[sysadmin-bin] Keep the GNOME group in sync with gnomecvs. Whenever an user logs in using the LDAP auth backend the

[Andrea Veri <av src gnome org>]

commit 30a5cb007464d1fc1ddb77a026f242755fdd37c6
Author: Andrea Veri <averi redhat com>
Date:   Fri Nov 3 18:11:55 2017 +0100

    Keep the GNOME group in sync with gnomecvs. Whenever an user logs in using the LDAP auth backend the 
script looks up the gnomecvs membership and grants access to the aforementioned group accordingly. The same 
happens during the cleanup phase, not being part of gnomecvs anymore means you should not be part of the 
GNOME group in Gitlab

 gitlab/gitlab-operations.py |   42 +++++++++++++++++++++++++++++++++++++++---
 1 files changed, 39 insertions(+), 3 deletions(-)
---
diff --git a/gitlab/gitlab-operations.py b/gitlab/gitlab-operations.py
index e578020..fa4dd6f 100755
--- a/gitlab/gitlab-operations.py
+++ b/gitlab/gitlab-operations.py
@@ -13,18 +13,54 @@ gl = gitlab.Gitlab('https://gitlab.gnome.org', GITLAB_PRIVATE_TOKEN, api_version
 
 ldapusers = gl.users.list(all=True)
 ldapusers_dict = {}
+gnomecvs_members = glu.get_uids_from_group('gnomecvs')
+group = gl.groups.get(8)
+gnomeusers = group.members.list(all=True)
+gnomeusers_dict = {}
 
 for user in ldapusers:
     for index, _ in enumerate(user.attributes['identities']):
         if user.attributes['identities'][index]['provider'] == 'ldapmain':
             ldapusers_dict[user.attributes['id']] = 
user.attributes['identities'][index]['extern_uid'].split(',')[0].replace('uid=', '')
 
+for person in gnomeusers:
+    # Slower but needed as group.member.get(id) does not return all the attributes we need
+    user = gl.users.get(person.attributes['id'])
+    for index, _ in enumerate(user.attributes['identities']):
+        if user.attributes['identities'][index]['provider'] == 'ldapmain':
+            gnomeusers_dict[user.attributes['id']] = 
user.attributes['identities'][index]['extern_uid'].split(',')[0].replace('uid=', '')
+
 for id, username in ldapusers_dict.iteritems():
     ssh_key = glu.get_attributes_from_ldap(username, 'ipaSshPubKey')
     user = gl.users.get(id)
     try:
         user.keys.create({'title': 'Imported from account.gnome.org', 'key': ssh_key})
-        
+
         print 'Key for username with id %i has been added' % id
-    except gitlab.exceptions.GitlabCreateError:
-        pass
+    except gitlab.exceptions.GitlabCreateError as e:
+        if e.response_code == 400:
+           pass
+
+    try:
+        # An else statement would be ideal here in terms of performances but
+        # not all the users that logged in into Gitlab using the LDAP auth
+        # backend are part of the gnomecvs group while the opposite is always true
+        # as gnomecvs is effectively an LDAP POSIX group.
+        if username in gnomecvs_members:
+            group.members.create({'user_id': id,
+                                  'access_level': gitlab.DEVELOPER_ACCESS})
+
+            print 'Username with id %i has been added to the GNOME group' % id
+    except gitlab.exceptions.GitlabCreateError as e:
+       if e.response_code == 409:
+           pass
+
+for id, username in gnomeusers_dict.iteritems():
+    if username not in gnomecvs_members:
+        # Hardcode the list of GNOME group owners here
+        if username in ('root', 'csoriano'):
+            pass
+        else:
+            group.members.delete(id)
+
+            print 'Username with id %i has been removed from the GNOME group' % id