source: trunk/packages/invirt-dev/invirt-build-conf @ 2566

Last change on this file since 2566 was 2566, checked in by broder, 15 years ago

Until we switch to storing krb5 principals in the database, we need to
convert the AFS-style principals in the database to krb5 principals.

Hopefully this code can be torn out one of these days in the
not-so-distant future.

  • Property svn:executable set to *
File size: 1.3 KB
Line 
1#!/usr/bin/python
2
3"""Re-generate the remctl configuration for build submissions.
4
5This script generates the remctl ACL and configuration for each build
6pocket defined in the configuration.
7"""
8
9
10import os
11import tempfile
12
13from invirt.authz import mech as authz
14from invirt.config import structs as config
15
16
17def userToPrinc(user):
18    """Convert an AFS principal to a Kerberos v5 principal."""
19    if '@' in user:
20        (princ, realm) = user.split('@')
21    else:
22        princ = user
23        realm = config.kerberos.realm
24
25    return princ.replace('.', '/') + '@' + realm
26
27
28def main():
29    # Python could really use a file-like object that gets written to
30    # a temporary path and moved to its final resting place on
31    # .close(). Oh well.
32    conf = tempfile.NamedTemporaryFile(delete=False)
33    build_handler = '/usr/sbin/invirt-submit-build'
34
35    for pocket in config.git.pockets:
36        acl = authz.expandAdmin(getattr(config.git.pockets, pocket).acl, None)
37
38        acl_fd = tempfile.NamedTemporaryFile(delete=False)
39        print >>acl_fd, '\n'.join(user(a) for a in acl)
40
41        acl_path = os.path.join('/etc/remctl/acl/build-%s' % pocket)
42
43        os.rename(acl_fd.name, acl_path)
44        print >>conf, 'build %s %s %s' % (pocket, build_handler, acl_path)
45
46    os.rename(conf, '/etc/remctl/conf.d/build')
47
48
49if __name__ == '__main__':
50    main()
Note: See TracBrowser for help on using the repository browser.