tools/c7n_mailer - improve event-owner email handling (#2843)

cloud-custodian · Sep 5, 2018 · 0121d35 · 0121d35
1 parent 49b6af2
commit 0121d35
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 2 deletions.
diff --git a/tools/c7n_mailer/c7n_mailer/cli.py b/tools/c7n_mailer/c7n_mailer/cli.py
@@ -20,6 +20,7 @@
         'queue_url': {'type': 'string'},
         'from_address': {'type': 'string'},
         'contact_tags': {'type': 'array', 'items': {'type': 'string'}},
+        'org_domain': {'type': 'string'},
 
         # Standard Lambda Function Config
         'region': {'type': 'string'},

diff --git a/tools/c7n_mailer/c7n_mailer/email_delivery.py b/tools/c7n_mailer/c7n_mailer/email_delivery.py
@@ -103,10 +103,26 @@ def get_valid_emails_from_list(self, targets):
         return emails
 
     def get_event_owner_email(self, targets, event):
-        if 'event-owner' in targets and self.config.get('ldap_uri', False):
+        if 'event-owner' in targets:
             aws_username = self.get_aws_username_from_event(event)
             if aws_username:
-                return self.ldap_lookup.get_email_to_addrs_from_uid(aws_username)
+                # is using SSO, the target might already be an email
+                if self.target_is_email(aws_username):
+                    return [aws_username]
+                # if the LDAP config is set, lookup in ldap
+                elif self.config.get('ldap_uri', False):
+                    return self.ldap_lookup.get_email_to_addrs_from_uid(aws_username)
+                # the org_domain setting is configured, append the org_domain
+                # to the username from AWS
+                elif self.config.get('org_domain', False):
+                    org_domain = self.config.get('org_domain', False)
+                    self.logger.info('adding email %s to targets.', aws_username + '@' + org_domain)
+                    return [aws_username + '@' + org_domain]
+                else:
+                    self.logger.warning('unable to lookup owner email. \
+                            Please configure LDAP or org_domain')
+            else:
+                self.logger.info('no aws username in event')
         return []
 
     def get_ldap_emails_from_resource(self, sqs_message, resource):

diff --git a/tools/c7n_mailer/example.yml b/tools/c7n_mailer/example.yml
@@ -43,3 +43,9 @@ ldap_bind_password: "base64_encoded_ciphertext_password"
 # For sending to sns topics we need to assume back into the target account
 cross_accounts:
   '991119991111': 'arn:aws:iam::991119991111:role/MyDeliveryRole'
+
+# if your usernames match email addresses
+# you can set an org domain here which is appended to the username
+# to send to
+org_domain: example.com
+