1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
#!/usr/bin/python
import argparse
import linaro_ldap
import linaro_gerrit
import logging
parser = argparse.ArgumentParser(
description='Update Gerrit users SSH keys from LDAP')
linaro_gerrit.add_gerrit_args(parser)
args = parser.parse_args()
linaro_gerrit.apply_gerrit_conf(args)
logging.basicConfig()
log = logging.getLogger("update-gerrit-keys")
log.setLevel(getattr(logging, args.loglevel.upper()))
gerrit = linaro_gerrit.LinaroGerrit(args.base, args.username, args.password,
args.noverify, args.loglevel, args.dryrun)
# start loop here
result = linaro_ldap.get_users_and_keys(only_validated=True)
for user, keysets in result.iteritems():
if user == 'buildslave':
log.debug('skipping buildslave (Gerrit thinks its tcwg-buildslave)')
continue
gerritkeys = gerrit.list_keys(user)
if gerritkeys is False:
continue
simplegerritkeys = gerritkeys.values()
simpleldapkeys = gerrit.keysets_to_list(keysets)
log.debug("Gerrit keys: %s", simplegerritkeys)
log.debug("LDAP keys: %s", simpleldapkeys)
keys_to_add = set(simpleldapkeys) - set(simplegerritkeys)
keys_to_remove = set(simplegerritkeys) - set(simpleldapkeys)
log.info("Adding %i, removing %i", len(keys_to_add),
len(keys_to_remove))
for key in keys_to_add:
gerrit.add_key(key, user)
for key in keys_to_remove:
for id, searchkey in gerritkeys.iteritems():
if key == searchkey:
log.debug("Deleting pubkey %s from user %s", key, user)
gerrit.del_key(user, id)
|