Added the tenants: ecoeng_01, ecoeng_02, ecoeng_03 #672
Conversation
athiruma
added
documentation
ebattat
changed the title
athiruma
force-pushed
the
add_tenants
branch
from
e11db2a to
4ccfd94
Compare
athiruma
changed the title
athiruma
force-pushed
the
add_tenants
branch
from
4ccfd94 to
0992429
Compare
done |
|
@athiruma, did Michail review it ? |
no. Yet to review. |
|
@redmikhail ptal 👋 |
athiruma
force-pushed
the
add_tenants
branch
from
ed7284a to
833a0ff
Compare
athiruma
force-pushed
the
add_tenants
branch
2 times, most recently
from
bd18f65 to
07d0d72
Compare
|
@athiruma LGTM |
athiruma
force-pushed
the
add_tenants
branch
from
07d0d72 to
169aaf4
Compare
ebattat
changed the title
| sh '''if [[ "$(podman images -q quay.io/ebattat/cloud-governance 2> /dev/null)" != "" ]]; then podman rmi -f $(podman images -q quay.io/ebattat/cloud-governance 2> /dev/null); fi''' | ||
| } | ||
| } | ||
| stage('Run Tagging Cluster & Non-Cluster') { |
There was a problem hiding this comment.
Are you sure it tagging stage ?
There was a problem hiding this comment.
It is an tagging job.
| sh '''if [[ "$(podman images -q quay.io/ebattat/cloud-governance 2> /dev/null)" != "" ]]; then podman rmi -f $(podman images -q quay.io/ebattat/cloud-governance 2> /dev/null); fi''' | ||
| } | ||
| } | ||
| stage('Run Policies the Cost Policies') { |
There was a problem hiding this comment.
Run Cost Policies - fix it in all places
| } | ||
| } | ||
| } | ||
| stage('Run Policies the Daily polices') { |
There was a problem hiding this comment.
Run Daily Policies - fix it in all places
| @@ -0,0 +1,80 @@ | |||
| account = ['industry-partners', 'special-projects', 'edgeinfra', 'specialprojects-qe', 'ecoeng-sap', 'sysdeseng', 'verticals-ui'] | |||
There was a problem hiding this comment.
ecoeng_03 instead of ecoeng_3
| string(credentialsId: "${account[i]}-aws-secret-key-id", variable: 'secret_key'), | ||
| string(credentialsId: "${account[i]}-s3-bucket", variable: 's3_bucket')]) { | ||
| env.account_name = "${account[i]}" | ||
| sh 'python3 jenkins/poc/haim/common/run_cost_policies.py' |
There was a problem hiding this comment.
- Is this path properly ?, if not pls fix it for all 3 groups
| string(credentialsId: "${account[i]}-aws-secret-key-id", variable: 'secret_key'), | ||
| string(credentialsId: "${account[i]}-s3-bucket", variable: 's3_bucket')]) { | ||
| env.account_name = "${account[i]}" | ||
| sh 'python3 jenkins/poc/haim/common/run_policies.py' |
There was a problem hiding this comment.
- Is this path properly ?
- I think that we should pass argument:
Configure in jenkinsfile:
policies_in_action = ['ebs_unattached', 'ip_unattached', 'zombie_snapshots', 'unused_nat_gateway', 's3_inactive', 'empty_roles']
python3 jenkins/poc/haim/common/run_policies.py "$policies_in_action"
Please fix it in all 3 groups: ecoeng01/02/03
There was a problem hiding this comment.
There is no need to pass to the file, we can access it by os.environ variable.
athiruma
force-pushed
the
add_tenants
branch
from
169aaf4 to
a95c3cd
Compare
|
|
||
| exclude_policies = ['cost_explorer', 'optimize_resources_report', 'monthly_report', 'cost_over_usage', | ||
| 'skipped_resources', 'cost_explorer_payer_billings', 'cost_billing_reports', 'spot_savings_analysis'] | ||
| available_policies = get_custodian_policies(exclude_policies=exclude_policies) |
There was a problem hiding this comment.
Sry, it is get policies. Get all policies with excluding the cost policies.
athiruma
force-pushed
the
add_tenants
branch
from
a95c3cd to
22ad1d1
Compare
| contact2 = "[email protected]" | ||
| // By default, all policies are running in dry_run="yes" mode and the whole list can be found in run_policies.py | ||
| // POLICIES_IN_ACTION: Policies that run in the dry_run="no" mode | ||
| POLICIES_IN_ACTION = ["ebs_unattached", "ip_unattached", "zombie_snapshots", "unused_nat_gateway", "s3_inactive", "empty_roles"] |
There was a problem hiding this comment.
This is the policy list in action
| string(credentialsId: "${account[i]}-aws-secret-key-id", variable: 'secret_key'), | ||
| string(credentialsId: "${account[i]}-s3-bucket", variable: 's3_bucket')]) { | ||
| env.account_name = "${account[i]}" | ||
| sh 'python3 jenkins/tenant/aws/common/run_policies.py' |
There was a problem hiding this comment.
You should pass the policies here
Can we use the following variable:
available_policies = list of all our policies [Should be env variable] => should configured in cg variables.
active_policies = list of active policies per Jenkinsfile and it should pass from Jenkinsfile as following
python3 jenkins/tenant/aws/common/run_policies.py "active_policies"
if that works, pls fix it for all the groups
There was a problem hiding this comment.
This is the way of passing by arguments, it is always better to expose it environment and consume it in the file.
I don't agree with the available policies here. The policies should be changed. Thats the reason I added it inside the python dynamically. Coming to active_polices, I added the ENV variable POLICIES_IN_ACTION, describes which are in action.
athiruma
force-pushed
the
add_tenants
branch
from
22ad1d1 to
a6f0d2f
Compare
athiruma
force-pushed
the
add_tenants
branch
2 times, most recently
from
a07a68e to
2f26fc9
Compare
|
LGTM |
Type of change
Note: Fill x in []
Description
Adding the managed tenants.
For security reasons, all pull requests need to be approved first before running any automated CI