diff --git a/aws_access/access.py b/aws_access/access.py index d91502e..20da4a1 100644 --- a/aws_access/access.py +++ b/aws_access/access.py @@ -72,12 +72,12 @@ def approve( if not granted_access: logger.error( - "Something when wrong while adding %s to group %s: %s", + constants.ERROR_MESSAGES["grant_access_failed"], user.email, label["group"], str(exception) ) - return False + return False, constants.ERROR_MESSAGES["grant_access_failed"] % (user.email, label["group"], str(exception)) try: self.__send_approve_email( @@ -90,7 +90,6 @@ def approve( ) except Exception as ex: logger.exception("%s Could not send email for error %s", self.tag(), str(ex)) - return False return True @@ -215,18 +214,17 @@ def revoke(self, user, user_identity, label, request): if not is_revoked: logger.error( - "Something went wrong while removing %s from %s: %s", + constants.ERROR_MESSAGES["revoke_access_failed"], user.email, label["group"], str(exception) ) - return False + return False, constants.ERROR_MESSAGES["revoke_access_failed"] % (user.email, label["group"], str(exception)) label_desc = self.get_label_desc(label) try: self.__send_revoke_email(user, request.request_id, label_desc) - return True except Exception as ex: logger.exception("Could not send email for error %s", str(ex)) - return False + return True def validate_request(self, access_labels_data, request_user, is_group=False): """Validates the access request. diff --git a/aws_access/constants.py b/aws_access/constants.py index 96e257b..f12f87c 100644 --- a/aws_access/constants.py +++ b/aws_access/constants.py @@ -6,4 +6,6 @@ "valid_action_required": "Valid action is required for AWS access", "valid_account_required": "Valid account name is required for AWS access", "valid_group_required": "Valid group name is required for AWS access", + "grant_access_failed" : "Something when wrong while adding %s to group %s: %s", + "revoke_access_failed" : "Something went wrong while removing %s from %s: %s", } diff --git a/confluence/access.py b/confluence/access.py index 9603a2e..0e4f9e5 100644 --- a/confluence/access.py +++ b/confluence/access.py @@ -150,20 +150,20 @@ def __approve_space_access( ) if response.status_code == 200: - return str(json.loads(response.text)["id"]) + return True, str(json.loads(response.text)["id"]) if response.status_code == 400: - return json.loads(response.text)["message"].split(" ")[-1] + return True, json.loads(response.text)["message"].split(" ")[-1] logger.error( - "Could not approve permission %s for response %s", + constants.ERROR_MESSAGES["grant_access_failed"], str(permission), str(response.text) ) - return False + return False, constants.ERROR_MESSAGES["grant_access_failed"] % (str(permission), str(response.text)) except Exception as ex: logger.error( - "Could not approve permission %s for error %s", + constants.ERROR_MESSAGES["grant_access_failed"], str(permission), str(ex) ) - return False + return False, constants.ERROR_MESSAGES["grant_access_failed"] % (str(permission), str(response.text)) def __revoke_space_access(self, space_key, permission_id): """Makes confluence API calls and revokes access to a confluence space.""" @@ -302,14 +302,14 @@ def approve( approve_result = [] for permission in permissions: - response = self.__approve_space_access( + response, result = self.__approve_space_access( label["access_workspace"], permission, user_identity.identity["id"], subject_type="user", ) if response is False: - return False + return response, result approve_result.append( {"permission": permission, "permission_id": response} @@ -321,10 +321,9 @@ def approve( self.__send_approve_email( user_identity.user, request.request_id, access_type, approver ) - return True except Exception as ex: logger.error("Could not send email for error %s", str(ex)) - return False + return True def __send_approve_email(self, user, request_id, access_type, approver): """Generates and sends email in access grant.""" @@ -372,16 +371,15 @@ def revoke(self, user, user_identity, label, request): label["access_workspace"], permission["permission_id"] ) if response is False: - logger.error("could not revoke access for %s", str(permission)) - return False + logger.error(constants.ERROR_MESSAGES["revoke_access_failed"], str(permission)) + return False, constants.ERROR_MESSAGES["revoke_access_failed"] % (str(permission)) label_desc = self.get_label_desc(label) try: self.__send_revoke_email(user, label_desc) - return True except Exception as ex: logger.error("Could not send email for error %s", str(ex)) - return False + return True def access_desc(self): """Description of the access module. diff --git a/confluence/constants.py b/confluence/constants.py index be25d00..fc3db7b 100644 --- a/confluence/constants.py +++ b/confluence/constants.py @@ -1,4 +1,6 @@ ERROR_MESSAGES = { "missing_argument": "Missing argument in the access label, please resubmit the request.", "valid_access_type": "Valid access type is required to raise the request.", + "access_grant_failed": "Could not approve permission %s for response %s", + "revoke_access_failed": "could not revoke access for %s", } diff --git a/gcp/access.py b/gcp/access.py index 77f3223..e1e74c6 100644 --- a/gcp/access.py +++ b/gcp/access.py @@ -143,17 +143,16 @@ def approve( ) if result is False: logger.error( - "Something went wrong while adding the %s to group %s: %s", + constants.GRANT_ACCESS_FAILED_ERROR, user.email, label["group"], str(exception) ) - return False + return False, constants.GRANT_ACCESS_FAILED_ERROR % (user.email, label["group"], str(exception)) try: self.__send_approve_email(user, label_desc, request.request_id, approver) - return True except Exception as e: logger.error("Could not send email for error %s", str(e)) - return False + return True def __send_approve_email(self, user, label_desc, request_id, approver): """Generates and sends email in access grant.""" @@ -207,18 +206,17 @@ def revoke(self, user, user_identity, label, request): ) if not result: logger.error( - f"Error while removing the user from the group {label['group']}:" - f" {str(exception)}" + constants.REVOKE_ACCESS_FAILED_ERROR, + label["group"], str(exception) ) - return False + return False, constants.REVOKE_ACCESS_FAILED_ERROR % (label["group"], str(exception)) label_desc = self.get_label_desc(label) try: self.__send_revoke_email(user, label_desc, request.request_id) - return True except Exception as e: logger.error("Could not send email for error %s", str(e)) - return False + return True def access_request_data(self, request, is_group=False): """Creates a dictionary of GCP accounts. diff --git a/gcp/constants.py b/gcp/constants.py index b5a1d6e..709cec0 100644 --- a/gcp/constants.py +++ b/gcp/constants.py @@ -3,3 +3,5 @@ VALID_ACTION_REQUIRED_ERROR = "Valid action is required for the request." VALID_DOMAIN_REQUIRED_ERROR = "Valid domain is require for the request." VALID_GROUP_REQUIRED_ERROR = "Valid group is required for the request." +GRANT_ACCESS_FAILED_ERROR = "Something went wrong while adding the %s to group %s: %s" +REVOKE_ACCESS_FAILED_ERROR = "Error while removing the user from the group %s: %s" diff --git a/github_access/access.py b/github_access/access.py index b98ff50..ef60dc9 100644 --- a/github_access/access.py +++ b/github_access/access.py @@ -96,6 +96,9 @@ def approve( label_desc = self.combine_labels_desc(labels) + if not return_value : + return return_value, error_message + try: self.__send_approve_email( user_identity.user, diff --git a/opsgenie_access/access.py b/opsgenie_access/access.py index 3dda7ed..2a916ea 100644 --- a/opsgenie_access/access.py +++ b/opsgenie_access/access.py @@ -214,10 +214,10 @@ def revoke(self, user, user_identity, label, request): return_value = True else: logger.error( - "Something went wrong while removing %s from %s", + constants.REVOKE_ACCESS_FAILED_ERROR, user.user.username, team ) - return False, "" + return False, constants.REVOKE_ACCESS_FAILED_ERROR % (user.user.username, team) access_description = self.get_label_desc(label) try: diff --git a/opsgenie_access/constants.py b/opsgenie_access/constants.py index 144b33f..225a4da 100644 --- a/opsgenie_access/constants.py +++ b/opsgenie_access/constants.py @@ -9,3 +9,4 @@ TEAM_LIST_ERROR = "Error in Finding teams list" GET_USER_BY_EMAIL_FAILED = "Failed to read user email address from zoom." +REVOKE_ACCESS_FAILED_ERROR = "Something went wrong while removing %s from %s" diff --git a/slack_access/access.py b/slack_access/access.py index 0efc49e..a06deee 100644 --- a/slack_access/access.py +++ b/slack_access/access.py @@ -102,15 +102,14 @@ def approve( user.email, label["workspace_id"], workspace_name ) if not invite_user_resp: - logger.error(constants.INVITE_USER_FAILED.format(workspace_name=workspace_name)) - return False + logger.error(constants.INVITE_USER_FAILED, workspace_name) + return False, constants.INVITE_USER_FAILED % (workspace_name) try: self.__send_approve_email(user, label_desc, request.request_id, approver) - return True except Exception as e: logger.exception("Could not send email for error %s", str(e)) - return False + return True def revoke(self, user, user_identity, label, request): """Revoke access to Slack. @@ -129,17 +128,17 @@ def revoke(self, user, user_identity, label, request): ) if not response: logger.error( - constants.REMOVE_USER_FAILED.format(access_workspace, error_message) + constants.REMOVE_USER_FAILED, + access_workspace, error_message ) - return False + return False, constants.REMOVE_USER_FAILED % (access_workspace, error_message) label_desc = self.get_label_desc(label) try: self.__send_revoke_email(user, label_desc, request.request_id) - return True except Exception as e: logger.exception("Could not send email for error %s", str(e)) - return False + return True def get_label_desc(self, access_label): """Returns access label description. diff --git a/slack_access/constants.py b/slack_access/constants.py index d2840b4..ecdd2f3 100644 --- a/slack_access/constants.py +++ b/slack_access/constants.py @@ -5,7 +5,7 @@ VALID_WORKSPACE_REQUIRED_ERROR = "Valid workspace is require for the request." VALID__WORKSPACE_ID_REQUIRED_ERROR = "Valid workspace id is required for the request." INVITE_USER_FAILED = ( - "Could not invite user to requested workspace {workspace_name}." + "Could not invite user to requested workspace %s." " Please contact Admin." ) -REMOVE_USER_FAILED = "Failed to remove user from {} workspace due to error: {}" +REMOVE_USER_FAILED = "Failed to remove user from %s workspace due to error: %s" diff --git a/ssh/access.py b/ssh/access.py index 7f09bc2..fa265e1 100644 --- a/ssh/access.py +++ b/ssh/access.py @@ -65,6 +65,8 @@ def approve( "Something went wrong while adding the %s to group %s: %s" % (user.email, labels, str(error_message)) ) + error_msg = "Something went wrong while adding the %s to group %s: %s" % (user.email, labels, str(error_message)) + return return_value, error_msg try: self.__send_approve_email( @@ -79,7 +81,6 @@ def approve( logger.error( "%s: Could not send email for error %s", self.tag(), str(e) ) - return_value = False return return_value, error_message @@ -204,17 +205,17 @@ def revoke(self, user, user_identity, label, request): "Something went wrong while revoking the %s from group %s: %s", user.email, label, str(error_message) ) - return False + error_msg = "Something went wrong while revoking the %s from group %s: %s" % (user.email, label, str(error_message)) + return False, error_msg label_desc = self.get_label_desc(label) try: self.__send_revoke_email(user, request.request_id, label_desc) - return True except Exception as e: logger.error( "%s: Could not send email for error %s", self.tag(), str(e) ) - return False + return True def validate_request(self, access_labels_data, request_user, is_group=False): """validates the access request for the user to the resource specified in the label diff --git a/zoom_access/access.py b/zoom_access/access.py index 23feb8d..fa6f4a4 100644 --- a/zoom_access/access.py +++ b/zoom_access/access.py @@ -137,10 +137,9 @@ def approve( request.request_id, approver ) - return True, "" except Exception as e: logger.exception("Could not send email for error %s", str(e)) - return False, str(e) + return True def __send_approve_email(self, user, label_desc, request_id, approver): """Generates and sends email in access grant.""" @@ -199,10 +198,9 @@ def revoke(self, user, user_identity, label, request): label_desc = self.get_label_desc(label) try: self.__send_revoke_email(user, label_desc, request.request_id) - return True, "" except Exception as e: logger.exception("Could not send email for error %s", str(e)) - return False, str(e) + return True def can_auto_approve(self): """Checks if access can be auto approved or manual approval is needed.