gitlab_support_readiness 1.0.42 → 1.0.44

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 329d7803aa9435db0939a46d9cc4124bf25c51bb5faed1a6a4d8cd6278fc00a4
-  data.tar.gz: 4da0de2f1303d5b225f4f91077863059ee482fbd7cbe2274df7bb72a400cdab4
+  metadata.gz: c93af42de05070b1bfe7139020369a5e8c171315c83dc66f4c997e172780b715
+  data.tar.gz: '069e8c0f67891ebf8f69788728ec4317d3b5545a5b110ddd4331f16df9bf224b'
 SHA512:
-  metadata.gz: 11cec2ae870755dee110a441c62bfe2c17c73a70c1ff0368b49e6f0e4beab979cd03d95ab863013673e75e6b0c78b908e9f6885c9d76f9679ae5344425c4bcbe
-  data.tar.gz: 0e83d7b4973c7b3c288eba1dfc9af1eea6848c8e456b4ee2d94ad576fbbf2cece43f78d67dfe3d609e8efe9cb22a0452183e81c4b2885e6ce9d0eaa611088867
+  metadata.gz: 65706e165e107ca8620a1c6867066d18b6bd18811820fa301ad6f09830105a8e59ffb3023b1f4ce9ff79951478942edcb1bddf45ce2fc2fd61d45edf3f33797c
+  data.tar.gz: 1d933b6d9642aa08834375d1d67de603bcca29b4b21eb8bf466e94258f87c1248fad0645f2c4710a33ddc131719f88868a6f7a230f49dace0e4285f3d568b250

data/lib/support_readiness/support_super_form_processor/global_set_collaboration_id.rb

@@ -23,7 +23,7 @@ module Readiness
         org_does_not_exist if org.is_a? Hash
         new_org = Readiness::Zendesk::Organizations.new
         new_org.id = org.id
-        new_org.custom_fields = {
+        new_org.organization_fields = {
           "am_project_id" => collaboration_project_id
         }
         Readiness::Zendesk::Organizations.update!(@zendesk_client, new_org)

data/lib/support_readiness/support_super_form_processor/global_set_org_ase.rb

@@ -26,7 +26,7 @@ module Readiness
         invalid_agent unless agent_valid?
         new_org = Readiness::Zendesk::Organizations.new
         new_org.id = org.id
-        new_org.custom_fields = {
+        new_org.organization_fields = {
           "assigned_se" => agent_info
         }
         Readiness::Zendesk::Organizations.update!(@zendesk_client, new_org)

data/lib/support_readiness/support_super_form_processor/global_toggle_escalation.rb

@@ -23,7 +23,7 @@ module Readiness
         org_does_not_exist if org.is_a? Hash
         new_org = Readiness::Zendesk::Organizations.new
         new_org.id = org.id
-        new_org.custom_fields = {
+        new_org.organization_fields = {
           "org_in_escalated_state" => !org.custom_fields['org_in_escalated_state']
         }
         Readiness::Zendesk::Organizations.update!(@zendesk_client, new_org)

data/lib/support_readiness/support_super_form_processor/gratis_support_extension.rb

@@ -58,10 +58,6 @@ module Readiness
         @requester ||= Readiness::SupportSuperFormProcessor::Shared.gitlab_user_check(@gitlab_admin_client, requester_email)
       end
 
-      def self.manager
-        @manager ||= Readiness::GitLab::Users.search_by_username(@gitlab_admin_client, manager_handle).detect { |a| a.username == 'manager_handle' }
-      end
-
       ##
       # Sets the global variable requester_email
       #
@@ -81,10 +77,32 @@ module Readiness
       end
 
       ##
-      # Sets the global variable manager_handle
+      # Sets the global variable manager
+      #
+      # @author Jason Colyer
+      # @since 1.0.44
+      def self.manager
+        @manager ||= determine_manager
+      end
+
+      ##
+      # Sets the global variable customer_email
       #
       # @author Jason Colyer
       # @since 1.0.42
+      def self.determine_manager
+        user_search = Readiness::GitLab::Users.search_by_email(client, manager_handle)
+        found_user = user_search.detect { |u| u.email.downcase == email.downcase }
+        return nil if found_user.nil?
+
+        found_user
+      end
+
+      ##
+      # Sets the global variable manager_handle
+      #
+      # @author Jason Colyer
+      # @since 1.0.44
       def self.manager_handle
         @manager_handle ||= ENV.fetch('GRATUS_SUPPORT_APPROVING_MANAGER')
       end

data/lib/support_readiness/support_super_form_processor/gratis_support_former_customer.rb

@@ -180,6 +180,37 @@ module Readiness
         @plan ||= ENV.fetch('GRATIS_SUPPORT_NEW_SUB')
       end
 
+      ##
+      # Sets the global variable manager
+      #
+      # @author Jason Colyer
+      # @since 1.0.44
+      def self.manager
+        @manager ||= determine_manager
+      end
+
+      ##
+      # Sets the global variable customer_email
+      #
+      # @author Jason Colyer
+      # @since 1.0.42
+      def self.determine_manager
+        user_search = Readiness::GitLab::Users.search_by_email(client, manager_handle)
+        found_user = user_search.detect { |u| u.email.downcase == email.downcase }
+        return nil if found_user.nil?
+
+        found_user
+      end
+
+      ##
+      # Sets the global variable manager_handle
+      #
+      # @author Jason Colyer
+      # @since 1.0.44
+      def self.manager_handle
+        @manager_handle ||= ENV.fetch('GRATUS_SUPPORT_APPROVING_MANAGER')
+      end
+
       ##
       # Returns a SOQL query string to get Account info
       #

data/lib/support_readiness/support_super_form_processor/gratis_support_migration.rb

@@ -147,6 +147,37 @@ module Readiness
         @plan ||= ENV.fetch('GRATIS_SUPPORT_NEW_SUB')
       end
 
+      ##
+      # Sets the global variable manager
+      #
+      # @author Jason Colyer
+      # @since 1.0.44
+      def self.manager
+        @manager ||= determine_manager
+      end
+
+      ##
+      # Sets the global variable customer_email
+      #
+      # @author Jason Colyer
+      # @since 1.0.42
+      def self.determine_manager
+        user_search = Readiness::GitLab::Users.search_by_email(client, manager_handle)
+        found_user = user_search.detect { |u| u.email.downcase == email.downcase }
+        return nil if found_user.nil?
+
+        found_user
+      end
+
+      ##
+      # Sets the global variable manager_handle
+      #
+      # @author Jason Colyer
+      # @since 1.0.44
+      def self.manager_handle
+        @manager_handle ||= ENV.fetch('GRATUS_SUPPORT_APPROVING_MANAGER')
+      end
+
       ##
       # Returns a SOQL query string to get Account info
       #

data/lib/support_readiness/support_super_form_processor/gratis_support_other.rb

@@ -131,6 +131,37 @@ module Readiness
         @slack_link ||= ENV.fetch('GRATIS_SUPPORT_SLACK_URL')
       end
 
+      ##
+      # Sets the global variable manager
+      #
+      # @author Jason Colyer
+      # @since 1.0.44
+      def self.manager
+        @manager ||= determine_manager
+      end
+
+      ##
+      # Sets the global variable customer_email
+      #
+      # @author Jason Colyer
+      # @since 1.0.42
+      def self.determine_manager
+        user_search = Readiness::GitLab::Users.search_by_email(client, manager_handle)
+        found_user = user_search.detect { |u| u.email.downcase == email.downcase }
+        return nil if found_user.nil?
+
+        found_user
+      end
+
+      ##
+      # Sets the global variable manager_handle
+      #
+      # @author Jason Colyer
+      # @since 1.0.44
+      def self.manager_handle
+        @manager_handle ||= ENV.fetch('GRATUS_SUPPORT_APPROVING_MANAGER')
+      end
+
       ##
       # Returns a SOQL query string to get Account info
       #

data/lib/support_readiness/support_super_form_processor/gratis_support_prospect.rb

@@ -180,6 +180,37 @@ module Readiness
         @customer_email ||= ENV.fetch('GRATIS_SUPPORT_CUSTOMER_EMAIL')
       end
 
+      ##
+      # Sets the global variable manager
+      #
+      # @author Jason Colyer
+      # @since 1.0.44
+      def self.manager
+        @manager ||= determine_manager
+      end
+
+      ##
+      # Sets the global variable customer_email
+      #
+      # @author Jason Colyer
+      # @since 1.0.42
+      def self.determine_manager
+        user_search = Readiness::GitLab::Users.search_by_email(client, manager_handle)
+        found_user = user_search.detect { |u| u.email.downcase == email.downcase }
+        return nil if found_user.nil?
+
+        found_user
+      end
+
+      ##
+      # Sets the global variable manager_handle
+      #
+      # @author Jason Colyer
+      # @since 1.0.44
+      def self.manager_handle
+        @manager_handle ||= ENV.fetch('GRATUS_SUPPORT_APPROVING_MANAGER')
+      end
+
       ##
       # Returns a SOQL query string to get Account info
       #

data/lib/support_readiness/support_super_form_processor/gratis_support_upgrade.rb

@@ -189,6 +189,37 @@ module Readiness
         @plan ||= ENV.fetch('GRATIS_SUPPORT_NEW_SUB')
       end
 
+      ##
+      # Sets the global variable manager
+      #
+      # @author Jason Colyer
+      # @since 1.0.44
+      def self.manager
+        @manager ||= determine_manager
+      end
+
+      ##
+      # Sets the global variable customer_email
+      #
+      # @author Jason Colyer
+      # @since 1.0.42
+      def self.determine_manager
+        user_search = Readiness::GitLab::Users.search_by_email(client, manager_handle)
+        found_user = user_search.detect { |u| u.email.downcase == email.downcase }
+        return nil if found_user.nil?
+
+        found_user
+      end
+
+      ##
+      # Sets the global variable manager_handle
+      #
+      # @author Jason Colyer
+      # @since 1.0.44
+      def self.manager_handle
+        @manager_handle ||= ENV.fetch('GRATUS_SUPPORT_APPROVING_MANAGER')
+      end
+
       ##
       # Returns a SOQL query string to get Account info
       #

data/lib/support_readiness/support_super_form_processor/namespace_availability.rb

@@ -57,7 +57,7 @@ module Readiness
       def self.group_checks
         group = Readiness::GitLab::Groups.new
         group.id = namespace.id
-        projects = Readiness::GitLab::Groups.projects(client, group, ["archived=false", "include_subgroups=true"])
+        projects = Readiness::GitLab::Groups.projects(@gitlab_admin_client, group, ["archived=false", "include_subgroups=true"])
         detection = projects.detect { |p| (Date.today - 2.years) < Date.parse(p.last_activity_at) }
         namespace_may_be_available if detection.nil?
         namespace_not_available

data/lib/support_readiness/support_super_form_processor/sa_request_for_support.rb

@@ -199,7 +199,7 @@ module Readiness
             <li>Level of Urgency: #{request_priority}</li>
             <li>#{Readiness::SupportSuperFormProcessor::Shared.sfdc_account_string(sfdc_account)}</li>
             <li>#{Readiness::SupportSuperFormProcessor::Shared.sfdc_opportunity_string(sfdc_opportunity)}</li>
-            <li>#{collab_project.empty? ? 'No collaboration project project' | "<a href='#{collab_project}' target='_blank'>Collaboration Project</a>"}</li>
+            <li>#{collab_project.empty? ? 'No collaboration project project' : "<a href='#{collab_project}' target='_blank'>Collaboration Project</a>"}</li>
           </ul>
           <p>
             What is expected from Support?

data/lib/support_readiness/support_super_form_processor/usgov_set_collaboration_id.rb

@@ -23,7 +23,7 @@ module Readiness
         org_does_not_exist if org.is_a? Hash
         new_org = Readiness::Zendesk::Organizations.new
         new_org.id = org.id
-        new_org.custom_fields = {
+        new_org.organization_fields = {
           "am_project_id" => collaboriation_project_id
         }
         Readiness::Zendesk::Organizations.update!(@zendesk_client, new_org)

data/lib/support_readiness/support_super_form_processor/usgov_set_org_ase.rb

@@ -26,7 +26,7 @@ module Readiness
         invalid_agent unless agent_valid?
         new_org = Readiness::Zendesk::Organizations.new
         new_org.id = org.id
-        new_org.custom_fields = {
+        new_org.organization_fields = {
           "assigned_se" => agent_info
         }
         Readiness::Zendesk::Organizations.update!(@zendesk_client, new_org)

data/lib/support_readiness/support_super_form_processor.rb

@@ -48,6 +48,7 @@ module Readiness
     require "#{__dir__}/support_super_form_processor/gratis_support_upgrade"
     require "#{__dir__}/support_super_form_processor/namespace_availability"
     require "#{__dir__}/support_super_form_processor/pd_shadow_modification"
+    require "#{__dir__}/support_super_form_processor/sa_request_for_support"
     require "#{__dir__}/support_super_form_processor/team_member_license"
     require "#{__dir__}/support_super_form_processor/two_fa_exemption"
     require "#{__dir__}/support_super_form_processor/usgov_ir_order_management"

data/lib/support_readiness/ticket_processor/account_blocked.rb

@@ -0,0 +1,289 @@
+# frozen_string_literal: true
+
+# Defines the module Readiness.
+module Readiness
+  # Defines the module TicketProcessor
+  module TicketProcessor
+    ##
+    # Defines the class AccountBlocked within the module {Readiness::Zendesk}.
+    #
+    # @author Jason Colyer
+    # @since 1.0.44
+    class AccountBlocked < Readiness::Client
+      ##
+      # Process a Blocked Account request
+      #
+      # @author Jason Colyer
+      # @since 1.0.44
+      def self.process!(zendesk_client, gitlab_client, gitlab_admin_client, ticket_id)
+        @zendesk_client = zendesk_client
+        @gitlab_client = gitlab_client
+        @gitlab_admin_client = gitlab_admin_client
+        @ticket_id = ticket_id
+        @ticket = Readiness::Zendesk::Tickets.find(@zendesk_client, @ticket_id)
+        puts 'No ticket found, so nothing to autowork' if @ticket.is_a? Hash
+        exit 0 if @ticket.is_a? Hash
+
+        email = @ticket.custom_fields.detect { |t| t['id'] == 4413932829586 }['value']
+        puts 'No email in the field, so nothing to autowork' if email.to_s = ''
+        exit 0 if email.to_s = ''
+
+        search = Readiness::GitLab::Users.search_by_email(@gitlab_admin_client, email)
+        @user = search.detect { |s| s.email.downcase == email.downcase }
+        if @user.nil?
+          print 'No user found, updating ticket...'
+          new_ticket = Readiness::Zendesk::Tickets.new
+          new_ticket.id = @ticket.id
+          new_ticket.status = 'pending'
+          new_ticket.comment = { body: no_user_comment(email) }
+          new_ticket.custom_fields = [
+            { id: 360020735259, value: 'stage-frt' }
+          ]
+          Readiness::Zendesk::Tickets.update!(@zendesk_client, new_ticket)
+          puts 'done'
+        else
+          if %w[blocked banned].include? @user.state
+            if @user.note =~ /Sanctioned Location/i
+              print 'Blocked by embargo, updating ticket...'
+              new_ticket = Readiness::Zendesk::Tickets.new
+              new_ticket.id = @ticket.id
+              new_ticket.status = 'solved'
+              new_ticket.comment = { body: embargo_comment }
+              new_ticket.custom_fields = [
+                { id: 360020735259, value: 'stage-frt' }
+              ]
+              Readiness::Zendesk::Tickets.update!(@zendesk_client, new_ticket)
+              puts 'done'
+            elsif @user.note =~ /^User blocked as part of GitLab PS user migration/
+              @requester = Readiness::Zendesk::Users.find!(@zendesk_client, @ticket.requester_id)
+              search = Readiness::GitLab::Users.search_by_email(@gitlab_admin_client, @requester.email)
+              @requster_gitlab = search.detect { |s| s.email.downcase == @requester.email.downcase }
+              return failed_ps_block if @requester_gitlab.nil?
+
+              memberships = Readiness::GitLab::Users.memberships(@gitlab_admin_client, @requester, ['type=Namespace'])
+              has_paid = false
+              memberships.select { |m| m['access_level'] == 50 }.each do |m|
+                namespace = Readiness::GitLab::Namespaces.find(@gitlab_admin_client, m['source_id'])
+                next if namespace.is_a? Hash
+
+                has_paid = Readiness::GitLab::Namespaces.is_paid?(@gitlab_admin_client, namespace)
+                break if has_paid
+              end
+              return failed_ps_block unless has_paid
+
+              print 'Blocked by PS, unblocking and updating ticket...'
+              Readiness::GitLab::Users.unblock!(@gitlab_admin_client, @user)
+              new_user = Readiness::GitLab::Users.new
+              new_user.id = @user.id
+              new_user.note = "PS migration block removed automatically via ticket ##{@ticket.id}"
+              Readiness::GitLab::Users.update!(@gitlab_admin_client, new_user)
+              new_ticket = Readiness::Zendesk::Tickets.new
+              new_ticket.id = @ticket.id
+              new_ticket.status = 'solved'
+              new_ticket.comment = { body: ps_block_removed }
+              new_ticket.custom_fields = [
+                { id: 360020735259, value: 'stage-frt' }
+              ]
+              Readiness::Zendesk::Tickets.update!(@zendesk_client, new_ticket)
+              puts 'done'
+            else
+              print 'Legit block, creating T&S issue...'
+              project = Readiness::GitLab::Projects.find!(@gitlab_client, 40182479)
+              issue = Readiness::GitLab::Issues.new
+              issue.title = "Account Reinstatement - #{@user.username}"
+              issue.description = blocked_issue_body
+              created = Readiness::GitLab::Issues.create!(@gitlab_client, issue)
+              puts 'done'
+              print 'Updating ticket...'
+              
+              new_ticket = Readiness::Zendesk::Tickets.new
+              new_ticket.id = @ticket.id
+              new_ticket.comment = { body: blocked_user_comment(created), public: false }
+              Readiness::Zendesk::Tickets.update!(@zendesk_client, new_ticket)
+              puts 'done'
+            end
+          else
+            print 'User is not blocked, updating ticket...'
+            new_ticket = Readiness::Zendesk::Tickets.new
+            new_ticket.id = @ticket.id
+            new_ticket.status = 'pending'
+            new_ticket.comment = { body: not_blocked_comment }
+            new_ticket.custom_fields = [
+              { id: 360020735259, value: 'stage-frt' }
+            ]
+            Readiness::Zendesk::Tickets.update!(@zendesk_client, new_ticket)
+            puts 'done'
+          end
+          puts 'Just right'
+        end
+      end
+
+      def self.failed_ps_block
+        print 'PS block, but user is not qualified to request release, updating ticket...'
+        new_ticket = Readiness::Zendesk::Tickets.new
+        new_ticket.id = @ticket.id
+        new_ticket.status = 'solved'
+        new_ticket.comment = { body: ps_block_rejected_comment }
+        new_ticket.custom_fields = [
+          { id: 360020735259, value: 'stage-frt' }
+        ]
+        Readiness::Zendesk::Tickets.update!(@zendesk_client, new_ticket)
+        puts 'done'
+      end
+
+      def self.no_user_comment(email)
+        <<~STRING
+          Hi,
+
+          Thanks for contacting GitLab Support.
+
+          Could you please let us know whether you've registered an account #{email} on GitLab.com or on a self-hosted GitLab instance?
+
+          If the account was registered on GitLab.com, please confirm the username and email address, as we cannot find an account under your email or the username you've provided.
+
+          If the account was registered on a self-hosted GitLab instance (e.g., `gitlab.yourcompany.com`), please reach out to an administrator of that instance, as it is managed separately from GitLab.com.
+        STRING
+      end
+
+      def self.not_blocked_comment
+        <<~STRING
+          Hi,
+
+          Thank you for contacting GitLab support.
+
+          The account in question, #{@user.email}, is not blocked. However, the account may be locked if the system has registered too many login attempts during a short period of time. It will be locked for 30 minutes, after which it will be unlocked automatically.
+
+          On GitLab.com, we can also lock an account when there are 3 or more failed login attempts within 24 hours. Upon successful login, you may be redirected to a verification page and an email message with a 6-digit code is sent to your _primary_ email account. Please check your email (including the spam folder) for a message with a 6-digit code to unlock your account.
+
+          Please let us know if you have any further questions or are unable to receive any emails for your account.
+        STRING
+      end
+
+      def self.embargo_comment
+        <<~STRING
+          Hi,
+
+          Thanks for contacting GitLab Support.
+
+          In accordance with the guidance provided by the U.S. government, and not determined by GitLab, there may be some countries that cannot access our platform.  Your account may have been blocked as the result of a recent discovery where some user access was inadvertently granted in US embargoed regions.
+
+          GitLab is unable to conduct business with individuals or companies located in US embargoed countries. This is required under US Export Regulations, as well as, our status as a federal contractor.
+
+          For more information, please visit our [Trade Compliance page](https://about.gitlab.com/handbook/people-operations/code-of-conduct/#trade-compliance-exportimport-control).
+
+          If you believe your account has been blocked in error, you may contest this action.  To do this, you will need to provide:
+
+          1. Explanation of how your IP address was connected to an embargoed country.
+          1. Attach digital copies of documentation proving you do not reside in an embargoed country.
+
+          Once you have provided the requested information, GitLab will review the matter.
+        STRING
+      end
+
+      def self.blocked_category(custom_attributes)
+        category = custom_attributes.detect { |c| c['key'] == 'blocked_category' }
+        feature = custom_attributes.detect { |c| c['key'] == 'blocked_feature' }
+        return 'Unknown' if category.nil? || feature.nil?
+
+        "#{category} / #{feature}"
+      end
+
+      def self.block_sources(custom_attributes)
+        sources = []
+        omamori = custom_attributes.detect { |c| c['key'] == 'omamori_mitigation_plan' }
+        sources.push("Omamori ([mitigation plan](https://omamori.sec.gitlab.net/mitigation_plans/#{omamori['value']}))") unless omamori.nil?
+        sources.push('Bouncer') if custom_attributes.detect { |c| c['key'] == 'block_enacted_by' && c['value'] =~ /^bouncer\:/ }
+        sources.push('Bouncer') if custom_attributes.detect { |c| c['key'] == 'ban_enacted_by' && c['value'] =~ /^bouncer\:/ }
+        admin_check = custom_attributes.detect { |c| c['key'] == 'blocked_by' }
+        sources.push(admin_check['value'].split('/').first) unless admin_check['value'] =~ /^service\-/
+        autoban_check = custom_attributes.detect { |c| c['key'] == 'auto_banned_by' }
+        sources.push(autoban_check['value']) unless autoban_check.nil?
+        return 'Other (unknown)' if sources.uniq.compact.count.zero?
+
+        sources.uniq.compact.join(', ')
+      end
+
+      def self.blocked_user_comment(issue)
+        <<~STRING
+          Please follow the [reinstating blocked accounts workflow](https://handbook.gitlab.com/handbook/support/workflows/reinstating-blocked-accounts/) using the following Trust & Safety issue:
+
+          #{issue.web_url}
+        STRING
+      end
+
+      def self.blocked_issue_body
+        request = @gitlab_admin_client.connection.get "users/#{@user.id}?with_custom_attributes=true"
+        custom_attributes = Oj.load(request.body)['custom_attributes']
+        <<~STRING
+          ## Account Reinstatement request
+
+          Template [Instructions](https://gitlab.com/groups/gitlab-com/gl-security/security-operations/trust-and-safety/-/wikis/Account%20Reinstatements)
+
+          ---
+          
+          #### **Zendesk Message:**
+
+          ```
+          #{@ticket.description}
+          ```
+          
+          <table>
+          <tr>
+          <th>Account Information</th>
+          </tr>
+          <tr>
+          <td>
+
+          | Related information             | :link: |
+          | --------------------------------|--------|
+          | **Zendesk**                     | https://gitlab.zendesk.com/agent/tickets/#{@ticket.id} |
+          | **Account URL**                 | [Admin link](https://gitlab.com/admin/users/#{@user.username}) / [Profile link](https://gitlab.com/#{@user.username}) |
+          | **Project/Group/File**          | |
+          | **Requestor email address**.    | #{@user.email} |
+          | **Block category/feature**      | #{blocked_category(custom_attributes)} |
+          | **Block source(s)**             | #{block_sources(custom_attributes)} |
+          | **Admin note on the Account**   | #{@user.note} |
+          | **Related Issues or Incidents** | |
+
+          </td>
+          </tr>
+          </table>
+
+          /label ~"Account Reinstatement" ~"Type::Operational" ~"Status::Triage" ~"Department::Trust & Safety" ~"T&S::Operations" ~"type::internal_request" ~"priority::2"
+
+          /due tomorrow
+
+          /weight 1
+        STRING
+      end
+
+      def self.ps_block_rejected_comment
+        <<~STRING
+          Greetings,
+
+          We are not able to proceed with this request, as the user is blocked by a Professional Services migration.
+
+          To process the removal, an Owner of a top-level paid subscription must make the request.
+
+          Please consider having an Owner of a top-level paid subscription must make the request submit a new ticket to have this automted process unblock the requested user.
+
+          Thank you,
+
+          GitLab Support
+        STRING
+      end
+
+      def self.ps_block_removed_comment
+        <<~STRING
+          Greetings,
+
+          As the block on user #{@user.email} was put in place by Professional Services for a migration and you are an Owner on a top-level paid namespace, we have removed it at this time.
+
+          If that user encounters any issues logging in and accessing their account, please reply back letting us know.
+
+          GitLab Support
+        STRING
+      end
+    end
+  end
+end