functions, key refreshing

- put more often used stuff into functions
- add key updating

utils/users_sync.sh

@@ -72,6 +72,31 @@ fi
 ### END CHECKS
 
 
+### FUNCTIONS
+
+grab_keys() {
+# $1 = username
+    echo "Trying to grab ssh keys for $1"
+    mkdir -p "$USERPATH"/"$1"/.ssh
+    curl -s https://github.com/"$1".keys > "$USERPATH"/"$1"/.ssh/authorized_keys
+    chown -R "$1":"$SFTPGROUP" "$USERPATH"/"$1"/.ssh
+    chmod 700 "$USERPATH"/"$1"/.ssh
+    chmod 600 "$USERPATH"/"$1"/.ssh/authorized_keys
+
+    # Check if grabbed stuff are actual ssh keys.
+    # curl response for members w/o keys is "not found" but exit code is still 0
+    # so this needs to be worked around
+    CHECK_KEYS=$(grep -c -E "^ssh" "$USERPATH"/"$1"/.ssh/authorized_keys)
+    if [[ $CHECK_KEYS != 0 ]]; then
+        echo "$i - $CHECK_KEYS key/s for $1 imported"
+    else
+        echo "(!) $1 - Either grabbing failed or $i does not have ssh key on git"
+        echo "(!) $1 won't be able to login"
+        rm "$USERPATH"/"$1"/.ssh/authorized_keys
+    fi
+}
+
+
 # grab a list of current remote org members, filter blocked ones
 echo "Grabbing a list of all current members of \"$ORG\"."
 echo "Excluded by blocklist are \"$BLOCKLIST\"."
@@ -81,6 +106,7 @@ ORGMEMBERS=$(curl -L -s \
   -H "X-GitHub-Api-Version: 2022-11-28" \
   https://api.github.com/orgs/$ORG/members | jq -r ".[].login" \
   | grep -v -E -- "$BLOCKLIST" )
+echo "DEBUG: \$ORGMEMBERS: $ORGMEMBERS"
 
 # Grab a list of local directories...
 # We assume that existing directory means locally existing user as well
@@ -89,7 +115,7 @@ LOCALMEMBERS=$(echo -n "`ls -d -- */`" | sed 's/\///g' | tr '\n' ' ')
 echo "Already existing members at \"$USERPATH\": \"$LOCALMEMBERS\"."
 # ...and make it comparable for shell (remove trailing slash, replace newline with | and add round brackets)
 LOCALMEMBERS_COMPARE=$(echo -n "`ls -d -- */`" | sed 's/\///g' | tr '\n' '|' | sed -r 's/^/\(/' | sed -r 's/$/\)/')
-
+echo "DEBUG: \$LOCALMEMBERS_COMPARE: $LOCALMEMBERS_COMPARE"
 
 # loop through remote org members and add if not existing
 for i in $ORGMEMBERS; do
@@ -103,50 +129,34 @@ for i in $ORGMEMBERS; do
             echo "$i's directory could not be created for whatever reason"
             exit 1
         fi
-        echo "$i directory created"
+        echo "$i - user and directory created"
 
         # grab ssh keys and put into user's .ssh/authorized_keys file
-        echo "Trying to grab ssh keys"
-        mkdir -p "$USERPATH"/"$i"/.ssh
-        curl -s https://github.com/"$i".keys > "$USERPATH"/"$i"/.ssh/authorized_keys
-        chown -R "$i":"$SFTPGROUP" "$USERPATH"/"$i"/.ssh
-        chmod 700 "$USERPATH"/"$i"/.ssh
-        chmod 600 "$USERPATH"/"$i"/.ssh/authorized_keys
-
-        # Check if grabbed stuff are actual ssh keys.
-        # curl response for members w/o keys is "not found" but exit code is still 0
-        # so this needs to be worked around
-        CHECK_KEYS=$(grep -c -E "^ssh" "$USERPATH"/"$i"/.ssh/authorized_keys)
-        if [[ $CHECK_KEYS != 0 ]]; then
-            echo "$i - $CHECK_KEYS key/s for $i imported"
-        else
-            echo "(!) $i - Either grabbing failed or $i does not have ssh key on git"
-            echo "(!) $i won't be able to login"
-            rm "$USERPATH"/"$i"/.ssh/authorized_keys
-        fi
+        grab_keys $i
 
     else
-        echo "$i - local directory found. Skipping..."
-        # TODO: update ssh keys here
+        echo "$i - local directory found. Trying to update keys..."
+        grab_keys $i
 
     fi
 done
 
-# remove local users not exsting in remote org
-ORGMEMBERS_COMPARE=$(curl -L -s \
-  -H "Accept: application/vnd.github+json" \
-  -H "Authorization: Bearer $TOKEN" \
-  -H "X-GitHub-Api-Version: 2022-11-28" \
-  https://api.github.com/orgs/$ORG/members | jq -r ".[].login" \
-  | grep -v -E -- "$BLOCKLIST" \
-  | tr '\n' '|' | sed -r 's/^/\(/' | sed -r 's/\|$/\)/')
-
+echo ""
+echo "Removing no longer existing members"
+echo ""
+### remove local users not exsting in remote org
+# make list of remote organization members comparable
+ORGMEMBERS_COMPARE=$(echo $ORGMEMBERS | tr '\n' ' ' | sed 's/\ /\|/g'| sed -r 's/^/\(/' | sed -r 's/\|$/\)/')
+echo "DEBUG: \$ORGMEMBERS_COMPARE: $ORGMEMBERS_COMPARE"
+echo "DEBUG: \$LOCALMEMBERS: $LOCALMEMBERS"
+# loop through org members and compare against local list
 for i in $LOCALMEMBERS; do
 
     if [[ $i =~ $ORGMEMBERS_COMPARE ]]; then # compare local user against list of remote org members. If not found carry on
         echo "$i is still member of remote org. Skipping..."
     else
-        echo "$i is not or no longer in the list of remote org members. Removing its legacy..."
+        echo "$i is not or no longer in the list of remote org members or has been blocklisted. Removing its legacy..."
         userdel --remove "$i"
     fi
 done
+