[HTCondor-users] Unified Map File syntax with ASSUME_HASH_KEYS?

["Fischer, Max (SCC)" <max.fischer@xxxxxxx>]

Hi all,

I am trying to grok how exactly the HTCondor (CE) mapfile syntax is. We currently have a rather paranoid mapfile usage in which everything is a regex but everything is escaped, and this is getting unwieldy.

Specifically, I am wondering how for complex identities the /-/ âregex quotesâ, regular quotes and CERTIFICATE_MAPFILE_ASSUME_HASH_KEYS interact. The docs [0] seem to only enumerate a few cases but not explain the syntax fully.

The respective parts from from the docs are:
- If CERTIFICATE_MAPFILE_ASSUME_HASH_KEYS is True, then / âquotesâ are needed to indicate an authenticated name regex.
- If a regex contains spaces, it can be wrapped in double quotes.

What is unclear to me:
- If we wrap a regex in / âquotesâ, do we still need double quotes if there are spaces?
- If CERTIFICATE_MAPFILE_ASSUME_HASH_KEYS is True and we use double quotes, is this then considered a regex, a plain string *inside* quotes, or a plain string *with* quotes? (E.g. would `âfoo \darâ` match `foo 6ar`, `foo \dar` or `âfoo \darâ`?)
- Generally, if CERTIFICATE_MAPFILE_ASSUME_HASH_KEYS is True and we want a literal/string match containing spaces, do we need quotes at all? (E.g. would `GSI foo bar someone@domain` match the DN `foo bar`?) Can/must we escape the leading / of a literal string?

Cheers,
Max

[0] The Unified Map File for Authentication
https://htcondor.readthedocs.io/en/latest/admin-manual/security.html#the-unified-map-file-for-authentication

Attachment: smime.p7s
Description: S/MIME cryptographic signature