infrastructure-svnauthz.git
16 months agoMove auth.cfg into authz.yaml
Greg Stein [Tue, 23 Mar 2021 18:23:26 +0000 (13:23 -0500)] 
Move auth.cfg into authz.yaml

The old auth.cfg had three DNs: AUTH, GROUPS, SERVICES. Create lists
of these in the new yaml config. Load the values from there, to pass
to the Generator. The EXPLICIT config is a simple transfer.

Note: this still produces the same authz files as the old gen.py

16 months agoImplement authz generation.
Greg Stein [Tue, 23 Mar 2021 11:53:54 +0000 (06:53 -0500)] 
Implement authz generation.

* small tweaks for bytes vs strings
* carry generation code over from the old gen.py

Note: produces the same file, minus the CSN lines at the top.

16 months agoAnother turning of the crank, on a draft daemon.
Greg Stein [Tue, 23 Mar 2021 07:56:45 +0000 (02:56 -0500)] 
Another turning of the crank, on a draft daemon.

authz.py:
* move GATHER_DELAY and LDAP_URL into the authz.yaml
* parse auth.conf for now to get SPECIAL and EXPLICIT
* pass the above data to the Generator
* grab some template->output mappings from the .yaml
* change .write_file() to iterate over the new mappings

gen.py:
* rename QUERIES to SPECIAL to follow the config name
* switch to .write_file(t, o)

16 months agoignore the pycache
Greg Stein [Mon, 22 Mar 2021 12:11:32 +0000 (07:11 -0500)] 
ignore the pycache

16 months agoKeep turning the crank. Construct a long-lived Generator to hold an
Greg Stein [Mon, 22 Mar 2021 11:39:40 +0000 (06:39 -0500)] 
Keep turning the crank. Construct a long-lived Generator to hold an
LDAP connection and templates/inputs for generating the authz files.
Defer .write_files() to the generator.

Note that .group_members() is mostly lifted from the other gen.py
script's _group_from_LDAP() method, then cleaned up to better handle
data flow/ownership.

16 months agoBegin crafting a script for generating authz files, to be used by the
Greg Stein [Mon, 22 Mar 2021 10:23:59 +0000 (05:23 -0500)] 
Begin crafting a script for generating authz files, to be used by the
authz daemon.

Lifted the LDAPClient from:
  modules/subversion_server/files/scripts/authorization/gen.py

Ensure this is py3 capable, trim it back, as we won't be
storing/caching/checking CSN tokens. We simply need a persistent
connection to the LDAP server for making requests.

17 months agoInitial draft of a pubsub client for authz management.
Greg Stein [Mon, 15 Mar 2021 11:04:04 +0000 (06:04 -0500)] 
Initial draft of a pubsub client for authz management.

17 months agowe use yaml for commit. make sure it is present.
Greg Stein [Fri, 12 Mar 2021 08:20:56 +0000 (02:20 -0600)] 
we use yaml for commit. make sure it is present.

17 months agosome more basic changes
Greg Stein [Fri, 12 Mar 2021 07:11:41 +0000 (01:11 -0600)] 
some more basic changes

17 months agoadd some basic files
Greg Stein [Fri, 12 Mar 2021 04:40:14 +0000 (22:40 -0600)] 
add some basic files