lib/whimsy/asf/auth.rb - whimsy - Git at Google

 module ASF

   # parse the <tt>-authorization-template</tt> files contained within
   # <tt>infrastructure-puppet/modules/subversion_server/files/authorization</tt>
   class Authorization
     include Enumerable

     # Return the set of authorizations a given user (availid) has access to.
     def self.find_by_id(value)
       new.select {|auth, ids| ids.include? value}.map(&:first)
     end

     # Select a given <tt>-authorization-template</tt>, valid values are
     # <tt>asf</tt> and <tt>pit</tt>.
     # The optional <tt>auth_path</tt> parameter allows the directory path to be overridden
     # This is intended for testing only
     def initialize(file='asf',auth_path=nil)
       # TODO - should this read the Git repo directly?
       # Probably not: this file is read frequently so would need to be cached anyway
       # The Git clone is updated every 10 minutes which should be sufficiently recent
       if auth_path
         require 'wunderbar'
         Wunderbar.warn "Overriding Git infrastructure-puppet auth path as: #{auth_path}"
         @auth = auth_path
       else
         auth = ASF::Git.find('infrastructure-puppet')
         if auth
           @auth = auth + '/modules/subversion_server/files/authorization'
         else
           # SVN copy is no longer in use - see INFRA-11452
           raise Exception.new("Cannot find Git: infrastructure-puppet")
         end
       end
       @file = file
     end

     # Iteratively return each non_LDAP entry in the authorization file as a pair
     # of values: a name and list of ids.
     def each
       read_auth.scan(/^([-\w]+)=(\w.*)$/).each do |pmc, ids|
         yield pmc, ids.split(',')
       end
     end

     # Return an array of the ou=project entries in the authorization file
     # TODO Does not appear to be used
     def projects
       arr = []
       #incubator={ldap:cn=incubator,ou=project,ou=groups,dc=apache,dc=org;attr=member}
       read_auth.scan(/^\w[^=]+={ldap:cn=(\w[^,]+),ou=project,ou=groups/).each do |group|
         arr << group[0]
       end
       arr
     end

     # Return the auth path used to find asf-auth and pit-auth
     def path
       @auth
     end

     unless Enumerable.instance_methods.include? :to_h
       # backwards compatibility for Ruby versions <= 2.0
       def to_h
         Hash[self.to_a]
       end
     end

     private

     def read_auth
       File.read("#{@auth}/#{@file}-authorization-template")
     end
   end

   class Person
     # return a list of ASF authorizations that contain this individual
     def auth
       @auths ||= ASF::Authorization.find_by_id(name)
     end
   end

 end
	module ASF

	# parse the <tt>-authorization-template</tt> files contained within
	# <tt>infrastructure-puppet/modules/subversion_server/files/authorization</tt>
	class Authorization
	include Enumerable

	# Return the set of authorizations a given user (availid) has access to.
	def self.find_by_id(value)
	new.select {\|auth, ids\| ids.include? value}.map(&:first)
	end

	# Select a given <tt>-authorization-template</tt>, valid values are
	# <tt>asf</tt> and <tt>pit</tt>.
	# The optional <tt>auth_path</tt> parameter allows the directory path to be overridden
	# This is intended for testing only
	def initialize(file='asf',auth_path=nil)
	# TODO - should this read the Git repo directly?
	# Probably not: this file is read frequently so would need to be cached anyway
	# The Git clone is updated every 10 minutes which should be sufficiently recent
	if auth_path
	require 'wunderbar'
	Wunderbar.warn "Overriding Git infrastructure-puppet auth path as: #{auth_path}"
	@auth = auth_path
	else
	auth = ASF::Git.find('infrastructure-puppet')
	if auth
	@auth = auth + '/modules/subversion_server/files/authorization'
	else
	# SVN copy is no longer in use - see INFRA-11452
	raise Exception.new("Cannot find Git: infrastructure-puppet")
	end
	end
	@file = file
	end

	# Iteratively return each non_LDAP entry in the authorization file as a pair
	# of values: a name and list of ids.
	def each
	read_auth.scan(/^([-\w]+)=(\w.*)$/).each do \|pmc, ids\|
	yield pmc, ids.split(',')
	end
	end

	# Return an array of the ou=project entries in the authorization file
	# TODO Does not appear to be used
	def projects
	arr = []
	#incubator={ldap:cn=incubator,ou=project,ou=groups,dc=apache,dc=org;attr=member}
	read_auth.scan(/^\w[^=]+={ldap:cn=(\w[^,]+),ou=project,ou=groups/).each do \|group\|
	arr << group[0]
	end
	arr
	end

	# Return the auth path used to find asf-auth and pit-auth
	def path
	@auth
	end

	unless Enumerable.instance_methods.include? :to_h
	# backwards compatibility for Ruby versions <= 2.0
	def to_h
	Hash[self.to_a]
	end
	end

	private

	def read_auth
	File.read("#{@auth}/#{@file}-authorization-template")
	end
	end

	class Person
	# return a list of ASF authorizations that contain this individual
	def auth
	@auths \|\|= ASF::Authorization.find_by_id(name)
	end
	end

	end