Mercurial > kallithea

annotate rhodecode/bin/ldap_sync.py @ 4147:1c8f818787b3 rhodecode-2.2.5-gpl

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
old style: show the full link box on summary page - no overlap or truncation
author Mads Kiilerich <madski@unity3d.com>
date Wed, 02 Jul 2014 19:03:23 -0400
parents ffd45b185016
children 7e5f8c12a3fc
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4116
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents: 3889
diff changeset
1 # -*- coding: utf-8 -*-
3556
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
2 # This program is free software: you can redistribute it and/or modify
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
3 # it under the terms of the GNU General Public License as published by
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
4 # the Free Software Foundation, either version 3 of the License, or
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
5 # (at your option) any later version.
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
6 #
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
7 # This program is distributed in the hope that it will be useful,
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
8 # but WITHOUT ANY WARRANTY; without even the implied warranty of
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
10 # GNU General Public License for more details.
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
11 #
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
12 # You should have received a copy of the GNU General Public License
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
13 # along with this program. If not, see <http://www.gnu.org/licenses/>.
4116
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents: 3889
diff changeset
14 """
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents: 3889
diff changeset
15 rhodecode.bin.__init__
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents: 3889
diff changeset
16 ~~~~~~~~~~~~~~~~~~~~~~
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents: 3889
diff changeset
17
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents: 3889
diff changeset
18 LDAP sync script
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents: 3889
diff changeset
19
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents: 3889
diff changeset
20 :created_on: Mar 06, 2013
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents: 3889
diff changeset
21 :author: marcink
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents: 3889
diff changeset
22 :copyright: (c) 2013 RhodeCode GmbH.
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents: 3889
diff changeset
23 :license: GPLv3, see LICENSE for more details.
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents: 3889
diff changeset
24 """
3556
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
25
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
26 import ldap
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
27 import urllib2
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
28 import uuid
3705
f37d7514e7ab always use json from compat module
Marcin Kuzminski <marcin@python-works.com>
parents: 3556
diff changeset
29
f37d7514e7ab always use json from compat module
Marcin Kuzminski <marcin@python-works.com>
parents: 3556
diff changeset
30 try:
f37d7514e7ab always use json from compat module
Marcin Kuzminski <marcin@python-works.com>
parents: 3556
diff changeset
31 from rhodecode.lib.compat import json
f37d7514e7ab always use json from compat module
Marcin Kuzminski <marcin@python-works.com>
parents: 3556
diff changeset
32 except ImportError:
f37d7514e7ab always use json from compat module
Marcin Kuzminski <marcin@python-works.com>
parents: 3556
diff changeset
33 try:
f37d7514e7ab always use json from compat module
Marcin Kuzminski <marcin@python-works.com>
parents: 3556
diff changeset
34 import simplejson as json
f37d7514e7ab always use json from compat module
Marcin Kuzminski <marcin@python-works.com>
parents: 3556
diff changeset
35 except ImportError:
f37d7514e7ab always use json from compat module
Marcin Kuzminski <marcin@python-works.com>
parents: 3556
diff changeset
36 import json
3556
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
37
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
38 from ConfigParser import ConfigParser
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
39
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
40 config = ConfigParser()
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
41 config.read('ldap_sync.conf')
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
42
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
43
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
44 class InvalidResponseIDError(Exception):
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
45 """ Request and response don't have the same UUID. """
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
46
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
47
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
48 class RhodecodeResponseError(Exception):
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
49 """ Response has an error, something went wrong with request execution. """
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
50
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
51
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
52 class UserAlreadyInGroupError(Exception):
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
53 """ User is already a member of the target group. """
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
54
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
55
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
56 class UserNotInGroupError(Exception):
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
57 """ User is not a member of the target group. """
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
58
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
59
4116
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents: 3889
diff changeset
60 class RhodecodeAPI(object):
3556
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
61
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
62 def __init__(self, url, key):
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
63 self.url = url
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
64 self.key = key
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
65
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
66 def get_api_data(self, uid, method, args):
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
67 """Prepare dict for API post."""
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
68 return {
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
69 "id": uid,
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
70 "api_key": self.key,
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
71 "method": method,
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
72 "args": args
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
73 }
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
74
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
75 def rhodecode_api_post(self, method, args):
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
76 """Send a generic API post to Rhodecode.
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
77
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
78 This will generate the UUID for validation check after the
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
79 response is returned. Handle errors and get the result back.
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
80 """
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
81 uid = str(uuid.uuid1())
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
82 data = self.get_api_data(uid, method, args)
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
83
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
84 data = json.dumps(data)
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
85 headers = {'content-type': 'text/plain'}
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
86 req = urllib2.Request(self.url, data, headers)
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
87
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
88 response = urllib2.urlopen(req)
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
89 response = json.load(response)
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
90
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
91 if uid != response["id"]:
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
92 raise InvalidResponseIDError("UUID does not match.")
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
93
3889
b84c83b651de replace equality comparision to None
Marcin Kuzminski <marcin@python-works.com>
parents: 3705
diff changeset
94 if response["error"] is not None:
3556
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
95 raise RhodecodeResponseError(response["error"])
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
96
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
97 return response["result"]
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
98
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
99 def create_group(self, name, active=True):
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
100 """Create the Rhodecode user group."""
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
101 args = {
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
102 "group_name": name,
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
103 "active": str(active)
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
104 }
4116
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents: 3889
diff changeset
105 self.rhodecode_api_post("create_user_group", args)
3556
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
106
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
107 def add_membership(self, group, username):
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
108 """Add specific user to a group."""
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
109 args = {
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
110 "usersgroupid": group,
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
111 "userid": username
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
112 }
4116
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents: 3889
diff changeset
113 result = self.rhodecode_api_post("add_user_to_user_group", args)
3556
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
114 if not result["success"]:
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
115 raise UserAlreadyInGroupError("User %s already in group %s." %
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
116 (username, group))
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
117
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
118 def remove_membership(self, group, username):
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
119 """Remove specific user from a group."""
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
120 args = {
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
121 "usersgroupid": group,
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
122 "userid": username
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
123 }
4116
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents: 3889
diff changeset
124 result = self.rhodecode_api_post("remove_user_from_user_group", args)
3556
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
125 if not result["success"]:
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
126 raise UserNotInGroupError("User %s not in group %s." %
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
127 (username, group))
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
128
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
129 def get_group_members(self, name):
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
130 """Get the list of member usernames from a user group."""
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
131 args = {"usersgroupid": name}
4116
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents: 3889
diff changeset
132 members = self.rhodecode_api_post("get_user_group", args)['members']
3556
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
133 member_list = []
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
134 for member in members:
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
135 member_list.append(member["username"])
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
136 return member_list
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
137
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
138 def get_group(self, name):
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
139 """Return group info."""
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
140 args = {"usersgroupid": name}
4116
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents: 3889
diff changeset
141 return self.rhodecode_api_post("get_user_group", args)
3556
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
142
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
143 def get_user(self, username):
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
144 """Return user info."""
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
145 args = {"userid": username}
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
146 return self.rhodecode_api_post("get_user", args)
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
147
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
148
4116
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents: 3889
diff changeset
149 class LdapClient(object):
3556
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
150
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
151 def __init__(self, uri, user, key, base_dn):
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
152 self.client = ldap.initialize(uri, trace_level=0)
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
153 self.client.set_option(ldap.OPT_REFERRALS, 0)
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
154 self.client.simple_bind(user, key)
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
155 self.base_dn = base_dn
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
156
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
157 def __del__(self):
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
158 self.client.unbind()
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
159
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
160 def get_groups(self):
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
161 """Get all the groups in form of dict {group_name: group_info,...}."""
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
162 searchFilter = "objectClass=groupOfUniqueNames"
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
163 result = self.client.search_s(self.base_dn, ldap.SCOPE_SUBTREE,
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
164 searchFilter)
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
165
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
166 groups = {}
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
167 for group in result:
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
168 groups[group[1]['cn'][0]] = group[1]
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
169
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
170 return groups
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
171
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
172 def get_group_users(self, groups, group):
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
173 """Returns all the users belonging to a single group.
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
174
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
175 Based on the list of groups and memberships, returns all the
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
176 users belonging to a single group, searching recursively.
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
177 """
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
178 users = []
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
179 for member in groups[group]["uniqueMember"]:
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
180 member = self.parse_member_string(member)
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
181 if member[0] == "uid":
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
182 users.append(member[1])
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
183 elif member[0] == "cn":
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
184 users += self.get_group_users(groups, member[1])
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
185
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
186 return users
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
187
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
188 def parse_member_string(self, member):
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
189 """Parses the member string and returns a touple of type and name.
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
190
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
191 Unique member can be either user or group. Users will have 'uid' as
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
192 prefix while groups will have 'cn'.
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
193 """
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
194 member = member.split(",")[0]
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
195 return member.split('=')
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
196
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
197
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
198 class LdapSync(object):
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
199
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
200 def __init__(self):
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
201 self.ldap_client = LdapClient(config.get("default", "ldap_uri"),
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
202 config.get("default", "ldap_user"),
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
203 config.get("default", "ldap_key"),
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
204 config.get("default", "base_dn"))
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
205 self.rhodocode_api = RhodecodeAPI(config.get("default", "api_url"),
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
206 config.get("default", "api_key"))
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
207
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
208 def update_groups_from_ldap(self):
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
209 """Add all the groups from LDAP to Rhodecode."""
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
210 added = existing = 0
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
211 groups = self.ldap_client.get_groups()
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
212 for group in groups:
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
213 try:
4116
ffd45b185016 Imported some of the GPLv3'd changes from RhodeCode v2.2.5.
Bradley M. Kuhn <bkuhn@sfconservancy.org>
parents: 3889
diff changeset
214 self.rhodecode_api.create_repo_group(group)
3556
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
215 added += 1
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
216 except Exception:
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
217 existing += 1
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
218
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
219 return added, existing
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
220
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
221 def update_memberships_from_ldap(self, group):
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
222 """Update memberships in rhodecode based on the LDAP groups."""
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
223 groups = self.ldap_client.get_groups()
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
224 group_users = self.ldap_client.get_group_users(groups, group)
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
225
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
226 # Delete memberships first from each group which are not part
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
227 # of the group any more.
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
228 rhodecode_members = self.rhodecode_api.get_group_members(group)
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
229 for rhodecode_member in rhodecode_members:
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
230 if rhodecode_member not in group_users:
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
231 try:
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
232 self.rhodocode_api.remove_membership(group,
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
233 rhodecode_member)
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
234 except UserNotInGroupError:
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
235 pass
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
236
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
237 # Add memberships.
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
238 for member in group_users:
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
239 try:
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
240 self.rhodecode_api.add_membership(group, member)
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
241 except UserAlreadyInGroupError:
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
242 # TODO: handle somehow maybe..
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
243 pass
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
244
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
245
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
246 if __name__ == '__main__':
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
247 sync = LdapSync()
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
248 print sync.update_groups_from_ldap()
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
249
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
250 for gr in sync.ldap_client.get_groups():
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
251 # TODO: exception when user does not exist during add membership...
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
252 # How should we handle this.. Either sync users as well at this step,
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
253 # or just ignore those who don't exist. If we want the second case,
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
254 # we need to find a way to recognize the right exception (we always get
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
255 # RhodecodeResponseError with no error code so maybe by return msg (?)
4358b1b9307d added linaro ldap sync script
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
256 sync.update_memberships_from_ldap(gr)