diff options
Diffstat (limited to 'linaro_metrics/sync_teams.py')
-rwxr-xr-x | linaro_metrics/sync_teams.py | 128 |
1 files changed, 64 insertions, 64 deletions
diff --git a/linaro_metrics/sync_teams.py b/linaro_metrics/sync_teams.py index 76eaa97..5ab074e 100755 --- a/linaro_metrics/sync_teams.py +++ b/linaro_metrics/sync_teams.py @@ -1,87 +1,87 @@ -#!/usr/bin/env python +#!/usr/bin/python3 import os import sys sys.path.append(os.path.join(os.path.dirname(__file__), '..')) +sys.path.append('/srv/linaro-git-tools') from bin import django_setup, add_logging_arguments django_setup() # must be called to get sys.path and django settings in place import logging -from django.conf import settings from django.contrib.auth.models import User -from patchwork.models import Person -from linaro_metrics.crowd import Crowd +from linaro_ldap import do_complex_query, do_query from linaro_metrics.models import Team, TeamMembership log = logging.getLogger('sync_teams') - -def get_or_create_person(crowd, email, save_person=True): - name = None - try: - person = Person.objects.get(email__iexact=email) - except Person.DoesNotExist: - # use crowd to get the "display-name" for the user - name = crowd.get_user_no_cache(email)['display-name'] - log.info('Creating person %s(%s)', name, email) - person = Person(name=name, email=email) - if save_person: - person.save() - - if not person.user: - users = User.objects.filter(person__email=email) - if users.count() == 0: - if not name: - name = crowd.get_user_no_cache(email)['display-name'] - users = User.objects.filter(username=name) - if users.count() == 0: - log.info('Creating user for %s', email) - user = User.objects.create_user(name, email, password=None) - else: - user = users[0] - person.user = user - if save_person: - person.save() - - return person - - -def sync_team(crowd, team, emails, user_memberships): - for email in emails: - user = get_or_create_person(crowd, email).user - user_memberships.setdefault(user, []).append(team) - _, created = TeamMembership.objects.get_or_create(team=team, user=user) - if created: - log.info('New team membership created for: %s', email) - - -def sync_crowd(crowd, teams): - user_memberships = {} - for team in teams: - emails = crowd.get_group(team.name) - log.info('syncing team: %s - (%s)', team, emails) - sync_team(crowd, team, emails, user_memberships) - if len(emails) == 0: - log.warn('empty group definition in crowd for: %s', team) - - for user in User.objects.all(): - memberships = user_memberships.get(user, []) - for tm in TeamMembership.objects.filter(user=user): - if tm.team not in memberships: - log.warn('Deleting %s\'s membership in %s', - user.email, tm.team.name) - tm.delete() +DRY_RUN = False + + +def get_email_by_uid(uid): + ldap_user_entry = do_query('uid', uid, ['mail']) + return(ldap_user_entry[0][1]['mail'][0]) + + +def sync_teams(teams): + + for t in teams: + ldap_results = do_complex_query( + search_filter='(&(objectClass=posixGroup)(cn=%s))' % t.name, + attrlist=['memberUid', 'mail'], + base='ou=security,ou=groups,dc=linaro,dc=org' + ) + + try: + uids_ldap = ldap_results[0][1]['memberUid'] + except KeyError as e: + print("Exception: '%s' for %s" % (e, ldap_results[0][0])) + continue + except IndexError as e: + print("Exception: %s" % e) + sys.exit(1) + + ldap_users = [get_email_by_uid(x) for x in uids_ldap] + memberships = TeamMembership.objects.filter(team=t) + + # look for new Users and add + for ldap_user in ldap_users: + # user should already exist as the sync_users script + # should have been run first + user = User.objects.filter(username=ldap_user).first() + if user is None: + continue + membership = \ + TeamMembership.objects.filter(team=t, user=user).first() + if membership is None: + print("Adding '%s' to team '%s'" % (user.username, t.name)) + if not DRY_RUN: + m = TeamMembership() + m.user = user + m.team = t + m.save() + + # look for Users to remove + for m in memberships: + if m.user.username not in ldap_users: + print("Removing '%s' from team '%s'" % ( + m.user.username, t.name)) + if not DRY_RUN: + m.delete() if __name__ == '__main__': import argparse parser = argparse.ArgumentParser( - description='Synchronize team memberships with info from crowd') + description='Synchronize team memberships with info from LDAP') add_logging_arguments(parser) - parser.parse_args() + parser.add_argument("--dry-run", "-n", action='store_true', + dest='DRY_RUN', default=False, + help="Run the script but do not execute any changes") + args = parser.parse_args() + + DRY_RUN = args.DRY_RUN - crowd = Crowd(settings.CROWD_USER, settings.CROWD_PASS, settings.CROWD_URL) - sync_crowd(crowd, Team.objects.filter(active=True)) + sync_teams(Team.objects.filter(active=True)) |