New version release following mis-dev migration changes

.flake8

@@ -0,0 +1,34 @@
+[flake8]
+
+# PEP-8 line length is not very practical
+max-line-length = 88
+
+extend-ignore =
+    # See https://github.com/PyCQA/pycodestyle/issues/373
+    # flake8/pycodechecker give false positives on black code
+    # line break before ':' apparently gives false positives with black formatter...
+    E203,
+    # line break before binary operator, fights with black formatter...
+    W503,
+    # importing with '*' ...
+    F403,
+    # Bare exception handling, fixing in NIT-854
+    E722,
+    # Missing docstring in public nested class
+    D104,
+    # Missing docstring in public package
+    D103,
+    # f-string but no variables, e.g. print(f"hello")...
+    F541,
+    # Line too long (>79 chars), but should not be firing due to max-line-length = 120
+    E501,
+    # add docustrings
+    D100,
+    # to be corrected with NIT-854
+    B001
+
+# =====================
+# flake-quote settings:
+# =====================
+# Set this to match black style:
+inline-quotes = double

.github/workflows/tag-and-release.yml

@@ -27,32 +27,33 @@ jobs:
       with:
         ref: ${{ github.event.pull_request.merge_commit_sha }}
         fetch-depth: '0'
+    - name: release or prerelease
+      id: release_type
+      run: |
+           if [[ "${{ github.event.pull_request.base.ref }}" == "main" ]]; then
+              echo "This is a release"
+              echo "PRERELEASE=false" >> $GITHUB_OUTPUT
+           else
+              echo "This is a prerelease"
+              echo "PRERELEASE=true" >> $GITHUB_OUTPUT
+           fi
     - name: Bump version and push tag
       id: tag
       uses: anothrNick/[email protected] # Don't use @master or @v1 unless you're happy to test the latest version
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         WITH_V: true
-        PRE_RELEASE_NAME: dev
-    - name: release or prerelease
-      id: release_type
-      run: |
-          if [[ ${{ steps.tag.outputs.new_tag }} == *"dev"* ]]; then
-            echo "This is a prerelease"
-            echo "DEV=true" >> $GITHUB_OUTPUT
-          else
-            echo "This is a release"
-            echo "DEV=false" >> $GITHUB_OUTPUT
-          fi
+        PRERELEASE_SUFFIX: dev
+        PRERELEASE: "${{ steps.release_type.outputs.PRERELEASE }}"
     - name: Create prerelease
-      if: steps.release_type.outputs.DEV == 'true'
+      if: steps.release_type.outputs.PRERELEASE == 'true'
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       run: |
         gh release create ${{ steps.tag.outputs.new_tag }} --title "Dev ${{ steps.tag.outputs.new_tag }}" --prerelease --generate-notes --verify-tag
     - name: Create release
-      if: steps.release_type.outputs.DEV == 'false'
+      if: steps.release_type.outputs.PRERELEASE == 'false'
       env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       run: |
-            gh release create ${{ steps.tag.outputs.new_tag }} --title "Release ${{ steps.tag.outputs.new_tag }}" --generate-notes --verify-tag
+            gh release create ${{ steps.tag.outputs.new_tag }} --title "Release ${{ steps.tag.outputs.new_tag }}" --generate-notes --verify-tag

.gitignore

@@ -159,4 +159,12 @@ cython_debug/
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 .idea/
 # VSCode Config
-.vscode
+.vscode
+
+.secrets
+.vars
+/rbac
+/rendered
+
+*.ldif
+*.ldif.j2

.pre-commit-config.yaml

@@ -0,0 +1,43 @@
+# pre-commit run --all-files
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      - id: check-added-large-files
+      - id: check-case-conflict
+      - id: check-executables-have-shebangs
+      - id: check-merge-conflict
+      - id: check-shebang-scripts-are-executable
+      - id: check-symlinks
+      - id: check-yaml
+      - id: debug-statements
+        exclude: tests/
+      - id: destroyed-symlinks
+      - id: end-of-file-fixer
+        exclude: tests/test_changes/
+        files: \.(py|sh|rst|yml|yaml)$
+      - id: mixed-line-ending
+      - id: trailing-whitespace
+        files: \.(py|sh|rst|yml|yaml)$
+  - repo: https://github.com/psf/black
+    rev: 23.9.1
+    hooks:
+      - id: black
+  - repo: https://github.com/PyCQA/flake8
+    rev: 6.1.0
+    hooks:
+      - id: flake8
+        additional_dependencies: [
+          'flake8-blind-except',
+          'flake8-docstrings',
+          'flake8-bugbear',
+          'flake8-comprehensions',
+          'flake8-docstrings',
+          'flake8-implicit-str-concat',
+          'pydocstyle>=5.0.0',
+        ]
+  - repo: https://github.com/codespell-project/codespell
+    rev: v2.2.5
+    hooks:
+      - id: codespell
+        files: \.(py|sh|rst|yml|yaml)$

cli/__init__.py

@@ -1,28 +1,206 @@
 import click
-from cli import ldap
+import cli.ldap_cmds.rbac
+import cli.ldap_cmds.user
+
+from cli import (
+    logger,
+)
 
-from cli import git
 
 @click.group()
 def main_group():
     pass
 
+
 @click.command()
-@click.option("--user-ou", help="OU to add users to, defaults to ou=Users", default="ou=Users")
-@click.option("--root-dn", help="Root DN to add users to", default="dc=moj,dc=com")
-@click.argument("user-role-list", required=True)
-def add_roles_to_users(user_ou, root_dn, user_role_list):
-    ldap.process_user_roles_list(user_role_list, user_ou, root_dn)
+@click.option(
+    "-u",
+    "--user-ou",
+    help="OU to add users to, defaults to ou=Users",
+    default="ou=Users",
+)
+@click.option(
+    "-r",
+    "--root-dn",
+    help="Root DN to add users to",
+    default="dc=moj,dc=com",
+)
+@click.argument(
+    "user-role-list",
+    required=True,
+)
+def add_roles_to_users(
+    user_ou,
+    root_dn,
+    user_role_list,
+):
+    cli.ldap.user.process_user_roles_list(
+        user_role_list,
+        user_ou,
+        root_dn,
+    )
 
 
+# Update user home area
 @click.command()
-def git_test():
-    git.dl_test()
+@click.option(
+    "-o",
+    "--old-home-area",
+    help="name of old home area",
+    required=True,
+)
+@click.option(
+    "-n",
+    "--new-home-area",
+    help="name of new home area",
+    required=True,
+)
+@click.option(
+    "-u",
+    "--user-ou",
+    help="OU to add users to, defaults to ou=Users",
+    default="ou=Users",
+)
+@click.option(
+    "-r",
+    "--root-dn",
+    help="Root DN to add users to, defaults to dc=moj,dc=com",
+    default="dc=moj,dc=com",
+)
+def update_user_home_areas(
+    old_home_area,
+    new_home_area,
+    user_ou,
+    root_dn,
+):
+    cli.ldap.user.change_home_areas(
+        old_home_area,
+        new_home_area,
+        user_ou,
+        root_dn,
+    )
+
+
+# Update user roles
+@click.command()
+@click.argument(
+    "roles",
+    required=True,
+)
+@click.argument(
+    "user-note",
+    required=False,
+)
+@click.option(
+    "-u",
+    "--user-ou",
+    help="OU to add users to, defaults to ou=Users",
+    default="ou=Users",
+)
+@click.option(
+    "-r",
+    "--root-dn",
+    help="Root DN to add users to, defaults to dc=moj,dc=com",
+    default="dc=moj,dc=com",
+)
+@click.option(
+    "--add",
+    help="Add role to users",
+    is_flag=True,
+)
+@click.option(
+    "--remove",
+    help="Remove role from users",
+    is_flag=True,
+)
+@click.option(
+    "--update-notes",
+    help="Remove role from users",
+    is_flag=True,
+)
+@click.option(
+    "-rf",
+    "--role-filter",
+    help='Comma separated string to generate roles filter from eg "role1,role2,role3"',
+    required=False,
+    default="*",
+)
+@click.option(
+    "-uf",
+    "--user-filter",
+    help="Filter to find users",
+    required=False,
+    default="(userSector=*)",
+)
+def update_user_roles(
+    roles,
+    user_ou,
+    root_dn,
+    add,
+    remove,
+    update_notes,
+    user_note,
+    user_filter,
+    role_filter,
+):
+    cli.ldap.user.update_roles(
+        roles,
+        user_ou,
+        root_dn,
+        add,
+        remove,
+        update_notes,
+        user_note=user_note,
+        user_filter=user_filter,
+        role_filter=role_filter,
+    )
+
+
+@click.command()
+@click.option(
+    "-t",
+    "--rbac-repo-tag",
+    help="RBAC repo tag to use",
+    default="master",
+)
+def rbac_uplift(
+    rbac_repo_tag,
+):
+    cli.ldap_cmds.rbac.main(rbac_repo_tag)
+
+
+@click.command()
+@click.option(
+    "-u",
+    "--user-ou",
+    help="OU to add users to, defaults to ou=Users",
+    default="ou=Users",
+)
+@click.option(
+    "-r",
+    "--root-dn",
+    help="Root DN to add users to, defaults to dc=moj,dc=com",
+    default="dc=moj,dc=com",
+)
+def deactivate_crc_users(
+    user_ou,
+    root_dn,
+):
+    cli.ldap.user.deactivate_crc_users(
+        user_ou,
+        root_dn,
+    )
+
 
 # from cli.ldap import test
 
 main_group.add_command(add_roles_to_users)
-main_group.add_command(git_test)
+main_group.add_command(rbac_uplift)
+main_group.add_command(update_user_home_areas)
+main_group.add_command(update_user_roles)
+main_group.add_command(deactivate_crc_users)
+
+logger.configure_logging()
 
 if __name__ == "__main__":
     main_group()