From edc0405f1a231c88c9bba41af2d936c1f1d4a093 Mon Sep 17 00:00:00 2001 From: Jared Murrell Date: Thu, 17 Aug 2023 21:35:11 -0400 Subject: [PATCH 1/4] add the ability to leverage group prefix filters --- app.py | 14 +++++++++----- githubapp/ldap.py | 41 +++++++++++++++++++++++++++-------------- syncmap.yml.example | 5 +++++ 3 files changed, 41 insertions(+), 19 deletions(-) diff --git a/app.py b/app.py index 4526616..205b2bd 100644 --- a/app.py +++ b/app.py @@ -66,9 +66,13 @@ def sync_team(client=None, owner=None, team_id=None, slug=None): try: org = client.organization(owner) team = org.team(team_id) - custom_map, ignore_users = load_custom_map() + custom_map, group_prefix, ignore_users = load_custom_map() try: directory_group = get_directory_from_slug(slug, custom_map, org) + # If we're filtering on group prefix, skip if the group doesn't match + if group_prefix.length() > 0 and not directory_group.startswith(tuple(group_prefix)): + print(f"skipping team {team.slug} - not in group prefix") + return directory_members = directory_group_members(group=directory_group) except Exception as e: directory_members = [] @@ -260,10 +264,10 @@ def load_custom_map(file="syncmap.yml"): syncmap[(d["org"], d["github"])] = d["directory"] else: syncmap[d["github"]] = d["directory"] - + group_prefix = data.get("group_prefix", []) ignore_users = data.get("ignore_users", []) - return (syncmap, ignore_users) + return (syncmap, group_prefix, ignore_users) def get_app_installations(): @@ -293,7 +297,7 @@ def sync_all_teams(): print(f'Syncing all teams: {time.strftime("%A, %d. %B %Y %I:%M:%S %p")}') installations = get_app_installations() - custom_map, _ = load_custom_map() + custom_map, group_prefix, _ = load_custom_map() futures = [] install_count = 0 with ThreadPoolExecutor(max_workers=10) as exe: @@ -309,7 +313,7 @@ def sync_all_teams(): org = client.organization(i.account["login"]) for team in org.teams(): futures.append( - exe.submit(sync_team_helper, team, custom_map, client, org) + exe.submit(sync_team_helper, team, custom_map, client, org, group_prefix) ) except Exception as e: print(f"DEBUG: {e}") diff --git a/githubapp/ldap.py b/githubapp/ldap.py index 79fc1f5..8af89f3 100644 --- a/githubapp/ldap.py +++ b/githubapp/ldap.py @@ -42,31 +42,44 @@ def __init__(self): raise Exception("LDAP credentials have not been specified") self.USER_SYNC_ATTRIBUTE = os.environ["USER_SYNC_ATTRIBUTE"] - + self.LDAP_USE_SSL = bool(os.environ("LDAP_USE_SSL", False)) if self.LDAP_USE_SSL: - self.LDAP_SSL_PRIVATE_KEY = os.environ.get('LDAP_SSL_PRIVATE_KEY') - self.LDAP_SSL_CERTIFICATE = os.environ.get('LDAP_SSL_CERTIFICATE') + self.LDAP_SSL_PRIVATE_KEY = os.environ.get("LDAP_SSL_PRIVATE_KEY") + self.LDAP_SSL_CERTIFICATE = os.environ.get("LDAP_SSL_CERTIFICATE") try: - self.LDAP_SSL_VALIDATE = ssl.VerifyMode[os.environ.get('LDAP_SSL_VALIDATE', 'CERT_REQUIRED')] + self.LDAP_SSL_VALIDATE = ssl.VerifyMode[ + os.environ.get("LDAP_SSL_VALIDATE", "CERT_REQUIRED") + ] except KeyError: - raise Exception(f"LDAP_SSL_VALIDATE valid options are {ssl.VerifyMode._member_names_}") + raise Exception( + f"LDAP_SSL_VALIDATE valid options are {ssl.VerifyMode._member_names_}" + ) try: - self.LDAP_SSL_VERSION = ssl._SSLMethod[os.environ.get('LDAP_SSL_VERSION', 'PROTOCOL_TLS')] + self.LDAP_SSL_VERSION = ssl._SSLMethod[ + os.environ.get("LDAP_SSL_VERSION", "PROTOCOL_TLS") + ] except KeyError: - raise Exception(f"LDAP_SSL_VERSION valid options are {ssl._SSLMethod._member_names_}") - self.LDAP_SSL_CA_CERTS = os.environ.get('LDAP_SSL_CA_CERTS') + raise Exception( + f"LDAP_SSL_VERSION valid options are {ssl._SSLMethod._member_names_}" + ) + self.LDAP_SSL_CA_CERTS = os.environ.get("LDAP_SSL_CA_CERTS") self.tls = Tls( - local_private_key_file = self.LDAP_SSL_PRIVATE_KEY, - local_certificate_file = self.LDAP_SSL_CERTIFICATE, - validate = self.LDAP_SSL_VALIDATE, - version = self.LDAP_SSL_VERSION, - ca_certs_file = self.LDAP_SSL_CA_CERTS + local_private_key_file=self.LDAP_SSL_PRIVATE_KEY, + local_certificate_file=self.LDAP_SSL_CERTIFICATE, + validate=self.LDAP_SSL_VALIDATE, + version=self.LDAP_SSL_VERSION, + ca_certs_file=self.LDAP_SSL_CA_CERTS, ) else: self.tls = None - self.srv = Server(host = self.LDAP_SERVER_HOST, port = self.LDAP_SERVER_HOST, use_ssl = self.USE_SSL, tls = self.tls) + self.srv = Server( + host=self.LDAP_SERVER_HOST, + port=self.LDAP_SERVER_HOST, + use_ssl=self.USE_SSL, + tls=self.tls, + ) self.conn = Connection( self.srv, user=self.LDAP_BIND_USER, diff --git a/syncmap.yml.example b/syncmap.yml.example index e2c48bd..a486300 100644 --- a/syncmap.yml.example +++ b/syncmap.yml.example @@ -8,6 +8,11 @@ mapping: org: demo-org directory: avengers group +# Only sync groups with matching prefixes +#group_prefix: +# - TEST- +# - DEMO- + ignore_users: - userA - userB From f62ad0780e2fb6e387fd4f18a05050377e98f207 Mon Sep 17 00:00:00 2001 From: Jared Murrell Date: Thu, 17 Aug 2023 21:37:35 -0400 Subject: [PATCH 2/4] formatted code --- app.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/app.py b/app.py index 205b2bd..624a680 100644 --- a/app.py +++ b/app.py @@ -70,7 +70,9 @@ def sync_team(client=None, owner=None, team_id=None, slug=None): try: directory_group = get_directory_from_slug(slug, custom_map, org) # If we're filtering on group prefix, skip if the group doesn't match - if group_prefix.length() > 0 and not directory_group.startswith(tuple(group_prefix)): + if group_prefix.length() > 0 and not directory_group.startswith( + tuple(group_prefix) + ): print(f"skipping team {team.slug} - not in group prefix") return directory_members = directory_group_members(group=directory_group) @@ -313,7 +315,14 @@ def sync_all_teams(): org = client.organization(i.account["login"]) for team in org.teams(): futures.append( - exe.submit(sync_team_helper, team, custom_map, client, org, group_prefix) + exe.submit( + sync_team_helper, + team, + custom_map, + client, + org, + group_prefix, + ) ) except Exception as e: print(f"DEBUG: {e}") From c1ef6375f23453520462cd65e270bb9c937355ca Mon Sep 17 00:00:00 2001 From: Jared Murrell Date: Thu, 17 Aug 2023 21:43:16 -0400 Subject: [PATCH 3/4] removed unnecessary variable --- app.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/app.py b/app.py index 624a680..90ca6fb 100644 --- a/app.py +++ b/app.py @@ -299,7 +299,7 @@ def sync_all_teams(): print(f'Syncing all teams: {time.strftime("%A, %d. %B %Y %I:%M:%S %p")}') installations = get_app_installations() - custom_map, group_prefix, _ = load_custom_map() + custom_map, _ = load_custom_map() futures = [] install_count = 0 with ThreadPoolExecutor(max_workers=10) as exe: @@ -321,7 +321,6 @@ def sync_all_teams(): custom_map, client, org, - group_prefix, ) ) except Exception as e: From 250c61116cf8506fce943268fc57264ab69e8290 Mon Sep 17 00:00:00 2001 From: Jared Murrell Date: Thu, 17 Aug 2023 21:44:27 -0400 Subject: [PATCH 4/4] formatted code --- app.py | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/app.py b/app.py index 90ca6fb..dedc9fd 100644 --- a/app.py +++ b/app.py @@ -315,13 +315,7 @@ def sync_all_teams(): org = client.organization(i.account["login"]) for team in org.teams(): futures.append( - exe.submit( - sync_team_helper, - team, - custom_map, - client, - org, - ) + exe.submit(sync_team_helper, team, custom_map, client, org) ) except Exception as e: print(f"DEBUG: {e}")