Add create saml group to gerrit api

Project creation now needs an additional step
we must create a saml group.

Project creation now automatically
reformats your ldap group into a saml group

Also add error handling for unauthorized
when trying to see if a project exists

Issue-Id: RELENG-3231
Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
Change-Id: I72d8949331ecc66d320be5a1960f769ebfb2d962

diff --git a/docs/commands/gerrit.rst b/docs/commands/gerrit.rst
index 025420b..0b7f99a 100644 (file)
--- a/docs/commands/gerrit.rst
+++ b/docs/commands/gerrit.rst
@@ -48,6 +48,12 @@ createproject
 .. program-output:: lftools gerrit createproject --help
 
 
+create-saml-group
+-----------------
+
+.. program-output:: lftools gerrit create-saml-group --help
+
+
 addinfojob
 ----------
 .. program-output:: lftools gerrit addinfojob --help

diff --git a/lftools/api/endpoints/gerrit.py b/lftools/api/endpoints/gerrit.py
index 8befe16..0100c60 100644 (file)
--- a/lftools/api/endpoints/gerrit.py
+++ b/lftools/api/endpoints/gerrit.py
@@ -232,7 +232,7 @@ class Gerrit(client.RestApi):
             except:
                 log.info("Not found {}".format(access_str))
                 exit(1)
-            log.info("found {}".format(access_str))
+            log.info("found {} {}".format(access_str, mylist))
         return result
 
     def add_git_review(self, fqdn, gerrit_project, issue_id, **kwargs):
@@ -296,6 +296,17 @@ class Gerrit(client.RestApi):
             result = self.submit_change(fqdn, gerrit_project, changeid, payload)
             log.info(result)
 
+    def create_saml_group(self, fqdn, ldap_group, **kwargs):
+        """Create saml group from ldap group."""
+        ###############################################################
+        payload = json.dumps({"visible_to_all": "false"})
+        saml_group = "saml/{}".format(ldap_group)
+        saml_group_encoded = urllib.parse.quote(saml_group, safe="", encoding=None, errors=None)
+        access_str = "groups/{}".format(saml_group_encoded)
+        log.info("Encoded SAML group name: {}".format(saml_group_encoded))
+        result = self.put(access_str, data=payload)
+        return result
+
     def add_github_rights(self, fqdn, gerrit_project, **kwargs):
         """Grant github read to a project."""
         ###############################################################
@@ -334,7 +345,7 @@ class Gerrit(client.RestApi):
         """Create a project via the gerrit API.
 
         Creates a gerrit project.
-        Sets ldap group as owner.
+        Converts ldap group to saml group and sets as owner.
 
         Example:
 
@@ -354,8 +365,14 @@ class Gerrit(client.RestApi):
             log.info("Project not found.")
             projectexists = False
 
+        elif result.status_code == 401:
+            log.info(result)
+            log.info("Unauthorized.")
+            exit(1)
+
         else:
             log.info("found {}".format(access_str))
+            log.info(result)
             projectexists = True
 
         if projectexists:
@@ -364,8 +381,8 @@ class Gerrit(client.RestApi):
         if check:
             exit(0)
 
-        ldapgroup = "ldap:cn={},ou=Groups,dc=freestandards,dc=org".format(ldap_group)
-        log.info(ldapgroup)
+        saml_group = "saml/{}".format(ldap_group)
+        log.info("SAML group name: {}".format(saml_group))
 
         access_str = "projects/{}".format(gerrit_project)
         payload = json.dumps(
@@ -373,7 +390,7 @@ class Gerrit(client.RestApi):
                 "description": "{}".format(description),
                 "submit_type": "INHERIT",
                 "create_empty_commit": "True",
-                "owners": ["{}".format(ldapgroup)],
+                "owners": ["{}".format(saml_group)],
             }
         )
 

diff --git a/lftools/cli/gerrit.py b/lftools/cli/gerrit.py
index b23c051..0ae99d1 100644 (file)
--- a/lftools/cli/gerrit.py
+++ b/lftools/cli/gerrit.py
@@ -151,6 +151,17 @@ def createproject(ctx, gerrit_fqdn, gerrit_project, ldap_group, description, che
     log.info(pformat(data))
 
 
+@click.command(name="create-saml-group")
+@click.argument("gerrit_fqdn")
+@click.argument("ldap_group")
+@click.pass_context
+def create_saml_group(ctx, gerrit_fqdn, ldap_group):
+    """Create saml group based on ldap group."""
+    g = gerrit.Gerrit(fqdn=gerrit_fqdn)
+    data = g.create_saml_group(gerrit_fqdn, ldap_group)
+    log.info(pformat(data))
+
+
 @click.command(name="list-project-permissions")
 @click.argument("gerrit_fqdn")
 @click.argument("project")
@@ -180,5 +191,6 @@ gerrit_cli.add_command(addgitreview)
 gerrit_cli.add_command(addgithubrights)
 gerrit_cli.add_command(createproject)
 gerrit_cli.add_command(abandonchanges)
+gerrit_cli.add_command(create_saml_group)
 gerrit_cli.add_command(list_project_permissions)
 gerrit_cli.add_command(list_project_inherits_from)

diff --git a/releasenotes/notes/gerrit-create-saml-groups-63ac96a53c1df0c3.yaml b/releasenotes/notes/gerrit-create-saml-groups-63ac96a53c1df0c3.yaml
new file mode 100644 (file)
index 0000000..c859ad5
--- /dev/null
+++ b/releasenotes/notes/gerrit-create-saml-groups-63ac96a53c1df0c3.yaml
@@ -0,0 +1,10 @@
+---
+features:
+  - |
+    Enhancements for saml support.
+
+    #. Added lftools gerrit create-saml-group.
+    #. Takes a gerrit endpoint and an ldap group as parameters.
+    #. Creates a saml group for this ldap group so that project creation can be automated.
+    #. Project creation call now translates ldap group to saml group and adds saml group as project owner.
+