in scripts/git-role-management/internal/synchronization/git_server.py [0:0]
def synchronize(self, pipeline):
if not self.initialized:
print 'Skipping pipeline {} (#{})'.format(
pipeline.name,
pipeline.identifier
)
return
users_to_synchronize = []
groups_to_synchronize = []
for permission in pipeline.permissions:
if permission.principal and permission.name not in self.synchronized_users:
users_to_synchronize.append(permission.name)
if not permission.principal and permission.name not in self.synchronized_groups:
groups_to_synchronize.append(permission.name)
if len(users_to_synchronize) > 0 or len(groups_to_synchronize) > 0:
print 'Synchronizing users and groups for git server {}'.format(self.__server__)
for user in users_to_synchronize:
self.synchronize_user(user)
for group in groups_to_synchronize:
self.synchronize_group(group, self.__pipeline_server_.get_group_members(group))
self.synchronized_groups.extend(groups_to_synchronize)
self.synchronized_users.extend(users_to_synchronize)
parse_result = urlparse(pipeline.repository)
project = quote_plus(parse_result.path.encode('utf-8')[1:])
if project.lower().endswith('.git'):
project = project[:-4]
project_info = self.__api__.get_project(project)
project_membres = self.__api__.get_project_members(project)
def find_shared_group(id):
matches = [x for x in project_info.shared_with_groups if x.group_id == id]
if len(matches) == 0:
return None
return matches[0]
def find_member(id):
matches = [x for x in project_membres if x.id == id]
if len(matches) == 0:
return None
return matches[0]
def find_group_permission(group_name):
matches = [x for x in pipeline.permissions if
not x.principal and '{}{}'.format(
self.__config__.git_group_prefix,
x.name
).lower() == group_name.lower()]
if len(matches) == 0:
return None
return matches[0]
def find_user_permission(username):
matches = [x for x in pipeline.permissions if x.principal and x.name.lower() == username.lower()]
if len(matches) == 0:
return None
return matches[0]
print 'Managing users and groups for project {}'.format(project)
for member in project_membres:
if member.name.lower() == self.__root_user_name__:
continue
git_user = self.find_user_by_id(member.id)
if git_user is not None:
pipeline_user = self.__pipeline_server_.find_user_by_email(git_user.email)
if pipeline_user is not None:
if self.__pipeline_server_.user_skipped(pipeline_user.email):
print 'User {} ({}) has duplicated email set and wont be synchronized'.format(
pipeline_user.friendly_name,
pipeline_user.email
)
continue
permission = find_user_permission(pipeline_user.username)
if permission is None:
try:
self.__api__.remove_user_from_project(project, member.id)
print 'User {} ({}) removed from project'.format(
pipeline_user.friendly_name,
git_user.email
)
except GitLabException as error:
print 'Error removing user {} ({}) from project: {}'.format(
pipeline_user.friendly_name,
git_user.email,
error.message
)
except ConnectionError as error:
print 'Connection error while removing user {} ({}) from project: {}'.format(
pipeline_user.friendly_name,
git_user.email,
error.message
)
except KeyboardInterrupt:
raise
except:
print 'General error removing user {} ({}) from project.'.format(
pipeline_user.friendly_name,
git_user.email
)
if project_info is not None:
for shared_group in project_info.shared_with_groups:
permission = find_group_permission(shared_group.group_name)
if permission is None:
try:
self.__api__.remove_group_from_project(project, shared_group.group_id)
print 'Shared group {} removed from project'.format(
shared_group.group_name
)
except GitLabException as error:
print 'Error removing shared group {} from project: {}'.format(
shared_group.group_name,
error.message
)
except ConnectionError as error:
print 'Connection error while removing shared group {} from project: {}'.format(
shared_group.group_name,
error.message
)
except KeyboardInterrupt:
raise
except:
print 'General error removing shared group {} from project.'.format(
shared_group.group_name,
)
for permission in pipeline.permissions:
if not permission.principal:
git_group = self.find_git_group(permission.name)
if git_group is not None:
shared_group = find_shared_group(git_group.id)
if shared_group is not None and shared_group.group_access_level != permission.access_level:
try:
self.__api__.remove_group_from_project(project, git_group.id)
self.__api__.add_group_to_project(project, git_group.id, permission.access_level)
print 'Shared group {} ({}) changed access level from {} ({}) to {} ({})'.format(
permission.name,
git_group.name,
shared_group.group_access_level,
GitServer.access_level_description(shared_group.group_access_level).lower(),
permission.access_level,
GitServer.access_level_description(permission.access_level).lower()
)
except GitLabException as error:
message_format = 'Error changing access level for shared group {} ({}) ' \
'from {} ({}) to {} ({}): {}'
print message_format.format(
permission.name,
git_group.name,
shared_group.group_access_level,
GitServer.access_level_description(shared_group.group_access_level).lower(),
permission.access_level,
GitServer.access_level_description(permission.access_level).lower(),
error.message
)
except ConnectionError as error:
message_format = 'Connection error while changing access level ' \
'for shared group {} ({}) from {} ({}) to {} ({}): {}'
print message_format.format(
permission.name,
git_group.name,
shared_group.group_access_level,
GitServer.access_level_description(shared_group.group_access_level).lower(),
permission.access_level,
GitServer.access_level_description(permission.access_level).lower(),
error.message
)
except KeyboardInterrupt:
raise
except:
message_format = 'General error changing access level ' \
'for shared group {} ({}) from {} ({}) to {} ({})'
print message_format.format(
permission.name,
git_group.name,
shared_group.group_access_level,
GitServer.access_level_description(shared_group.group_access_level).lower(),
permission.access_level,
GitServer.access_level_description(permission.access_level).lower()
)
elif shared_group is None:
try:
self.__api__.add_group_to_project(project, git_group.id, permission.access_level)
print 'Shared group {} ({}) added to project with access level {} ({})'.format(
permission.name,
git_group.name,
permission.access_level,
GitServer.access_level_description(permission.access_level).lower()
)
except GitLabException as error:
message_format = 'Error adding shared group {} ({}) to project ' \
'with access level {} ({}): {}'
print message_format.format(
permission.name,
git_group.name,
permission.access_level,
GitServer.access_level_description(permission.access_level).lower(),
error.message
)
except ConnectionError as error:
message_format = 'Connection error adding shared group {} ({}) to project ' \
'with access level {} ({}): {}'
print message_format.format(
permission.name,
git_group.name,
permission.access_level,
GitServer.access_level_description(permission.access_level).lower(),
error.message
)
except KeyboardInterrupt:
raise
except:
message_format = 'General error adding shared group {} ({}) to project ' \
'with access level {} ({})'
print message_format.format(
permission.name,
git_group.name,
permission.access_level,
GitServer.access_level_description(permission.access_level).lower()
)
else:
print 'Group {} ({}) already shared with access level {} ({})'.format(
permission.name,
git_group.name,
permission.access_level,
GitServer.access_level_description(permission.access_level).lower()
)
else:
pipeline_user = self.__pipeline_server_.find_user_by_username(permission.name)
if pipeline_user is not None:
if self.__pipeline_server_.user_skipped(pipeline_user.email):
print 'User {} ({}) has duplicated email set and wont be synchornized'.format(
pipeline_user.friendly_name,
pipeline_user.email
)
continue
git_user = self.find_user_by_email(pipeline_user.email)
if git_user is not None:
member = find_member(git_user.id)
if member is not None and member.access_level != permission.access_level:
try:
self.__api__.remove_user_from_project(project, member.id)
self.__api__.add_user_to_project(project, member.id, permission.access_level)
print 'User {} ({}) changed access level from {} ({}) to {} ({})'.format(
pipeline_user.friendly_name,
git_user.email,
member.access_level,
GitServer.access_level_description(member.access_level).lower(),
permission.access_level,
GitServer.access_level_description(permission.access_level).lower()
)
except GitLabException as error:
message_format = 'Error changing access level for user {} ({}) ' \
'from {} ({}) to {} ({}): {}'
print message_format.format(
pipeline_user.friendly_name,
git_user.email,
member.access_level,
GitServer.access_level_description(member.access_level).lower(),
permission.access_level,
GitServer.access_level_description(permission.access_level).lower(),
error.message
)
except ConnectionError as error:
message_format = 'Connection error while changing access level ' \
'for user {} ({}) from {} ({}) to {} ({}): {}'
print message_format.format(
pipeline_user.friendly_name,
git_user.email,
member.access_level,
GitServer.access_level_description(member.access_level).lower(),
permission.access_level,
GitServer.access_level_description(permission.access_level).lower(),
error.message
)
except KeyboardInterrupt:
raise
except:
message_format = 'General error changing access level ' \
'for user {} ({}) from {} ({}) to {} ({})'
print message_format.format(
pipeline_user.friendly_name,
git_user.email,
member.access_level,
GitServer.access_level_description(member.access_level).lower(),
permission.access_level,
GitServer.access_level_description(permission.access_level).lower()
)
elif member is None:
try:
self.__api__.add_user_to_project(project, git_user.id, permission.access_level)
print 'User {} ({}) added to project with access level {} ({})'.format(
pipeline_user.friendly_name,
git_user.email,
permission.access_level,
GitServer.access_level_description(permission.access_level).lower()
)
except GitLabException as error:
message_format = 'Error adding user {} ({}) to project ' \
'with access level {} ({}): {}'
print message_format.format(
pipeline_user.friendly_name,
git_user.email,
permission.access_level,
GitServer.access_level_description(permission.access_level).lower(),
error.message
)
except ConnectionError as error:
message_format = 'Connection error while adding user {} ({}) to project ' \
'with access level {} ({}): {}'
print message_format.format(
pipeline_user.friendly_name,
git_user.email,
permission.access_level,
GitServer.access_level_description(permission.access_level).lower(),
error.message
)
except KeyboardInterrupt:
raise
except:
message_format = 'General error adding user {} ({}) to project ' \
'with access level {} ({}): {}'
print message_format.format(
pipeline_user.friendly_name,
git_user.email,
permission.access_level,
GitServer.access_level_description(permission.access_level).lower()
)
else:
print 'User {} ({}) already belongs to project with access level {} ({})'.format(
pipeline_user.friendly_name,
git_user.email,
permission.access_level,
GitServer.access_level_description(permission.access_level).lower()
)