Add SSH command to set group members

Add a new SSH command that allows to
- add users to groups
- remove users from groups
- include groups into groups
- exclude groups from groups

That change is based on previous work of Edwin Kempin:
https://gerrit-review.googlesource.com/#/c/30009

Bug: issue 1095
Change-Id: I9a80bc52f5a9847d4e8b4d848149167844eadd19

Documentation/cmd-index.txt

@@ -123,6 +123,9 @@ link:cmd-gc.html[gerrit gc]::
 link:cmd-gsql.html[gerrit gsql]::
 	Administrative interface to active database.
 
+link:cmd-set-members.html[gerrit set-members]::
+	Set group members.
+
 link:cmd-set-project-parent.html[gerrit set-project-parent]::
 	Change the project permissions are inherited from.
 

Documentation/cmd-set-members.txt

@@ -0,0 +1,82 @@
+gerrit set-members
+==================
+
+NAME
+----
+gerrit set-members - Set group members
+
+SYNOPSIS
+--------
+[verse]
+'ssh' -p <port> <host> 'gerrit set-members'
+  [--add USER ...]
+  [--remove USER ...]
+  [--include GROUP ...]
+  [--exclude GROUP ...]
+  [--]
+  <GROUP> ...
+
+DESCRIPTION
+-----------
+Set the group members for the specified groups.
+
+OPTIONS
+-------
+<GROUP>::
+	Required; name of the group for which the members should be set.
+	The members for multiple groups can be set at once by specifying
+	multiple groups.
+
+--add::
+-a::
+	A user that should be added to the specified groups. Multiple
+	users can be added at once by using this option multiple times.
+
+--remove::
+-r::
+	Remove this user from the specified groups. Multiple users can be
+	removed at once by using this option multiple times.
+
+--include::
+-i::
+	A group that should be included to the specified groups. Multiple
+	groups can be included at once by using this option multiple
+	times.
+
+--exclude::
+-e::
+	Exclude this group from the specified groups. Multiple groups can
+	be excluded at once by using this option multiple times.
+
+The `set-members` command is processing the options in the following
+order: `--remove`, `--exclude`, `--add`, `--include`
+
+ACCESS
+------
+Any user who has configured an SSH key.
+
+SCRIPTING
+---------
+This command is intended to be used in scripts.
+
+EXAMPLES
+--------
+
+Add alice and bob, but remove eve from the groups my-committers and
+my-verifiers.
+=====
+	$ ssh -p 29418 review.example.com gerrit set-members \
+	  -a alice@example.com -a bob@example.com \
+	  -r eve@example.com my-committers my-verifiers
+=====
+
+Include the group my-friends into the group my-committers, but
+exclude the included group my-testers from the group my-committers.
+=====
+	$ ssh -p 29418 review.example.com gerrit set-members \
+	  -i my-friends -e my-testers my-committers
+=====
+
+GERRIT
+------
+Part of link:index.html[Gerrit Code Review]

Documentation/man/Makefile

@@ -34,6 +34,7 @@ cmd-query.txt          \
 cmd-rename-group.txt   \
 cmd-review.txt         \
 cmd-set-account.txt    \
+cmd-set-members.txt    \
 cmd-set-project-parent.txt \
 cmd-set-project.txt    \
 cmd-set-reviewers.txt  \

gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/MasterCommandModule.java

@@ -39,6 +39,7 @@ public class MasterCommandModule extends CommandModule {
     // deprecated alias to review command
     alias(gerrit, "approve", ReviewCommand.class);
     command(gerrit, SetAccountCommand.class);
+    command(gerrit, SetMembersCommand.class);
     command(gerrit, SetProjectCommand.class);
 
     command(gerrit, "test-submit").toProvider(new DispatchCommandProvider(testSubmit));

gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/SetMembersCommand.java

@@ -0,0 +1,164 @@
+// Copyright (C) 2013 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.gerrit.sshd.commands;
+
+import com.google.common.base.Function;
+import com.google.common.base.Joiner;
+import com.google.common.base.Objects;
+import com.google.common.collect.Iterables;
+import com.google.common.collect.Lists;
+import com.google.gerrit.extensions.restapi.IdString;
+import com.google.gerrit.extensions.restapi.TopLevelResource;
+import com.google.gerrit.reviewdb.client.Account;
+import com.google.gerrit.reviewdb.client.AccountGroup;
+import com.google.gerrit.server.account.AccountCache;
+import com.google.gerrit.server.account.GroupCache;
+import com.google.gerrit.server.group.AddIncludedGroups;
+import com.google.gerrit.server.group.AddMembers;
+import com.google.gerrit.server.group.DeleteIncludedGroups;
+import com.google.gerrit.server.group.DeleteMembers;
+import com.google.gerrit.server.group.GroupResource;
+import com.google.gerrit.server.group.GroupsCollection;
+import com.google.gerrit.sshd.CommandMetaData;
+import com.google.gerrit.sshd.SshCommand;
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+
+import org.kohsuke.args4j.Argument;
+import org.kohsuke.args4j.Option;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.util.List;
+
+@CommandMetaData(name = "set-members", descr = "Modifies members of specific group or number of groups")
+public class SetMembersCommand extends SshCommand {
+
+  @Option(name = "--add", aliases = {"-a"}, metaVar = "USER", usage = "users that should be added as group member")
+  private List<Account.Id> accountsToAdd = Lists.newArrayList();
+
+  @Option(name = "--remove", aliases = {"-r"}, metaVar = "USER", usage = "users that should be removed from the group")
+  private List<Account.Id> accountsToRemove = Lists.newArrayList();
+
+  @Option(name = "--include", aliases = {"-i"}, metaVar = "GROUP", usage = "group that should be included as group member")
+  private List<AccountGroup.UUID> groupsToInclude = Lists.newArrayList();
+
+  @Option(name = "--exclude", aliases = {"-e"}, metaVar = "GROUP", usage = "group that should be excluded from the group")
+  private List<AccountGroup.UUID> groupsToRemove = Lists.newArrayList();
+
+  @Argument(index = 0, required = true, multiValued = true, metaVar = "GROUP", usage = "groups to modify")
+  private List<AccountGroup.UUID> groups = Lists.newArrayList();
+
+  @Inject
+  private Provider<AddMembers> addMembers;
+
+  @Inject
+  private Provider<DeleteMembers> deleteMembers;
+
+  @Inject
+  private Provider<AddIncludedGroups> addIncludedGroups;
+
+  @Inject
+  private Provider<DeleteIncludedGroups> deleteIncludedGroups;
+
+  @Inject
+  private GroupsCollection groupsCollection;
+
+  @Inject
+  private GroupCache groupCache;
+
+  @Inject
+  private AccountCache accountCache;
+
+  @Override
+  protected void run() throws UnloggedFailure, Failure, Exception {
+    for (AccountGroup.UUID groupUuid : groups) {
+      GroupResource resource =
+          groupsCollection.parse(TopLevelResource.INSTANCE,
+              IdString.fromUrl(groupUuid.get()));
+      if (!accountsToRemove.isEmpty()) {
+        deleteMembers.get().apply(resource, fromMembers(accountsToRemove));
+        reportMembersAction("removed from", resource, accountsToRemove);
+      }
+      if (!groupsToRemove.isEmpty()) {
+        deleteIncludedGroups.get().apply(resource, fromGroups(groupsToRemove));
+        reportGroupsAction("excluded from", resource, groupsToRemove);
+      }
+      if (!accountsToAdd.isEmpty()) {
+        addMembers.get().apply(resource, fromMembers(accountsToAdd));
+        reportMembersAction("added to", resource, accountsToAdd);
+      }
+      if (!groupsToInclude.isEmpty()) {
+        addIncludedGroups.get().apply(resource, fromGroups(groupsToInclude));
+        reportGroupsAction("included to", resource, groupsToInclude);
+      }
+    }
+  }
+
+  private void reportMembersAction(String action, GroupResource group,
+      List<Account.Id> accountIdList) throws UnsupportedEncodingException,
+      IOException {
+    out.write(String.format(
+        "Members %s group %s: %s\n",
+        action,
+        group.getName(),
+        Joiner.on(", ").join(
+            Iterables.transform(accountIdList,
+                new Function<Account.Id, String>() {
+                  @Override
+                  public String apply(Account.Id accountId) {
+                    return Objects.firstNonNull(accountCache.get(accountId)
+                        .getAccount().getPreferredEmail(), "n/a");
+                  }
+                }))).getBytes(ENC));
+  }
+
+  private void reportGroupsAction(String action, GroupResource group,
+      List<AccountGroup.UUID> groupUuidList)
+      throws UnsupportedEncodingException, IOException {
+    out.write(String.format(
+        "Groups %s group %s: %s\n",
+        action,
+        group.getName(),
+        Joiner.on(", ").join(
+            Iterables.transform(groupUuidList,
+                new Function<AccountGroup.UUID, String>() {
+                  @Override
+                  public String apply(AccountGroup.UUID uuid) {
+                    return groupCache.get(uuid).getName();
+                  }
+                }))).getBytes(ENC));
+  }
+
+  private AddIncludedGroups.Input fromGroups(List<AccountGroup.UUID> accounts) {
+    return AddIncludedGroups.Input.fromGroups(Lists.newArrayList(Iterables
+        .transform(accounts, new Function<AccountGroup.UUID, String>() {
+          @Override
+          public String apply(AccountGroup.UUID uuid) {
+            return uuid.toString();
+          }
+        })));
+  }
+
+  private AddMembers.Input fromMembers(List<Account.Id> accounts) {
+    return AddMembers.Input.fromMembers(Lists.newArrayList(Iterables.transform(
+        accounts, new Function<Account.Id, String>() {
+          @Override
+          public String apply(Account.Id id) {
+            return id.toString();
+          }
+        })));
+  }
+}