[sysadmin-bin] Land a Gitlab sync SSH keys script with corresponding classes it uses, the script will sync SSH keys
- From: Andrea Veri <av src gnome org>
- To: gnome-sysadmin gnome org,commits-list gnome org
- Subject: [sysadmin-bin] Land a Gitlab sync SSH keys script with corresponding classes it uses, the script will sync SSH keys
- Date: Thu, 12 Oct 2017 13:26:51 +0000 (UTC)
commit cb8caa068f59e23a2659dc266e16239161261cb8
Author: Andrea Veri <averi redhat com>
Date: Thu Oct 12 15:26:17 2017 +0200
Land a Gitlab sync SSH keys script with corresponding classes it uses, the script will sync SSH keys
between account.gnome.org and Gitlab ONLY for LDAP users
gitlab/gitlab.py | 91 +++++++++++++++++++++++++++++++++++++++++++++++
gitlab/sync-ssh-keys.py | 19 ++++++++++
gnome_ldap_utils.py | 56 +++++++++++++++++++++++++++++
3 files changed, 166 insertions(+), 0 deletions(-)
---
diff --git a/gitlab/gitlab.py b/gitlab/gitlab.py
new file mode 100755
index 0000000..94c78f9
--- /dev/null
+++ b/gitlab/gitlab.py
@@ -0,0 +1,91 @@
+#!/usr/bin/python
+
+class Gitlab:
+ def __init__(self, api_url, api_token, api_version=4):
+ import sys
+
+ self.api_url = api_url
+ self.api_token = api_token
+ self.headers = {'PRIVATE-TOKEN': self.api_token}
+
+ if api_version == 4:
+ self.api_url = 'https://%s/api/v4' % self.api_url
+ elif api_version == 3:
+ self.api_url = 'https://%s/api/v3' % self.api_url
+ else:
+ print 'api_version is either 4 or 3'
+ sys.exit(1)
+
+ def list_ldap_users(self, api_call='users?per_page=200', users={}):
+ import urllib2
+ import json
+
+ self.api_call = api_call
+
+ url = '%s/%s' % (self.api_url, self.api_call)
+ req = urllib2.Request(url, headers=self.headers)
+
+ response = urllib2.urlopen(req)
+ data = json.load(response)
+
+ the_page = response.info().getheader('link')
+ next_url = the_page.split(';')[0].replace('<','').replace('>','')
+ is_last = the_page.split(';')[1].split(',')[0].replace('rel=','').replace('"','').replace(' ','')
+
+ if is_last != 'next':
+ is_last = the_page.split(';')[2].split(',')[0].replace('rel=','').replace('"','').replace('
','')
+ next_url = the_page.split(';')[1].split(',')[1].replace('<','').replace('>','').replace(' ', '')
+
+ for user in data:
+ try:
+ if user['identities'][0]['provider'] == 'ldapmain':
+ users[user['id']] = user['identities'][0]['extern_uid'].split(',')[0].replace('uid=', '')
+ except IndexError:
+ continue
+
+ if is_last == 'next':
+ url = next_url
+ url = url.strip(self.api_url)
+
+ self.list_ldap_users(url)
+
+ return users
+
+ def add_ssh_keys(self, ssh_key, user_id):
+ import urllib2
+ import json
+
+ title = 'Imported from account.gnome.org'
+ ssh_key_dump = json.dumps({'id': user_id, 'key': ssh_key, 'title': title })
+ self.headers['Content-Type'] = 'application/json'
+ url = self.api_url + '/users/%i/keys' % user_id
+
+ req = urllib2.Request(url, ssh_key_dump, headers=self.headers)
+
+ try:
+ response = urllib2.urlopen(req)
+ except urllib2.HTTPError:
+ print 'Key for username with id %i is registered already' % (user_id)
+
+ def list_group_members(self, group, members=[]):
+ import urllib2
+ import json
+
+ url = self.api_url + '/groups/%s/members' % group
+ req = urllib2.Request(url, headers=self.headers)
+ response = urllib2.urlopen(req)
+ data = json.load(response)
+
+ for member in data:
+ url = self.api_url + ('/users?username=%s' % member['username'])
+ req = urllib2.Request(url, headers=self.headers)
+ response = urllib2.urlopen(req)
+ f = json.load(response)
+
+ for user in f:
+ if user['username'] == 'root':
+ pass
+ else:
+ members.append(user['identities'][0]['extern_uid'].split(',')[0].replace('uid=', ''))
+
+ return members
diff --git a/gitlab/sync-ssh-keys.py b/gitlab/sync-ssh-keys.py
new file mode 100755
index 0000000..e10e7fb
--- /dev/null
+++ b/gitlab/sync-ssh-keys.py
@@ -0,0 +1,19 @@
+#!/usr/bin/python
+
+from gnome_ldap_utils import *
+from gitlab import *
+
+execfile('/home/admin/secret/freeipa')
+
+glu = Gnome_ldap_utils(LDAP_GROUP_BASE, LDAP_HOST, LDAP_USER_BASE, 'cn=Directory Manager', ldap_password)
+gitlab = Gitlab('gitlab.gnome.org', GITLAB_PRIVATE_TOKEN)
+
+gnomecvs_members = glu.get_uids_from_group('gnomecvs')
+
+for id, username in gitlab.list_ldap_users().iteritems():
+ ssh_key = glu.get_attributes_from_ldap(username, 'ipaSshPubKey')
+ gitlab.add_ssh_keys(ssh_key, id)
+
+#for username in gitlab.list_group_members('GNOME'):
+# if username not in gnomecvs_members:
+# print '%s is NOT part of the gnomecvs LDAP group' % username
diff --git a/gnome_ldap_utils.py b/gnome_ldap_utils.py
new file mode 100755
index 0000000..2ba3086
--- /dev/null
+++ b/gnome_ldap_utils.py
@@ -0,0 +1,56 @@
+#!/usr/bin/python
+
+class Gnome_ldap_utils:
+
+ def __init__(self, LDAP_GROUP_BASE, LDAP_HOST, LDAP_USER_BASE, LDAP_USER, LDAP_PASSWORD):
+ import ldap
+ import sys
+
+ self.LDAP_GROUP_BASE = LDAP_GROUP_BASE
+ self.LDAP_USER_BASE = LDAP_USER_BASE
+ self.LDAP_USER = LDAP_USER
+ self.LDAP_PASSWORD = LDAP_PASSWORD
+ self.LDAP_HOST = LDAP_HOST
+
+ try:
+ self.conn = ldap.open(self.LDAP_HOST)
+ self.conn.simple_bind(self.LDAP_USER, self.LDAP_PASSWORD)
+ except ldap.LDAPError, e:
+ print >>sys.stderr, e
+ sys.exit(1)
+
+
+ def get_group_from_ldap(self, group):
+ import ldap.filter
+
+ filter = ldap.filter.filter_format('(&(objectClass=posixGroup)(cn=%s))', (group, ))
+ results = self.conn.search_s(self.LDAP_GROUP_BASE, ldap.SCOPE_SUBTREE, filter, ('member', ))
+
+ members = set()
+
+ for _, attr in results:
+ for userid in attr['member']:
+ splitentry = userid.split(',')
+ singleentry = splitentry[0]
+ splitteduid = singleentry.split('=')
+ uid = splitteduid[1]
+
+ members.add(uid)
+
+ return members
+
+
+ def get_attributes_from_ldap(self, uid, attr):
+ filter = ldap.filter.filter_format('(uid=%s)', (uid, ))
+ results = self.conn.search_s(self.LDAP_USER_BASE, ldap.SCOPE_SUBTREE, filter, ('uid', attr, ))
+
+ if len(results) > 0:
+ return results[0][1][attr][0]
+ else:
+ return None
+
+
+ def get_uids_from_group(self, group):
+ people = self.get_group_from_ldap(group)
+
+ return people
\ No newline at end of file
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
