pabloem commented on code in PR #38992:
URL: https://github.com/apache/beam/pull/38992#discussion_r3454470996
##########
infra/enforcement/account_keys.py:
##########
@@ -16,6 +16,7 @@
import datetime
import logging
import sys
+from torch import diff
Review Comment:
it would be good to use a `diff` from a different library
##########
infra/enforcement/sending.py:
##########
@@ -134,6 +154,68 @@ def update_issue_body(self, issue_number: int, new_body:
str) -> None:
self._make_github_request("PATCH", endpoint, json=payload)
self.logger.info(f"Successfully updated body on GitHub issue:
#{issue_number}")
+ def create_issue_comment(self, issue_number: int, comment_body: str) ->
None:
+ """
+ Adds a new comment to an existing GitHub issue in the specified
repository.
+
+ Args:
+ issue_number (int): The number of the GitHub issue to comment on.
+ comment_body (str): The content of the comment to add to the
GitHub issue.
+ """
+ endpoint = f"repos/{self.github_repo}/issues/{issue_number}/comments"
+ payload = {"body": comment_body}
+ self._make_github_request("POST", endpoint, json=payload)
+ self.logger.info(f"Successfully added comment to GitHub issue:
#{issue_number}")
+
+ def report_unmanaged_keys(self, project_id: str, compilance_issues:
List[str]) -> None:
+ """
+ Report compliance issues regarding unmanaged keys into a single GitHub
issue.
+ Creates a new issue if none exists, otherwise appends a comment to the
open one
+
+ Args:
+ project_id (str): The ID of the project associated with the
unmanaged keys.
+ compilance_issues (List[str]): A list of compliance issues related
to the unmanaged keys.
+ """
+ if not compilance_issues:
+ self.logger.info("No compliance issues to report to Github.")
+ return
+
+ issue_title = "[SECURITY] Action Required: Unmanaged Service Account
Keys Detected"
+ #markdown body
+ timestamp =
__import__("datetime").datetime.now(__import__("datetime").timezone.utc).strftime("%Y-%m-%d
%H:%M:%S UTC")
+ body = f"### Unmanaged Keys Audit Report ({timestamp})\n"
+ body += f"The following unauthorized or unmanaged keys were detected
in `{project_id}`:\n\n"
+ for issue_text in compilance_issues:
+ body += f"- {issue_text}\n"
+
+ body += "\n*Please investigate and revoke these keys if they are not
part of the official rotation system.*"
Review Comment:
if possible, instead of deleting the old content, move it to a collapsed
`<details>` section so we can see the history.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
