As part of an goal to eliminate Perl from libvirt build tools, rewrite the genpolkit.pl tool in Python. This was a straight conversion, manually going line-by-line to change the syntax from Perl to Python. Thus the overall structure of the file and approach is the same. Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> --- Makefile.am | 1 + scripts/genpolkit.py | 122 +++++++++++++++++++++++++++++++++++++ src/access/Makefile.inc.am | 6 +- src/access/genpolkit.pl | 119 ------------------------------------ 4 files changed, 126 insertions(+), 122 deletions(-) create mode 100755 scripts/genpolkit.py delete mode 100755 src/access/genpolkit.pl diff --git a/Makefile.am b/Makefile.am index f28b07d814..e7ebe7281a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -54,6 +54,7 @@ EXTRA_DIST = \ scripts/check-symfile.py \ scripts/check-symsorting.py \ scripts/dtrace2systemtap.py \ + scripts/genpolkit.py \ scripts/gensystemtap.py \ scripts/header-ifdef.py \ scripts/minimize-po.py \ diff --git a/scripts/genpolkit.py b/scripts/genpolkit.py new file mode 100755 index 0000000000..0cdba2bd3c --- /dev/null +++ b/scripts/genpolkit.py @@ -0,0 +1,122 @@ +#!/usr/bin/env python +# +# Copyright (C) 2012-2019 Red Hat, Inc. +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see +# <http://www.gnu.org/licenses/>. +# + +from __future__ import print_function + +import re +import sys + +objects = [ + "CONNECT", "DOMAIN", "INTERFACE", "NETWORK_PORT", + "NETWORK", "NODE_DEVICE", "NWFILTER_BINDING", + "NWFILTER", "SECRET", "STORAGE_POOL", "STORAGE_VOL", +] + +objectstr = "|".join(objects) + +# Data we're going to be generating looks like this +# +# <policyconfig> +# <action id="org.libvirt.unix.monitor"> +# <description>Monitor local virtualized systems</description> +# <message>System policy prevents monitoring of +# local virtualized systems</message> +# <defaults> +# <allow_any>yes</allow_any> +# <allow_inactive>yes</allow_inactive> +# <allow_active>yes</allow_active> +# </defaults> +# </action> +# ...more <action> rules... +# </policyconfig> + +opts = {} +in_opts = False + +perms = {} + +aclfile = sys.argv[1] +with open(aclfile, "r") as fh: + for line in fh: + if in_opts: + if line.find("*/") != -1: + in_opts = False + else: + m = re.search(r'''\*\s*\@(\w+):\s*(.*?)\s*$''', line) + if m is not None: + opts[m.group(1)] = m.group(2) + elif line.find("**") != -1: + in_opts = True + else: + m = re.search(r'''VIR_ACCESS_PERM_(%s)_((?:\w|_)+),''' % + objectstr, line) + if m is not None: + obj = m.group(1).lower() + perm = m.group(2).lower() + if perm == "last": + continue + + obj = obj.replace("_", "-") + perm = perm.replace("_", "-") + + if obj not in perms: + perms[obj] = {} + perms[obj][perm] = { + "desc": opts.get("desc", None), + "message": opts.get("message", None), + "anonymous": opts.get("anonymous", None), + } + opts = {} + +print('<?xml version="1.0" encoding="UTF-8"?>') +print('<!DOCTYPE policyconfig PUBLIC ' + + '"-//freedesktop//DTD polkit Policy Configuration 1.0//EN"') +print(' "http://www.freedesktop.org/software/polkit/policyconfig-1.dtd";>') +print('<policyconfig>') +print(' <vendor>Libvirt Project</vendor>') +print(' <vendor_url>https://libvirt.org</vendor_url>') + +for obj in sorted(perms.keys()): + for perm in sorted(perms[obj].keys()): + description = perms[obj][perm]["desc"] + message = perms[obj][perm]["message"] + anonymous = perms[obj][perm]["anonymous"] + + if description is None: + raise Exception("missing description for %s.%s" % (obj, perm)) + if message is None: + raise Exception("missing message for %s.%s" % (obj, perm)) + + allow_any = "no" + if anonymous: + allow_any = "yes" + allow_inactive = allow_any + allow_active = allow_any + + print(' <action id="org.libvirt.api.%s.%s">' % (obj, perm)) + print(' <description>%s</description>' % description) + print(' <message>%s</message>' % message) + print(' <defaults>') + print(' <allow_any>%s</allow_any>' % allow_any) + print(' <allow_inactive>%s</allow_inactive>' % allow_inactive) + print(' <allow_active>%s</allow_active>' % allow_active) + print(' </defaults>') + print(' </action>') + +print('</policyconfig>') diff --git a/src/access/Makefile.inc.am b/src/access/Makefile.inc.am index fd0a5d8098..11f87c6aa7 100644 --- a/src/access/Makefile.inc.am +++ b/src/access/Makefile.inc.am @@ -43,7 +43,6 @@ ACCESS_DRIVER_POLKIT_POLICY = access/org.libvirt.api.policy GENERATED_SYM_FILES += $(ACCESS_DRIVER_SYM_FILES) EXTRA_DIST += \ - access/genpolkit.pl \ $(NULL) @@ -66,8 +65,9 @@ libvirt_driver_access_la_LIBADD = \ $(ACCESS_DRIVER_POLKIT_POLICY): $(srcdir)/access/viraccessperm.h \ - $(srcdir)/access/genpolkit.pl Makefile.am - $(AM_V_GEN)$(PERL) $(srcdir)/access/genpolkit.pl < $< > $@ || rm -f $@ + $(top_srcdir)/scripts/genpolkit.py Makefile.am + $(AM_V_GEN)$(RUNUTF8) $(PYTHON) \ + $(top_srcdir)/scripts/genpolkit.py $< > $@ || rm -f $@ if WITH_POLKIT libvirt_driver_access_la_SOURCES += $(ACCESS_DRIVER_POLKIT_SOURCES) diff --git a/src/access/genpolkit.pl b/src/access/genpolkit.pl deleted file mode 100755 index f8f20caf65..0000000000 --- a/src/access/genpolkit.pl +++ /dev/null @@ -1,119 +0,0 @@ -#!/usr/bin/env perl -# -# Copyright (C) 2012-2013 Red Hat, Inc. -# -# This library is free software; you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public -# License as published by the Free Software Foundation; either -# version 2.1 of the License, or (at your option) any later version. -# -# This library is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this library. If not, see -# <http://www.gnu.org/licenses/>. -# - -use strict; -use warnings; - -my @objects = ( - "CONNECT", "DOMAIN", "INTERFACE", "NETWORK_PORT", - "NETWORK","NODE_DEVICE", "NWFILTER_BINDING", "NWFILTER", - "SECRET", "STORAGE_POOL", "STORAGE_VOL", - ); - -my $objects = join ("|", @objects); - -# Data we're going to be generating looks like this -# -# <policyconfig> -# <action id="org.libvirt.unix.monitor"> -# <description>Monitor local virtualized systems</description> -# <message>System policy prevents monitoring of local virtualized systems</message> -# <defaults> -# <allow_any>yes</allow_any> -# <allow_inactive>yes</allow_inactive> -# <allow_active>yes</allow_active> -# </defaults> -# </action> -# ...more <action> rules... -# </policyconfig> - -my %opts; -my $in_opts = 0; - -my %perms; - -while (<>) { - if ($in_opts) { - if (m,\*/,) { - $in_opts = 0; - } elsif (/\*\s*\@(\w+):\s*(.*?)\s*$/) { - $opts{$1} = $2; - } - } elsif (m,/\*\*,) { - $in_opts = 1; - } elsif (/VIR_ACCESS_PERM_($objects)_((?:\w|_)+),/) { - my $object = lc $1; - my $perm = lc $2; - next if $perm eq "last"; - - $object =~ s/_/-/g; - $perm =~ s/_/-/g; - - $perms{$object} = {} unless exists $perms{$object}; - $perms{$object}->{$perm} = { - desc => $opts{desc}, - message => $opts{message}, - anonymous => $opts{anonymous} - }; - %opts = (); - } -} - -print <<EOF; -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD polkit Policy Configuration 1.0//EN" - "http://www.freedesktop.org/software/polkit/policyconfig-1.dtd";> -<policyconfig> - <vendor>Libvirt Project</vendor> - <vendor_url>https://libvirt.org</vendor_url> -EOF - -foreach my $object (sort { $a cmp $b } keys %perms) { - foreach my $perm (sort { $a cmp $b } keys %{$perms{$object}}) { - my $description = $perms{$object}->{$perm}->{desc}; - my $message = $perms{$object}->{$perm}->{message}; - my $anonymous = $perms{$object}->{$perm}->{anonymous}; - - die "missing description for $object.$perm" unless - defined $description; - die "missing message for $object.$perm" unless - defined $message; - - my $allow_any = $anonymous ? "yes" : "no"; - my $allow_inactive = $allow_any; - my $allow_active = $allow_any; - - print <<EOF; - <action id="org.libvirt.api.$object.$perm"> - <description>$description</description> - <message>$message</message> - <defaults> - <allow_any>$allow_any</allow_any> - <allow_inactive>$allow_inactive</allow_inactive> - <allow_active>$allow_active</allow_active> - </defaults> - </action> -EOF - - } -} - -print <<EOF; -</policyconfig> -EOF -- 2.21.0 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
