#!/usr/bin/python

import argparse
import linaro_ldap
import linaro_gerrit
import logging

parser = argparse.ArgumentParser(
    description='Update Gerrit users SSH keys from LDAP')
linaro_gerrit.add_gerrit_args(parser)
args = parser.parse_args()
linaro_gerrit.apply_gerrit_conf(args)
logging.basicConfig()
log = logging.getLogger("update-gerrit-keys")
log.setLevel(getattr(logging, args.loglevel.upper()))

gerrit = linaro_gerrit.LinaroGerrit(args.base, args.username, args.password,
                                    args.noverify, args.loglevel, args.dryrun)

# start loop here
result = linaro_ldap.get_users_and_keys(only_validated=True)


for user, keysets in result.iteritems():
    if user == 'buildslave':
        log.debug('skipping buildslave (Gerrit thinks its tcwg-buildslave)')
        continue
    gerritkeys = gerrit.list_keys(user)
    if gerritkeys is False:
        continue
    simplegerritkeys = gerritkeys.values()
    simpleldapkeys = gerrit.keysets_to_list(keysets)
    log.debug("Gerrit keys: %s", simplegerritkeys)
    log.debug("LDAP keys: %s", simpleldapkeys)
    keys_to_add = set(simpleldapkeys) - set(simplegerritkeys)
    keys_to_remove = set(simplegerritkeys) - set(simpleldapkeys)
    log.info("Adding %i, removing %i", len(keys_to_add),
             len(keys_to_remove))
    for key in keys_to_add:
        gerrit.add_key(key, user)
    for key in keys_to_remove:
        for id, searchkey in gerritkeys.iteritems():
            if key == searchkey:
                log.debug("Deleting pubkey %s from user %s", key, user)
                gerrit.del_key(user, id)