Created
May 31, 2022 19:02
-
-
Save torvald/e10474907beafac7f6511988d0f643ab to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def _give_access(subject: OdaUser, role: Role, reason: str): | |
google.add_subject_to_role(subject=subject, role=role, expiry=ONE_HOUR) | |
msg = f"{subject} got access to {role} for 60 min ({reason})" | |
utils.slack(channel=channel, msg=msg) | |
@app.post("/request") | |
def request(requestor: OdaUser, subject: OdaUser, requested_role: Role): | |
assert is_developer(requestor) | |
# Peer gives access on a request | |
if requestor != subject: | |
assert is_developer(subject) | |
assert requestor in requested_role.reviewer_list() | |
utils.slack("{requestor} approved of {subject}'s access request") | |
_give_access(subject, requested_role) | |
# Requestor omits peer review if oncall | |
elif subject in pagerduty.current_oncallers(): | |
_give_access(subject, requested_role) | |
# some role allow for auto-grant under curtain conditions | |
elif requested_role.allow_auto_grant(subject=subject): | |
_give_access(subject, requested_role) | |
# Otherwise, ask for the request to be peer-reviewed by somebody else | |
else: | |
utils.slack( | |
channel=channel, | |
msg=(f"{subject} asked for permission {requested_role}, approve: {link}") | |
) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment