3 """Re-generate the remctl configuration for build submissions.
5 This script generates the remctl ACL and configuration for each build
6 pocket defined in the configuration. It also updates the .k5login for
7 the git user that developers can push through.
9 from __future__ import with_statement
15 from invirt import authz
16 from invirt import builder
17 from invirt.config import structs as config
20 def userToPrinc(user):
21 """Convert an AFS principal to a Kerberos v5 principal."""
23 (princ, realm) = user.split('@')
26 realm = config.kerberos.realm
28 return princ.replace('.', '/') + '@' + realm
31 return '/etc/remctl/acl/build-%s' % pocket
33 @contextlib.contextmanager
34 def atomic_write(file):
35 tmp_fd, tmp_name = tempfile.mkstemp()
36 tmp = os.fdopen(tmp_fd, 'r+')
39 os.rename(tmp_name, file)
43 build_handler = '/usr/bin/invirt-submit-build'
45 for pocket in config.build.pockets:
46 acl = authz.expandAdmin(getattr(config.build.pockets, pocket).acl, None)
47 with atomic_write(acl_path(pocket)) as f:
48 princs = [userToPrinc(a) for a in acl]
49 print >>f, '\n'.join(princs)
50 all_devs.update(set(princs))
52 with atomic_write('/etc/remctl/conf.d/build') as f:
53 for pocket in config.build.pockets:
54 print >>f, 'build %s %s %s' % (pocket, build_handler, acl_path(pocket))
56 with atomic_write('/etc/remctl/acl/repo_admin') as f:
57 acl = authz.expandAdmin(config.build.repo_admin, None)
58 print >>f, '\n'.join(userToPrinc(a) for a in acl)
60 with atomic_write('/etc/remctl/conf.d/repo_admin') as f:
61 print >>f, 'create repo /usr/bin/invirt-add-repo /etc/remctl/acl/repo_admin'
63 with atomic_write(os.path.join(builder._REPO_DIR, '.k5login')) as f:
64 print >>f, '\n'.join(all_devs)
67 if __name__ == '__main__':
projects / invirt/packages/invirt-dev.git / blob