diff options
-rwxr-xr-x | update-gerrit-keys.py | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/update-gerrit-keys.py b/update-gerrit-keys.py new file mode 100755 index 0000000..227c596 --- /dev/null +++ b/update-gerrit-keys.py @@ -0,0 +1,90 @@ +#!/usr/bin/python + +import argparse +import json +import linaro_ldap + +import requests + +parser = argparse.ArgumentParser( + description='Update Gerrit users SSH keys from LDAP') +parser.add_argument('--username', help="Gerrit HTTP API Username") +parser.add_argument('--password', help="Gerrit HTTP API Password") +parser.add_argument('--base', help="Gerrit BASE URL (" + "https://review.linaro.org)") +parser.add_argument('--noverify', action="store_true", + help="Enable SSL certificate verficiation") +args = parser.parse_args() +verify_ssl = True +if args.noverify: + verify_ssl = False + + +def strip_gerrit_junk(string): + # https://gerrit-review.googlesource.com/Documentation/rest-api.html#output + return '\n'.join(string.split('\n')[1:]) + + +def list_keys(username): + url = "%s/a/accounts/%s/sshkeys/" % (args.base, username) + r = requests.get(url, + auth=requests.auth.HTTPDigestAuth(args.username, + args.password), + verify=verify_ssl) + keydict = {} + if r.status_code == 200: + try: + a = json.loads(strip_gerrit_junk(r.content)) + for data in a: + keydict[data["seq"]] = data["ssh_public_key"] + return keydict + except ValueError as e: + print e + return False + else: + return False + + +def add_key(pubkey, username): + url = "%s/a/accounts/%s/sshkeys/" % (args.base, username) + r = requests.post(url, data=pubkey.encode("utf-8"), + auth=requests.auth.HTTPDigestAuth(args.username, + args.password), + verify=verify_ssl) + if r.status_code == 201: + return True + return False + + +def del_key(username, key_id): + url = "%s/a/accounts/%s/sshkeys/%i" % (args.base, username, key_id) + r = requests.delete(url, + auth=requests.auth.HTTPDigestAuth(args.username, + args.password), + verify=verify_ssl) + if r.status_code == 204: + return True + return False + + +def keysets_to_list(keysets): + list = [] + for key in keysets: + list.append(unicode(key[1])) + return list + +# start loop here +result = linaro_ldap.get_users_and_keys(only_validated=True) + +for user, keysets in result.iteritems(): + gerritkeys = list_keys(user) + simplegerritkeys = gerritkeys.values() + simpleldapkeys = keysets_to_list(keysets) + keys_to_add = set(simpleldapkeys) - set(simplegerritkeys) + keys_to_remove = set(simplegerritkeys) - set(simpleldapkeys) + for key in keys_to_add: + add_key(key, user) + for key in keys_to_remove: + for id, searchkey in gerritkeys.iteritems(): + if key == searchkey: + del_key(user, id) |