Remove Member Duplications in GitLab

GitLab has done an excellent job with their member assignment model. You can authorize users in a GitLab instance to certain areas in several ways. For example, you can authorize users directly or regulate the rights via a group assignment in which the user in question must then be located.

Nevertheless, due to certain conditions (which have usually evolved over time), it can happen that users were quickly authorized directly at certain points and then groups were only implemented afterwards, whereby the authorization model is to be implemented in the future. If this is the case, you naturally want to tidy up your authorizations and avoid duplications due to different assignments.

Since I couldn't find a way to do this in the web interface of GitLab itself, I used the python-gitlab package and wrote a small script to make my work easier.

What the script does

The script connects to a GitLab instance, retrieves all projects within a specified group (and its subgroups), and removes direct members who are also part of the group.

So after you've installed the few dependencies you can proceed with generating a Personal Access Token within your GitLab instance. You need to add the API scope for the token so don't forget that.

After that you can copy the ID of your group or subgroup and execute the script:

python gitlab_remove_doubleton_members.py -u https://gitlab.example.com -t your_access_token -g your_group

If you are unsure what the outcome is, you can use the `--dry-run` parameter to check the changes before actually deleting something.

The result should look like something similar to the example output:

Fetching members of group 1765555
Fetching repositories for group 1765555
Fetching projects from subgroup Projects (ID: 17899)
Fetching projects from subgroup Automation (ID: 17900)
Fetching projects from subgroup Linting (ID: 17901)
Processing repository Automation Templates (ID: 1304)
Processing repository Linting Boilerplate (ID: 1513)
Processing repository Project Templates (ID: 19951)
Dry-run: Would remove member $member from repository Linting (https://gitlab.example.com/projects/linting/-/project_members)

💡
A more detailed README.md with all parameters available, can be found in the repository.

Sources

python-gitlab - https://python-gitlab.readthedocs.io/en/stable/index.html

My script - https://github.com/xFuture603/helper_scripts/tree/main/gitlab_remove_doubleton_members

Create a personal access token in GitLab - https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#create-a-personal-access-token