aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndy Doan <andy.doan@linaro.org>2015-12-16 13:57:02 -0600
committerAndy Doan <andy.doan@linaro.org>2015-12-16 13:57:02 -0600
commit7f96a73122502d27ef5a068d4b07cafa99f1fac2 (patch)
tree4bdca5b0001ca90979bc0469b3380337c11cd5b4
parent7e16acf3c8d59ceb6c9e59eb2c8561551aaf89ba (diff)
downloadlinaro-git-tools-7f96a73122502d27ef5a068d4b07cafa99f1fac2.tar.gz
gitolite-tools: update to use linaro_ldap library
By using the linaro_ldap library we can remove the need for the LDAP configuration section of this tool and also use a slightly cleaner approach for creating an LDAP client. Along with this change I broke out the some get_user into "get_crowd_user" to make it more obvious why/how we use LDAP when we really are looking for Crowd information. The diff therefore looks bigger than it really is, because it decreased one level of indention for the rest of the function. Change-Id: I897e92151193ef6f2b1af2974511018445a1e82e
-rwxr-xr-xgitolite-tools/gitolite-groups94
-rw-r--r--gitolite-tools/gitolite-tools.conf.dev7
2 files changed, 47 insertions, 54 deletions
diff --git a/gitolite-tools/gitolite-groups b/gitolite-tools/gitolite-groups
index e524fde..c5434bb 100755
--- a/gitolite-tools/gitolite-groups
+++ b/gitolite-tools/gitolite-groups
@@ -24,71 +24,71 @@ import urllib
from ConfigParser import ConfigParser
+sys.path.append(os.path.join(os.path.dirname(__file__), '..'))
+import linaro_ldap
+
DEFAULT_CONFIG_FILE = "gitolite-tools.conf"
CONFIG = ConfigParser()
CONFIG.read(os.path.join(os.path.dirname(sys.argv[0]), DEFAULT_CONFIG_FILE))
+def get_crowd_user(user):
+ '''Crowd requires our LDAP's CN attribute as its "username" parameter'''
+ with linaro_ldap.ldap_client(linaro_ldap.build_config()) as client:
+ search_filter = "(uid={0})".format(user)
+ base_dn = 'ou=accounts,dc=linaro,dc=org'
+ result = client.search_s(
+ base_dn, ldap.SCOPE_SUBTREE, search_filter, attrlist=['cn'])
+ if result:
+ try:
+ return result[0][1]['cn'][0]
+ except KeyError:
+ sys.stderr.write(
+ "gitolite-groups: ERROR: User {0} does not have an email "
+ "address.\n".format(user))
+
+
def get_groups(user):
crowd_usr = CONFIG.get("crowd", "crowd_name")
crowd_pwd = CONFIG.get("crowd", "crowd_pwd")
- ldap_uri = CONFIG.get("ldap", "ldap_uri")
- ldap_user = CONFIG.get("ldap", "ldap_user")
- ldap_key = CONFIG.get("ldap", "ldap_key")
- base_dn = CONFIG.get("ldap", "base_dn")
-
- ldap_client = ldap.initialize(ldap_uri, trace_level=0)
- ldap_client.set_option(ldap.OPT_REFERRALS, 0)
- ldap_client.simple_bind(ldap_user, ldap_key)
-
- search_filter = "(uid={0})".format(user)
- result = ldap_client.search_s(base_dn, ldap.SCOPE_SUBTREE, search_filter,
- attrlist=['mail', 'cn'])
+ user = get_crowd_user(user)
user_teams = ""
crowd_error = False
- if result:
- try:
- user = result[0][1]['cn'][0]
-
- params = {"username": user}
- auth = base64.encodestring('{0}:{1}'.format(crowd_usr, crowd_pwd))
- headers = {
- "Authorization": "Basic {0}".format(auth),
- "Accept": "application/json"
- }
- url = "/user/group/nested?{0}".format(
- urllib.urlencode(params))
+ if user:
+ params = {"username": user}
+ auth = base64.encodestring('{0}:{1}'.format(crowd_usr, crowd_pwd))
+ headers = {
+ "Authorization": "Basic {0}".format(auth),
+ "Accept": "application/json"
+ }
+ url = "/user/group/nested?{0}".format(
+ urllib.urlencode(params))
+
+ c = httplib.HTTPSConnection("login.linaro.org", 8443)
+ c.request("GET", "/crowd/rest/usermanagement/1{0}".format(url),
+ headers=headers)
- c = httplib.HTTPSConnection("login.linaro.org", 8443)
- c.request("GET", "/crowd/rest/usermanagement/1{0}".format(url),
- headers=headers)
+ try:
+ resp = c.getresponse()
- try:
- resp = c.getresponse()
-
- if resp.status != 200:
- sys.stderr.write("gitolite-groups: ERROR: Non-successful "
- "response from Crowd: %s\n" % resp.status)
- crowd_error = True
- else:
- data = json.load(resp)
- names = [x["name"] for x in data["groups"]]
- user_teams = " ".join(names)
- except IOError, e:
- sys.stderr.write("gitolite-groups: ERROR: No connection to "
- "Crowd server.\n")
- sys.stderr.write(e)
+ if resp.status != 200:
+ sys.stderr.write("gitolite-groups: ERROR: Non-successful "
+ "response from Crowd: %s\n" % resp.status)
crowd_error = True
-
- except KeyError:
- sys.stderr.write("gitolite-groups: ERROR: User {0} does not have "
- "an email address.\n".format(user))
+ else:
+ data = json.load(resp)
+ names = [x["name"] for x in data["groups"]]
+ user_teams = " ".join(names)
+ except IOError, e:
+ sys.stderr.write("gitolite-groups: ERROR: No connection to "
+ "Crowd server.\n")
+ sys.stderr.write(e)
crowd_error = True
- if crowd_error:
+ if crowd_error or not user:
sys.stderr.write("gitolite-groups: Warning: Group memberships "
"unavailble, access to some repositories may "
"be blocked.\n")
diff --git a/gitolite-tools/gitolite-tools.conf.dev b/gitolite-tools/gitolite-tools.conf.dev
index b5c11b1..36427c3 100644
--- a/gitolite-tools/gitolite-tools.conf.dev
+++ b/gitolite-tools/gitolite-tools.conf.dev
@@ -1,10 +1,3 @@
-[ldap]
-ldap_uri =
-ldap_user =
-ldap_key =
-base_dn =
-group_dn =
-
[crowd]
crowd_name =
crowd_pwd =