1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
#!/usr/bin/python
import linaro_ldap
from phabricator import Phabricator
import json
PHAB_TOKEN = 'api-gpwwrvgqz4qdrzhkbhcazdltwcyp'
PHAB_GROUPS_PARENT = "Groups"
PHAB_USERS = {}
PHAB_LOCAL_USERS = ["systemsadmin","phabbot"]
phab_groups_tbl = {}
def get_phab_top_level_group_id(phab, name):
phab_query = phab.project.search(constraints={'name': name})
return phab_query["data"][0]["phid"]
def get_user(phab,phid):
user_query = phab.user.search(constraints={'phids': [phid]})
return user_query["data"][0]["fields"]["username"]
def get_user_phid(phab,username):
if not PHAB_USERS.has_key(username):
user_query = phab.user.search(constraints={'usernames':[username]})
#print user_query["data"][0]
PHAB_USERS[username] = user_query["data"][0]["phid"]
return PHAB_USERS[username]
def get_groups_and_users(phab,top_group):
phab_query = phab.project.search(constraints={'parents': [top_group]}, attachments={"members":"true"})
return phab_query["data"]
def get_group_phid(phab, top_group, name):
phab_query = phab.project.search(constraints={'parents': [top_group], 'name': name})
return phab_query["data"][0]["fields"]["phid"]
def create_group(phab, parent, group_name):
print "phabbot phid: %s" % PHAB_USERS["phabbot"]
tlist = [
{ "type": "name", "value": group_name },
{ "type": "parent", "value": parent },
{ "type": "join", "value": "no-one" },
{ "type": "edit", "value": "users" },
{ "type": "members.set", "value": [PHAB_USERS["systemsadmin"], PHAB_USERS["phabbot"]]},
{ "type": "view", "value": "users" },
{ "type": "icon", "value": "group" },
]
return( phab.project.edit( transactions = tlist ) )
ldap_groups = linaro_ldap.get_groups_and_users()
#for g in groups:
# print g
# print "Members: %s" % groups[g]
phab = Phabricator(host="https://staging-bugs.linaro.org/api/", token=PHAB_TOKEN)
#preload the PHAB_USER table with system accounts
for x in PHAB_LOCAL_USERS:
print get_user_phid(phab,x)
groups_project_id = get_phab_top_level_group_id(phab, PHAB_GROUPS_PARENT)
groups = get_groups_and_users(phab, groups_project_id)
for pgroup in groups:
group_name = pgroup["fields"]["name"]
if not phab_groups_tbl.has_key( group_name ):
phab_groups_tbl[group_name] = []
for phid_entry in pgroup["attachments"]["members"]["members"]:
phid = phid_entry["phid"]
username = get_user(phab, phid)
# create a lookup table for ldap lookups
if not PHAB_USERS.has_key( phid ):
PHAB_USERS[phid] = username
if username not in phab_groups_tbl[group_name] and username not in PHAB_LOCAL_USERS:
phab_groups_tbl[group_name].append( username )
#for g in phab_groups_tbl.keys():
# print "%s: " % g,
# for u in phab_groups_tbl[g]:
# print "%s " % u,
# print
groups_add_to_phab = []
groups_remove_from_phab = []
for x in ldap_groups:
# check for new group
if not phab_groups_tbl.has_key(x):
print "add group to phab: %s" % x
try:
rv = create_group(phab, groups_project_id, x)
print rv
except Exception e:
print e
for y in ldap_groups[x]:
print " - add user %s to %s" % (y,x)
else:
# check for new users in ldap group
for y in ldap_groups[x]:
if y not in phab_groups_tbl[x]:
print "- useradd %s to %s" % (y,x)
# check for removed users in ldap group
for y in phab_groups_tbl[x]:
if y not in PHAB_LOCAL_USERS and y not in ldap_groups[x]:
print "- userdel %s from %s" % (y,x)
# lastly check for groups removed from ldap
for x in phab_groups_tbl.keys():
if x not in ldap_groups:
print "del group from phab: %s" % x
|