From 7f96a73122502d27ef5a068d4b07cafa99f1fac2 Mon Sep 17 00:00:00 2001
From: Andy Doan <andy.doan@linaro.org>
Date: Wed, 16 Dec 2015 13:57:02 -0600
Subject: gitolite-tools: update to use linaro_ldap library

By using the linaro_ldap library we can remove the need for the LDAP
configuration section of this tool and also use a slightly cleaner
approach for creating an LDAP client.

Along with this change I broke out the some get_user into
"get_crowd_user" to make it more obvious why/how we use LDAP when we
really are looking for Crowd information. The diff therefore looks
bigger than it really is, because it decreased one level of indention
for the rest of the function.

Change-Id: I897e92151193ef6f2b1af2974511018445a1e82e
---
 gitolite-tools/gitolite-groups         | 94 +++++++++++++++++-----------------
 gitolite-tools/gitolite-tools.conf.dev |  7 ---
 2 files changed, 47 insertions(+), 54 deletions(-)

diff --git a/gitolite-tools/gitolite-groups b/gitolite-tools/gitolite-groups
index e524fde..c5434bb 100755
--- a/gitolite-tools/gitolite-groups
+++ b/gitolite-tools/gitolite-groups
@@ -24,71 +24,71 @@ import urllib
 
 from ConfigParser import ConfigParser
 
+sys.path.append(os.path.join(os.path.dirname(__file__), '..'))
+import linaro_ldap
+
 DEFAULT_CONFIG_FILE = "gitolite-tools.conf"
 
 CONFIG = ConfigParser()
 CONFIG.read(os.path.join(os.path.dirname(sys.argv[0]), DEFAULT_CONFIG_FILE))
 
 
+def get_crowd_user(user):
+    '''Crowd requires our LDAP's CN attribute as its "username" parameter'''
+    with linaro_ldap.ldap_client(linaro_ldap.build_config()) as client:
+        search_filter = "(uid={0})".format(user)
+        base_dn = 'ou=accounts,dc=linaro,dc=org'
+        result = client.search_s(
+            base_dn, ldap.SCOPE_SUBTREE, search_filter, attrlist=['cn'])
+        if result:
+            try:
+                return result[0][1]['cn'][0]
+            except KeyError:
+                sys.stderr.write(
+                    "gitolite-groups: ERROR: User {0} does not have an email "
+                    "address.\n".format(user))
+
+
 def get_groups(user):
     crowd_usr = CONFIG.get("crowd", "crowd_name")
     crowd_pwd = CONFIG.get("crowd", "crowd_pwd")
 
-    ldap_uri = CONFIG.get("ldap", "ldap_uri")
-    ldap_user = CONFIG.get("ldap", "ldap_user")
-    ldap_key = CONFIG.get("ldap", "ldap_key")
-    base_dn = CONFIG.get("ldap", "base_dn")
-
-    ldap_client = ldap.initialize(ldap_uri, trace_level=0)
-    ldap_client.set_option(ldap.OPT_REFERRALS, 0)
-    ldap_client.simple_bind(ldap_user, ldap_key)
-
-    search_filter = "(uid={0})".format(user)
-    result = ldap_client.search_s(base_dn, ldap.SCOPE_SUBTREE, search_filter,
-                                  attrlist=['mail', 'cn'])
+    user = get_crowd_user(user)
 
     user_teams = ""
     crowd_error = False
-    if result:
-        try:
-            user = result[0][1]['cn'][0]
-
-            params = {"username": user}
-            auth = base64.encodestring('{0}:{1}'.format(crowd_usr, crowd_pwd))
-            headers = {
-                "Authorization": "Basic {0}".format(auth),
-                "Accept": "application/json"
-            }
-            url = "/user/group/nested?{0}".format(
-                urllib.urlencode(params))
+    if user:
+        params = {"username": user}
+        auth = base64.encodestring('{0}:{1}'.format(crowd_usr, crowd_pwd))
+        headers = {
+            "Authorization": "Basic {0}".format(auth),
+            "Accept": "application/json"
+        }
+        url = "/user/group/nested?{0}".format(
+            urllib.urlencode(params))
+
+        c = httplib.HTTPSConnection("login.linaro.org", 8443)
+        c.request("GET", "/crowd/rest/usermanagement/1{0}".format(url),
+                  headers=headers)
 
-            c = httplib.HTTPSConnection("login.linaro.org", 8443)
-            c.request("GET", "/crowd/rest/usermanagement/1{0}".format(url),
-                      headers=headers)
+        try:
+            resp = c.getresponse()
 
-            try:
-                resp = c.getresponse()
-
-                if resp.status != 200:
-                    sys.stderr.write("gitolite-groups: ERROR: Non-successful "
-                                     "response from Crowd: %s\n" % resp.status)
-                    crowd_error = True
-                else:
-                    data = json.load(resp)
-                    names = [x["name"] for x in data["groups"]]
-                    user_teams = " ".join(names)
-            except IOError, e:
-                sys.stderr.write("gitolite-groups: ERROR: No connection to "
-                                 "Crowd server.\n")
-                sys.stderr.write(e)
+            if resp.status != 200:
+                sys.stderr.write("gitolite-groups: ERROR: Non-successful "
+                                 "response from Crowd: %s\n" % resp.status)
                 crowd_error = True
-
-        except KeyError:
-            sys.stderr.write("gitolite-groups: ERROR: User {0} does not have "
-                             "an email address.\n".format(user))
+            else:
+                data = json.load(resp)
+                names = [x["name"] for x in data["groups"]]
+                user_teams = " ".join(names)
+        except IOError, e:
+            sys.stderr.write("gitolite-groups: ERROR: No connection to "
+                             "Crowd server.\n")
+            sys.stderr.write(e)
             crowd_error = True
 
-    if crowd_error:
+    if crowd_error or not user:
         sys.stderr.write("gitolite-groups: Warning: Group memberships "
                          "unavailble, access to some repositories may "
                          "be blocked.\n")
diff --git a/gitolite-tools/gitolite-tools.conf.dev b/gitolite-tools/gitolite-tools.conf.dev
index b5c11b1..36427c3 100644
--- a/gitolite-tools/gitolite-tools.conf.dev
+++ b/gitolite-tools/gitolite-tools.conf.dev
@@ -1,10 +1,3 @@
-[ldap]
-ldap_uri =
-ldap_user =
-ldap_key =
-base_dn =
-group_dn =
-
 [crowd]
 crowd_name =
 crowd_pwd =
-- 
cgit v1.2.3