Hi all, I am trying to grok how exactly the HTCondor (CE) mapfile syntax is. We currently have a rather paranoid mapfile usage in which everything is a regex but everything is escaped, and this is getting unwieldy. Specifically, I am wondering how for complex identities the /-/ âregex quotesâ, regular quotes and CERTIFICATE_MAPFILE_ASSUME_HASH_KEYS interact. The docs [0] seem to only enumerate a few cases but not explain the syntax fully. The respective parts from from the docs are: - If CERTIFICATE_MAPFILE_ASSUME_HASH_KEYS is True, then / âquotesâ are needed to indicate an authenticated name regex. - If a regex contains spaces, it can be wrapped in double quotes. What is unclear to me: - If we wrap a regex in / âquotesâ, do we still need double quotes if there are spaces? - If CERTIFICATE_MAPFILE_ASSUME_HASH_KEYS is True and we use double quotes, is this then considered a regex, a plain string *inside* quotes, or a plain string *with* quotes? (E.g. would `âfoo \darâ` match `foo 6ar`, `foo \dar` or `âfoo \darâ`?) - Generally, if CERTIFICATE_MAPFILE_ASSUME_HASH_KEYS is True and we want a literal/string match containing spaces, do we need quotes at all? (E.g. would `GSI foo bar someone@domain` match the DN `foo bar`?) Can/must we escape the leading / of a literal string? Cheers, Max [0] The Unified Map File for Authentication https://htcondor.readthedocs.io/en/latest/admin-manual/security.html#the-unified-map-file-for-authentication
Attachment:
smime.p7s
Description: S/MIME cryptographic signature