# SPDX-License-Identifier: AGPL-3.0
# (c) Taavi Väänänen <hi@taavi.wtf>, 2022
# (c) Bryan Davis <bd808@wikimedia.org>, 2024

import ldap3
import yaml

with open("/etc/ldap.yaml", "r") as f:
    ldap_config = yaml.safe_load(f.read())

conn = ldap3.Connection(
    ldap_config["servers"],
    user=ldap_config["user"],
    password=ldap_config["password"],
    auto_bind=True,
    auto_range=True,
    read_only=True,
)

not_locked_toolforge_users = [
    f'uid={user["attributes"]["uid"][0]},ou=people,dc=wikimedia,dc=org'
    for user in conn.extend.standard.paged_search(
        "ou=people,dc=wikimedia,dc=org",
        "(&(objectclass=posixAccount)(memberOf=cn=project-tools,ou=groups,dc=wikimedia,dc=org)(!(pwdPolicySubentry=cn=disabled,ou=ppolicies,dc=wikimedia,dc=org)))",
        attributes=["uid"],
        time_limit=5,
        paged_size=256,
        generator=True,
    )
]

tools = conn.extend.standard.paged_search(
    "ou=servicegroups,dc=wikimedia,dc=org",
    "(&(objectClass=groupOfNames)(cn=tools.*))",
    attributes=["cn", "member"],
    time_limit=5,
    paged_size=256,
    generator=True,
)

disabled_tools = [
    tool["attributes"]["cn"][0]
    for tool in conn.extend.standard.paged_search(
        "ou=servicegroups,dc=wikimedia,dc=org",
        "(&(objectClass=posixAccount)(pwdPolicySubentry=cn=disabled,ou=ppolicies,dc=wikimedia,dc=org))",
        attributes=["cn"],
        paged_size=256,
        time_limit=5,
        generator=True,
    )
]

for tool in tools:
    tool_name = tool["attributes"]["cn"][0]
    if tool_name in disabled_tools:
        continue
    found = False
    for maintainer in tool["attributes"]["member"]:
        if maintainer in not_locked_toolforge_users:
            found = True
            break
    if not found:
        print(tool_name)