From: Aric Gardner Date: Tue, 6 Oct 2020 19:13:23 +0000 (-0400) Subject: Add create saml group to gerrit api X-Git-Tag: v0.35.0^0 X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F98%2F65698%2F11;p=releng%2Flftools.git Add create saml group to gerrit api Project creation now needs an additional step we must create a saml group. Project creation now automatically reformats your ldap group into a saml group Also add error handling for unauthorized when trying to see if a project exists Issue-Id: RELENG-3231 Signed-off-by: Aric Gardner Change-Id: I72d8949331ecc66d320be5a1960f769ebfb2d962 --- diff --git a/docs/commands/gerrit.rst b/docs/commands/gerrit.rst index 025420bb..0b7f99ac 100644 --- a/docs/commands/gerrit.rst +++ b/docs/commands/gerrit.rst @@ -48,6 +48,12 @@ createproject .. program-output:: lftools gerrit createproject --help +create-saml-group +----------------- + +.. program-output:: lftools gerrit create-saml-group --help + + addinfojob ---------- .. program-output:: lftools gerrit addinfojob --help diff --git a/lftools/api/endpoints/gerrit.py b/lftools/api/endpoints/gerrit.py index 8befe168..0100c608 100644 --- a/lftools/api/endpoints/gerrit.py +++ b/lftools/api/endpoints/gerrit.py @@ -232,7 +232,7 @@ class Gerrit(client.RestApi): except: log.info("Not found {}".format(access_str)) exit(1) - log.info("found {}".format(access_str)) + log.info("found {} {}".format(access_str, mylist)) return result def add_git_review(self, fqdn, gerrit_project, issue_id, **kwargs): @@ -296,6 +296,17 @@ class Gerrit(client.RestApi): result = self.submit_change(fqdn, gerrit_project, changeid, payload) log.info(result) + def create_saml_group(self, fqdn, ldap_group, **kwargs): + """Create saml group from ldap group.""" + ############################################################### + payload = json.dumps({"visible_to_all": "false"}) + saml_group = "saml/{}".format(ldap_group) + saml_group_encoded = urllib.parse.quote(saml_group, safe="", encoding=None, errors=None) + access_str = "groups/{}".format(saml_group_encoded) + log.info("Encoded SAML group name: {}".format(saml_group_encoded)) + result = self.put(access_str, data=payload) + return result + def add_github_rights(self, fqdn, gerrit_project, **kwargs): """Grant github read to a project.""" ############################################################### @@ -334,7 +345,7 @@ class Gerrit(client.RestApi): """Create a project via the gerrit API. Creates a gerrit project. - Sets ldap group as owner. + Converts ldap group to saml group and sets as owner. Example: @@ -354,8 +365,14 @@ class Gerrit(client.RestApi): log.info("Project not found.") projectexists = False + elif result.status_code == 401: + log.info(result) + log.info("Unauthorized.") + exit(1) + else: log.info("found {}".format(access_str)) + log.info(result) projectexists = True if projectexists: @@ -364,8 +381,8 @@ class Gerrit(client.RestApi): if check: exit(0) - ldapgroup = "ldap:cn={},ou=Groups,dc=freestandards,dc=org".format(ldap_group) - log.info(ldapgroup) + saml_group = "saml/{}".format(ldap_group) + log.info("SAML group name: {}".format(saml_group)) access_str = "projects/{}".format(gerrit_project) payload = json.dumps( @@ -373,7 +390,7 @@ class Gerrit(client.RestApi): "description": "{}".format(description), "submit_type": "INHERIT", "create_empty_commit": "True", - "owners": ["{}".format(ldapgroup)], + "owners": ["{}".format(saml_group)], } ) diff --git a/lftools/cli/gerrit.py b/lftools/cli/gerrit.py index b23c0518..0ae99d1f 100644 --- a/lftools/cli/gerrit.py +++ b/lftools/cli/gerrit.py @@ -151,6 +151,17 @@ def createproject(ctx, gerrit_fqdn, gerrit_project, ldap_group, description, che log.info(pformat(data)) +@click.command(name="create-saml-group") +@click.argument("gerrit_fqdn") +@click.argument("ldap_group") +@click.pass_context +def create_saml_group(ctx, gerrit_fqdn, ldap_group): + """Create saml group based on ldap group.""" + g = gerrit.Gerrit(fqdn=gerrit_fqdn) + data = g.create_saml_group(gerrit_fqdn, ldap_group) + log.info(pformat(data)) + + @click.command(name="list-project-permissions") @click.argument("gerrit_fqdn") @click.argument("project") @@ -180,5 +191,6 @@ gerrit_cli.add_command(addgitreview) gerrit_cli.add_command(addgithubrights) gerrit_cli.add_command(createproject) gerrit_cli.add_command(abandonchanges) +gerrit_cli.add_command(create_saml_group) gerrit_cli.add_command(list_project_permissions) gerrit_cli.add_command(list_project_inherits_from) diff --git a/releasenotes/notes/gerrit-create-saml-groups-63ac96a53c1df0c3.yaml b/releasenotes/notes/gerrit-create-saml-groups-63ac96a53c1df0c3.yaml new file mode 100644 index 00000000..c859ad5c --- /dev/null +++ b/releasenotes/notes/gerrit-create-saml-groups-63ac96a53c1df0c3.yaml @@ -0,0 +1,10 @@ +--- +features: + - | + Enhancements for saml support. + + #. Added lftools gerrit create-saml-group. + #. Takes a gerrit endpoint and an ldap group as parameters. + #. Creates a saml group for this ldap group so that project creation can be automated. + #. Project creation call now translates ldap group to saml group and adds saml group as project owner. +