Reputation: 31
Revoke Gitlab blocked users from groups using Python
For audit purposes I'm trying to revoke/remove all blocked users from groups using a Python script. Until now I managed just to list all blocked users in my Gitlab instance using a simple curl:
curl -H "Private-Token: xxx” https://mygitlab.domain.com/api/v3/users?blocked=true. Can anyone point me to the right direction for a list with the groups, blocked users\group and how to revoke them using Gitlab API and Python. Any suggestion would be appreciated.
Thanks
Upvotes: 1
Views: 540
Answers (2)
Reputation: 1324977
This kind of audit is part of a larger effort followed by Epic 3155: "Provide an audit report of user permissions by group and project"
This is being implemented with, as a first step, GitLab 13.12 (May 2021)
Added total group and project count to admin users table
Previously, it was difficult to know how many groups and projects a user belonged to. Compliance-minded organizations, in particular, want to know which users have access to what systems or resources as part of their access management policy.
This information provides visibility into your users’ memberships to know if a user has too much access, may have leftover access from a change in their role or employment, or help you determine the scope of a user’s involvement in your company’s projects.
Now it’s easier to get a high-level view of your users’ memberships for auditing purposes.
In this iteration towards an exportable user access report we’ve added additional data to the admin panel for self-managed instances to show the total number of groups and projects a user belongs to.
See Documentation and Epic.
And:
See GitLab 13.12 (May 2021)
Users' group counts now displayed in Admin Area
The user list in the Admin Area now shows the total number of groups a given user has access to. The group count is a sum of both group and subgroup membership.
This is incredibly valuable, because you can easily see how much access users have and quickly identify when action is needed.
For example, you might use this information to ensure that deactivated accounts no longer have access to any projects or groups in GitLab.
See Documentation and Epic.
Upvotes: 1
Reputation: 1435
I will give you a path to follow what you want, because stackoverflow is not a scripting service.
I don't how you are comfortable with scripting
Some tips to follow
- List all groups
- For each group, list all users
- List all blocked users
- Remove/Revoke every user of each group
This is the basic of your script, in this order
The next step is related the language that you want to use, in this case, python
I don't know if you know how to make http requests with python and, if not, read this article
https://rapidapi.com/blog/how-to-use-an-api-with-python/
Upvotes: 1
Related Questions
- How can I delete group in gitlab?
- Python - working with GitLab API 403 Forbidden Error
- Add users to group in GitLab
- How do I get the list of groups for a user through the Gitlab API
- Can't remove group after upgrading to gitlab 6.0
- Gitlab: add all users to all groups without changing permisions of existing users
- Managing access rights in GitLab group
- GitLab 6.0 Remove User From Group
- is there any gitlab API to rename a group
- Changing group permission GitLab 7.2 CE