From: Aric Gardner <agardner@linuxfoundation.org>
Date: Thu, 7 Mar 2019 18:48:22 +0000 (-0500)
Subject: match-ldap-to-info matches ldap group to INFO file
X-Git-Tag: v0.22.0~1^2
X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F23%2F14823%2F6;p=releng%2Flftools.git

match-ldap-to-info matches ldap group to INFO file

I have abandoned the idea of using a diff on the INFO file as a driver
for making changes to ldap. It was messy for new info files, as there
was no previous diff. which meant if a user was removed,
we had no way of knowing. Now the script is idempotent.
Whatever is in the INFO.yaml will be reflected in the LDAP file.

example: you give it an info file and a group and it will
make the nessesary changes:

lftools lfidapi add-remove-committers path/to/INFO.yaml ldap-group

added --noop flag so you can see what would be changed

Change-Id: Ie1546f3e80e826742612b9f32f91dc6ce3360d0c
Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
---

diff --git a/docs/commands/lfidapi.rst b/docs/commands/lfidapi.rst
index 02776b9b..ee9cbacc 100644
--- a/docs/commands/lfidapi.rst
+++ b/docs/commands/lfidapi.rst
@@ -27,3 +27,8 @@ user
 ----
 
 .. program-output:: lftools lfidapi user --help
+
+match-ldap-to-info
+------------------
+
+.. program-output:: lftools lfidapi match-ldap-to-info --help
diff --git a/lftools/cli/lfidapi.py b/lftools/cli/lfidapi.py
index 52891d56..cfa8e446 100755
--- a/lftools/cli/lfidapi.py
+++ b/lftools/cli/lfidapi.py
@@ -10,14 +10,11 @@
 ##############################################################################
 """Use the LFIDAPI to add, remove and list members as well as create groups."""
 
-import subprocess
-import sys
-
 import click
 
-from lftools.lfidapi import helper_add_remove_committers
 from lftools.lfidapi import helper_create_group
 from lftools.lfidapi import helper_invite
+from lftools.lfidapi import helper_match_ldap_to_info
 from lftools.lfidapi import helper_search_members
 from lftools.lfidapi import helper_user
 
@@ -67,33 +64,17 @@ def create_group(ctx, group):
 
 @click.command()
 @click.argument('info_file')
-@click.argument('ldap_file')
 @click.argument('group')
-@click.argument('user')
-@click.pass_context
-def add_remove_committers(ctx, info_file, ldap_file, group, user):
-    """Used in automation."""
-    helper_add_remove_committers(info_file, ldap_file, group, user)
-
-
-@click.command()
-@click.argument('git_dir')
-@click.argument('gerrit_fqdn')
-@click.argument('gerrit_project')
+@click.option('--noop', is_flag=True, required=False,
+              help='show what would be changed')
 @click.pass_context
-def lfidapi_add_remove_users(ctx, git_dir, gerrit_fqdn, gerrit_project):
-    """Create a diff of the changes to the INFO.yaml.
-
-    Call the api to add and remove users as appropriate.
-    """
-    status = subprocess.call(['lfidapi_add_remove_users', git_dir, gerrit_fqdn, gerrit_project])
-
-    sys.exit(status)
+def match_ldap_to_info(ctx, info_file, group, noop):
+    """Match an LDAP groups membership to an INFO.yaml file."""
+    helper_match_ldap_to_info(info_file, group, noop)
 
 
 lfidapi.add_command(search_members)
 lfidapi.add_command(user)
 lfidapi.add_command(invite)
 lfidapi.add_command(create_group)
-lfidapi.add_command(add_remove_committers)
-lfidapi.add_command(lfidapi_add_remove_users)
+lfidapi.add_command(match_ldap_to_info)
diff --git a/lftools/lfidapi.py b/lftools/lfidapi.py
index 11f321a2..cd464f01 100755
--- a/lftools/lfidapi.py
+++ b/lftools/lfidapi.py
@@ -40,6 +40,7 @@ def helper_search_members(group):
     result = (response.json())
     members = result["members"]
     print(json.dumps(members, indent=4, sort_keys=True))
+    return members
 
 
 def helper_user(user, group, delete):
@@ -87,7 +88,7 @@ def helper_create_group(group):
     print(json.dumps(result, indent=4, sort_keys=True))
 
 
-def helper_add_remove_committers(info_file, ldap_file, user, group):
+def helper_match_ldap_to_info(info_file, group, noop):
     """Helper only to be used in automation."""
     with open(info_file) as file:
         try:
@@ -95,9 +96,7 @@ def helper_add_remove_committers(info_file, ldap_file, user, group):
         except yaml.YAMLError as exc:
             print(exc)
 
-    with open(ldap_file, 'r') as file:
-        ldap_data = json.load(file)
-
+    ldap_data = helper_search_members(group)
     committer_info = info_data['committers']
 
     info_committers = []
@@ -110,16 +109,21 @@ def helper_add_remove_committers(info_file, ldap_file, user, group):
         committer = ldap_data[count]['username']
         ldap_committers.append(committer)
 
-    removed_by_patch = [item for item in ldap_committers if item not in info_committers]
-
-    if (user in removed_by_patch):
-        print(" {} found in group {} ".format(user, group))
-        print(" removing user {} from group {}".format(user, group))
-        helper_user(user, group, "--delete")
-
-    added_by_patch = [item for item in info_committers if item not in ldap_committers]
-
-    if (user in added_by_patch):
-        print(" {} not found in group {} ".format(user, group))
-        print(" adding user {} to group {}".format(user, group))
-        helper_user(user, group, "")
+    all_users = ldap_committers + info_committers
+    all_users.remove("lfservices_releng")
+    all_users = sorted(set(all_users))
+
+    for user in all_users:
+        removed_by_patch = [item for item in ldap_committers if item not in info_committers]
+        if (user in removed_by_patch):
+            print(" {} found in group {} ".format(user, group))
+            if noop is False:
+                print(" removing user {} from group {}".format(user, group))
+                helper_user(user, group, "--delete")
+
+        added_by_patch = [item for item in info_committers if item not in ldap_committers]
+        if (user in added_by_patch):
+            print(" {} not found in group {} ".format(user, group))
+            if noop is False:
+                print(" adding user {} to group {}".format(user, group))
+                helper_user(user, group, "")
diff --git a/setup.cfg b/setup.cfg
index d31a57cf..8d020021 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -38,7 +38,6 @@ scripts =
     shell/deploy
     shell/gerrit_create
     shell/inactivecommitters
-    shell/lfidapi_add_remove_users
     shell/sign
     shell/version
     shell/yaml4info
diff --git a/shell/lfidapi_add_remove_users b/shell/lfidapi_add_remove_users
deleted file mode 100755
index 21ca5eb5..00000000
--- a/shell/lfidapi_add_remove_users
+++ /dev/null
@@ -1,74 +0,0 @@
-#!/bin/bash -l
-# SPDX-License-Identifier: EPL-1.0
-##############################################################################
-# Copyright (c) 2018 The Linux Foundation and others.
-#
-# All rights reserved. This program and the accompanying materials
-# are made available under the terms of the Eclipse Public License v1.0
-# which accompanies this distribution, and is available at
-# http://www.eclipse.org/legal/epl-v10.html
-##############################################################################
-
-git_dir="$1"
-gerrit_fqdn="$2"
-clonebase=https://$gerrit_fqdn/gerrit/
-gerrit_project="$3"
-
-cd "$git_dir" || exit
-pwd
-
-determine_ldap_group(){
-  get_group(){
-    ldap_group="$(curl -s "$clonebase"access/?project=$gerrit_project \
-      | tail -n +2 \
-      | jq  '.[].local[].permissions.owner.rules' \
-      | grep ldap \
-      | awk -F"=" '{print $2}' \
-      | awk -F"," '{print $1}')"
-  }
-
-  walkgroup(){
-    repo="$(curl -s "$clonebase"access/?project=$gerrit_project | tail -n +2 | jq -r '.[].inherits_from.id')"
-    get_group "$gerrit_project"
-  }
-
-  get_group "$gerrit_project"
-
-  #if ldap_group is null, check for a parent, there may be two levels of parent
-  #This looks stupid but it works.
-  if [ -z "$ldap_group" ]; then
-    walkgroup "$gerrit_project"
-    if [ -z "$ldap_group" ]; then
-      walkgroup "$gerrit_project"
-    fi
-  fi
-  if [ -z "$ldap_group" ]; then
-    echo "could not determine ldap group"
-    exit 1
-  fi
-}
-determine_ldap_group
-
-echo "LDAP GROUP IS $ldap_group for repo $repo"
-echo "Change as we see it"
-git --no-pager show INFO.yaml
-
-#define directions for diff
-added="'%>'"
-removed="'%<'"
-for direction in "$added" "$removed"; do
-unset diff
-
-  diff=$(diff --changed-group-format="$direction" --unchanged-group-format='' <(git show HEAD~1:INFO.yaml) <(git show HEAD:INFO.yaml))
-  if ! [ -z "$diff" ]; then
-    while IFS=$'\n' read -r id; do
-      user="$(echo "$id" | niet '.id')"
-      rm ldap_file.json
-      lftools lfidapi search-members "$ldap_group" > ldap_file.json
-      cat ldap_file.json
-      lftools lfidapi add-remove-committers INFO.yaml ldap_file.json "$user" "$ldap_group"
-
-    done < <(diff --changed-group-format="$direction" --unchanged-group-format='' <(git show HEAD~1:INFO.yaml) <(git show HEAD:INFO.yaml) |grep "id:")
-  fi
-
-done