1 files changed, 64 insertions, 64 deletions

diff --git a/linaro_metrics/sync_teams.py b/linaro_metrics/sync_teams.py
index 76eaa97..5ab074e 100755
--- a/linaro_metrics/sync_teams.py
+++ b/linaro_metrics/sync_teams.py
@@ -1,87 +1,87 @@
-#!/usr/bin/env python
+#!/usr/bin/python3
 import os
 import sys
 
 sys.path.append(os.path.join(os.path.dirname(__file__), '..'))
+sys.path.append('/srv/linaro-git-tools')
 from bin import django_setup, add_logging_arguments
 django_setup()  # must be called to get sys.path and django settings in place
 
 import logging
 
-from django.conf import settings
 from django.contrib.auth.models import User
-from patchwork.models import Person
 
-from linaro_metrics.crowd import Crowd
+from linaro_ldap import do_complex_query, do_query
 from linaro_metrics.models import Team, TeamMembership
 
 log = logging.getLogger('sync_teams')
 
-
-def get_or_create_person(crowd, email, save_person=True):
-    name = None
-    try:
-        person = Person.objects.get(email__iexact=email)
-    except Person.DoesNotExist:
-        # use crowd to get the "display-name" for the user
-        name = crowd.get_user_no_cache(email)['display-name']
-        log.info('Creating person %s(%s)', name, email)
-        person = Person(name=name, email=email)
-        if save_person:
-            person.save()
-
-    if not person.user:
-        users = User.objects.filter(person__email=email)
-        if users.count() == 0:
-            if not name:
-                name = crowd.get_user_no_cache(email)['display-name']
-            users = User.objects.filter(username=name)
-        if users.count() == 0:
-            log.info('Creating user for %s', email)
-            user = User.objects.create_user(name, email, password=None)
-        else:
-            user = users[0]
-        person.user = user
-        if save_person:
-            person.save()
-
-    return person
-
-
-def sync_team(crowd, team, emails, user_memberships):
-    for email in emails:
-        user = get_or_create_person(crowd, email).user
-        user_memberships.setdefault(user, []).append(team)
-        _, created = TeamMembership.objects.get_or_create(team=team, user=user)
-        if created:
-            log.info('New team membership created for: %s', email)
-
-
-def sync_crowd(crowd, teams):
-    user_memberships = {}
-    for team in teams:
-        emails = crowd.get_group(team.name)
-        log.info('syncing team: %s - (%s)', team, emails)
-        sync_team(crowd, team, emails, user_memberships)
-        if len(emails) == 0:
-            log.warn('empty group definition in crowd for: %s', team)
-
-    for user in User.objects.all():
-        memberships = user_memberships.get(user, [])
-        for tm in TeamMembership.objects.filter(user=user):
-            if tm.team not in memberships:
-                log.warn('Deleting %s\'s membership in %s',
-                         user.email, tm.team.name)
-                tm.delete()
+DRY_RUN = False
+
+
+def get_email_by_uid(uid):
+    ldap_user_entry = do_query('uid', uid, ['mail'])
+    return(ldap_user_entry[0][1]['mail'][0])
+
+
+def sync_teams(teams):
+
+    for t in teams:
+        ldap_results = do_complex_query(
+            search_filter='(&(objectClass=posixGroup)(cn=%s))' % t.name,
+            attrlist=['memberUid', 'mail'],
+            base='ou=security,ou=groups,dc=linaro,dc=org'
+        )
+
+        try:
+            uids_ldap = ldap_results[0][1]['memberUid']
+        except KeyError as e:
+            print("Exception: '%s' for %s" % (e, ldap_results[0][0]))
+            continue
+        except IndexError as e:
+            print("Exception: %s" % e)
+            sys.exit(1)
+
+        ldap_users = [get_email_by_uid(x) for x in uids_ldap]
+        memberships = TeamMembership.objects.filter(team=t)
+
+        # look for new Users and add
+        for ldap_user in ldap_users:
+            # user should already exist as the sync_users script
+            # should have been run first
+            user = User.objects.filter(username=ldap_user).first()
+            if user is None:
+                continue
+            membership = \
+                TeamMembership.objects.filter(team=t, user=user).first()
+            if membership is None:
+                print("Adding '%s' to team '%s'" % (user.username, t.name))
+                if not DRY_RUN:
+                    m = TeamMembership()
+                    m.user = user
+                    m.team = t
+                    m.save()
+
+        # look for Users to remove
+        for m in memberships:
+            if m.user.username not in ldap_users:
+                print("Removing '%s' from team '%s'" % (
+                    m.user.username, t.name))
+                if not DRY_RUN:
+                    m.delete()
 
 
 if __name__ == '__main__':
     import argparse
 
     parser = argparse.ArgumentParser(
-        description='Synchronize team memberships with info from crowd')
+        description='Synchronize team memberships with info from LDAP')
     add_logging_arguments(parser)
-    parser.parse_args()
+    parser.add_argument("--dry-run", "-n", action='store_true',
+                        dest='DRY_RUN', default=False,
+                        help="Run the script but do not execute any changes")
+    args = parser.parse_args()
+
+    DRY_RUN = args.DRY_RUN
 
-    crowd = Crowd(settings.CROWD_USER, settings.CROWD_PASS, settings.CROWD_URL)
-    sync_crowd(crowd, Team.objects.filter(active=True))
+    sync_teams(Team.objects.filter(active=True))