1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
#!/usr/bin/python
import argparse
import json
import linaro_ldap
import requests
parser = argparse.ArgumentParser(
description='Update Gerrit users SSH keys from LDAP')
parser.add_argument('--username', help="Gerrit HTTP API Username")
parser.add_argument('--password', help="Gerrit HTTP API Password")
parser.add_argument('--base', help="Gerrit BASE URL ("
"https://review.linaro.org)")
parser.add_argument('--noverify', action="store_true",
help="Enable SSL certificate verficiation")
args = parser.parse_args()
verify_ssl = True
if args.noverify:
verify_ssl = False
def strip_gerrit_junk(string):
# https://gerrit-review.googlesource.com/Documentation/rest-api.html#output
return '\n'.join(string.split('\n')[1:])
def list_keys(username):
url = "%s/a/accounts/%s/sshkeys/" % (args.base, username)
r = requests.get(url,
auth=requests.auth.HTTPDigestAuth(args.username,
args.password),
verify=verify_ssl)
keydict = {}
if r.status_code == 200:
try:
a = json.loads(strip_gerrit_junk(r.content))
for data in a:
keydict[data["seq"]] = data["ssh_public_key"]
return keydict
except ValueError as e:
print e
return False
else:
return False
def add_key(pubkey, username):
url = "%s/a/accounts/%s/sshkeys/" % (args.base, username)
r = requests.post(url, data=pubkey.encode("utf-8"),
auth=requests.auth.HTTPDigestAuth(args.username,
args.password),
verify=verify_ssl)
if r.status_code == 201:
return True
return False
def del_key(username, key_id):
url = "%s/a/accounts/%s/sshkeys/%i" % (args.base, username, key_id)
r = requests.delete(url,
auth=requests.auth.HTTPDigestAuth(args.username,
args.password),
verify=verify_ssl)
if r.status_code == 204:
return True
return False
def keysets_to_list(keysets):
list = []
for key in keysets:
list.append(unicode(key[1]))
return list
# start loop here
result = linaro_ldap.get_users_and_keys(only_validated=True)
for user, keysets in result.iteritems():
gerritkeys = list_keys(user)
simplegerritkeys = gerritkeys.values()
simpleldapkeys = keysets_to_list(keysets)
keys_to_add = set(simpleldapkeys) - set(simplegerritkeys)
keys_to_remove = set(simplegerritkeys) - set(simpleldapkeys)
for key in keys_to_add:
add_key(key, user)
for key in keys_to_remove:
for id, searchkey in gerritkeys.iteritems():
if key == searchkey:
del_key(user, id)
|