX = os.environ.get('ES_INDEX', None) @@ -127,4 +128,4 @@ def run_policies(policies: list, dry_run: str = 'yes'): # Run the AggMail run_cmd( - f"""podman run --rm --name cloud-governance-haim --net="host" -e account="{account_name}" -e policy="send_aggregated_alerts" -e AWS_ACCESS_KEY_ID="{access_key}" -e AWS_SECRET_ACCESS_KEY="{secret_key}" -e LDAP_HOST_NAME="{LDAP_HOST_NAME}" -e log_level="INFO" -e es_host="{ES_HOST}" -e es_port="{ES_PORT}" {env_es_index} -e ADMIN_MAIL_LIST="{ADMIN_MAIL_LIST}" -e ALERT_DRY_RUN="{ALERT_DRY_RUN}" {QUAY_CLOUD_GOVERNANCE_REPOSITORY}""") + f"""podman run --rm --name cloud-governance-haim --net="host" -e account="{account_name}" -e policy="send_aggregated_alerts" -e AWS_ACCESS_KEY_ID="{access_key}" -e AWS_SECRET_ACCESS_KEY="{secret_key}" -e LDAP_HOST_NAME="{LDAP_HOST_NAME}" -e SKIP_POLICIES_ALERT="{SKIP_POLICIES_ALERT}" -e log_level="INFO" -e es_host="{ES_HOST}" -e es_port="{ES_PORT}" {env_es_index} -e ADMIN_MAIL_LIST="{ADMIN_MAIL_LIST}" -e ALERT_DRY_RUN="{ALERT_DRY_RUN}" {QUAY_CLOUD_GOVERNANCE_REPOSITORY}""") diff --git a/jenkins/tenant/aws/ecoeng_01/PolicyJenkinsfileDaily b/jenkins/tenant/aws/ecoeng_01/PolicyJenkinsfileDaily index cbe493879..b1a2a1dde 100644 --- a/jenkins/tenant/aws/ecoeng_01/PolicyJenkinsfileDaily +++ b/jenkins/tenant/aws/ecoeng_01/PolicyJenkinsfileDaily @@ -39,6 +39,9 @@ pipeline { contact4 = "matrujil@redhat.com" // Find the all available policies: https://github.com/redhat-performance/cloud-governance/tree/main/cloud_governance/policy // By default, all policies are running in dry_run="yes" mode and the whole list can be found in run_policies.py + // POLICIES_IN_ACTION: Policies that run in the dry_run="no" mode + POLICIES_IN_ACTION = '["unattached_volume", "ip_unattached", "zombie_snapshots", "unused_nat_gateway", "s3_inactive", "empty_roles", "zombie_cluster_resource"]' + SKIP_POLICIES_ALERT = '["unused_access_key"]' } stages { stage('Checkout') { // Checkout (git clone ...) the projects repository @@ -76,8 +79,9 @@ pipeline { withCredentials([string(credentialsId: "${account}-aws-access-key-id", variable: 'access_key'), string(credentialsId: "${account}-aws-secret-key-id", variable: 'secret_key'), string(credentialsId: "${account}-s3-bucket", variable: 's3_bucket')]) { - // POLICIES_IN_ACTION: Policies that run in the dry_run="no" mode - env.POLICIES_IN_ACTION = '["unattached_volume", "ip_unattached", "zombie_snapshots", "unused_nat_gateway", "s3_inactive", "empty_roles", "zombie_cluster_resource"]' + if (account == 'industry-partners') { + env.SKIP_POLICIES_ALERT = '[]' + } env.account_name = "${account}" env.ADMIN_MAIL_LIST = "${accounts_list[account]}" sh 'python3 jenkins/tenant/aws/common/run_policies.py' diff --git a/jenkins/tenant/aws/ecoeng_02/PolicyJenkinsfileDaily b/jenkins/tenant/aws/ecoeng_02/PolicyJenkinsfileDaily index 7798bed81..066dfbc42 100644 --- a/jenkins/tenant/aws/ecoeng_02/PolicyJenkinsfileDaily +++ b/jenkins/tenant/aws/ecoeng_02/PolicyJenkinsfileDaily @@ -29,6 +29,7 @@ pipeline { // By default, all policies are running in dry_run="yes" mode and the whole list can be found in run_policies.py // POLICIES_IN_ACTION: Policies that run in the dry_run="no" mode POLICIES_IN_ACTION = '["unattached_volume", "ip_unattached", "zombie_snapshots", "unused_nat_gateway", "s3_inactive", "empty_roles", "zombie_cluster_resource"]' + SKIP_POLICIES_ALERT = '["unused_access_key"]' } stages { stage('Checkout') { // Checkout (git clone ...) the projects repository diff --git a/jenkins/tenant/aws/ecoeng_03/PolicyJenkinsfileDaily b/jenkins/tenant/aws/ecoeng_03/PolicyJenkinsfileDaily index 2dc28cd87..9cd34d295 100644 --- a/jenkins/tenant/aws/ecoeng_03/PolicyJenkinsfileDaily +++ b/jenkins/tenant/aws/ecoeng_03/PolicyJenkinsfileDaily @@ -26,6 +26,7 @@ pipeline { // By default, all policies are running in dry_run="yes" mode and the whole list can be found in run_policies.py // POLICIES_IN_ACTION: Policies that run in the dry_run="no" mode POLICIES_IN_ACTION = '["unattached_volume", "ip_unattached", "zombie_snapshots", "unused_nat_gateway", "s3_inactive", "empty_roles", "zombie_cluster_resource"]' + SKIP_POLICIES_ALERT = '["unused_access_key"]' } stages { stage('Checkout') { // Checkout (git clone ...) the projects repository