Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use new ldap export #17

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Use new ldap export #17

wants to merge 3 commits into from

Conversation

pwnbus
Copy link
Contributor

@pwnbus pwnbus commented Jun 3, 2021

No description provided.

@pwnbus pwnbus linked an issue Jun 3, 2021 that may be closed by this pull request
This is broken #12
Open
@pwnbus pwnbus mentioned this pull request Jun 3, 2021
Closed
floatingatoll
floatingatoll reviewed Jun 3, 2021
View reviewed changes
gsuite_cloud_users_driver/driver.py
'[email protected]',
'[email protected]'
'[email protected]',
'[email protected]',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I noted in SE-1879 that we should open a PR to remove elim-owner@ once we get that worked out.

pwnbus
pwnbus commented Jun 3, 2021
View reviewed changes
gsuite_cloud_users_driver/driver.py
if 'Not Authorized to access this resource/api' in str(error):
# We want to know about it, but still want to continue
# for users that we can't disable (admins)
logger.error("Unable to disable user: {}".format(email))
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm only producing a log entry for this error, but we may want to change this to be more obvious so we can setup cloudwatch alerts and know when our script hits these errors, as they require some sort of manual intervention.

pwnbus
pwnbus commented Jun 3, 2021
View reviewed changes
gsuite_cloud_users_driver/serverless.yml
CIS_S3_BUCKET_NAME: cache.ldap.sso.mozilla.com
CIS_LDAP_JSON_FILE: ldap_users.json.xz
LDAP_ASSUME_ROLE_ARN: arn:aws:iam::320464205386:role/cis-gsuite-users-driver
iam:
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The newer version of serverless changed how some of these fields are stored, which is why I had to indent all these lines.

@pwnbus pwnbus linked an issue Jun 3, 2021 that may be closed by this pull request
Current runs produce these errors #4
Open
@floatingatoll floatingatoll mentioned this pull request Oct 25, 2021
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@floatingatoll floatingatoll floatingatoll left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

This is broken Current runs produce these errors
2 participants
@pwnbus @floatingatoll