source: trunk/packages/invirt-dev/invirt-build-conf @ 2795

Last change on this file since 2795 was 2766, checked in by broder, 15 years ago

Have authz providers use an invirt.authz module.

xvm-authz-locker now includes an invirt.authz module instead of
xvm.authz.locker. All authz providers conflict with each other, and
provide invirt-authz.

  • Property svn:executable set to *
File size: 1.8 KB
Line 
1#!/usr/bin/python
2
3"""Re-generate the remctl configuration for build submissions.
4
5This script generates the remctl ACL and configuration for each build
6pocket defined in the configuration. It also updates the .k5login for
7the git user that developers can push through.
8"""
9
10
11import os
12import tempfile
13
14from invirt import authz
15from invirt import builder
16from invirt.config import structs as config
17
18
19def userToPrinc(user):
20    """Convert an AFS principal to a Kerberos v5 principal."""
21    if '@' in user:
22        (princ, realm) = user.split('@')
23    else:
24        princ = user
25        realm = config.kerberos.realm
26
27    return princ.replace('.', '/') + '@' + realm
28
29
30def main():
31    all_devs = set()
32
33    # Python could really use a file-like object that gets written to
34    # a temporary path and moved to its final resting place on
35    # .close(). Oh well.
36    conf_fd, conf_name = tempfile.mkstemp()
37    conf = os.fdopen(conf_fd, 'r+')
38    build_handler = '/usr/bin/invirt-submit-build'
39
40    for pocket in config.build.pockets:
41        acl = authz.expandAdmin(getattr(config.build.pockets, pocket).acl, None)
42
43        acl_fd, acl_name = tempfile.mkstemp()
44        acl_fd = os.fdopen(acl_fd, 'r+')
45        print >>acl_fd, '\n'.join(userToPrinc(a) for a in acl)
46
47        all_devs.update(set(userToPrinc(a) for a in acl))
48
49        acl_path = os.path.join('/etc/remctl/acl/build-%s' % pocket)
50
51        os.rename(acl_name, acl_path)
52        print >>conf, 'build %s %s %s' % (pocket, build_handler, acl_path)
53
54    os.rename(conf_name, '/etc/remctl/conf.d/build')
55
56    k5login_fd, k5login_name = tempfile.mkstemp()
57    k5login = os.fdopen(k5login_fd, 'r+')
58    print >>k5login, '\n'.join(all_devs)
59
60    os.rename(k5login_name, os.path.join(builder._REPO_DIR, '.k5login'))
61
62
63if __name__ == '__main__':
64    main()
Note: See TracBrowser for help on using the repository browser.