#!/usr/bin/env python3
import config
import json
import urllib.request

def doGET(ep):
    req = urllib.request.Request(config.kandim_server + ep)
    req.add_header('Authorization', 'Bearer ' + config.kandim_token)
    res = urllib.request.urlopen(req)
    if res.code != 200:
        raise Exception("API ERROR " + ep)
    j = json.load(res)
    return j

def getGroupUsers(grp):
    g = doGET("/v1/group/" + grp)
    if 'member' not in g['attrs']:
        raise Exception("Attribute 'member' not in Group")
    return g['attrs']['member']

def getUser(user):
    u = doGET("/v1/person/" + user)
    return u['attrs']

userlist = getGroupUsers(config.kandim_group)
for user in userlist:
    print("#User: " + user)
    uo = getUser(user)
    if 'ssh_publickey' not in uo:
        continue
    for keyf in uo['ssh_publickey']:
        key = keyf.split(": ", 1)
        if len(key) < 2:
            print("# Error while processing key")
            continue
        if 'keymatic' in key[0]:
            print(key[1] + key[0])