in gen.py [0:0]
def write_file(self, t_lines, output):
print(f'WRITE_FILE: writing to "{output}"')
new_z = [ ]
for line in t_lines:
if line.startswith(':readonly:'):
# FORMAT:
# :readonly:/some/random/path
# :readonly:/root/path/(alt1|alt2|alt3)
if '(' in line:
root, rest = line[10:].split('(')
subdirs = [ root+p for p in rest[:-1].split('|') ]
else:
subdirs = [ line[10:] ]
for s in subdirs:
new_z.append(f'[{s}]\n* = r')
elif line.startswith('LDAP'):
# Define a group using LDAP information.
# Line format:
# LDAP(+PMC): $TLPNAME
### NOTE: we place this authz at this specific point in
### the authz file, and do "group" and "group-pmc" in this
### order to maintain backwards-compat identical generation
### of the file. In the future, simplification will be
### possible once we decide to trust a major change in
### the authz files.
group = line.split(':')[1].strip()
members = self.group_members(group)
new_z.append(f'{group}={",".join(members)}')
if line.startswith('LDAP+PMC'):
members = self.group_members(group + '-pmc')
new_z.append(f'{group}-pmc={",".join(members)}')
elif line.startswith('#') or '={' not in line:
new_z.append(line)
else:
# Only GROUP={auth} is allowed here.
assert '={auth}' in line
group = line.split('=')[0]
### Place this specific auth, at this point in the authz file.
### This is temporary, as we manage this forward.
members = self.group_members(group)
new_z.append(f'{group}={",".join(members)}')
atomic_write(output, '\n'.join(new_z) + '\n')