add the ability to leverage group prefix filters

app.py

@@ -66,9 +66,13 @@ def sync_team(client=None, owner=None, team_id=None, slug=None):
     try:
         org = client.organization(owner)
         team = org.team(team_id)
-        custom_map, ignore_users = load_custom_map()
+        custom_map, group_prefix, ignore_users = load_custom_map()
         try:
             directory_group = get_directory_from_slug(slug, custom_map, org)
+            # If we're filtering on group prefix, skip if the group doesn't match
+            if group_prefix.length() > 0 and not directory_group.startswith(tuple(group_prefix)):
+                print(f"skipping team {team.slug} - not in group prefix")
+                return
             directory_members = directory_group_members(group=directory_group)
         except Exception as e:
             directory_members = []
@@ -260,10 +264,10 @@ def load_custom_map(file="syncmap.yml"):
                 syncmap[(d["org"], d["github"])] = d["directory"]
             else:
                 syncmap[d["github"]] = d["directory"]
-
+        group_prefix = data.get("group_prefix", [])
         ignore_users = data.get("ignore_users", [])
 
-    return (syncmap, ignore_users)
+    return (syncmap, group_prefix, ignore_users)
 
 
 def get_app_installations():
@@ -293,7 +297,7 @@ def sync_all_teams():
     print(f'Syncing all teams: {time.strftime("%A, %d. %B %Y %I:%M:%S %p")}')
 
     installations = get_app_installations()
-    custom_map, _ = load_custom_map()
+    custom_map, group_prefix, _ = load_custom_map()
     futures = []
     install_count = 0
     with ThreadPoolExecutor(max_workers=10) as exe:
@@ -309,7 +313,7 @@ def sync_all_teams():
                     org = client.organization(i.account["login"])
                     for team in org.teams():
                         futures.append(
-                            exe.submit(sync_team_helper, team, custom_map, client, org)
+                            exe.submit(sync_team_helper, team, custom_map, client, org, group_prefix)
                         )
                 except Exception as e:
                     print(f"DEBUG: {e}")

githubapp/ldap.py

@@ -42,31 +42,44 @@ class LDAPClient:
             raise Exception("LDAP credentials have not been specified")
 
         self.USER_SYNC_ATTRIBUTE = os.environ["USER_SYNC_ATTRIBUTE"]
-        
+
         self.LDAP_USE_SSL = bool(os.environ("LDAP_USE_SSL", False))
         if self.LDAP_USE_SSL:
-            self.LDAP_SSL_PRIVATE_KEY = os.environ.get('LDAP_SSL_PRIVATE_KEY')
-            self.LDAP_SSL_CERTIFICATE = os.environ.get('LDAP_SSL_CERTIFICATE')
+            self.LDAP_SSL_PRIVATE_KEY = os.environ.get("LDAP_SSL_PRIVATE_KEY")
+            self.LDAP_SSL_CERTIFICATE = os.environ.get("LDAP_SSL_CERTIFICATE")
             try:
-                self.LDAP_SSL_VALIDATE = ssl.VerifyMode[os.environ.get('LDAP_SSL_VALIDATE', 'CERT_REQUIRED')]
+                self.LDAP_SSL_VALIDATE = ssl.VerifyMode[
+                    os.environ.get("LDAP_SSL_VALIDATE", "CERT_REQUIRED")
+                ]
             except KeyError:
-                raise Exception(f"LDAP_SSL_VALIDATE valid options are {ssl.VerifyMode._member_names_}")
+                raise Exception(
+                    f"LDAP_SSL_VALIDATE valid options are {ssl.VerifyMode._member_names_}"
+                )
             try:
-                self.LDAP_SSL_VERSION = ssl._SSLMethod[os.environ.get('LDAP_SSL_VERSION', 'PROTOCOL_TLS')]
+                self.LDAP_SSL_VERSION = ssl._SSLMethod[
+                    os.environ.get("LDAP_SSL_VERSION", "PROTOCOL_TLS")
+                ]
             except KeyError:
-                raise Exception(f"LDAP_SSL_VERSION valid options are {ssl._SSLMethod._member_names_}")
-            self.LDAP_SSL_CA_CERTS = os.environ.get('LDAP_SSL_CA_CERTS')
+                raise Exception(
+                    f"LDAP_SSL_VERSION valid options are {ssl._SSLMethod._member_names_}"
+                )
+            self.LDAP_SSL_CA_CERTS = os.environ.get("LDAP_SSL_CA_CERTS")
             self.tls = Tls(
-                local_private_key_file = self.LDAP_SSL_PRIVATE_KEY, 
-                local_certificate_file = self.LDAP_SSL_CERTIFICATE,
-                validate = self.LDAP_SSL_VALIDATE,
-                version = self.LDAP_SSL_VERSION,
-                ca_certs_file = self.LDAP_SSL_CA_CERTS
+                local_private_key_file=self.LDAP_SSL_PRIVATE_KEY,
+                local_certificate_file=self.LDAP_SSL_CERTIFICATE,
+                validate=self.LDAP_SSL_VALIDATE,
+                version=self.LDAP_SSL_VERSION,
+                ca_certs_file=self.LDAP_SSL_CA_CERTS,
             )
         else:
             self.tls = None
 
-        self.srv = Server(host = self.LDAP_SERVER_HOST, port = self.LDAP_SERVER_HOST, use_ssl = self.USE_SSL, tls = self.tls)
+        self.srv = Server(
+            host=self.LDAP_SERVER_HOST,
+            port=self.LDAP_SERVER_HOST,
+            use_ssl=self.USE_SSL,
+            tls=self.tls,
+        )
         self.conn = Connection(
             self.srv,
             user=self.LDAP_BIND_USER,

syncmap.yml.example

@@ -8,6 +8,11 @@ mapping:
     org: demo-org
     directory: avengers group
 
+# Only sync groups with matching prefixes
+#group_prefix:
+#  - TEST-
+#  - DEMO-
+
 ignore_users:
   - userA
   - userB