#!/usr/bin/python

"""Re-generate the remctl configuration for build submissions.

This script generates the remctl ACL and configuration for each build
pocket defined in the configuration.
"""


import os
import tempfile

from invirt.authz import mech as authz
from invirt.config import structs as config


def userToPrinc(user):
    """Convert an AFS principal to a Kerberos v5 principal."""
    if '@' in user:
        (princ, realm) = user.split('@')
    else:
        princ = user
        realm = config.kerberos.realm

    return princ.replace('.', '/') + '@' + realm


def main():
    # Python could really use a file-like object that gets written to
    # a temporary path and moved to its final resting place on
    # .close(). Oh well.
    conf_fd, conf_name = tempfile.mkstemp()
    conf = os.fdopen(conf_fd, 'r+')
    build_handler = '/usr/sbin/invirt-submit-build'

    for pocket in config.git.pockets:
        acl = authz.expandAdmin(getattr(config.git.pockets, pocket).acl, None)

        acl_fd, acl_name = tempfile.mkstemp()
        acl_fd = os.fdopen(acl_fd, 'r+')
        print >>acl_fd, '\n'.join(userToPrinc(a) for a in acl)

        acl_path = os.path.join('/etc/remctl/acl/build-%s' % pocket)

        os.rename(acl_name, acl_path)
        print >>conf, 'build %s %s %s' % (pocket, build_handler, acl_path)

    os.rename(conf_name, '/etc/remctl/conf.d/build')


if __name__ == '__main__':
    main()