opendev/system-config
Code Issues Proposed changes

Add SSH key syncing to user sync

Browse Source 
Previously the user update script only synced the SSH keys upon adding a user.
This will make it add new keys to gerrit on every run.

Fixes bug #1001180

Also added a lock file since it is sometimes taking longer than 15 minutes to
execute (especially now we are pulling SSH keys) and has jammed up StackForge.

Change-Id: I28fd0f557568c20a07e724bcd3d9c789a62fff42
This commit is contained in:
Andrew Hutchings 2012-05-18 14:33:37 +01:00
parent 66dff2a2db
commit a12bab8988
1 changed files with 31 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
modules/gerrit/files/scripts/update_gerrit_users.py
View File

@ -17,6 +17,7 @@
import os import os
import sys import sys
import fcntl
import uuid import uuid
import os import os
import subprocess import subprocess
@ -36,6 +37,14 @@ from openid.cryptutil import randomString
DEBUG = False DEBUG = False
pid_file = '/tmp/update_gerrit_users.pid'
fp = open(pid_file, 'w')
try:
fcntl.lockf(fp, fcntl.LOCK_EX | fcntl.LOCK_NB)
except IOError:
# another instance is running
sys.exit(0)
parser = argparse.ArgumentParser() parser = argparse.ArgumentParser()
parser.add_argument('user', help='The gerrit admin user') parser.add_argument('user', help='The gerrit admin user')
parser.add_argument('ssh_key', help='The gerrit admin SSH key file') parser.add_argument('ssh_key', help='The gerrit admin SSH key file')
@ -244,7 +253,7 @@ if DEBUG:
print "\t", new_groups print "\t", new_groups
for (username, user_details) in users.items(): for (username, user_details) in users.items():
member = launchpad.people[username]
# accounts # accounts
account_id = None account_id = None
if cur.execute("""select account_id from account_external_ids where if cur.execute("""select account_id from account_external_ids where
@ -253,9 +262,7 @@ for (username, user_details) in users.items():
# We have this bad boy - all we need to do is update his group membership # We have this bad boy - all we need to do is update his group membership
else: else:
# We need details # We need details
member = launchpad.people[username]
if not member.is_team: if not member.is_team:
openid_consumer = consumer.Consumer(dict(id=randomString(16, '0123456789abcdef')), None) openid_consumer = consumer.Consumer(dict(id=randomString(16, '0123456789abcdef')), None)
@ -272,9 +279,6 @@ for (username, user_details) in users.items():
and account_id = %s""", and account_id = %s""",
('username:%s' % username, account_id)) ('username:%s' % username, account_id))
else: else:
user_details['ssh_keys'] = ["%s %s %s" % (get_type(key.keytype), key.keytext, key.comment) for key in member.sshkeys]
email = None email = None
try: try:
email = member.preferred_email_address.email email = member.preferred_email_address.email
@ -290,25 +294,6 @@ for (username, user_details) in users.items():
cur.execute("""insert into accounts (account_id, full_name, preferred_email) values cur.execute("""insert into accounts (account_id, full_name, preferred_email) values
(%s, %s, %s)""", (account_id, username, user_details['email'])) (%s, %s, %s)""", (account_id, username, user_details['email']))
# account_ssh_keys
for key in user_details['ssh_keys']:
cur.execute("""select ssh_public_key from account_ssh_keys where
account_id = %s""", account_id)
db_keys = [r[0].strip() for r in cur.fetchall()]
if key.strip() not in db_keys:
cur.execute("""select max(seq)+1 from account_ssh_keys
where account_id = %s""", account_id)
seq = cur.fetchall()[0][0]
if seq is None:
seq = 1
cur.execute("""insert into account_ssh_keys
(ssh_public_key, valid, account_id, seq)
values
(%s, 'Y', %s, %s)""",
(key.strip(), account_id, seq))
# account_external_ids # account_external_ids
## external_id ## external_id
if not cur.execute("""select account_id from account_external_ids if not cur.execute("""select account_id from account_external_ids
@ -336,6 +321,27 @@ for (username, user_details) in users.items():
user_details['email'])) user_details['email']))
if account_id is not None: if account_id is not None:
# account_ssh_keys
user_details['ssh_keys'] = ["%s %s %s" % (get_type(key.keytype), key.keytext, key.comment) for key in member.sshkeys]
for key in user_details['ssh_keys']:
cur.execute("""select ssh_public_key from account_ssh_keys where
account_id = %s""", account_id)
db_keys = [r[0].strip() for r in cur.fetchall()]
if key.strip() not in db_keys:
cur.execute("""select max(seq)+1 from account_ssh_keys
where account_id = %s""", account_id)
seq = cur.fetchall()[0][0]
if seq is None:
seq = 1
cur.execute("""insert into account_ssh_keys
(ssh_public_key, valid, account_id, seq)
values
(%s, 'Y', %s, %s)""",
(key.strip(), account_id, seq))
# account_group_members # account_group_members
# user_details['add_groups'] is a list of group names for which the # user_details['add_groups'] is a list of group names for which the
# user is either "Approved" or "Administrator" # user is either "Approved" or "Administrator"