#!/usr/bin/python

"""Re-generate the remctl configuration for build submissions.

This script generates the remctl ACL and configuration for each build
pocket defined in the configuration. It also updates the .k5login for
the git user that developers can push through.
"""


import os
import tempfile

from invirt.authz import mech as authz
from invirt import builder
from invirt.config import structs as config


def userToPrinc(user):
    """Convert an AFS principal to a Kerberos v5 principal."""
    if '@' in user:
        (princ, realm) = user.split('@')
    else:
        princ = user
        realm = config.kerberos.realm

    return princ.replace('.', '/') + '@' + realm


def main():
    all_devs = set()

    # Python could really use a file-like object that gets written to
    # a temporary path and moved to its final resting place on
    # .close(). Oh well.
    conf_fd, conf_name = tempfile.mkstemp()
    conf = os.fdopen(conf_fd, 'r+')
    build_handler = '/usr/sbin/invirt-submit-build'

    for pocket in config.build.pockets:
        acl = authz.expandAdmin(getattr(config.build.pockets, pocket).acl, None)

        acl_fd, acl_name = tempfile.mkstemp()
        acl_fd = os.fdopen(acl_fd, 'r+')
        print >>acl_fd, '\n'.join(userToPrinc(a) for a in acl)

        all_devs.update(set(userToPrinc(a) for a in acl))

        acl_path = os.path.join('/etc/remctl/acl/build-%s' % pocket)

        os.rename(acl_name, acl_path)
        print >>conf, 'build %s %s %s' % (pocket, build_handler, acl_path)

    os.rename(conf_name, '/etc/remctl/conf.d/build')

    k5login_fd, k5login_name = tempfile.mkstemp()
    k5login = os.fdopen(k5login_fd, 'r+')
    print >>k5login, '\n'.join(all_devs)

    os.rename(k5login_name, os.path.join(builder._REPO_DIR, '.k5login'))


if __name__ == '__main__':
    main()