At the moment of writing this, it has been a long-lasting desire for Gitlab users to be able to see all members to any project within a group at a single glance or press of a button. It was also something I was looking for myself, since we use Gitlab as a company and therefore have to deal with people leaving us from time to time. When that happens we, of course, have to make sure they can no longer access the private repositories we keep in our Gitlab group. This is not only we feel the desire to do, but it’s also something which is simply an obligation, even more so since we got our ISO-27001 certificate.
That is why I started to look for my own solution and luckily I came across the very easy and useful gitlab Python package. This made my life so much easier. The only thing I need to do now is to regularly run the script below, this gives me a complete overview in Excel of all users that are a member of our Cmotions group on Gitlab and it immediately shows me which repositories they can access and even what their access rights are. Easy does it!
I start this script by importing the necessary packages, setting the value for the group_id I would like to get an overview of, and loading the .env file, where I’ve stored my personal access token for Gitlab. Just for myself, I’ve also created a dictionary to translate the access rights into readable values.
import pandas as pd
from dotenv import load_dotenv
import os
import gitlab
load_dotenv()
# you can find the group ID right on the home page of your group, just underneath the name of your group
group_id = 123456789
# the translation of the access level codes according to Gitlab: https://docs.gitlab.com/ee/api/members.html
access_dict = {
0: "no access",
5: "minimal access",
10: "guest",
20: "reporter",
30: "developer",
40: "maintainer",
50: "owner",
}
Now we can initialize the Gitlab API and start listing all information from within our group, this way we get a list of all projects (repositories) in the group and all of its subgroups.
# init the gitlab object
gl = gitlab.Gitlab(private_token=os.getenv("PRIVATE-TOKEN"))
# get gitlab group
group = gl.groups.get(group_id, lazy=True)
# get all projects
projects = group.projects.list(include_subgroups=True, all=True, owned=True)
# get all project ids
project_ids = []
for project in projects:
project_ids.append((project.id, project.path_with_namespace, project.name))
df_project = pd.DataFrame(project_ids, columns=["id", "path", "name"])
After retrieving all the projects, we can loop through them and get all members of each of the groups. This way, we end up with a complete list with all members within our group, to which repositories they have access and which access rights they have for each of these repositories.
# get all members
members = []
for _, row in df_project.iterrows():
proj = gl.projects.get(row["id"], all=True)
for member in proj.members_all.list(get_all=True):
members.append(
(
row["id"],
row["path"],
row["name"],
member.username,
member.state,
member.access_level,
)
)
df_members = pd.DataFrame(
members,
columns=[
"project_id",
"project_path",
"project_name",
"username",
"state",
"access_level_code",
],
).drop_duplicates()
df_members["access_level"] = df_members["access_level_code"].map(access_dict)
df_members.sort_values("username", inplace=True)
And this list we can store as a csv file, which makes it easier to share with other people within the business if needed.
# store as csv
df_members.to_csv("gitlab_members.csv", sep=";", header=True, index=False)
Good luck!