aboutsummaryrefslogtreecommitdiff
path: root/update-gerrit-keys.py
blob: 227c59696f2b6cd024a157cd561edf4442c90781 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

#!/usr/bin/python

import argparse
import json
import linaro_ldap

import requests

parser = argparse.ArgumentParser(
    description='Update Gerrit users SSH keys from LDAP')
parser.add_argument('--username', help="Gerrit HTTP API Username")
parser.add_argument('--password', help="Gerrit HTTP API Password")
parser.add_argument('--base', help="Gerrit BASE URL ("
                                   "https://review.linaro.org)")
parser.add_argument('--noverify', action="store_true",
                    help="Enable SSL certificate verficiation")
args = parser.parse_args()
verify_ssl = True
if args.noverify:
    verify_ssl = False


def strip_gerrit_junk(string):
    # https://gerrit-review.googlesource.com/Documentation/rest-api.html#output
    return '\n'.join(string.split('\n')[1:])


def list_keys(username):
    url = "%s/a/accounts/%s/sshkeys/" % (args.base, username)
    r = requests.get(url,
                     auth=requests.auth.HTTPDigestAuth(args.username,
                                                       args.password),
                     verify=verify_ssl)
    keydict = {}
    if r.status_code == 200:
        try:
            a = json.loads(strip_gerrit_junk(r.content))
            for data in a:
                keydict[data["seq"]] = data["ssh_public_key"]
            return keydict
        except ValueError as e:
            print e
            return False
    else:
        return False


def add_key(pubkey, username):
    url = "%s/a/accounts/%s/sshkeys/" % (args.base, username)
    r = requests.post(url, data=pubkey.encode("utf-8"),
                      auth=requests.auth.HTTPDigestAuth(args.username,
                                                        args.password),
                      verify=verify_ssl)
    if r.status_code == 201:
        return True
    return False


def del_key(username, key_id):
    url = "%s/a/accounts/%s/sshkeys/%i" % (args.base, username, key_id)
    r = requests.delete(url,
                        auth=requests.auth.HTTPDigestAuth(args.username,
                                                          args.password),
                        verify=verify_ssl)
    if r.status_code == 204:
        return True
    return False


def keysets_to_list(keysets):
    list = []
    for key in keysets:
        list.append(unicode(key[1]))
    return list

# start loop here
result = linaro_ldap.get_users_and_keys(only_validated=True)

for user, keysets in result.iteritems():
    gerritkeys = list_keys(user)
    simplegerritkeys = gerritkeys.values()
    simpleldapkeys = keysets_to_list(keysets)
    keys_to_add = set(simpleldapkeys) - set(simplegerritkeys)
    keys_to_remove = set(simplegerritkeys) - set(simpleldapkeys)
    for key in keys_to_add:
        add_key(key, user)
    for key in keys_to_remove:
        for id, searchkey in gerritkeys.iteritems():
            if key == searchkey:
                del_key(user, id)
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-26 11:11:30 +0000