1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
#!/usr/bin/python
import argparse
import json
import linaro_ldap
import logging
import requests
parser = argparse.ArgumentParser(
description='Update Gerrit users SSH keys from LDAP')
parser.add_argument('--username', help="Gerrit HTTP API Username")
parser.add_argument('--password', help="Gerrit HTTP API Password")
parser.add_argument('--base', help="Gerrit BASE URL ("
"https://review.linaro.org)")
parser.add_argument('--noverify', action="store_true",
help="Disable SSL certificate verficiation")
parser.add_argument('--dryrun', action="store_true",
help="Do not perform any actions, just report")
parser.add_argument('--loglevel', default="WARNING",
help="Setting logging level, default: %(default)s")
args = parser.parse_args()
logging.basicConfig(level=getattr(logging, args.loglevel.upper()))
logging.getLogger("requests").setLevel(logging.WARNING)
log = logging.getLogger("update-gerrit-keys")
verify_ssl = True
if args.noverify:
log.debug("Not verifying SSL certificates")
verify_ssl = False
def strip_gerrit_junk(string):
# https://gerrit-review.googlesource.com/Documentation/rest-api.html#output
return '\n'.join(string.split('\n')[1:])
def list_keys(username):
log.info("Listing keys for user: %s", username)
url = "%s/a/accounts/%s/sshkeys/" % (args.base, username)
r = requests.get(url,
auth=requests.auth.HTTPDigestAuth(args.username,
args.password),
verify=verify_ssl)
keydict = {}
if r.status_code == 200:
try:
a = json.loads(strip_gerrit_junk(r.content))
for data in a:
keydict[data["seq"]] = data["ssh_public_key"].strip()
return keydict
except ValueError as e:
log.warn(e)
return False
else:
log.info("user %s not found in gerrit", username)
return False
def add_key(pubkey, username):
log.debug("Adding pubkey %s to user %s", pubkey, username)
url = "%s/a/accounts/%s/sshkeys/" % (args.base, username)
if not args.dryrun:
r = requests.post(url, data=pubkey.encode("utf-8"),
auth=requests.auth.HTTPDigestAuth(args.username,
args.password),
verify=verify_ssl)
if r.status_code == 201:
return True
return False
log.debug("Not actually doing it because --dryrun")
return True
def del_key(username, key_id):
log.debug("Deleting key %s by id from user %s", key_id, username)
url = "%s/a/accounts/%s/sshkeys/%i" % (args.base, username, key_id)
if not args.dryrun:
r = requests.delete(url,
auth=requests.auth.HTTPDigestAuth(args.username,
args.password),
verify=verify_ssl)
if r.status_code == 204:
return True
return False
log.debug("Not actually doing it because --dryrun")
return True
def keysets_to_list(keysets):
list = []
for key in keysets:
list.append(unicode(key[1]))
return list
# start loop here
result = linaro_ldap.get_users_and_keys(only_validated=True)
for user, keysets in result.iteritems():
gerritkeys = list_keys(user)
if gerritkeys == False:
continue
simplegerritkeys = gerritkeys.values()
simpleldapkeys = keysets_to_list(keysets)
log.debug("Gerrit keys: %s", simplegerritkeys)
log.debug("LDAP keys: %s", simpleldapkeys)
keys_to_add = set(simpleldapkeys) - set(simplegerritkeys)
keys_to_remove = set(simplegerritkeys) - set(simpleldapkeys)
log.info("Adding %i, removing %i", len(keys_to_add), len(keys_to_remove))
for key in keys_to_add:
add_key(key, user)
for key in keys_to_remove:
for id, searchkey in gerritkeys.iteritems():
if key == searchkey:
log.debug("Deleting pubkey %s from user %s", key, user)
del_key(user, id)
|