1 files changed, 90 insertions, 0 deletions

diff --git a/update-gerrit-keys.py b/update-gerrit-keys.py
new file mode 100755
index 0000000..227c596
--- /dev/null
+++ b/update-gerrit-keys.py
@@ -0,0 +1,90 @@
+#!/usr/bin/python
+
+import argparse
+import json
+import linaro_ldap
+
+import requests
+
+parser = argparse.ArgumentParser(
+    description='Update Gerrit users SSH keys from LDAP')
+parser.add_argument('--username', help="Gerrit HTTP API Username")
+parser.add_argument('--password', help="Gerrit HTTP API Password")
+parser.add_argument('--base', help="Gerrit BASE URL ("
+                                   "https://review.linaro.org)")
+parser.add_argument('--noverify', action="store_true",
+                    help="Enable SSL certificate verficiation")
+args = parser.parse_args()
+verify_ssl = True
+if args.noverify:
+    verify_ssl = False
+
+
+def strip_gerrit_junk(string):
+    # https://gerrit-review.googlesource.com/Documentation/rest-api.html#output
+    return '\n'.join(string.split('\n')[1:])
+
+
+def list_keys(username):
+    url = "%s/a/accounts/%s/sshkeys/" % (args.base, username)
+    r = requests.get(url,
+                     auth=requests.auth.HTTPDigestAuth(args.username,
+                                                       args.password),
+                     verify=verify_ssl)
+    keydict = {}
+    if r.status_code == 200:
+        try:
+            a = json.loads(strip_gerrit_junk(r.content))
+            for data in a:
+                keydict[data["seq"]] = data["ssh_public_key"]
+            return keydict
+        except ValueError as e:
+            print e
+            return False
+    else:
+        return False
+
+
+def add_key(pubkey, username):
+    url = "%s/a/accounts/%s/sshkeys/" % (args.base, username)
+    r = requests.post(url, data=pubkey.encode("utf-8"),
+                      auth=requests.auth.HTTPDigestAuth(args.username,
+                                                        args.password),
+                      verify=verify_ssl)
+    if r.status_code == 201:
+        return True
+    return False
+
+
+def del_key(username, key_id):
+    url = "%s/a/accounts/%s/sshkeys/%i" % (args.base, username, key_id)
+    r = requests.delete(url,
+                        auth=requests.auth.HTTPDigestAuth(args.username,
+                                                          args.password),
+                        verify=verify_ssl)
+    if r.status_code == 204:
+        return True
+    return False
+
+
+def keysets_to_list(keysets):
+    list = []
+    for key in keysets:
+        list.append(unicode(key[1]))
+    return list
+
+# start loop here
+result = linaro_ldap.get_users_and_keys(only_validated=True)
+
+for user, keysets in result.iteritems():
+    gerritkeys = list_keys(user)
+    simplegerritkeys = gerritkeys.values()
+    simpleldapkeys = keysets_to_list(keysets)
+    keys_to_add = set(simpleldapkeys) - set(simplegerritkeys)
+    keys_to_remove = set(simplegerritkeys) - set(simpleldapkeys)
+    for key in keys_to_add:
+        add_key(key, user)
+    for key in keys_to_remove:
+        for id, searchkey in gerritkeys.iteritems():
+            if key == searchkey:
+                del_key(user, id)