1. 24
  1.  

  2. 4

    Looks like a Java programmer turned into a Python power user. There is a thing called makefile, and it goes like this.

    username ?= default_user
    
    Done: SendPrivateKeyStep
    
    CreateSSHKeypairStep:
            @echo 'Run:'
            @echo '   ssh-keygen -t rsa -f ~/$(username)'
            @read line
    
    GitCommitStep: CreateSSHKeypairStep
            @echo 'Copy ~/new_key.pub into the `user_keys` Git repository, then run:'
            @echo '    git commit $(username)'
            @echo '    git push'
            @read line
    
    build_url = 'http://example.com/builds/user_keys'
    WaitForBuildStep: GitCommitStep
            @echo 'Wait for the build job at $(build_url) to finish'
            @read line
    
    dir_url = 'http://example.com/directory'
    RetrieveUserEmailStep: WaitForBuildStep
            @echo 'Go to $(dir_url)'
            @echo 'Find the email address for user $(username)'
            $(eval email = $(shell read -p 'Paste the email address and press enter: ' email && echo $$email))
    
    SendPrivateKeyStep: RetrieveUserEmailStep
            @echo 'Go to 1Password'
            @echo 'Paste the contents of ~/new_key into a new document'
            @echo 'Share the document with $(email)'
            @read line
    

    You do have to accept the TABs and use Gnu Make.

    1. 12

      I expect they did it in Python so that you had access to a full language directly for automation (esp. if you factor out the definitions of those actions into a library, you can slowly build up a shared language for automating other procedures with the same verbs).

      I think the idea is the real meat of the article though, the approach (whether make or python or whatever) is not super relevant, pick what fits best for your team. The idea of ‘shelling out’ to a human to do something you don’t have time to automate is very clever as it provides executable documentation on what needs to be done, and breaks down the problem really well so that it can be tackled by whoever has time to tackle it.

      I work on a pretty small IT/Ops team, this is definitely something that’d help us out a lot, we have lots of procedures and using something like this as an organizing principle would prevent a lot of the thrash we end up with when trying to remember which things were annoying us most recently.

      1. 1

        The real sin is a class for each process. You can do just great by having simple functions.

      2. 2

        I wrote a small tool along similar lines to remember steps to do before submitting a change for code review: https://github.com/wickedchicken/checklist. I have a few ideas on how to expand it, but I’d be happy to hear people’s thoughts!

        1. 1

          Whoa, whoa. I’m all for automation (I have hundreds of scripts in http://github.com/shawwn/scrap) but the example here is uniquely terrible: do not automate the onboarding procedure. Or at least, do not automate this part of it.

          I say this as a former pentester.

          Whatever process does the automation, you’ve just elevated to target #1 for infiltration attacks. And it’s much easier to trick a computer than to trick you into doing six boring steps.