aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatt Hart <matthew.hart@linaro.org>2015-11-16 14:32:45 +0000
committerMatt Hart <matthew.hart@linaro.org>2015-11-19 15:48:01 +0000
commite4c58fa97e26f3435fc8ef1dce0158c675aee52c (patch)
tree590fc1e3bc1b2a952404f48100944858c5b3a517
parent7cd8897812bfbb5511c46573739da22a4073fb24 (diff)
downloadlinaro-git-tools-e4c58fa97e26f3435fc8ef1dce0158c675aee52c.tar.gz
Update gerrit SSH keys from LDAP
Use the Gerrit HTTP API to update all users SSH keys from LDAP. Change-Id: Iab052e62bfa0d6a0994c71b81989e963feef1087
-rwxr-xr-xupdate-gerrit-keys.py90
1 files changed, 90 insertions, 0 deletions
diff --git a/update-gerrit-keys.py b/update-gerrit-keys.py
new file mode 100755
index 0000000..227c596
--- /dev/null
+++ b/update-gerrit-keys.py
@@ -0,0 +1,90 @@
+#!/usr/bin/python
+
+import argparse
+import json
+import linaro_ldap
+
+import requests
+
+parser = argparse.ArgumentParser(
+ description='Update Gerrit users SSH keys from LDAP')
+parser.add_argument('--username', help="Gerrit HTTP API Username")
+parser.add_argument('--password', help="Gerrit HTTP API Password")
+parser.add_argument('--base', help="Gerrit BASE URL ("
+ "https://review.linaro.org)")
+parser.add_argument('--noverify', action="store_true",
+ help="Enable SSL certificate verficiation")
+args = parser.parse_args()
+verify_ssl = True
+if args.noverify:
+ verify_ssl = False
+
+
+def strip_gerrit_junk(string):
+ # https://gerrit-review.googlesource.com/Documentation/rest-api.html#output
+ return '\n'.join(string.split('\n')[1:])
+
+
+def list_keys(username):
+ url = "%s/a/accounts/%s/sshkeys/" % (args.base, username)
+ r = requests.get(url,
+ auth=requests.auth.HTTPDigestAuth(args.username,
+ args.password),
+ verify=verify_ssl)
+ keydict = {}
+ if r.status_code == 200:
+ try:
+ a = json.loads(strip_gerrit_junk(r.content))
+ for data in a:
+ keydict[data["seq"]] = data["ssh_public_key"]
+ return keydict
+ except ValueError as e:
+ print e
+ return False
+ else:
+ return False
+
+
+def add_key(pubkey, username):
+ url = "%s/a/accounts/%s/sshkeys/" % (args.base, username)
+ r = requests.post(url, data=pubkey.encode("utf-8"),
+ auth=requests.auth.HTTPDigestAuth(args.username,
+ args.password),
+ verify=verify_ssl)
+ if r.status_code == 201:
+ return True
+ return False
+
+
+def del_key(username, key_id):
+ url = "%s/a/accounts/%s/sshkeys/%i" % (args.base, username, key_id)
+ r = requests.delete(url,
+ auth=requests.auth.HTTPDigestAuth(args.username,
+ args.password),
+ verify=verify_ssl)
+ if r.status_code == 204:
+ return True
+ return False
+
+
+def keysets_to_list(keysets):
+ list = []
+ for key in keysets:
+ list.append(unicode(key[1]))
+ return list
+
+# start loop here
+result = linaro_ldap.get_users_and_keys(only_validated=True)
+
+for user, keysets in result.iteritems():
+ gerritkeys = list_keys(user)
+ simplegerritkeys = gerritkeys.values()
+ simpleldapkeys = keysets_to_list(keysets)
+ keys_to_add = set(simpleldapkeys) - set(simplegerritkeys)
+ keys_to_remove = set(simplegerritkeys) - set(simpleldapkeys)
+ for key in keys_to_add:
+ add_key(key, user)
+ for key in keys_to_remove:
+ for id, searchkey in gerritkeys.iteritems():
+ if key == searchkey:
+ del_key(user, id)