search

3rd-party-integrations / github-team-sync

Sync GitHub teams to groups in Active Directory, LDAP, Okta, OneLogin or AzureAD when using any authentication method for GitHub.
MIT License
199 stars 67 forks source link

Add support for a mapping file #3

Closed primetheus closed 4 years ago

primetheus commented 6 years ago

At present, this script requires each team and group to be sync'ed separately. This means creating a wrapper to run python SAMLTeamSyncAD.py -g <ad_group> -t <gh_team> -o <gh_org> -s repeatedly to sync multiple teams. You can accomplish this with a wrapper script, but it would be ideal if this script could handle the mapping of multiples at once, fed via YAML

primetheus commented 4 years ago

short-term fix for this could be to wrap the script...

#!/usr/bin/env python

script_dir = os.path.dirname(os.path.realpath(__file__))
settings_file = "{}/settings.ini".format(script_dir)
DATAFILE = "mapping.csv"

# Format the mapping file like this 
#<org>,<team>,<ldap-group>

try:
    with open(DATAFILE) as datafile:
        for line in datafile:
            [ org, team, group ] = line.split(",")
        try:
        syncstr = "--sync --org {} --team {} --group {}".format(org, team, group) 
            print("Syncing ORG: {}, TEAM: {}, LDAP_GROUP: {}".format(org, team, group)
            os.system("{}/SAMLTeamSyncAD.py {}".format(script_dir, syncstr))
            except:
            raise
except:
    raise

print "Sync completed!!"
kumar0608 commented 4 years ago

@primetheus Thanks for the wrapper script, but it is little bit pain to maintain the csv files every time, In real-time GHE-Team and Ldap groups should be the same name always

If we are using GitHub enterprise service account user(API token) which will have access to all the organizations, so, in this case, get the teams from each org and search that team in LDAP, if we found the GHE-Team in LDAP groups then we have to sync, if not then leave it and continue to the next team, it should be done for all ORGS.

Thanks Pragnya

primetheus commented 4 years ago

@kumar0608 thanks for this context! So, if I’m understanding this correctly, the functionality you’d like to see is:

  1. Look up teams in GitHub
  2. Iterate over each team
  3. Look up a team in LDAP that matches the name exactly
  4. Sync the LDAP team to GitHub
  5. Skip teams that aren’t found in LDAP

Is that accurate? I think that is pretty feasible and should be simple to implement. Then the additional flags can serve as overrides or additions.

kumar0608 commented 4 years ago

yes exactly.

primetheus commented 4 years ago

@kumar0608 #33 is ready for testing, if you'd like to try it out. The README of that branch has been updated with instructions

kumar0608 commented 4 years ago

Hi Jared

I got little confused with usage

Could you please help me

On Wednesday, July 1, 2020, Jared Murrell notifications@github.com wrote:

Closed #3 https://github.com/github/saml-ldap-team-sync/issues/3 via #33 https://github.com/github/saml-ldap-team-sync/pull/33.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/github/saml-ldap-team-sync/issues/3#event-3504737998, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEMZET7UFNMS3QZ6IQEPJELRZPHIXANCNFSM4GDJKKLA .

kumar0608 commented 4 years ago

Hi Jarad, i need some help on the version2, few questions regarding readme file and usage

Thanks Sridhar

On Wed, Jul 1, 2020 at 5:31 PM Pragnya Ravula ravula06@gmail.com wrote:

Hi Jared

I got little confused with usage

Could you please help me

On Wednesday, July 1, 2020, Jared Murrell notifications@github.com wrote:

Closed #3 https://github.com/github/saml-ldap-team-sync/issues/3 via

33 https://github.com/github/saml-ldap-team-sync/pull/33.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/github/saml-ldap-team-sync/issues/3#event-3504737998, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEMZET7UFNMS3QZ6IQEPJELRZPHIXANCNFSM4GDJKKLA .

kumar0608 commented 4 years ago

Hi Jarad,

am getting initial setup errors,

/usr/local/bin/python3 /Users/sravula/Downloads/saml-ldap-team-sync-2.0/app.py Traceback (most recent call last): File "/Users/sravula/Downloads/saml-ldap-team-sync-2.0/app.py", line 11, in from githubapp import GitHubApp, LDAPClient, CRON_INTERVAL, TEST_MODE File "/Users/sravula/Downloads/saml-ldap-team-sync-2.0/githubapp/init.py", line 26, in OPEN_ISSUE_ON_FAILURE = strtobool(os.environ.get('OPEN_ISSUE_ON_FAILURE', False)) File "/usr/local/Cellar/python/3.7.4_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/distutils/util.py", line 301, in strtobool val = val.lower() AttributeError: 'bool' object has no attribute 'lower'

Process finished with exit code 1

can you guide me

On Wed, Jul 1, 2020 at 10:47 PM Pragnya Ravula ravula06@gmail.com wrote:

Hi Jarad, i need some help on the version2, few questions regarding readme file and usage

Thanks Sridhar

On Wed, Jul 1, 2020 at 5:31 PM Pragnya Ravula ravula06@gmail.com wrote:

Hi Jared

I got little confused with usage

Could you please help me

On Wednesday, July 1, 2020, Jared Murrell notifications@github.com wrote:

Closed #3 https://github.com/github/saml-ldap-team-sync/issues/3 via

33 https://github.com/github/saml-ldap-team-sync/pull/33.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/github/saml-ldap-team-sync/issues/3#event-3504737998, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEMZET7UFNMS3QZ6IQEPJELRZPHIXANCNFSM4GDJKKLA .