Tomas Kracmar
2c41eaca44
Source: main (497baf0) Excluded: live tenant exports, generated artifacts, and dev-only tooling.
174 lines
5.6 KiB
Python
174 lines
5.6 KiB
Python
#!/usr/bin/env python3
|
|
"""Shared utilities for Intune / Entra drift backup scripts."""
|
|
|
|
from __future__ import annotations
|
|
|
|
import json
|
|
import os
|
|
import re
|
|
import subprocess
|
|
import time
|
|
import urllib.error
|
|
import urllib.request
|
|
from typing import Any
|
|
|
|
|
|
def env_text(name: str, default: str = "") -> str:
|
|
"""Read and sanitize an environment variable, treating unresolved Azure DevOps
|
|
macros $(...) as empty.
|
|
"""
|
|
raw = os.environ.get(name)
|
|
if raw is None:
|
|
return default
|
|
value = raw.strip()
|
|
if re.fullmatch(r"\$\([^)]+\)", value):
|
|
return default
|
|
if not value:
|
|
return default
|
|
return value
|
|
|
|
|
|
def env_bool(name: str, default: bool = False) -> bool:
|
|
"""Interpret an environment variable as a boolean."""
|
|
raw = env_text(name, "")
|
|
if not raw:
|
|
return default
|
|
return raw.lower() in {"1", "true", "yes", "y", "on"}
|
|
|
|
|
|
def normalize_exclude_csv(value: str) -> str:
|
|
"""Normalize an exclude CSV value, treating sentinel values as empty."""
|
|
normalized = str(value or "").strip()
|
|
if normalized.lower() in {"", "none", "null", "n/a", "-", "_none_"}:
|
|
return ""
|
|
return normalized
|
|
|
|
|
|
def normalize_merge_strategy(value: str) -> str:
|
|
"""Normalize a merge strategy string to an Azure DevOps API value."""
|
|
raw = (value or "").strip().lower().replace("-", "").replace("_", "")
|
|
aliases = {
|
|
"nofastforward": "noFastForward",
|
|
"mergecommit": "noFastForward",
|
|
"merge": "noFastForward",
|
|
"squash": "squash",
|
|
"rebase": "rebase",
|
|
"rebasefastforward": "rebase",
|
|
"rebaseff": "rebase",
|
|
"rebasemerge": "rebaseMerge",
|
|
}
|
|
return aliases.get(raw, "rebase")
|
|
|
|
|
|
def _get_retry_after_seconds(error: urllib.error.HTTPError) -> float | None:
|
|
try:
|
|
retry_after = error.headers.get("Retry-After")
|
|
if retry_after:
|
|
return float(retry_after)
|
|
except Exception:
|
|
pass
|
|
return None
|
|
|
|
|
|
def request_json(
|
|
url: str,
|
|
method: str = "GET",
|
|
body: dict[str, Any] | None = None,
|
|
headers: dict[str, str] | None = None,
|
|
token: str | None = None,
|
|
timeout: float = 60,
|
|
max_retries: int = 0,
|
|
) -> Any:
|
|
"""Make a JSON HTTP request and return the parsed response.
|
|
|
|
If *token* is provided, an Authorization header is added automatically.
|
|
If *max_retries* is greater than zero, transient HTTP errors (429, 500,
|
|
502, 503, 504) are retried with exponential back-off.
|
|
"""
|
|
req_headers: dict[str, str] = {
|
|
"Accept": "application/json",
|
|
}
|
|
if token is not None:
|
|
req_headers["Authorization"] = f"Bearer {token}"
|
|
if headers is not None:
|
|
req_headers.update(headers)
|
|
|
|
payload: bytes | None = None
|
|
if body is not None:
|
|
payload = json.dumps(body).encode("utf-8")
|
|
req_headers.setdefault("Content-Type", "application/json")
|
|
|
|
retry_codes = {429, 500, 502, 503, 504}
|
|
last_error: Exception | None = None
|
|
|
|
for attempt in range(max_retries + 1):
|
|
req = urllib.request.Request(
|
|
url,
|
|
data=payload,
|
|
method=method,
|
|
headers=req_headers,
|
|
)
|
|
try:
|
|
with urllib.request.urlopen(req, timeout=timeout) as resp:
|
|
return json.loads(resp.read().decode("utf-8"))
|
|
except urllib.error.HTTPError as exc:
|
|
last_error = exc
|
|
if exc.code not in retry_codes or attempt == max_retries:
|
|
body = ""
|
|
try:
|
|
body = exc.read().decode("utf-8", errors="replace")[:2048]
|
|
except Exception:
|
|
pass
|
|
if body:
|
|
raise RuntimeError(
|
|
f"{method} {url} failed: HTTP Error {exc.code}: {exc.reason} — {body}"
|
|
) from exc
|
|
raise
|
|
retry_after = _get_retry_after_seconds(exc)
|
|
sleep = retry_after if retry_after is not None else (2 ** attempt)
|
|
time.sleep(sleep)
|
|
except urllib.error.URLError as exc:
|
|
last_error = exc
|
|
if attempt == max_retries:
|
|
raise
|
|
time.sleep(2 ** attempt)
|
|
|
|
# Should never be reached; satisfy type checker.
|
|
if last_error is not None:
|
|
raise last_error
|
|
raise RuntimeError("request_json exhausted all retries")
|
|
|
|
|
|
def run_git(repo_root: str | os.PathLike[str], args: list[str], check: bool = True) -> str:
|
|
"""Run a git command and return stdout as a stripped string."""
|
|
proc = subprocess.run(
|
|
["git", *args],
|
|
cwd=str(repo_root),
|
|
stdout=subprocess.PIPE,
|
|
stderr=subprocess.PIPE,
|
|
text=True,
|
|
check=False,
|
|
)
|
|
if check and proc.returncode != 0:
|
|
stderr = (proc.stderr or "").strip()
|
|
raise RuntimeError(f"git {' '.join(args)} failed ({proc.returncode}): {stderr}")
|
|
return proc.stdout.strip()
|
|
|
|
|
|
def configure_git_identity(
|
|
repo_root: str | os.PathLike[str],
|
|
fallback_name: str | None = None,
|
|
fallback_email: str | None = None,
|
|
) -> None:
|
|
"""Configure git user.name and user.email from pipeline env vars."""
|
|
requested_for = (os.environ.get("BUILD_REQUESTEDFOR") or "").strip()
|
|
requested_for_email = (os.environ.get("BUILD_REQUESTEDFOREMAIL") or "").strip()
|
|
fallback_name = (fallback_name or os.environ.get("USER_NAME") or "ASTRAL Backup Service").strip()
|
|
fallback_email = (fallback_email or os.environ.get("USER_EMAIL") or "intune-backup@local.invalid").strip()
|
|
|
|
author_name = requested_for or fallback_name
|
|
author_email = requested_for_email if "@" in requested_for_email else fallback_email
|
|
|
|
run_git(repo_root, ["config", "user.name", author_name])
|
|
run_git(repo_root, ["config", "user.email", author_email])
|