#!/bin/bash -x

# SPDX-FileCopyrightText: 2009 Fermi Research Alliance, LLC
# SPDX-License-Identifier: Apache-2.0

# usage: make_user_token (user) [lifetime in seconds]

ID=$1
if [ "$ID" = "root" ]; then
	echo "usage $0 uid [lifetime seconds]"
	echo "creates a condor token for user \$uid"
    echo "must be run as root"
	exit 0
fi
HM=$(getent passwd ${ID} | awk 'BEGIN { FS = ":" } ; { print $6 }')
if [ "${HM}" = "" ]; then
    echo "user ${ID} seems not to have a home area. exiting"
    exit 1
fi

if [ "$2" = "" ]; then
    # default lifetime 1 week
    DURATION=" -lifetime 604800 "
else
    DURATION=" -lifetime $2 "
fi

TD="${HM}/.condor/tokens.d"
TOKEN="${ID}.${HOSTNAME}.token"
AUTH='-authz READ -authz WRITE -authz ADVERTISE_STARTD -authz ADVERTISE_SCHEDD -authz ADVERTISE_MASTER'
mkdir -p "${TD}"
condor_token_create -identity "${ID}@${HOSTNAME}" "${AUTH}" "${DURATION}" -token "${TOKEN}"
/bin/mv "$HOME/.condor/tokens.d/${TOKEN}" "${TD}"
chown -R "${ID}" "${HM}/.condor"
