16 months agoswitch directive to :readonly: for clarity
Greg Stein [Thu, 25 Mar 2021 05:10:05 +0000 (00:10 -0500)] 
switch directive to :readonly: for clarity

16 months agoAdd :block: directive, to make svn paths readonly
Greg Stein [Thu, 25 Mar 2021 04:45:10 +0000 (23:45 -0500)] 
Add :block: directive, to make svn paths readonly

16 months agoMove some output under the DEBUG flag.
Greg Stein [Tue, 23 Mar 2021 19:15:11 +0000 (14:15 -0500)] 
Move some output under the DEBUG flag.

* condition many print() calls on the .debug flag
* add a DURATION output to .write_files()

16 months agoMove auth.cfg into authz.yaml
Greg Stein [Tue, 23 Mar 2021 18:23:26 +0000 (13:23 -0500)] 
Move auth.cfg into authz.yaml

The old auth.cfg had three DNs: AUTH, GROUPS, SERVICES. Create lists
of these in the new yaml config. Load the values from there, to pass
to the Generator. The EXPLICIT config is a simple transfer.

Note: this still produces the same authz files as the old

16 months agoImplement authz generation.
Greg Stein [Tue, 23 Mar 2021 11:53:54 +0000 (06:53 -0500)] 
Implement authz generation.

* small tweaks for bytes vs strings
* carry generation code over from the old

Note: produces the same file, minus the CSN lines at the top.

16 months agoAnother turning of the crank, on a draft daemon.
Greg Stein [Tue, 23 Mar 2021 07:56:45 +0000 (02:56 -0500)] 
Another turning of the crank, on a draft daemon.
* move GATHER_DELAY and LDAP_URL into the authz.yaml
* parse auth.conf for now to get SPECIAL and EXPLICIT
* pass the above data to the Generator
* grab some template->output mappings from the .yaml
* change .write_file() to iterate over the new mappings
* rename QUERIES to SPECIAL to follow the config name
* switch to .write_file(t, o)

16 months agoignore the pycache
Greg Stein [Mon, 22 Mar 2021 12:11:32 +0000 (07:11 -0500)] 
ignore the pycache

16 months agoKeep turning the crank. Construct a long-lived Generator to hold an
Greg Stein [Mon, 22 Mar 2021 11:39:40 +0000 (06:39 -0500)] 
Keep turning the crank. Construct a long-lived Generator to hold an
LDAP connection and templates/inputs for generating the authz files.
Defer .write_files() to the generator.

Note that .group_members() is mostly lifted from the other
script's _group_from_LDAP() method, then cleaned up to better handle
data flow/ownership.

16 months agoBegin crafting a script for generating authz files, to be used by the
Greg Stein [Mon, 22 Mar 2021 10:23:59 +0000 (05:23 -0500)] 
Begin crafting a script for generating authz files, to be used by the
authz daemon.

Lifted the LDAPClient from:

Ensure this is py3 capable, trim it back, as we won't be
storing/caching/checking CSN tokens. We simply need a persistent
connection to the LDAP server for making requests.

17 months agoInitial draft of a pubsub client for authz management.
Greg Stein [Mon, 15 Mar 2021 11:04:04 +0000 (06:04 -0500)] 
Initial draft of a pubsub client for authz management.

17 months agowe use yaml for commit. make sure it is present.
Greg Stein [Fri, 12 Mar 2021 08:20:56 +0000 (02:20 -0600)] 
we use yaml for commit. make sure it is present.

17 months agosome more basic changes
Greg Stein [Fri, 12 Mar 2021 07:11:41 +0000 (01:11 -0600)] 
some more basic changes

17 months agoadd some basic files
Greg Stein [Fri, 12 Mar 2021 04:40:14 +0000 (22:40 -0600)] 
add some basic files