1 | #!/usr/bin/python |
---|
2 | |
---|
3 | """Re-generate the remctl configuration for build submissions. |
---|
4 | |
---|
5 | This script generates the remctl ACL and configuration for each build |
---|
6 | pocket defined in the configuration. |
---|
7 | """ |
---|
8 | |
---|
9 | |
---|
10 | import os |
---|
11 | import tempfile |
---|
12 | |
---|
13 | from invirt.authz import mech as authz |
---|
14 | from invirt.config import structs as config |
---|
15 | |
---|
16 | |
---|
17 | def userToPrinc(user): |
---|
18 | """Convert an AFS principal to a Kerberos v5 principal.""" |
---|
19 | if '@' in user: |
---|
20 | (princ, realm) = user.split('@') |
---|
21 | else: |
---|
22 | princ = user |
---|
23 | realm = config.kerberos.realm |
---|
24 | |
---|
25 | return princ.replace('.', '/') + '@' + realm |
---|
26 | |
---|
27 | |
---|
28 | def main(): |
---|
29 | # Python could really use a file-like object that gets written to |
---|
30 | # a temporary path and moved to its final resting place on |
---|
31 | # .close(). Oh well. |
---|
32 | conf = tempfile.NamedTemporaryFile(delete=False) |
---|
33 | build_handler = '/usr/sbin/invirt-submit-build' |
---|
34 | |
---|
35 | for pocket in config.git.pockets: |
---|
36 | acl = authz.expandAdmin(getattr(config.git.pockets, pocket).acl, None) |
---|
37 | |
---|
38 | acl_fd = tempfile.NamedTemporaryFile(delete=False) |
---|
39 | print >>acl_fd, '\n'.join(user(a) for a in acl) |
---|
40 | |
---|
41 | acl_path = os.path.join('/etc/remctl/acl/build-%s' % pocket) |
---|
42 | |
---|
43 | os.rename(acl_fd.name, acl_path) |
---|
44 | print >>conf, 'build %s %s %s' % (pocket, build_handler, acl_path) |
---|
45 | |
---|
46 | os.rename(conf, '/etc/remctl/conf.d/build') |
---|
47 | |
---|
48 | |
---|
49 | if __name__ == '__main__': |
---|
50 | main() |
---|