You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@whimsical.apache.org by se...@apache.org on 2017/10/06 13:10:27 UTC
[whimsy] branch master updated: Basic check of svn templates
This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new 3059341 Basic check of svn templates
3059341 is described below
commit 305934147177268dd107d92e2d80db93da0d6436
Author: Sebb <se...@apache.org>
AuthorDate: Fri Oct 6 14:10:25 2017 +0100
Basic check of svn templates
---
tools/check_auth.rb | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 69 insertions(+)
diff --git a/tools/check_auth.rb b/tools/check_auth.rb
new file mode 100755
index 0000000..80d34e5
--- /dev/null
+++ b/tools/check_auth.rb
@@ -0,0 +1,69 @@
+#!/usr/bin/env ruby
+
+# basic check of asf/pit-auth consistency
+
+# - name agrees with ldap query
+# - incorrect alias reference
+
+ROLE_NAMES =
+ %w(buildbot comdev_role projects_role spamassassin_role svn-role acrequser whimsysvn apezmlm puppetsvn apsiteread apsecmail apezmlm smtpd svn rptremind comdev-svn openejb-tck staff
+ sk clr uli nick jim upayavira cpluchino mostarda
+)
+
+DIR = ARGV.first || '/srv/git/infrastructure-puppet/modules/subversion_server/files/authorization'
+
+def parse(file)
+ puts "Parsing #{file}"
+ section=''
+ names=Hash.new(0)
+ IO.foreach(file) { |x|
+ next if x =~ /^(#| *$)/
+ section='groups' and next if x =~ /^\[groups\]$/
+ section='paths' and next if x =~ /^\[\/\]$/
+ if section == 'groups'
+ if x =~ /^(\w[^=]+)={ldap:cn=(\w[^,]+),([^}]+)}/
+ a,b,c = $1,$2,$3
+ names[a]+=1
+ suff=''
+ # ou=pmc only needed for tac and security now
+ if c =~ /^ou=pmc,ou=committees/ or c =~ /ou=project,[^;]+;attr=owner/
+ suff='-p?pmc'
+ end
+ ma=%r{^#{b}#{suff}$}
+ puts "Mis-matched names: #{x} #{a} != #{ma}" unless a =~ ma
+# die
+ next
+ end
+ if x =~ /^(\w[^=]+)={reuse:(asf|pit)-authorization:(\w[^}]+)}$/
+ names[$1]+=1
+ puts "Mis-matched names: #{x} #{$1} != #{$3}" unless $1 == $3
+ next
+ end
+ if x =~ /^([-\w]+)=(\w.*)?$/
+ names[$1]+=1
+ next
+ end
+ elsif section == 'paths'
+ next if x =~ /^\[((asf:|infra:|private:)?\/\S*)\]$/ # [/path]
+ if x =~ /^(?:@(\S+)|\*|(\S+)) *= *r?w? *$/
+ if $1
+ puts "Undefined name: '#{$1}' in #{x}" unless names.has_key?($1)
+ next
+ end
+ next unless $2
+ next if ROLE_NAMES.include? $2
+ p "Unexpected name: #{x}"
+ next
+ end
+ else
+ p "Unexpected section: #{section}"
+ end
+ p "Unexpected line: #{x}"
+ }
+ names.each() do |k,v|
+ puts "Duplicate Key: #{k} Count: #{v}" unless v == 1
+ end
+ puts "Completed validation"
+end
+parse("#{DIR}/asf-authorization-template")
+parse("#{DIR}/pit-authorization-template")
--
To stop receiving notification emails like this one, please contact
['"commits@whimsical.apache.org" <co...@whimsical.apache.org>'].