diff options
-rwxr-xr-x | gitolite-tools/gitolite-groups | 104 | ||||
-rwxr-xr-x | gitolite-tools/gitolite-groups-crowd.py | 103 |
2 files changed, 105 insertions, 102 deletions
diff --git a/gitolite-tools/gitolite-groups b/gitolite-tools/gitolite-groups index 824f139..aeb771a 100755 --- a/gitolite-tools/gitolite-groups +++ b/gitolite-tools/gitolite-groups @@ -1,103 +1,3 @@ -#!/usr/bin/env python3 -# Copyright (C) 2013, 2014 Linaro Ltd. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. +#!/bin/sh -import base64 -import http.client -import json -import ldap -import os -import sys -import urllib -import configparser - -sys.path.append(os.path.join(os.path.dirname(__file__), '..')) -import linaro_ldap - -DEFAULT_CONFIG_FILE = "gitolite-tools.conf" - -CONFIG = configparser.ConfigParser() -CONFIG.read(os.path.join(os.path.dirname(sys.argv[0]), DEFAULT_CONFIG_FILE)) - - -def get_crowd_user(user): - '''Crowd requires our LDAP's CN attribute as its "username" parameter''' - with linaro_ldap.ldap_client(linaro_ldap.build_config()) as client: - search_filter = "(uid={0})".format(user) - base_dn = 'ou=accounts,dc=linaro,dc=org' - result = client.search_s( - base_dn, ldap.SCOPE_SUBTREE, search_filter, attrlist=['cn']) - if result: - try: - return result[0][1]['cn'][0] - except KeyError: - sys.stderr.write( - "gitolite-groups: ERROR: User {0} does not have an email " - "address.\n".format(user)) - - -def get_groups(user): - crowd_usr = CONFIG.get("crowd", "crowd_name") - crowd_pwd = CONFIG.get("crowd", "crowd_pwd") - - user = get_crowd_user(user) - - user_teams = "" - crowd_error = False - if user: - params = {"username": user} - auth = base64.b64encode('{0}:{1}'.format(crowd_usr, crowd_pwd).encode("ascii")) - headers = { - "Authorization": "Basic {0}".format(auth.decode("ascii")), - "Accept": "application/json" - } - url = "/user/group/nested?{0}".format( - urllib.parse.urlencode(params)) - - c = http.client.HTTPSConnection("login.linaro.org", 8443) - c.request("GET", "/crowd/rest/usermanagement/1{0}".format(url), - headers=headers) - - try: - resp = c.getresponse() - - if resp.status != 200: - sys.stderr.write("gitolite-groups: ERROR: Non-successful " - "response from Crowd: %s\n" % resp.status) - crowd_error = True - else: - data = json.load(resp) - names = [x["name"] for x in data["groups"]] - user_teams = " ".join(names) - except IOError as e: - sys.stderr.write("gitolite-groups: ERROR: No connection to " - "Crowd server.\n") - sys.stderr.write(e) - crowd_error = True - - if crowd_error: - sys.stderr.write("gitolite-groups: Warning: Group memberships " - "unavailble, access to some repositories may " - "be blocked.\n") - - return user_teams - - -if __name__ == "__main__": - if len(sys.argv) == 1: - sys.stderr.write("No user name provided to the program.\n") - sys.exit(1) - else: - print(get_groups(sys.argv[1])) +groups $1 2>/dev/null | cut -f2 -d: | sed -e 's/^ //g' diff --git a/gitolite-tools/gitolite-groups-crowd.py b/gitolite-tools/gitolite-groups-crowd.py new file mode 100755 index 0000000..824f139 --- /dev/null +++ b/gitolite-tools/gitolite-groups-crowd.py @@ -0,0 +1,103 @@ +#!/usr/bin/env python3 +# Copyright (C) 2013, 2014 Linaro Ltd. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import base64 +import http.client +import json +import ldap +import os +import sys +import urllib +import configparser + +sys.path.append(os.path.join(os.path.dirname(__file__), '..')) +import linaro_ldap + +DEFAULT_CONFIG_FILE = "gitolite-tools.conf" + +CONFIG = configparser.ConfigParser() +CONFIG.read(os.path.join(os.path.dirname(sys.argv[0]), DEFAULT_CONFIG_FILE)) + + +def get_crowd_user(user): + '''Crowd requires our LDAP's CN attribute as its "username" parameter''' + with linaro_ldap.ldap_client(linaro_ldap.build_config()) as client: + search_filter = "(uid={0})".format(user) + base_dn = 'ou=accounts,dc=linaro,dc=org' + result = client.search_s( + base_dn, ldap.SCOPE_SUBTREE, search_filter, attrlist=['cn']) + if result: + try: + return result[0][1]['cn'][0] + except KeyError: + sys.stderr.write( + "gitolite-groups: ERROR: User {0} does not have an email " + "address.\n".format(user)) + + +def get_groups(user): + crowd_usr = CONFIG.get("crowd", "crowd_name") + crowd_pwd = CONFIG.get("crowd", "crowd_pwd") + + user = get_crowd_user(user) + + user_teams = "" + crowd_error = False + if user: + params = {"username": user} + auth = base64.b64encode('{0}:{1}'.format(crowd_usr, crowd_pwd).encode("ascii")) + headers = { + "Authorization": "Basic {0}".format(auth.decode("ascii")), + "Accept": "application/json" + } + url = "/user/group/nested?{0}".format( + urllib.parse.urlencode(params)) + + c = http.client.HTTPSConnection("login.linaro.org", 8443) + c.request("GET", "/crowd/rest/usermanagement/1{0}".format(url), + headers=headers) + + try: + resp = c.getresponse() + + if resp.status != 200: + sys.stderr.write("gitolite-groups: ERROR: Non-successful " + "response from Crowd: %s\n" % resp.status) + crowd_error = True + else: + data = json.load(resp) + names = [x["name"] for x in data["groups"]] + user_teams = " ".join(names) + except IOError as e: + sys.stderr.write("gitolite-groups: ERROR: No connection to " + "Crowd server.\n") + sys.stderr.write(e) + crowd_error = True + + if crowd_error: + sys.stderr.write("gitolite-groups: Warning: Group memberships " + "unavailble, access to some repositories may " + "be blocked.\n") + + return user_teams + + +if __name__ == "__main__": + if len(sys.argv) == 1: + sys.stderr.write("No user name provided to the program.\n") + sys.exit(1) + else: + print(get_groups(sys.argv[1])) |