Merge pull request #17 from github/primetheus/bug-fix

Deprecated Python 2.x, fix bugs
3rd-party-integrations · Mar 5, 2020 · 459f382 · 459f382
2 parents b730846 + 7e11e7c
commit 459f382
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 26 deletions.
diff --git a/README.md b/README.md
@@ -16,7 +16,7 @@ This utility provides the following functionality:
 | Slack Messaging | No | Send a notification to Slack. This is a WIP |
 
 ## Getting Started
-To get started, ensure that you are using **Python 2.7** or **Python 3.4+**. The following additional libraries are required:
+To get started, ensure that you are using **Python 3.4+**. The following additional libraries are required:
 
 - [ ] PyGithub
 - [ ] python-ldap3
@@ -25,7 +25,7 @@ To get started, ensure that you are using **Python 2.7** or **Python 3.4+**. The
 Install the required libraries.
 
 ```bash
-pip install -r requirements.txt
+pip3 install -r requirements.txt
 ```
 
 Once you have all of the requirements installed, be sure to edit the `settings.yml` to match your environment.
@@ -49,7 +49,7 @@ github:
   # GitHub. To use on github.com, simply use https://api.github.com
   #server_url: https://api.github.com
   server_url: https://github.example.com/api/v3
-  token: e92ff0813a76da15f32a675dcd54ea1a97339e82
+  token: <token>
 
 ldap:
   # A list of server hostnames or IP addresses to try connecting to
@@ -80,14 +80,16 @@ ldap:
   bind_user: [email protected]
   # The password to use for binding
   bind_password: asqw!234
+  # Set the page size (default is 1000)
+  page_size: 1000
 ```
 
 ## Usage Examples
 #### Using the Help
 
 ```bash
-$ python ADTeamSyncGHE.py --help
-usage: ADTeamSyncGHE2.py [-h] [-r] [-a] [-g AD_GROUP] [-s] [-t TEAM] [-o ORG]
+$ python3 ADTeamSyncGHE.py --help
+usage: ADTeamSyncGHE.py [-h] [-r] [-a] [-g AD_GROUP] [-s] [-t TEAM] [-o ORG]
                          [-l]
 
 optional arguments:
@@ -115,7 +117,7 @@ optional arguments:
 #### Listing Active Directory Group Members
 This option will list members in Active Directory groups
 ```bash
-$ python SAMLTeamSyncAD.py --list --group ADGroupA
+$ python3 SAMLTeamSyncAD.py --list --group ADGroupA
 Succesfully authenticated
 AD Group: ADGroupA
 ---------------
@@ -125,7 +127,7 @@ ghusera
 #### Listing GitHub Team Members
 This option will list members in GitHub teams
 ```bash
-$ python SAMLTeamSyncAD.py --list --team GHETeamA
+$ python3 SAMLTeamSyncAD.py --list --team GHETeamA
 GitHub Team: GHETeamA
 ---------------
 primetheus
@@ -134,16 +136,16 @@ primetheus
 #### Add Users to GitHub Teams from AD
 This option will only add users to GitHub teams when they are found in Active Directory. It will not remove users from teams
 ```bash
-$ python SAMLTeamSyncAD.py --add --team GHETeamA --group ADGroupA
+$ python3 SAMLTeamSyncAD.py --add --team GHETeamA --group ADGroupA
 
 -- OR --
-$ python SAMLTeamSyncAD.py -a -t GHETeamA -g ADGroupA
+$ python3 SAMLTeamSyncAD.py -a -t GHETeamA -g ADGroupA
 ```
 
 #### Full User Sync from Active Directory Group to GitHub Team
 This option will add users to GitHub teams when found in Active Directory, as well as remove users from GitHub teams when they don't exist in the AD group. 
 
 ```bash
-$ python SAMLTeamSyncAD.py --sync --team GHETeamA --group ADGroupA
+$ python3 SAMLTeamSyncAD.py --sync --team GHETeamA --group ADGroupA
 $ python3 SAMLTeamSyncAD.py -s -t GHETeamA -g "AD Group A"
 ```
diff --git a/SAMLTeamSyncAD.py b/SAMLTeamSyncAD.py
@@ -1,18 +1,16 @@
+#!/usr/bin/env python3
 import sys
 import yaml
 import argparse
 from ldap3 import Server, Connection, ALL
 from github import Github, GithubException
-if (sys.version_info > (3, 0)):
-    from urllib.parse import urlparse
-else:
-    from urlparse import urlparse
+from urllib.parse import urlparse
 
 class ADSync:
     def __init__(self, settings_file):
-        with open(settings_file, 'r') as stream:
+        with open(settings_file, 'rb') as stream:
             # Read settings from the config file and store them as constants
-            settings = yaml.load(stream)
+            settings = yaml.load(stream, Loader=yaml.FullLoader)
             self.GITHUB_SERVER = settings['github']['server_url']
             self.GITHUB_TOKEN = settings['github']['token']
             self.AD_SERVERS = settings['ldap']['servers']
@@ -21,7 +19,6 @@ def __init__(self, settings_file):
             self.AD_USER_BASEDN = settings['ldap']['user_base_dn']
             self.AD_GROUP_BASEDN = settings['ldap']['group_base_dn']
             self.AD_USER_FILTER = settings['ldap']['user_filter']
-            self.AD_USER_FILTER2 = settings['ldap']['user_filter2']
             self.AD_GROUP_FILTER = settings['ldap']['group_filter']
             self.AD_BIND_USER = settings['ldap']['bind_user']
             self.AD_BIND_PWD = settings['ldap']['bind_password']
@@ -54,15 +51,15 @@ def get_group_members(self, group_name):
                     member_list.append(self.get_attr_by_dn(member))
         return member_list
 
-    def get_attr_by_dn(self, dn):
+    def get_attr_by_dn(self, userdn):
         """
         Get an attribute for a given object. Right now we only care about the sAMAccountName,
         so it's hard-coded... we can adjust this if we see a need later down the line
-        :param dn: Object's full DN to lookup
+        :param userdn: Object's full DN to lookup
         :return: username
         """
-        self.conn.search(search_base=self.AD_USER_BASEDN,
-                         search_filter=self.AD_USER_FILTER2.replace('{userdn}', dn),
+        self.conn.search(search_base=userdn,
+                         search_filter=self.AD_USER_FILTER,
                          attributes=['sAMAccountName'])
         username = self.conn.entries[0]['sAMAccountName']
         return str(username)
@@ -93,6 +90,8 @@ def main():
                         default=False, const=True, action="store_const")
     parser.add_argument("-i", "--init", dest="initfile", help="Full path to settings.yml file. Default is "
                         "settings.yml in your current directory", default=None)
+    parser.add_argument("-n", "--skip-null", dest="skip_null", const=True, default=False,
+                        help="Skip empty groups in Active Directory, to avoid emptying the GitHub group")
     args = parser.parse_args()
 
     # Location of the settings file. Default is the current working path

diff --git a/settings.yml.sample b/settings.yml.sample
@@ -14,7 +14,7 @@ github:
   # GitHub. To use on github.com, simply use https://api.github.com
   #server_url: https://api.github.com
   server_url: https://github.example.com/api/v3
-  token: e92ff0813a76da15f32a675dcd54ea1a97339e82
+  token: <token>
 
 ldap:
   # A list of server hostnames or IP addresses to try connecting to
@@ -36,12 +36,12 @@ ldap:
   # The Base DN for groups
   group_base_dn: OU=Groups,DC=example,DC=com
   # User Filter
-  user_filter: (&(objectClass=USER)(sAMAccountName={username}))
-  # Optional second User Filter
-  user_filter2: (&(objectClass=USER)(dn={userdn}))
+  user_filter: (objectClass=person)
   # Group Filter
-  group_filter: (&(objectClass=GROUP)(cn={group_name}))
+  group_filter: (&(objectClass=group)(cn={group_name}))
   # Active Directory bind user. This must be in <user>@<domain> format
   bind_user: [email protected]
   # The password to use for binding
   bind_password: asqw!234
+  # Page size for paginating LDAP query (default is 1000 for Active Directory)
+  page_size: 1000