Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / mcp-ci / jeepyb / 5606d2056f68c13daf65d2e052a09c2339602a4d / . / update_users.py
blob: b40fbfdfd42bb6f0617320e257c350a2cb72454c [file] [log] [blame]
Monty Taylorf45f6ca2012-05-01 17:11:48 -0400[diff] [blame]1#! /usr/bin/env python
2# Copyright (C) 2012 OpenStack, LLC.
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
15
16# Synchronize Gerrit users from Launchpad.
17# TODO items:
18# 1. add a temporary (instance level) object store for the launchpad class
19# 2. split out the two classes into separate files to be used as a library
20
21import os
Andrew Hutchings16a6c462012-05-25 14:26:41 +0100[diff] [blame]22import sys
Monty Taylorf45f6ca2012-05-01 17:11:48 -0400[diff] [blame]23import ConfigParser
24import StringIO
25import paramiko
26import json
27import logging
28import uuid
29from launchpadlib.launchpad import Launchpad
30from launchpadlib.uris import LPNET_SERVICE_ROOT
31
32from datetime import datetime
33
34from openid.consumer import consumer
35from openid.cryptutil import randomString
36
37GERRIT_USER = os.environ.get('GERRIT_USER', 'launchpadsync')
38GERRIT_CONFIG = os.environ.get('GERRIT_CONFIG',
39 '/home/gerrit2/review_site/etc/gerrit.config')
40GERRIT_SECURE_CONFIG = os.environ.get('GERRIT_SECURE_CONFIG',
41 '/home/gerrit2/review_site/etc/secure.config')
42GERRIT_SSH_KEY = os.environ.get('GERRIT_SSH_KEY',
43 '/home/gerrit2/.ssh/launchpadsync_rsa')
44GERRIT_CACHE_DIR = os.path.expanduser(os.environ.get('GERRIT_CACHE_DIR',
45 '~/.launchpadlib/cache'))
46GERRIT_CREDENTIALS = os.path.expanduser(os.environ.get('GERRIT_CREDENTIALS',
47 '~/.launchpadlib/creds'))
48GERRIT_BACKUP_PATH = os.environ.get('GERRIT_BACKUP_PATH',
49 '/home/gerrit2/dbupdates')
50
51logging.basicConfig(format='%(asctime)-6s: %(name)s - %(levelname)s - %(message)s', filename='/var/log/gerrit/update_users.log')
52logger= logging.getLogger('update_users')
53logger.setLevel(logging.INFO)
54
55for check_path in (os.path.dirname(GERRIT_CACHE_DIR),
56 os.path.dirname(GERRIT_CREDENTIALS),
57 GERRIT_BACKUP_PATH):
58 if not os.path.exists(check_path):
59 os.makedirs(check_path)
60
61def get_broken_config(filename):
62 """ gerrit config ini files are broken and have leading tabs """
63 text = ""
64 with open(filename,"r") as conf:
65 for line in conf.readlines():
66 text = "%s%s" % (text, line.lstrip())
67
68 fp = StringIO.StringIO(text)
69 c=ConfigParser.ConfigParser()
70 c.readfp(fp)
71 return c
72
73gerrit_config = get_broken_config(GERRIT_CONFIG)
74secure_config = get_broken_config(GERRIT_SECURE_CONFIG)
75
76DB_USER = gerrit_config.get("database", "username")
77DB_PASS = secure_config.get("database","password")
78DB_DB = gerrit_config.get("database","database")
79
80def make_db_backup():
81 db_backup_file = "%s.%s.sql" % (DB_DB, datetime.isoformat(datetime.now()))
82 db_backup_path = os.path.join(GERRIT_BACKUP_PATH, db_backup_file)
David Shrewsbury54a63902012-05-03 09:27:14 -0400[diff] [blame]83 retval = os.system("mysqldump --opt -u%s -p%s %s | gzip -9 > %s.gz" %
Monty Taylorf45f6ca2012-05-01 17:11:48 -0400[diff] [blame]84 (DB_USER, DB_PASS, DB_DB, db_backup_path))
85 if retval != 0:
86 logger.error("Problem taking a db dump, aborting db update")
87 sys.exit(retval)
88
89class LaunchpadAction(object):
90 def __init__(self):
91 logger.info('Connecting to Launchpad')
92 self.launchpad= Launchpad.login_with('Gerrit User Sync', LPNET_SERVICE_ROOT,
93 GERRIT_CACHE_DIR,
94 credentials_file = GERRIT_CREDENTIALS)
95
96 logger.info('Getting Launchpad teams')
97 self.lp_teams= self.get_all_sub_teams('openstack', [])
98
99 def get_all_sub_teams(self, team, have_teams):
100 for sub_team in self.launchpad.people[team].sub_teams:
101 if sub_team.name not in have_teams:
102 have_teams = self.get_all_sub_teams(sub_team.name, have_teams)
103 have_teams.append(team)
104 return have_teams
105
106 def get_sub_teams(self, team):
107 sub_teams= []
108 for sub_team in self.launchpad.people[team].sub_teams:
109 sub_teams.append(sub_team.name)
110 return sub_teams
111
112 def get_teams(self):
113 return self.lp_teams
114
115 def get_all_users(self):
116 logger.info('Getting Launchpad users')
117 users= []
118 for team in self.lp_teams:
119 for detail in self.launchpad.people[team].members_details:
120 if (detail.status == 'Approved' or detail.status == 'Administrator'):
121 name= detail.self_link.split('/')[-1]
122 if ((users.count(name) == 0) and (name not in self.lp_teams)):
123 users.append(name)
124 return users
125
126 def get_user_data(self, user):
127 return self.launchpad.people[user]
128
129 def get_team_members(self, team, gerrit):
130 users= []
131 for detail in self.launchpad.people[team].members_details:
132 if (detail.status == 'Approved' or detail.status == 'Administrator'):
133 name= detail.self_link.split('/')[-1]
134 # if we found a subteam
135 if name in self.lp_teams:
136 # check subteam for implied subteams
137 for implied_group in gerrit.get_implied_groups(name):
138 if implied_group in self.lp_teams:
139 users.extend(self.get_team_members(implied_group, gerrit))
140 users.extend(self.get_team_members(name, gerrit))
141 continue
142 users.append(name)
143 # check team for implied teams
144 for implied_group in gerrit.get_implied_groups(team):
145 if implied_group in self.lp_teams:
146 users.extend(self.get_team_members(implied_group, gerrit))
147 # filter out dupes
148 users= list(set(users))
149 return users
150
151 def get_team_watches(self, team):
152 users= []
153 for detail in self.launchpad.people[team].members_details:
154 if (detail.status == 'Approved' or detail.status == 'Administrator'):
155 name= detail.self_link.split('/')[-1]
156 if name in self.lp_teams:
157 continue
158 if users.count(name) == 0:
159 users.append(name)
160 return users
161
162 def get_team_display_name(self, team):
163 team_data = self.launchpad.people[team]
164 return team_data.display_name
165
166class GerritAction(object):
167 def __init__(self):
168 logger.info('Connecting to Gerrit')
169 self.ssh= paramiko.SSHClient()
170 self.ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
171 self.ssh.connect('localhost', username=GERRIT_USER, port=29418, key_filename=GERRIT_SSH_KEY)
172
173 def cleanup(self):
174 logger.info('Closing connection to Gerrit')
175 self.ssh.close()
176
177 def run_query(self, query):
178 command= 'gerrit gsql --format JSON -c "{0}"'.format(query)
179 stdin, stdout, stderr= self.ssh.exec_command(command)
180# trying to get stdout return code or stderr can hang with large result sets
181# for line in stderr:
182# logger.error(line)
183 return stdout
184
185 def get_groups(self):
186 logger.info('Getting Gerrit groups')
187 groups= []
188 query= "select name from account_groups"
189 stdout= self.run_query(query)
190 for line in stdout:
191 row= json.loads(line)
192 if row['type'] == 'row':
193 group= row['columns']['name']
194 groups.append(group)
195 return groups
196
197 def get_users(self):
198 logger.info('Getting Gerrit users')
199 users= []
200 query= "select external_id from account_external_ids"
201 stdout= self.run_query(query)
202 for line in stdout:
203 row= json.loads(line)
204 if row['type'] == 'row':
205 user= row['columns']['external_id'].replace('username:','')
206 users.append(user)
207 return users
208
209 def get_group_id(self, group_name):
210 query= "select group_id from account_groups where name='{0}'".format(group_name)
211 stdout= self.run_query(query)
212 line= stdout.readline()
213 row= json.loads(line)
214 if row['type'] == 'row':
215 return row['columns']['group_id']
216 else:
217 return 0
218
219 def get_user_id(self, user_name):
220 query= "select account_id from account_external_ids where external_id='username:{0}'".format(user_name)
221 stdout= self.run_query(query)
222 line= stdout.readline()
223 row= json.loads(line)
224 return row['columns']['account_id']
225
226 def get_users_from_group(self, group_name):
227 logger.info('Getting Gerrit users from group %s', group_name)
228 users= []
229 gid= self.get_group_id(group_name)
230
231 query= "select external_id from account_external_ids join account_group_members on account_group_members.account_id=account_external_ids.account_id where account_group_members.group_id={0} and external_id like 'username%%'".format(gid)
232 stdout= self.run_query(query)
233 for line in stdout:
234 row= json.loads(line)
235 if row['type'] == 'row':
236 user= row['columns']['external_id'].replace('username:','')
237 users.append(user)
238 return users
239
240 def get_users_from_watches(self, group_name):
241 logger.info('Getting Gerrit users from watch list %s', group_name)
242 users= []
243 if group_name.endswith("-core"):
244 group_name = group_name[:-5]
245 group_name = "openstack/{0}".format(group_name)
246
247 query= "select external_id from account_external_ids join account_project_watches on account_project_watches.account_id=account_external_ids.account_id where account_project_watches.project_name like '{0}' and external_id like 'username%%'".format(group_name)
248 stdout= self.run_query(query)
249 for line in stdout:
250 row= json.loads(line)
251 if row['type'] == 'row':
252 user= row['columns']['external_id'].replace('username:','')
253 users.append(user)
254 return users
255
256
257 def get_implied_groups(self, group_name):
258 gid= self.get_group_id(group_name)
259 groups= []
260 query= "select name from account_groups join account_group_includes on account_group_includes.include_id=account_groups.group_id where account_group_includes.group_id={0}".format(gid)
261 stdout= self.run_query(query)
262 for line in stdout:
263 row= json.loads(line)
264 if row['type'] == 'row':
265 group= row['columns']['name']
266 groups.append(group)
267 return groups
268
269 def add_group(self, group_name, group_display_name):
270 logger.info('New group %s (%s)', group_display_name, group)
271 query= "insert into account_group_id (s) values (NULL)"
272 stdout= self.run_query(query)
273 row= json.loads(stdout.readline())
274 if row['rowCount'] is not 1:
275 print "Could not get a new account group ID"
276 raise
277 query= "select max(s) from account_group_id"
278 stdout= self.run_query(query)
279 row= json.loads(stdout.readline())
280 gid= row['columns']['max(s)']
281 full_uuid= "{0}{1}".format(uuid.uuid4().hex, uuid.uuid4().hex[:8])
282 query= "insert into account_groups (group_id, group_type, owner_group_id, name, description, group_uuid) values ({0}, 'INTERNAL', 1, '{1}', '{2}', '{3}')". format(gid, group_name, group_display_name, full_uuid)
283 self.run_query(query)
284 query= "insert into account_group_names (group_id, name) values ({0}, '{1}')".format(gid, group_name)
285 self.run_query(query)
286
287 def add_user(self, user_name, user_data):
288 logger.info("Adding Gerrit user %s", user_name)
289 openid_consumer = consumer.Consumer(dict(id=randomString(16, '0123456789abcdef')), None)
290 openid_request = openid_consumer.begin("https://launchpad.net/~%s" % user_data.name)
291 user_openid_external_id = openid_request.endpoint.getLocalID()
292 query= "select account_id from account_external_ids where external_id in ('{0}')".format(user_openid_external_id)
293 stdout= self.run_query(query)
294 row= json.loads(stdout.readline())
295 if row['type'] == 'row':
296 # we have a result so this is an updated user name
297 account_id= row['columns']['account_id']
298 query= "update account_external_ids set external_id='{0}' where external_id like 'username%%' and account_id = {1}".format('username:%s' % user_name, account_id)
299 self.run_query(query)
300 else:
301 # we really do have a new user
302 user_ssh_keys= ["%s %s %s" % ('ssh-%s' % key.keytype.lower(), key.keytext, key.comment) for key in user_data.sshkeys]
303 user_email= None
304 try:
Andrew Hutchings16a6c462012-05-25 14:26:41 +0100[diff] [blame]305 user_email = user_data.preferred_email_address.email
Monty Taylorf45f6ca2012-05-01 17:11:48 -0400[diff] [blame]306 except ValueError:
307 pass
308 query= "insert into account_id (s) values (NULL)"
309 self.run_query(query)
310 query= "select max(s) from account_id"
311 stdout= self.run_query(query)
312 row= json.loads(stdout.readline())
313 uid= row['columns']['max(s)']
314 query= "insert into accounts (account_id, full_name, preferred_email) values ({0}, '{1}', '{2}')".format(uid, user_name, user_email)
315 self.run_query(query)
316 keyno= 1
317 for key in user_ssh_keys:
318 query= "insert into account_ssh_keys (ssh_public_key, valid, account_id, seq) values ('{0}', 'Y', {1}, {2})".format(key.strip(), uid, keyno)
319 self.run_query(query)
320 keyno = keyno + 1
321 query= "insert into account_external_ids (account_id, email_address, external_id) values ({0}, '{1}', '{2}')".format(uid, user_email, user_openid_external_id)
322 self.run_query(query)
323 query= "insert into account_external_ids (account_id, external_id) values ({0}, '{1}')".format(uid, "username:%s" % user_name)
324 self.run_query(query)
325 if user_email is not None:
326 query= "insert into account_external_ids (account_id, email_address, external_id) values ({0}. '{1}', '{2}')".format(uid, user_email, "mailto:%s" % user_email)
327 return None
328
329 def add_user_to_group(self, user_name, group_name):
330 logger.info("Adding Gerrit user %s to group %s", user_name, group_name)
331 uid= self.get_user_id(user_name)
332 gid= self.get_group_id(group_name)
333 if gid is 0:
334 print "Trying to add user {0} to non-existent group {1}".format(user_name, group_name)
335 raise
336 query= "insert into account_group_members (account_id, group_id) values ({0}, {1})".format(uid, gid)
337 self.run_query(query)
338
339 def add_user_to_watch(self, user_name, group_name):
340 logger.info("Adding Gerrit user %s to watch group %s", user_name, group_name)
341 uid= self.get_user_id(user_name)
342 if group_name.endswith("-core"):
343 group_name = group_name[:-5]
344 group_name = "openstack/{0}".format(group_name)
345 query= "insert into account_project_watches VALUES ('Y', 'N', 'N', {0}, '{1}', '*')". format(uid, group_name)
346 self.run_query(query)
347
348
349 def del_user_from_group(self, user_name, group_name):
350 logger.info("Deleting Gerrit user %s from group %s", user_name, group_name)
351 uid= self.get_user_id(user_name)
352 gid= self.get_group_id(group_name)
353 query= "delete from account_group_members where account_id = {0} and group_id = {1}".format(uid, gid)
354 self.run_query(query)
355 if group_name.endswith("-core"):
356 group_name = group_name[:-5]
357 group_name= "openstack/{0}".format(group_name)
358 query= "delete from account_project_watches where account_id = {0} and project_name= '{1}'".format(uid, group_name)
359 self.run_query(query)
360
361 def rebuild_sub_groups(self, group, sub_groups):
362 gid= self.get_group_id(group)
363 for sub_group in sub_groups:
364 sgid= self.get_group_id(sub_group)
365 query= "select group_id from account_group_includes where group_id={0} and include_id={1}".format(gid, sgid)
366 stdout= self.run_query(query)
367 row= json.loads(stdout.readline())
368 if row['type'] != 'row':
369 logger.info('Adding implied group %s to group %s', group, sub_group)
370 query= "insert into account_group_includes (group_id, include_id) values ({0}, {1})".format(gid, sgid)
371 self.run_query(query)
372
373
374# Actual work starts here!
375
376lp= LaunchpadAction()
377gerrit= GerritAction()
378
379logger.info('Making DB backup')
380make_db_backup()
381
382logger.info('Starting group reconcile')
383lp_groups= lp.get_teams()
384gerrit_groups= gerrit.get_groups()
385
386group_diff= filter(lambda a: a not in gerrit_groups, lp_groups)
387for group in group_diff:
388 group_display_name= lp.get_team_display_name(group)
389 gerrit.add_group(group, group_display_name)
390
391for group in lp_groups:
392 sub_group= lp.get_sub_teams(group)
393 if sub_group:
394 gerrit.rebuild_sub_groups(group, sub_group)
395
396logger.info('End group reconcile')
397
398logger.info('Starting user reconcile')
399lp_users= lp.get_all_users()
400gerrit_users= gerrit.get_users()
401
402user_diff= filter(lambda a: a not in gerrit_users, lp_users)
403for user in user_diff:
404 gerrit.add_user(user, lp.get_user_data(user))
405
406logger.info('End user reconcile')
407
408logger.info('Starting user to group reconcile')
409lp_groups= lp.get_teams()
410for group in lp_groups:
411 # First find users to attach to groups
412 gerrit_group_users= gerrit.get_users_from_group(group)
413 lp_group_users= lp.get_team_members(group, gerrit)
414
415 group_diff= filter(lambda a: a not in gerrit_group_users, lp_group_users)
416 for user in group_diff:
417 gerrit.add_user_to_group(user, group)
418 # Second find users to attach to watches
419 lp_group_watches= lp.get_team_watches(group)
420 gerrit_group_watches= gerrit.get_users_from_watches(group)
421 group_diff= filter(lambda a: a not in gerrit_group_watches, lp_group_watches)
422 for user in group_diff:
423 gerrit.add_user_to_watch(user, group)
424 # Third find users to remove from groups/watches
425 group_diff= filter(lambda a: a not in lp_group_users, gerrit_group_users)
426 for user in group_diff:
427 gerrit.del_user_from_group(user, group)
428
429logger.info('Ending user to group reconcile')
430
431gerrit.cleanup()