grid-mapfile.sh.in

#!/bin/sh
#  File: vo-support-vomsdir/gridmapdir.sh
#  Author: Dennis van Dok <dennisvd@nikhef.nl>
#
#  Copyright 2012  Stichting FOM
#
#   Licensed under the Apache License, Version 2.0 (the "License");
#   you may not use this file except in compliance with the License.
#   You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
#   Unless required by applicable law or agreed to in writing, software
#   distributed under the License is distributed on an "AS IS" BASIS,
#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#   See the License for the specific language governing permissions and
#   limitations under the License.

# This script is installed as a module in
# /usr/share/vo-support/modules/gridmapdir.sh

# It is normally run by %post or %preun scriptlets in RPM packages
# for each installed VO. The first argument is the main command.
# Commands understood by this script are:
#     configure [list of VOs to add]
#     deconfigure [list of VOs to remove]
#
# Other commands are silently ignored. The list of VOs may be empty.
#
# The configure command will add the VO's FQAN mapping rule to
# /etc/grid-security/voms-mapfile and /etc/grid-security/groupmapfile.
# The configuration parameters in 
# /etc/vo-support/$vo.conf
# are poolprefix and groupmapping.
#
# If the environment variable GRID_SECURITY_DIR is set, it is
# used instead of /etc/grid-security.
#
# The deconfigure will uninstall these files.

# installation variable
sbindir=@sbindir@
sysconfdir=@sysconfdir@

printusage() {
    cat >&2 <<EOF
Usage: $prg command [ VO ... ]

Valid commands:

 configure     add grid-mapfile entries for given VOs
     
 deconfigure  remove grid-mapfile entries for given VOs

EOF
}

if [ $# -lt 1 ] ; then
    echo "$0 requires a command" >&2
    printusage
    exit 1
fi

if [ -z "$GRID_SECURITY_DIR" ]; then
    gridsecdir=$sysconfdir/grid-security
else
    gridsecdir="$GRID_SECURITY_DIR"
fi

gridmapfile="$gridsecdir/voms-grid-mapfile"
groupmapfile="$gridsecdir/groupmapfile"

cmd="$1"
shift

# This function asserts the presence of
# the grid-mapfile and groupmapfile
createmapfilesifneeded() {
    if [ ! -d "$gridsecdir" ]; then
	mkdir -p "$gridsecdir"
    fi
    if [ ! -f "$gridmapfile" ]; then
	touch "$gridmapfile"
    fi
    if [ ! -f "$groupmapfile" ]; then
	touch "$groupmapfile"
    fi
}

# $1 = VO
# $2 = configure/deconfigure
# FIXME: the mappings for /pvier also need to be replicated for
# /pvier/Role=Null/Capability=Null because of some legacy software
# support.
update_mapfiles() {
    createmapfilesifneeded
    for fqan in `vo-config get-fqans $1` ; do
	poolprefix=`vo-config get-vo-param "$fqan" poolprefix`
	groupmapping=`vo-config get-vo-param "$fqan" groupmapping`
	test "$groupmapping" != undefined || continue
	if [ $2 = configure ]; then
	    # add the FQAN to the mapfiles
	    # if it's not already there
	    if test "$poolprefix" != undefined &&
		! grep -qF "\"$fqan\" " $gridmapfile >/dev/null 2>&1 ; then
		echo "\"$fqan\" .$poolprefix" >> $gridmapfile
	    fi
	    if test "$groupmapping" != undefined &&
		! grep -qF "\"$fqan\" " $groupmapfile >/dev/null 2>&1 ; then
		echo "\"$fqan\" $groupmapping" >> $groupmapfile
	    fi
	else # deconfigure
	    # remove the FQAN from the mapfiles
	    if test "$poolprefix" != undefined && 
		grep -qF "\"$fqan\" " $gridmapfile >/dev/null 2>&1 ; then
		sed "\\@\"$fqan\"@ d" $gridmapfile > $gridmapfile.new
		mv $gridmapfile.new $gridmapfile
	    fi
	    if test "$groupmapping" != undefined && 
		grep -qF "\"$fqan\" " $groupmapfile >/dev/null 2>&1 ; then
		sed "\\@\"$fqan\"@ d" $groupmapfile > $groupmapfile.new
		mv $groupmapfile.new $groupmapfile
	    fi
	fi
    done
}


case "$cmd" in
    configure|deconfigure)
	for vo in "$@" ; do
	    update_mapfiles $vo $cmd
	done
	;;
    *)
	echo "Unknown command $cmd" >&2
	printusage
	exit 1
	;;
esac