| 1 | #!/usr/bin/python |
|---|
| 2 | |
|---|
| 3 | """Re-generate the remctl configuration for build submissions. |
|---|
| 4 | |
|---|
| 5 | This script generates the remctl ACL and configuration for each build |
|---|
| 6 | pocket defined in the configuration. It also updates the .k5login for |
|---|
| 7 | the git user that developers can push through. |
|---|
| 8 | """ |
|---|
| 9 | from __future__ import with_statement |
|---|
| 10 | |
|---|
| 11 | import contextlib |
|---|
| 12 | import os |
|---|
| 13 | import tempfile |
|---|
| 14 | |
|---|
| 15 | from invirt import authz |
|---|
| 16 | from invirt import builder |
|---|
| 17 | from invirt.config import structs as config |
|---|
| 18 | |
|---|
| 19 | |
|---|
| 20 | def userToPrinc(user): |
|---|
| 21 | """Convert an AFS principal to a Kerberos v5 principal.""" |
|---|
| 22 | if '@' in user: |
|---|
| 23 | (princ, realm) = user.split('@') |
|---|
| 24 | else: |
|---|
| 25 | princ = user |
|---|
| 26 | realm = config.kerberos.realm |
|---|
| 27 | |
|---|
| 28 | return princ.replace('.', '/') + '@' + realm |
|---|
| 29 | |
|---|
| 30 | def acl_path(pocket): |
|---|
| 31 | return '/etc/remctl/acl/build-%s' % pocket |
|---|
| 32 | |
|---|
| 33 | @contextlib.contextmanager |
|---|
| 34 | def atomic_write(file): |
|---|
| 35 | tmp_fd, tmp_name = tempfile.mkstemp() |
|---|
| 36 | tmp = os.fdopen(tmp_fd, 'r+') |
|---|
| 37 | yield tmp |
|---|
| 38 | tmp.close() |
|---|
| 39 | os.rename(tmp_name, file) |
|---|
| 40 | |
|---|
| 41 | def main(): |
|---|
| 42 | all_devs = set() |
|---|
| 43 | build_handler = '/usr/bin/invirt-submit-build' |
|---|
| 44 | |
|---|
| 45 | for pocket in config.build.pockets: |
|---|
| 46 | acl = authz.expandAdmin(getattr(config.build.pockets, pocket).acl, None) |
|---|
| 47 | with atomic_write(acl_path(pocket)) as f: |
|---|
| 48 | princs = [userToPrinc(a) for a in acl] |
|---|
| 49 | print >>f, '\n'.join(princs) |
|---|
| 50 | all_devs.update(set(princs)) |
|---|
| 51 | |
|---|
| 52 | with atomic_write('/etc/remctl/conf.d/build') as f: |
|---|
| 53 | for pocket in config.build.pockets: |
|---|
| 54 | print >>f, 'build %s %s %s' % (pocket, build_handler, acl_path(pocket)) |
|---|
| 55 | |
|---|
| 56 | with atomic_write('/etc/remctl/acl/repo_admin') as f: |
|---|
| 57 | acl = authz.expandAdmin(config.build.repo_admin, None) |
|---|
| 58 | print >>f, '\n'.join(userToPrinc(a) for a in acl) |
|---|
| 59 | |
|---|
| 60 | with atomic_write('/etc/remctl/conf.d/repo_admin') as f: |
|---|
| 61 | print >>f, 'create repo /usr/bin/invirt-add-repo /etc/remctl/acl/repo_admin' |
|---|
| 62 | |
|---|
| 63 | with atomic_write(os.path.join(builder._REPO_DIR, '.k5login')) as f: |
|---|
| 64 | print >>f, '\n'.join(all_devs) |
|---|
| 65 | |
|---|
| 66 | |
|---|
| 67 | if __name__ == '__main__': |
|---|
| 68 | main() |
|---|
