codebuild-notifier 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c165c9da8f00e25f828f0eb5839011c2e28f517289429999a56571c431c766cb
-  data.tar.gz: 5b9da99ae167f4ed3e3ce49db33b1f95b738820f5ac9acbacc8c416dd2cec2a9
+  metadata.gz: db502c3440f34e43f24cc73e679a7fe3d937eb50c1989244799bf713560318cf
+  data.tar.gz: a91c267131b3dbac305f3ecf2a955e7a76050d90f59e8c945640a892b06d1fe4
 SHA512:
-  metadata.gz: 9d19c47a78c414223965f09c4221c383aca9faee389b35ec3c924d8603a3ae00076ac9c8b1e9bdae2a01233c46f40facf0076229f5498c4c020ea33e67b8f55d
-  data.tar.gz: d4d63e87575aa32907807cd0157df12da2b60fb6c812bdeca407fb2c6306d34dd2be23ae8f361eab4dcf0879ace21d40711fc75378fee2cdaa34a867a34190e5
+  metadata.gz: 3ef7b68705218fcdbee22f06d72121f6a8340b8aee7ba6346982899d175608ec0f29603d4e37ce93999a25bfd5ab5440ba64e902004737f17931a6d21399452c
+  data.tar.gz: ef31c8ab2dbb9b3cdc566af9edb12dd116f00dc966881b20b95588ecc5c890e3d7534faa982beba97fa04b006bd7cdec5c1f23efdab91689d42ad762d7bb8399

data/README.md

@@ -1,11 +1,11 @@
 # codebuild-notifier
-Reports status of AWS CodeBuild CI jobs to slack.
+Reports status of AWS CodeBuild CI jobs to Slack.
 
 # Infrastructure Requirements
 
 ### Slack App or Bot in your workspace
 
-Notifications will be sent as slack Direct Messages to users from the default
+Notifications will be sent as Slack Direct Messages to users from the default
 Slack bot in your workspace (e.g. @slackbot)
 - Go to <a href="https://api.slack.com/apps">https://api.slack.com/apps</a>
 - Create a New App, e.g. App Name: CodeBuild Notifier
@@ -24,7 +24,7 @@ will come from a user with a name you choose, e.g. CodeBuildBot
 - A new OAuth token will be generated specific to the Bot User. Store this in
 AWS Secrets Manager instead of the App token.
 
-### DynamoDB table
+### DynamoDB table for build history
  - expected to be named 'codebuild-history', but can be configured
  - the following definition:
 
@@ -57,6 +57,39 @@ AWS Secrets Manager instead of the App token.
    { "token": "xoxo-your-slack-app-token" }
 ```
 
+### Optional DynamoDB table for Slack aliases
+
+Slack message recipients are located by extracting the email address of the
+author/commiter of the git commit triggering the build, then searching
+for users with that email address within the Slack workspace.
+
+Users might sign commits with a different email address than they used
+to register with Slack. Even if their git config has a matching address, 
+merges and commits made via the github web interface may use the primary
+email address for the user's github account, or username@noreply.github.com.
+
+To ensure delivery in these cases, a second DynamoDb table can be created
+and configured to do a second lookup if the original lookup fails.
+
+ - suggested table name: 'codebuild-slack-aliases', but can be configured
+ - by default, the table name is unspecified,  meaning no second lookup will
+   be performed
+ - the email address for which the original lookup fails (the commit
+   signature address) should be stored in index field `alternate_email`
+ - the user's Slack email address should be stored in a string field
+   named `workspace_email`
+ - multiple items can be created with different values for `alternate_email`
+   pointing to the same `workspace_email` value
+ - the table should have the following definition:
+```ruby
+  AttributeDefinitions [
+    { AttributeName: 'alternate_email', AttributeType: 'S' }
+  ]
+  KeySchema [
+    { AttributeName: 'alternate_email', KeyType: 'HASH' }
+  ]
+```
+
 ### IAM Service Role for CodeBuild projects
 
 You will likely already have a service role granting CloudWatch access, to
@@ -76,7 +109,10 @@ name:
   "Effect": "Allow",
   "Resource": [
     "arn:aws:dynamodb:<your-region>:<your-account-id>:table/codebuild-history",
-    "arn:aws:dynamodb:<your-region>:<your-account-id>:table/codbuild-history/*"
+    "arn:aws:dynamodb:<your-region>:<your-account-id>:table/codbuild-history/*",
+    // if optional slack alias table is configured
+    "arn:aws:dynamodb:<your-region>:<your-account-id>:table/codebuild-slack-aliases",
+    "arn:aws:dynamodb:<your-region>:<your-account-id>:table/codbuild-slack-aliases/*"
   ]
 },
 {
@@ -88,6 +124,7 @@ name:
 }
 ```
 
+
 # Configuration
 
 ## Installation
@@ -261,13 +298,30 @@ phases:
       not set
     </td>
     <td>
-      If no slack user can be found in your workspace with the email
+      If no Slack user can be found in your workspace with the email
       address of the author or committer of a commit, a message will be
-      sent to the slack usernames specified.<br />
+      sent to the Slack usernames specified.<br />
       Separate multiple values with commas, with no spaces.<br />
       e.g. fred,velma
     </td>
   </tr>
+  <tr>
+    <th>
+      CBN_SLACK_ALIAS_TABLE
+    </th>
+    <td>
+      <nobr>--slack-alias-table</nobr>
+    </td>
+    <td>
+      not set
+    </td>
+    <td>
+      If no Slack user can be found in your workspace with the email
+      address of the author or committer of a commit, this table will
+      be queried to find the Slack workspace email matching the failed
+      address.
+    </td>
+  </tr>
   <tr>
     <th>
       CBN_SLACK_SECRET_NAME

data/bin/update-build-status

@@ -98,6 +98,16 @@ OptionParser.new do |opts|
     command_line_opts[:slack_admin_users] = usernames
   end
 
+  opts.on(
+    '--slack-alias-table=TABLE',
+    'optional dynamodb table for storing alternate email addresses for when ' \
+    'the commit author email is different from the address associated with ' \
+    'their slack account; can also help with failed lookups for ' \
+    'someuser@noreply.github.com'
+  ) do |table|
+    command_line_opts[:slack_alias_table] = table
+  end
+
   opts.on(
     '--slack-secret-name=SECRET',
     'name of Secrets Manager secret with slack app/bot auth token'

data/lib/codebuild-notifier/config.rb

@@ -15,12 +15,15 @@
 # You should have received a copy of the GNU General Public License
 # along with codebuild-notifier.  If not, see <http://www.gnu.org/licenses/>.
 
+require 'aws-sdk-dynamodb'
+
 module CodeBuildNotifier
   class Config
-    DEFAULT_WHITELIST = %w[master]
+    DEFAULT_WHITELIST = %w[master].freeze
 
-    attr_reader :additional_channel, :default_strategy, :dynamo_table, :region,
-                :slack_admins, :slack_secret_name, :whitelist_branches
+    attr_reader :additional_channel, :default_strategy, :dynamo_table,
+                :region, :slack_admins, :slack_alias_table,
+                :slack_secret_name, :whitelist_branches
 
     # Configuration values specific to CodeBuild Notifier. CBN_ prefix is
     # used because ENV vars with CODEBUILD_ prefix are reserved for use by AWS.
@@ -30,6 +33,7 @@ module CodeBuildNotifier
       dynamo_table: ENV['CBN_DYNAMO_TABLE'] || 'codebuild-history',
       region: ENV['CBN_AWS_REGION'] || ENV['AWS_REGION'],
       slack_admins: ENV['CBN_SLACK_ADMIN_USERNAMES'],
+      slack_alias_table: ENV['CBN_SLACK_ALIAS_TABLE'],
       slack_secret_name: ENV['CBN_SLACK_SECRET_NAME'] || 'slack/codebuild',
       strategy_overrides: ENV['CBN_OVERRIDE_NOTIFY_STRATEGY'],
       whitelist_branches: ENV['CBN_WHITELIST_BRANCHES']
@@ -39,11 +43,16 @@ module CodeBuildNotifier
       @dynamo_table = dynamo_table
       @region = region
       @slack_admins = slack_admins&.split(',') || []
+      @slack_alias_table = slack_alias_table
       @slack_secret_name = slack_secret_name
       @strategy_overrides = strategy_overrides&.split(',') || []
       @whitelist_branches = whitelist_branches&.split(',') || DEFAULT_WHITELIST
     end
 
+    def dynamo_client
+      @dynamo_client || Aws::DynamoDB::Client.new(region: region)
+    end
+
     def strategy_for_branch(branch_name)
       lookup = @strategy_overrides.map { |override| override.split(':') }.to_h
       lookup.fetch(branch_name, default_strategy)

data/lib/codebuild-notifier/dynamo_base.rb

@@ -17,14 +17,13 @@
 
 require 'active_support'
 require 'active_support/core_ext'
-require 'aws-sdk-dynamodb'
 require 'hashie'
 
 module CodeBuildNotifier
   class DynamoBase
     attr_reader :config, :current_build
 
-    delegate :dynamo_table, to: :config
+    delegate :dynamo_client, :dynamo_table, to: :config
 
     def initialize(config, build)
       @config = config
@@ -37,10 +36,6 @@ module CodeBuildNotifier
       )
     end
 
-    private def dynamo_client
-      @dynamo_client || Aws::DynamoDB::Client.new(region: config.region)
-    end
-
     private def hash_to_dynamo_update(hash)
       update = hash.each_with_object(
         expression_attribute_names: {},

data/lib/codebuild-notifier/slack_sender.rb

@@ -34,10 +34,8 @@ module CodeBuildNotifier
         post_message(message, channel)
       end
 
-      message.recipients.each do |email|
-        slack_user_id = find_slack_user(email)
-        slack_user_id && post_message(message, slack_user_id)
-      end
+      user_ids = message.recipients.map { |email| find_slack_user(email)&.id }
+      user_ids.uniq.compact.each { |user_id| post_message(message, user_id) }
     end
 
     private def post_message(message, channel)
@@ -60,14 +58,29 @@ module CodeBuildNotifier
     end
 
     private def find_slack_user(email)
-      lookup_response = slack_client.users_lookupByEmail(email: email)
-      lookup_response.user.id
+      slack_client.users_lookupByEmail(email: email)&.user
     rescue Slack::Web::Api::Errors::SlackError => e
+      alias_email = find_alias(email)
+      if alias_email
+        find_slack_user(alias_email)
+      else
+        report_lookup_failure(email, e.message)
+        nil
+      end
+    end
+
+    private def report_lookup_failure(email, error_message)
       admin_send(
         "Slack user lookup by email for #{email} failed with " \
-        "error: #{e.message}"
+        "error: #{error_message}"
       )
-      nil
+    end
+
+    def find_alias(email)
+      config.slack_alias_table && config.dynamo_client.get_item(
+        table_name: config.slack_alias_table,
+        key: { 'alternate_email' => email }
+      ).item&.fetch('workspace_email')
     end
 
     # If the app token starts with xoxb- then it is a Bot User Oauth token

data/lib/codebuild-notifier/version.rb

@@ -16,5 +16,5 @@
 # along with codebuild-notifier.  If not, see <http://www.gnu.org/licenses/>.
 
 module CodeBuildNotifier
-  VERSION = '1.0.0'.freeze
+  VERSION = '1.1.0'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: codebuild-notifier
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - VHL Ops Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-03-19 00:00:00.000000000 Z
+date: 2019-05-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport