[sysadmin-bin] Parse projects DOAP files looking for maintainers and add their master Gitlab access accordingly, th
- From: Andrea Veri <av src gnome org>
- To: gnome-sysadmin gnome org,commits-list gnome org
- Subject: [sysadmin-bin] Parse projects DOAP files looking for maintainers and add their master Gitlab access accordingly, th
- Date: Wed, 8 Nov 2017 16:55:42 +0000 (UTC)
commit 7a487871055b0f6f375d843630ccaf40721fb1d0
Author: Andrea Veri <averi redhat com>
Date: Wed Nov 8 17:55:10 2017 +0100
Parse projects DOAP files looking for maintainers and add their master Gitlab access accordingly, the
opposite is also true, not being present on a DOAP file means your access is dropped and inherited from the
GNOME group, this happen for non-master access too to avoid duplicate permissions. Minor cleanups.
gitlab/gitlab-operations.py | 89 ++++++++++++++++++++++++++++++++++++++++---
1 files changed, 83 insertions(+), 6 deletions(-)
---
diff --git a/gitlab/gitlab-operations.py b/gitlab/gitlab-operations.py
index fa4dd6f..2cdd675 100755
--- a/gitlab/gitlab-operations.py
+++ b/gitlab/gitlab-operations.py
@@ -4,33 +4,41 @@ import sys
import gitlab
sys.path.append('/home/admin/bin')
-from gnome_ldap_utils import *
+sys.path.append('/home/admin/bin/git')
+import gnome_ldap_utils
+import semi_rdf
+
+from xml.sax import SAXParseException
execfile('/home/admin/secret/freeipa')
-glu = Gnome_ldap_utils(LDAP_GROUP_BASE, LDAP_HOST, LDAP_USER_BASE, 'cn=Directory Manager', ldap_password)
+glu = gnome_ldap_utils.Gnome_ldap_utils(LDAP_GROUP_BASE, LDAP_HOST, LDAP_USER_BASE, 'cn=Directory Manager',
ldap_password)
gl = gitlab.Gitlab('https://gitlab.gnome.org', GITLAB_PRIVATE_TOKEN, api_version=4)
+DOAP = "http://usefulinc.com/ns/doap#";
+GNOME = "http://api.gnome.org/doap-extensions#";
+
ldapusers = gl.users.list(all=True)
ldapusers_dict = {}
gnomecvs_members = glu.get_uids_from_group('gnomecvs')
group = gl.groups.get(8)
gnomeusers = group.members.list(all=True)
gnomeusers_dict = {}
+projects = group.projects.list()
for user in ldapusers:
for index, _ in enumerate(user.attributes['identities']):
if user.attributes['identities'][index]['provider'] == 'ldapmain':
- ldapusers_dict[user.attributes['id']] =
user.attributes['identities'][index]['extern_uid'].split(',')[0].replace('uid=', '')
+ ldapusers_dict[user.attributes['identities'][index]['extern_uid'].split(',')[0].replace('uid=',
'')] = user.attributes['id']
for person in gnomeusers:
# Slower but needed as group.member.get(id) does not return all the attributes we need
user = gl.users.get(person.attributes['id'])
for index, _ in enumerate(user.attributes['identities']):
if user.attributes['identities'][index]['provider'] == 'ldapmain':
- gnomeusers_dict[user.attributes['id']] =
user.attributes['identities'][index]['extern_uid'].split(',')[0].replace('uid=', '')
+ gnomeusers_dict[user.attributes['identities'][index]['extern_uid'].split(',')[0].replace('uid=',
'')] = user.attributes['id']
-for id, username in ldapusers_dict.iteritems():
+for username, id in ldapusers_dict.iteritems():
ssh_key = glu.get_attributes_from_ldap(username, 'ipaSshPubKey')
user = gl.users.get(id)
try:
@@ -55,7 +63,7 @@ for id, username in ldapusers_dict.iteritems():
if e.response_code == 409:
pass
-for id, username in gnomeusers_dict.iteritems():
+for username, id in gnomeusers_dict.iteritems():
if username not in gnomecvs_members:
# Hardcode the list of GNOME group owners here
if username in ('root', 'csoriano'):
@@ -64,3 +72,72 @@ for id, username in gnomeusers_dict.iteritems():
group.members.delete(id)
print 'Username with id %i has been removed from the GNOME group' % id
+
+maints = dict()
+for project in projects:
+ project_name = project.attributes['name']
+ uids = []
+
+ try:
+ nodes = semi_rdf.read_rdf('https://gitlab.gnome.org/GNOME/%s/raw/master/%s.doap' % (project_name,
project_name))
+ except SAXParseException:
+ nodes = ''
+
+ for node in nodes:
+ if node.name != (DOAP, "Project"):
+ continue
+
+ for maint in node.find_properties((DOAP, u'maintainer')):
+ if not isinstance(maint, semi_rdf.Node):
+ continue
+
+ uid = maint.find_property((GNOME, u'userid'))
+ if not isinstance(uid, basestring):
+ continue
+
+ uid = str(uid)
+ uids.append(uid)
+
+ maints[project_name] = uids
+
+for project in maints:
+ proj = gl.projects.get('GNOME/%s' % project)
+ for user in maints[project]:
+ if user in gnomeusers_dict:
+ userid = gnomeusers_dict[user]
+ try:
+ proj.members.create({'user_id': userid, 'access_level':
+ gitlab.MASTER_ACCESS})
+
+ print 'Landed master level access to %s against repository %s' % (user, project)
+ except gitlab.exceptions.GitlabCreateError as e:
+ if e.response_code == 409:
+ member = proj.members.get(userid)
+ if member.attributes['access_level'] != 40:
+ proj.members.delete(userid)
+ proj.members.create({'user_id': userid, 'access_level':
+ gitlab.MASTER_ACCESS})
+
+ print 'Landed master level access to %s against repository %s' % (user, project)
+
+ members = proj.members.list()
+ members_dict = {}
+
+ for member in members:
+ user = gl.users.get(member.attributes['id'])
+
+ for index, _ in enumerate(user.attributes['identities']):
+ if user.attributes['identities'][index]['provider'] == 'ldapmain':
+
members_dict[user.attributes['identities'][index]['extern_uid'].split(',')[0].replace('uid=', '')] =
user.attributes['id']
+
+ for member in members_dict:
+ if member not in maints[project]:
+ _member = proj.members.get(members_dict[member])
+ if _member.attributes['access_level'] == 40:
+ proj.members.delete(members_dict[member])
+
+ print 'Dropped master level access to %s against repository %s as maintainer entry is
missing on the DOAP file' % (member, project)
+ else:
+ proj.members.delete(members_dict[member])
+
+ print 'Dropped level access %s, this means user %s was added manually on project %s, that is
not necessary as permissions are inherited from the GNOME group by default' %
(member.attributes['access_level'], member, project)
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
