| [2565] | 1 | #!/usr/bin/python |
|---|
| 2 | |
|---|
| 3 | """Re-generate the remctl configuration for build submissions. |
|---|
| 4 | |
|---|
| 5 | This script generates the remctl ACL and configuration for each build |
|---|
| [2579] | 6 | pocket defined in the configuration. It also updates the .k5login for |
|---|
| 7 | the git user that developers can push through. |
|---|
| [2565] | 8 | """ |
|---|
| [3039] | 9 | from __future__ import with_statement |
|---|
| [2565] | 10 | |
|---|
| [3039] | 11 | import contextlib |
|---|
| [2565] | 12 | import os |
|---|
| 13 | import tempfile |
|---|
| 14 | |
|---|
| [2766] | 15 | from invirt import authz |
|---|
| [2584] | 16 | from invirt import builder |
|---|
| [2565] | 17 | from invirt.config import structs as config |
|---|
| 18 | |
|---|
| 19 | |
|---|
| [2566] | 20 | def userToPrinc(user): |
|---|
| 21 | """Convert an AFS principal to a Kerberos v5 principal.""" |
|---|
| 22 | if '@' in user: |
|---|
| 23 | (princ, realm) = user.split('@') |
|---|
| 24 | else: |
|---|
| 25 | princ = user |
|---|
| 26 | realm = config.kerberos.realm |
|---|
| 27 | |
|---|
| 28 | return princ.replace('.', '/') + '@' + realm |
|---|
| 29 | |
|---|
| [3039] | 30 | def acl_path(pocket): |
|---|
| 31 | return '/etc/remctl/acl/build-%s' % pocket |
|---|
| [2566] | 32 | |
|---|
| [3039] | 33 | @contextlib.contextmanager |
|---|
| 34 | def atomic_write(file): |
|---|
| 35 | tmp_fd, tmp_name = tempfile.mkstemp() |
|---|
| 36 | tmp = os.fdopen(tmp_fd, 'r+') |
|---|
| 37 | yield tmp |
|---|
| 38 | tmp.close() |
|---|
| 39 | os.rename(tmp_name, file) |
|---|
| 40 | |
|---|
| [2565] | 41 | def main(): |
|---|
| [2579] | 42 | all_devs = set() |
|---|
| [2638] | 43 | build_handler = '/usr/bin/invirt-submit-build' |
|---|
| [2565] | 44 | |
|---|
| [2593] | 45 | for pocket in config.build.pockets: |
|---|
| 46 | acl = authz.expandAdmin(getattr(config.build.pockets, pocket).acl, None) |
|---|
| [3039] | 47 | with atomic_write(acl_path(pocket)) as f: |
|---|
| 48 | princs = [userToPrinc(a) for a in acl] |
|---|
| 49 | print >>f, '\n'.join(princs) |
|---|
| 50 | all_devs.update(set(princs)) |
|---|
| [2565] | 51 | |
|---|
| [3039] | 52 | with atomic_write('/etc/remctl/conf.d/build') as f: |
|---|
| 53 | for pocket in config.build.pockets: |
|---|
| 54 | print >>f, 'build %s %s %s' % (pocket, build_handler, acl_path(pocket)) |
|---|
| [2565] | 55 | |
|---|
| [3040] | 56 | with atomic_write('/etc/remctl/acl/repo_admin') as f: |
|---|
| 57 | acl = authz.expandAdmin(config.build.repo_admin, None) |
|---|
| 58 | print >>f, '\n'.join(userToPrinc(a) for a in acl) |
|---|
| [2565] | 59 | |
|---|
| [3040] | 60 | with atomic_write('/etc/remctl/conf.d/repo_admin') as f: |
|---|
| 61 | print >>f, 'create repo /usr/bin/invirt-add-repo /etc/remctl/acl/repo_admin' |
|---|
| [2565] | 62 | |
|---|
| [3039] | 63 | with atomic_write(os.path.join(builder._REPO_DIR, '.k5login')) as f: |
|---|
| 64 | print >>f, '\n'.join(all_devs) |
|---|
| [2579] | 65 | |
|---|
| [2584] | 66 | |
|---|
| [2565] | 67 | if __name__ == '__main__': |
|---|
| 68 | main() |
|---|
