def process_mapping(mapping, ldap, gogs):
if mapping.type == 'team':
sync_team(mapping, ldap, gogs)
elif mapping.type == 'org':
sync_org(mapping, ldap, gogs)
else:
raise GroupsyncError(f"Illegal mapping type {mapping.type}")
def get_org_members(self, org_id):
try:
with self.pg_conn.cursor() as cur:
cur.execute(self.ORG_MEMBER_QUERY, (org_id, ))
return [uid[0] for uid in cur]
except Exception as e:
raise GroupsyncError(
"GOGS:DB: Failed to retrieve members of team {}: {}".format(
team_id, e))
def __init__(self, server, bind_dn, password, group_base_dn):
self.server = server
self.conn = ldap.initialize(server)
self.group_base_dn = group_base_dn
try:
self.conn.protocol_version = ldap.VERSION3
self.conn.simple_bind_s(bind_dn, password)
except Exception as e:
raise GroupsyncError("LDAP: Could not connect to '{}': {}".format(
server, e))
def sync_team(mapping, ldap, gogs):
logger.info(mapping)
ldap_group_members = set([
username.decode('utf-8')
for username in ldap.get_group_members(mapping.cn)
])
if not len(ldap_group_members):
raise GroupsyncError("LDAP: Empty group")
teams = [
team for team in gogs.get_teams_for_org(mapping.target_org,
mapping.auth_token)
if team['name'] == mapping.target_team
]
if len(teams) != 1:
raise GroupsyncError(f"GOGS: Could not find team {mapping.target}")
team_id = teams[0]['id']
current_members = set(gogs.get_team_members(team_id))
users_to_add = ldap_group_members.difference(current_members)
users_to_remove = current_members.difference(ldap_group_members)
logger.debug(f"\tcurrent: {current_members}")
logger.debug(f"\tto_add: {users_to_add}")
logger.debug(f"\tto_rem: {users_to_remove}")
for username in users_to_add:
res = gogs.add_user_to_team(team_id, username, mapping.auth_token)
if res:
logger.info(f'\tADD {username}')
else:
logger.info(f'\tSKIP ADD {username}')
for username in users_to_remove:
res = gogs.remove_user_from_team(team_id, username, mapping.auth_token)
if res:
logger.info(f'\tDEL {username}')
else:
logger.info(f'\tSKIP DEL {username}')
def get_teams_for_org(self, org_name, token):
path = '/orgs/{}/teams'.format(org_name)
try:
response = requests.get(self.base_url + path,
headers={
'Authorization':
'token {}'.format(token),
})
response.raise_for_status()
return response.json()
except Exception as e:
raise GroupsyncError(
"GOGS: Failed to get teams for org '{}': {}".format(
org_name, e))
def remove_user_from_team(self, team_id, username, token):
path = '/admin/teams/{}/members/{}'.format(team_id, username)
try:
response = requests.delete(self.base_url + path,
headers={
'Authorization':
'token {}'.format(token),
})
if response.status_code == 404: # no such user
return False
response.raise_for_status()
except Exception as e:
raise GroupsyncError(
"GOGS: Failed to remove {} from team: {}".format(username, e))
return True
def get_group_members(self, group_cn):
try:
result_id = self.conn.search(
base=self.group_base_dn,
scope=ldap.SCOPE_SUBTREE,
filterstr=self.GROUP_SEARCH_FILTER.format(cn=group_cn))
results = []
while 1:
kind, data = self.conn.result(result_id, 0)
if data == []:
break
else:
if kind == ldap.RES_SEARCH_ENTRY:
results.append(data)
return results[0][0][1]['memberUid']
except Exception as e:
raise GroupsyncError(
"LDAP: Failed to lookup group '{}' at '{}': {}".format(
group_cn, self.server, e))
def sync_org(mapping, ldap, gogs):
logger.info(mapping)
logger.warning("Organization sync not yet implemented")
return
ldap_group_members = set([
username.decode('utf-8')
for username in ldap.get_group_members(mapping.cn)
])
if not len(ldap_group_members):
raise GroupsyncError("LDAP: Empty group")
org_id = gogs.get_org_id(mapping.target_org)
current_members = set(gogs.get_org_members(org_id))
users_to_remove = current_members.difference(ldap_group_members)
for username in users_to_remove:
uid = gogs.get_user_id(username)
if uid:
gogs.remove_user_from_org(org_id, uid)
logger.info(f'\tDEL {username}')
else:
logger.info(f'\tSKIP DEL {username}')
