Class: Readiness::TicketProcessor::TwoFARemoval

Inherits:
Client
  • Object
show all
Defined in:
lib/support_readiness/ticket_processor/2fa_removal.rb

Overview

Defines the class TwoFARemoval within the module Zendesk.

Author:

  • Jason Colyer

Since:

  • 1.0.121

Class Method Summary collapse

Methods inherited from Client

auth_error, bad_request_error, convert_actions, convert_conditions, convert_standard_names_to_ids, convert_ticket_form_agent_conditions, convert_ticket_form_brands, convert_ticket_form_end_user_conditions, convert_ticket_form_names_to_ids, convert_view_names_to_ids, convert_view_restrictions, covert_ticket_form_field_ids, create_package!, erb_renderer, handle_request_error, not_found_error, not_processible_error, put_into_archive, recursively_deflate_directory, timestamp_filename, to_clean_json, to_clean_json_with_key, to_hash, to_nearly_clean_json, to_nearly_clean_json_with_key, to_param_string, write_entries

Class Method Details

.owner_entitlement_checkObject

Determine if a owner driven request has entitlement

Author:

  • Jason Colyer

Since:

  • 1.0.121



81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
 
# File 'lib/support_readiness/ticket_processor/2fa_removal.rb', line 81

def self.owner_entitlement_check
  return false unless support_entitlement_check

  zd_field = Readiness::Zendesk::TicketFields.find_by_name(@zendesk_client, 'Impacted email address', @ticket_fields)
  zd_requester = Readiness::Zendesk::Users.find!(@zendesk_client, @ticket.submitter_id)
  target_email = @ticket.custom_fields.detect { |t| t['id'] == zd_field.id }['value']
  return false unless zd_requester.email.split('@').last.downcase == target_email.split('@').last.downcase

  users = Readiness::GitLab::Users.search_by_email(@gitlab_admin_client, target_email)
  return false unless users.count == 1

  target = users.first
  users = Readiness::GitLab::Users.search_by_email(@gitlab_admin_client, zd_requester.email)
  return false unless users.count == 1

  requester = users.first
  memberships = Readiness::GitLab::Users.memberships(@gitlab_admin_client, requester, ['type=Namespace'])
  namespaces_to_check = []
  memberships.select { |m| m['access_level'] == 50 }.each do |m|
    namespace = Readiness::GitLab::Namespaces.find!(@gitlab_admin_client, m['source_id'])
    next unless namespace.parent_id.nil?
    next unless Readiness::GitLab::Namespaces.is_paid?(@gitlab_admin_client, namespace)

    namespaces_to_check.push(namespace)
  end
  return false if namespaces_to_check.count.zero?

  namespaces_to_check.each do |namespace|
    group = Readiness::GitLab::Groups.new({ 'id' => namespace.id })
    all_members = Readiness::GitLab::Groups.all_members(@gitlab_admin_client, group, ["user_ids=#{target.id}"])
    return true unless all_members.count.zero?
  end
  false
end

.process!(zendesk_client, gitlab_admin_client, ticket_id) ⇒ Object

Process a 2FA Removal request

Author:

  • Jason Colyer

Since:

  • 1.0.121



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
# File 'lib/support_readiness/ticket_processor/2fa_removal.rb', line 18

def self.process!(zendesk_client, gitlab_admin_client, ticket_id)
  @zendesk_client = zendesk_client
  @gitlab_admin_client = gitlab_admin_client
  @ticket = Readiness::Zendesk::Tickets.find!(@zendesk_client, ticket_id)
  @fields = Readiness::Zendesk::TicketFields.list(@zendesk_client)
  zd_field = Readiness::Zendesk::TicketFields.find_by_name(@zendesk_client, '2FA removal target', @fields)
  if zd_field.nil?
    puts 'Cannot locate relevant zendesk ticket field, exiting for safety'
    exit 0
  end
  ticket_field = @ticket.custom_fields.detect { |c| c['id'] == zd_field.id }
  if ticket_field.nil?
    puts 'Cannot locate relevant ticket field, exiting for safety'
    exit 0
  end
  if ticket_field['value'] == '2fa_removal_self'
    tags_to_add = if support_entitlement_check
                    %w[2fa_challenge_questions]
                  else
                    %w[2fa_user_not_entitled]
                  end
  elsif ticket_field['value'] == '2fa_removal_other'
    tags_to_add = if owner_entitlement_check
                    %w[2fa_snippet_verification]
                  elsif support_entitlement_check
                    %w[2fa_challenge_questions]
                  else
                    %w[2fa_owner_not_entitled]
                  end
  else
    puts "Unknown request type of '#{ticket_field['value']}', exiting for safety"
    exit 0
  end
  new_ticket = Readiness::Zendesk::Tickets.new
  new_ticket.id = @ticket.id
  new_ticket.additional_tags = tags_to_add
  Readiness::Zendesk::Tickets.update_many!(@zendesk_client, [new_ticket])
end

.support_entitlement_checkObject

Determine if a request has support entitlement

Author:

  • Jason Colyer

Since:

  • 1.0.121



62
63
64
65
66
67
68
69
70
71
72
73
74
 
# File 'lib/support_readiness/ticket_processor/2fa_removal.rb', line 62

def self.support_entitlement_check
  tags = %w[
    sub_consumption_cicd_minutes
    sub_consumption_eap
    sub_consumption_storage
    sub_dotcom_premium
    sub_dotcom_ultimate
  ]
  tags.each do |t|
    return true if @ticket.tags.include? t
  end
  false
end