Test 2 - Create Authorizing Official user #95
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Account Request Approved | |
| on: | |
| issues: | |
| types: | |
| - labeled | |
| jobs: | |
| # When ACCOUNT_APPROVED label is added to account management request | |
| request-approved: | |
| if: github.event.label.name == 'ACCOUNT_APPROVED' | |
| runs-on: ubuntu-20.04 | |
| permissions: | |
| issues: write | |
| steps: | |
| - name: Notify Blossom Sysdevs about Approved Account | |
| run: gh issue comment "$NUMBER" --body "$BODY" | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GH_REPO: ${{ github.repository }} | |
| NUMBER: ${{ github.event.issue.number }} | |
| BODY: > | |
| Account management request APPROVED by Blossom Management. | |
| @usnistgov/blossom-sysdevs please ensure the ACL and/or Cognito are updated and the SSP is in sync with the update. | |
| When implemented, add the ACCOUNT_IMPLEMENTED label and | |
| link this account request issue to the PR with the implementation. | |
| parse-issue: | |
| needs: request-approved | |
| runs-on: ubuntu-20.04 | |
| outputs: | |
| account-modification: ${{ steps.issue-parser.outputs.issueparser_account-modification }} | |
| user-first-name: ${{ steps.issue-parser.outputs.issueparser_user-first-name }} | |
| user-last-name: ${{ steps.issue-parser.outputs.issueparser_user-last-name }} | |
| user-username: ${{ steps.issue-parser.outputs.issueparser_user-username }} | |
| user-email: ${{ steps.issue-parser.outputs.issueparser_user-email }} | |
| account-type: ${{ steps.issue-parser.outputs.issueparser_account-type }} | |
| ssp-file-path: ${{ steps.issue-parser.outputs.issueparser_ssp-file-path }} | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| with: | |
| sparse-checkout: | | |
| .github/ISSUE_TEMPLATE/account_management_request_form.yaml | |
| sparse-checkout-cone-mode: false | |
| - name: Parse issue body | |
| uses: stefanbuck/github-issue-parser@2d2ff50d4aae06ab58d26bf59468d98086605f11 # v3.2.1 | |
| id: issue-parser | |
| with: | |
| template-path: ".github/ISSUE_TEMPLATE/account_management_request_form.yaml" | |
| create-user: | |
| needs: parse-issue | |
| if: ${{ needs.parse-issue.outputs.account-modification == 'Create' }} | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| - name: Ensure directory exists for created users | |
| run: | | |
| mkdir -p ato/oscal-artifacts/created_users/ | |
| - name: Ensure directory exists for created users references | |
| run: | | |
| mkdir -p ato/oscal-artifacts/reference_created_users/ | |
| - name: Create yaml file for automated user creation | |
| env: | |
| USER_NAME: "${{ needs.parse-issue.outputs.user-first-name }} ${{ needs.parse-issue.outputs.user-last-name }}" | |
| USER_USERNAME: ${{ needs.parse-issue.outputs.user-username }} | |
| USER_EMAIL: ${{ needs.parse-issue.outputs.user-email }} | |
| USER_ROLE: ${{ needs.parse-issue.outputs.account-type }} | |
| ISSUE_NUMBER: ${{ github.event.issue.number }} | |
| SSP_FILE_PATH: ${{ needs.parse-issue.outputs.ssp-file-path }} | |
| run: | | |
| python ato/secops/create_user.py --user-name "$USER_NAME" --user-username "$USER_USERNAME" --user-email "$USER_EMAIL" --user-role "$USER_ROLE" --issue-number "$ISSUE_NUMBER" --ssp-path "$SSP_FILE_PATH" | |
| - name: Store user yaml in repo | |
| run: | | |
| git config user.name "create-user-action[bot]" | |
| git config user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
| git config pull.rebase false | |
| git fetch --all | |
| git checkout "$BRANCH_NAME" || git checkout -b "$BRANCH_NAME" | |
| git pull origin "$BRANCH_NAME" | |
| git add "ato/oscal-artifacts/created_users/*" | |
| git add "ato/oscal-artifacts/reference_created_users/*" | |
| git commit -m "Create user request #$ISSUE_NUMBER" | |
| git push origin "$BRANCH_NAME" | |
| env: | |
| ISSUE_NUMBER: ${{ github.event.issue.number }} | |
| BRANCH_NAME: "account-request" | |
| - name: Configure AWS CLI | |
| uses: aws-actions/configure-aws-credentials@8c3f20df09ac63af7b3ae3d7c91f105f857d8497 # v4 | |
| with: | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} | |
| - name: Copy reference yaml to bucket | |
| run: | | |
| aws s3 cp --recursive ato/oscal-artifacts/reference_created_users/ s3://"$AWS_BUCKET" | |
| env: | |
| AWS_BUCKET: ${{ secrets.AWS_BUCKET }} |