nimda

Admin task helper - simple script for doing what people don't want to do

View the Project on GitHub kyhau/nimda

Nimda

Build Status codecov License

Some helper functions for on/off boarding automation.

Features

1. Reporting

The reporting code is in nimda/services.py. The default output folder is output and the default log file is nimda.log, which can be changed in the config file (see example config/devops.ini).

  1. DynamoDB UserAccounts:
    1. Write user accounts’ details to DatabaseUserAccountsSummary.json.
    2. Write the following summary to nimda.log:
      1. Total number of users
      2. Total number of active users
  2. Bitbucket:
    1. Write current users of each Team to BitbucketUsers-team-x.csv.
    2. Write the following summary to nimda.log:
      1. Users not in database
      2. Total number of users
  3. Confluence:
    1. Write current users of all groups to ConfluenceUsers.csv.
    2. Write the following summary to nimda.log:
      1. Users shall have been off boarded (i.e. status in database is not active)
      2. Users not in database
      3. Total number of users assigned to any group
  4. Flowdock:
    1. Write current users having email address found in database to FlowdockUsers.csv.
    2. Write the following summary to nimda.log:
      1. Users shall have been off boarded (i.e. status in database is not active)
      2. Users not in database
      3. Total number of users
  5. Jenkins:
    1. Write current users of all groups to JenkinsUsers.csv.
    2. Write the following summary to nimda.log:
      1. Users shall have been off boarded (i.e. status in database is not active)
      2. Total number of users
  6. JIRA:
    1. Write current users of all groups to JiraUsers.csv.
    2. Write the following summary to nimda.log:
      1. Users shall have been off boarded (i.e. status in database is not active)
      2. Users not in database
      3. Total number of users assigned to any group

2. Off-boarding

  1. UserAccounts (DynamoDB):
    1. Set status from active to suspended
    2. Unset bitbucket attribute
    3. Unset confluence attribute
    4. Unset flowdock attribute
    5. Unset jenkins attribute
    6. Unset jira attribute
  2. Bitbucket:
    1. Remove all user access (actual license counts) in the team(s).
  3. Confluence:
    1. Remove user from all groups
    2. Revoke (Confluence) application access (actual license counts)
    3. Deactivate user (not deleted)
  4. Flow:
    1. Remove user from the organisation
  5. Jenkins:
    1. Delete user (Jenkins actually does not delete a user but hides it from all views).
    2. WON’T DO: Not removing user from Role because the api is crap and does not only requires to post all users’ permission details.
  6. JIRA:
    1. Remove user from all groups
    2. Revoke (JIRA) application access (actual license counts)
    3. Deactivate user (not deleted)

3. Transferring

Similar to Off-boarding (at the moment), except

  1. UserAccounts (DynamoDB):
    1. Set status from active to transferred
  2. No Confluence off boarding (Confluence is shared with all Biarri groups)
  3. No Flowdock off boarding (Flowdock is shared with all Biarri groups)

4. On-boarding

  1. UserAccounts (DynamoDB):
    1. Set gmail with the given user name
    2. Set active to active
  2. (TODO)

Current Implementation

  1. Use boto3 to interact with DynamoDB.

  2. Use pybitbucket to interact with Bitbucket; require to write additional functions to support some user management functions.

  3. Use requests to write a client to interact with Confluence REST API.
    Note that it’s the username required for auth.

  4. Use requests to write a client to interact with Flowdock REST API.
    Note that it’s the user email address required for auth.

  5. Use requests to write a client to interact with Jenkins API.
    Note that it’s the username required for auth.

  6. Use jira to interact with JIRA; require to write additional functions to support some user management functions.
    Note that it’s the user email address required for auth.

Run

  1. Update the config file (see config/devops.ini).

  2. pip install the latest version of nimda.

  3. For reporting:

    nimda --config config/devops.ini

  4. To off board a user:

    nimda --config config/devops.ini --offboard [gmail-acc-name e.g. firstname.lastname]

  5. To transfer a user to other business group:

    nimda --config config/devops.ini --transfer [gmail-acc-name e.g. firstname.lastname]

  6. User --help to see all options.

Build

Linux

virtualenv env
. env/bin/activate
pip install -e .

Windows

virtualenv env
env\Scripts\activate
pip install -e .

Tox Tests and Build the Wheels

Linux

./test.sh

Windows

test.bat