rvc 1.3.6 → 1.4.0

data/lib/rvc/modules/permissions.rb

@@ -0,0 +1,62 @@
+opts :get do
+  summary "Display the permissions of a managed entity"
+  arg :obj, nil, :lookup => VIM::ManagedEntity, :multi => true
+end
+
+def get objs
+  conn = single_connection objs
+  authMgr = conn.serviceContent.authorizationManager
+  roles = Hash[authMgr.roleList.map { |x| [x.roleId, x] }]
+  objs.each do |obj|
+    puts "#{obj.name}:"
+    perms = authMgr.RetrieveEntityPermissions(:entity => obj, :inherited => true)
+    perms.each do |perm|
+    flags = []
+    flags << 'group' if perm[:group]
+    flags << 'propagate' if perm[:propagate]
+      puts " #{perm[:principal]}#{flags.empty? ? '' : " (#{flags * ', '})"}: #{roles[perm[:roleId]].name}"
+    end
+  end
+end
+
+
+opts :set do
+  summary "Set the permissions on a managed entity"
+  arg :obj, nil, :lookup => VIM::ManagedEntity, :multi => true
+  opt :role, "Role", :type => :string, :required => true
+  opt :principal, "Principal", :type => :string, :required => true
+  opt :group, "Does the principal refer to a group?"
+  opt :propagate, "Propagate?"
+end
+
+def set objs, opts
+  conn = single_connection objs
+  authMgr = conn.serviceContent.authorizationManager
+  role = authMgr.roleList.find { |x| x.name == opts[:role] }
+  err "no such role #{role.inspect}" unless role
+  perm = { :roleId => role.roleId,
+           :principal => opts[:principal],
+           :group => opts[:group],
+           :propagate => opts[:propagate] }
+  objs.each do |obj|
+    authMgr.SetEntityPermissions(:entity => obj, :permission => [perm])
+  end
+end
+
+
+opts :remove do
+  summary "Remove permissions for the given user from a managed entity"
+  arg :obj, nil, :lookup => VIM::ManagedEntity, :multi => true
+  opt :principal, "Principal", :type => :string, :required => true
+  opt :group, "Does the principal refer to a group?"
+end
+
+def remove objs, opts
+  conn = single_connection objs
+  authMgr = conn.serviceContent.authorizationManager
+  objs.each do |obj|
+    authMgr.RemoveEntityPermission :entity => obj,
+                                   :user => opts[:principal],
+                                   :isGroup => opts[:group]
+  end
+end

data/lib/rvc/modules/role.rb

@@ -0,0 +1,116 @@
+def cur_auth_mgr
+  conn = $shell.fs.cur._connection
+  conn.serviceContent.authorizationManager
+end
+
+opts :list do
+  summary "List roles in the system"
+end
+
+def list
+  cur_auth_mgr.roleList.each do |role|
+    puts "#{role.name}: #{role.info.summary}"
+  end
+end
+
+
+opts :get do
+  summary "Display information about a role"
+  arg :role, "Role", :type => :string
+end
+
+def get name
+  role = cur_auth_mgr.roleList.find { |x| x.name == name }
+  err "no such role #{role_name.inspect}" unless role
+  puts "label: #{role.info.label}"
+  puts "summary: #{role.info.summary}"
+  puts "privileges: #{role.privilege.sort * ' '}"
+end
+
+
+opts :permissions do
+  summary "List permissions given to this role"
+  arg :role, "Role", :type => :string
+end
+
+def permissions name
+  role = cur_auth_mgr.roleList.find { |x| x.name == name }
+  err "no such role #{role_name.inspect}" unless role
+  cur_auth_mgr.RetrieveRolePermissions(roleId: role.roleId).each do |perm|
+    flags = []
+    flags << 'group' if perm[:group]
+    flags << 'propagate' if perm[:propagate]
+    puts " #{perm[:principal]}#{flags.empty? ? '' : " (#{flags * ', '})"}: #{perm.entity.name}"
+  end
+end
+
+
+opts :create do
+  summary "Create a new role"
+  arg :name, "Name of the role", :type => :string
+  arg :privilege, "Privileges to assign", :type => :string, :multi => true, :required => false
+end
+
+def create name, privileges
+  cur_auth_mgr.AddAuthorizationRole :name => name, :privIds => privileges
+end
+
+
+opts :delete do
+  summary "Delete a role"
+  arg :name, "Name of the role", :type => :string
+  opt :force, "Don't fail if the role is in use"
+end
+
+def delete name, opts
+  role = cur_auth_mgr.roleList.find { |x| x.name == name }
+  err "no such role #{role_name.inspect}" unless role
+  cur_auth_mgr.RemoveAuthorizationRole :roleId => role.roleId, :failIfUsed => opts[:force]
+end
+
+
+opts :rename do
+  summary "Rename a role"
+  arg :old, "Old name", :type => :string
+  arg :new, "New name", :type => :string
+end
+
+def rename old, new
+  role = cur_auth_mgr.roleList.find { |x| x.name == old }
+  err "no such role #{old.inspect}" unless role
+  cur_auth_mgr.UpdateAuthorizationRole :roleId => role.roleId,
+                                       :newName => new,
+                                       :privIds => role.privilege
+end
+
+
+opts :add_privilege do
+  summary "Add privileges to a role"
+  arg :name, "Role name", :type => :string
+  arg :privileges, "Privileges", :type => :string, :multi => true
+end
+
+def add_privilege name, privileges
+  role = cur_auth_mgr.roleList.find { |x| x.name == name }
+  err "no such role #{name.inspect}" unless role
+  cur_auth_mgr.UpdateAuthorizationRole :roleId => role.roleId,
+                                       :newName => role.name,
+                                       :privIds => (role.privilege | privileges)
+
+end
+
+
+opts :remove_privilege do
+  summary "Remove privileges from a role"
+  arg :name, "Role name", :type => :string
+  arg :privileges, "Privileges", :type => :string, :multi => true
+end
+
+def remove_privilege name, privileges
+  role = cur_auth_mgr.roleList.find { |x| x.name == name }
+  err "no such role #{name.inspect}" unless role
+  cur_auth_mgr.UpdateAuthorizationRole :roleId => role.roleId,
+                                       :newName => role.name,
+                                       :privIds => (role.privilege - privileges)
+
+end

data/lib/rvc/modules/vim.rb

@@ -37,7 +37,6 @@ URI_REGEX = %r{
 opts :connect do
   summary 'Open a connection to ESX/VC'
   arg :uri, "Host to connect to"
-  opt :insecure, "don't verify ssl certificate", :short => 'k', :default => (ENV['RBVMOMI_INSECURE'] == '1')
   opt :rev, "Override protocol revision", :type => :string
 end
 
@@ -51,46 +50,32 @@ def connect uri, opts
   password = match[2] || ENV['RBVMOMI_PASSWORD']
   host = match[3]
   path = match[4]
-  insecure = opts[:insecure]
+  bad_cert = false
 
   vim = nil
   loop do
     begin
       vim = RbVmomi::VIM.new :host => host,
-                              :port => 443,
-                              :path => '/sdk',
-                              :ns => 'urn:vim25',
-                              :rev => (opts[:rev]||'4.0'),
-                              :ssl => true,
-                              :insecure => insecure
+                             :port => 443,
+                             :path => '/sdk',
+                             :ns => 'urn:vim25',
+                             :rev => (opts[:rev]||'4.0'),
+                             :ssl => true,
+                             :insecure => bad_cert
       break
     rescue OpenSSL::SSL::SSLError
-      err "Connection failed" unless prompt_cert_insecure
-      insecure = true
+      # We'll check known_hosts next
+      raise if bad_cert
+      bad_cert = true
     rescue Errno::EHOSTUNREACH, SocketError
       err $!.message
     end
   end
 
-  if opts[:really_insecure]
-    result = :ok
-  else
+  if bad_cert
+    # Fall back to SSH-style known_hosts
     peer_public_key = vim.http.peer_cert.public_key
-    known_hosts = RVC::KnownHosts.new
-    result, arg = known_hosts.verify 'vim', host, peer_public_key.to_s
-  end
-
-  if result == :not_found
-    puts "The authenticity of host '#{host}' can't be established."
-    puts "Public key fingerprint is #{arg}."
-    err "Connection failed" unless prompt_cert_unknown
-    puts "Warning: Permanently added '#{host}' (vim) to the list of known hosts"
-    known_hosts.add 'vim', host, peer_public_key.to_s
-  elsif result == :mismatch
-    err "Public key fingerprint for host '#{host}' does not match #{known_hosts.filename}:#{arg}."
-  elsif result == :ok
-  else
-    err "Unexpected result from known_hosts check"
+    check_known_hosts(host, peer_public_key)
   end
 
   unless opts[:rev]
@@ -107,6 +92,15 @@ def connect uri, opts
     puts "Using default username #{username.inspect}."
   end
 
+  # If we already have a password, then don't bother querying if we have an OSX
+  # keychain entry for it. If we have either of them, use it.
+  # So will use command line first, then ENV, then keychain on OSX, then prompt.
+  loaded_from_keychain = nil
+  password = keychain_password( username ,  host ) if password.nil?
+  if not password.nil?
+    loaded_from_keychain = password
+  end
+
   password_given = password != nil
   loop do
     begin
@@ -126,6 +120,9 @@ def connect uri, opts
     end
   end
 
+  # if we got to here, save the password, unless we loaded it from keychain
+  save_keychain_password( username , password , host ) unless loaded_from_keychain == password
+
   # Stash the address we used to connect so VMRC can use it.
   vim.define_singleton_method(:_host) { host }
 
@@ -134,16 +131,136 @@ def connect uri, opts
   conn_name.succ! while $shell.connections.member? conn_name
 
   $shell.connections[conn_name] = vim
+  $shell.session.set_connection conn_name,
+    'host' => host,
+    'username' => username,
+    'rev' => opts[:rev]
 end
 
 def prompt_password
   ask("password: ") { |q| q.echo = false }
 end
 
-def prompt_cert_insecure
-  agree("SSL certificate verification failed. Connect anyway (y/n)? ", true)
+def keychain_password username , hostname
+   return nil unless RbConfig::CONFIG['host_os'] =~ /^darwin10/
+
+  begin
+    require 'osx_keychain'
+  rescue LoadError
+    return nil
+  end
+
+  keychain = OSXKeychain.new
+  return keychain["rvc", "#{username}@#{hostname}" ]
+
+end
+
+def save_keychain_password username , password , hostname
+  # only works for OSX at the minute.
+  return false unless RbConfig::CONFIG['host_os'] =~ /^darwin10/
+
+  # check we already managed to load that gem.
+  if defined? OSXKeychain::VERSION
+
+    if agree("Save password for connection (y/n)? ", true)
+      keychain = OSXKeychain.new
+
+      # update the keychain, unless it's already set to that.
+      keychain.set("rvc", "#{username}@#{hostname}" , password ) unless 
+        keychain["rvc", "#{username}@#{hostname}" ] == password
+    end
+  else
+    return false
+  end
 end
 
-def prompt_cert_unknown
-  agree("Are you sure you want to continue connecting (y/n)? ", true)
+
+def check_known_hosts host, peer_public_key
+  known_hosts = RVC::KnownHosts.new
+  result, arg = known_hosts.verify 'vim', host, peer_public_key.to_s
+
+  if result == :not_found
+    puts "The authenticity of host '#{host}' can't be established."
+    puts "Public key fingerprint is #{arg}."
+    err "Connection failed" unless agree("Are you sure you want to continue connecting (y/n)? ", true)
+    puts "Warning: Permanently added '#{host}' (vim) to the list of known hosts"
+    known_hosts.add 'vim', host, peer_public_key.to_s
+  elsif result == :mismatch
+    err "Public key fingerprint for host '#{host}' does not match #{known_hosts.filename}:#{arg}."
+  elsif result == :ok
+  else
+    err "Unexpected result from known_hosts check"
+  end
+end
+
+class RbVmomi::VIM
+  def display_info
+    puts serviceContent.about.fullName
+  end
+
+  def _connection
+    self
+  end
+end
+
+
+opts :tasks do
+  summary "Watch tasks in progress"
+end
+
+def tasks
+  conn = single_connection [$shell.fs.cur]
+
+  begin
+    view = conn.serviceContent.viewManager.CreateListView
+
+    collector = conn.serviceContent.taskManager.CreateCollectorForTasks(:filter => {
+      :time => {
+        :beginTime => conn.serviceInstance.CurrentTime.to_datetime, # XXX
+        :timeType => :queuedTime
+      }
+    })
+    collector.SetCollectorPageSize :maxCount => 1
+
+    filter_spec = {
+      :objectSet => [
+        {
+          :obj => view,
+          :skip => true,
+          :selectSet => [
+            VIM::TraversalSpec(:path => 'view', :type => view.class.wsdl_name)
+          ]
+        },
+        { :obj => collector },
+      ],
+      :propSet => [
+        { :type => 'Task', :pathSet => %w(info.state) },
+        { :type => 'TaskHistoryCollector', :pathSet => %w(latestPage) },
+      ]
+    }
+    filter = conn.propertyCollector.CreateFilter(:partialUpdates => false, :spec => filter_spec)
+
+    ver = ''
+    loop do
+      result = conn.propertyCollector.WaitForUpdates(:version => ver)
+      ver = result.version
+      result.filterSet[0].objectSet.each do |r|
+        remove = []
+        case r.obj
+        when VIM::TaskHistoryCollector
+          infos = collector.ReadNextTasks :maxCount => 100
+          view.ModifyListView :add => infos.map(&:task)
+        when VIM::Task
+          puts "#{Time.now} #{r.obj.info.name} #{r.obj.info.entityName} #{r['info.state']}" unless r['info.state'] == nil
+          remove << r.obj if %w(error success).member? r['info.state']
+        end
+        view.ModifyListView :remove => remove unless remove.empty?
+      end
+    end
+  rescue Interrupt
+  ensure
+    filter.DestroyPropertyFilter if filter
+    collector.DestroyCollector if collector
+    view.DestroyView if view
+  end
 end

data/lib/rvc/modules/vm.rb

@@ -104,6 +104,9 @@ opts :create do
   opt :pool, "Resource pool", :short => 'p', :type => :string, :lookup => VIM::ResourcePool
   opt :host, "Host", :short => 'h', :type => :string, :lookup => VIM::HostSystem
   opt :datastore, "Datastore", :short => 'd', :type => :string, :lookup => VIM::Datastore
+  opt :disksize, "Size in KB of primary disk", :short => 's', :type => :int, :default => 4000000
+  opt :memory, "Size in MB of memory", :short => 'm', :type => :int, :default => 128
+  opt :cpucount, "Number of CPUs", :short => 'c', :type => :int, :default => 1
 end
 
 def create dest, opts
@@ -115,8 +118,8 @@ def create dest, opts
     :name => name,
     :guestId => 'otherGuest',
     :files => { :vmPathName => datastore_path },
-    :numCPUs => 1,
-    :memoryMB => 128,
+    :numCPUs => opts[:cpucount],
+    :memoryMB => opts[:memory],
     :deviceChange => [
       {
         :operation => :add,
@@ -137,7 +140,7 @@ def create dest, opts
           ),
           :controllerKey => 1000,
           :unitNumber => 0,
-          :capacityInKB => 4000000
+          :capacityInKB => opts[:disksize]
         )
       }, {
         :operation => :add,
@@ -516,10 +519,13 @@ opts :snapshot do
   summary "Snapshot a VM"
   arg :vm, nil, :lookup => VIM::VirtualMachine
   arg :name, "Name of new snapshot"
+  opt :description, "Description", :short => 'd', :default => ""
+  opt :quiesce, "Quiesce", :short => 'q', :default => false
+  opt :memory, "Memory", :short => 'm', :default => true
 end
 
-def snapshot vm, name
-  tasks [vm], :CreateSnapshot, :memory => true, :name => name, :quiesce => false
+def snapshot vm, name, opts
+  tasks [vm], :CreateSnapshot, :description => opts[:description], :memory => opts[:memory], :name => name, :quiesce => opts[:quiesce]
 end
 
 
@@ -648,7 +654,7 @@ def find_vmx_files ds
   files = []
   results.each do |result|
     result.file.each do |file|
-      files << result.folderPath + file.path
+      files << "#{result.folderPath}/#{file.path}"
     end
   end
 

data/lib/rvc/modules/vmrc.rb

@@ -33,6 +33,9 @@ when /linux/
   VMRC_SHA256 = "c86ecd9d9a1dd909a119c19d28325cb87d6e2853885d3014a7dac65175dd2ae1"
   VMRC_BIN = "vmware-vmrc"
 else
+  VMRC_NAME = nil
+  VMRC_SHA256 = nil
+  VMRC_BIN = nil
   $stderr.puts "No VMRC available for OS #{RbConfig::CONFIG['host_os']}"
 end
 
@@ -40,6 +43,7 @@ VMRC_BASENAME = "#{VMRC_NAME}.xpi"
 VMRC_URL = "http://cloud.github.com/downloads/vmware/rvc/#{VMRC_BASENAME}"
 
 def find_local_vmrc
+  return nil if VMRC_NAME.nil?
   path = File.join(Dir.tmpdir, VMRC_NAME, 'plugins', VMRC_BIN)
   File.exists?(path) && path
 end
@@ -52,6 +56,7 @@ end
 opts :view do
   summary "Spawn a VMRC"
   text "The VMware Remote Console allows you to interact with a VM's virtual mouse, keyboard, and screen."
+  opt :install, "Automatically install VMRC", :short => 'i'
   arg :vm, nil, :lookup => VIM::VirtualMachine, :multi => true
 end
 
@@ -59,8 +64,16 @@ rvc_alias :view
 rvc_alias :view, :vmrc
 rvc_alias :view, :v
 
-def view vms
-  err "VMRC not found" unless vmrc = find_vmrc
+def view vms, opts
+  unless vmrc = find_vmrc
+    if opts[:install]
+      install
+      vmrc = find_vmrc
+    else
+      err "VMRC not found. You may need to run vmrc.install."
+    end
+  end
+
   vms.each do |vm|
     moref = vm._ref
     ticket = vm._connection.serviceInstance.content.sessionManager.AcquireCloneTicket
@@ -143,6 +156,7 @@ def extract src, dst
       dst_filename = File.join(dst, e.name)
       case e.ftype
       when :file
+        FileUtils.mkdir_p File.dirname(dst_filename)
         zf.extract e.name, dst_filename
         File.chmod(e.unix_perms, dst_filename) if e.unix_perms
       when :directory

data/lib/rvc/modules.rb

@@ -18,12 +18,16 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.
 
+require 'rvc/util'
+
 module RVC
 
 ALIASES = {}
 MODULES = {}
 
 class CmdModule
+  include RVC::Util
+
   def initialize module_name
     @module_name = module_name
     @opts = {}

data/lib/rvc/option_parser.rb

@@ -74,6 +74,8 @@ class OptionParser < Trollop::Parser
       end
     end
     @args << [name,spec]
+    description = "Path to a" if description == nil and spec[:lookup]
+    description = "Child of a" if description == nil and spec[:lookup_parent]
     text "  #{name}: " + [description, spec[:lookup], spec[:lookup_parent]].compact.join(' ')
   end
 
@@ -82,41 +84,41 @@ class OptionParser < Trollop::Parser
 
     @specs.each do |name,spec|
       next unless klass = spec[:lookup] and path = opts[name]
-      opts[name] = lookup_single! path, klass
+      opts[name] = RVC::Util.lookup_single! path, klass
     end
 
     argv = leftovers
     args = []
     @args.each do |name,spec|
       if spec[:multi]
-        err "missing argument '#{name}'" if spec[:required] and argv.empty?
+        RVC::Util.err "missing argument '#{name}'" if spec[:required] and argv.empty?
         a = (argv.empty? ? spec[:default] : argv.dup)
         a = a.map { |x| postprocess_arg x, spec }.inject([], :+)
-        err "no matches for '#{name}'" if spec[:required] and a.empty?
+        RVC::Util.err "no matches for '#{name}'" if spec[:required] and a.empty?
         args << a
         argv.clear
       else
         x = argv.shift
-        err "missing argument '#{name}'" if spec[:required] and x.nil?
+        RVC::Util.err "missing argument '#{name}'" if spec[:required] and x.nil?
         x = spec[:default] if x.nil?
         a = x.nil? ? [] : postprocess_arg(x, spec)
-        err "more than one match for #{name}" if a.size > 1
-        err "no match for '#{name}'" if spec[:required] and a.empty?
+        RVC::Util.err "more than one match for #{name}" if a.size > 1
+        RVC::Util.err "no match for '#{name}'" if spec[:required] and a.empty?
         args << a.first
       end
     end
-    err "too many arguments" unless argv.empty?
+    RVC::Util.err "too many arguments" unless argv.empty?
     return args, opts
   end
 
   def postprocess_arg x, spec
     if spec[:lookup]
-      lookup!(x, spec[:lookup]).
-        tap { |a| err "no matches for #{x.inspect}" if a.empty? }
+      RVC::Util.lookup!(x, spec[:lookup]).
+        tap { |a| RVC::Util.err "no matches for #{x.inspect}" if a.empty? }
     elsif spec[:lookup_parent]
-      lookup!(File.dirname(x), spec[:lookup_parent]).
+      RVC::Util.lookup!(File.dirname(x), spec[:lookup_parent]).
         map { |y| [y, File.basename(x)] }.
-        tap { |a| err "no matches for #{File.dirname(x).inspect}" if a.empty? }
+        tap { |a| RVC::Util.err "no matches for #{File.dirname(x).inspect}" if a.empty? }
     else
       [x]
     end

data/lib/rvc/shell.rb

@@ -21,10 +21,11 @@
 module RVC
 
 class Shell
-  attr_reader :fs, :connections
+  attr_reader :fs, :connections, :session
   attr_accessor :debug
 
-  def initialize
+  def initialize session
+    @session = session
     @persist_ruby = false
     @fs = RVC::FS.new RVC::RootNode.new
     @ruby_evaluator = RubyEvaluator.new @fs
@@ -39,7 +40,7 @@ class Shell
     end
 
     if input[0..0] == '!'
-      system_fg input[1..-1]
+      RVC::Util.system_fg input[1..-1]
       return
     end
 
@@ -57,13 +58,13 @@ class Shell
       end
     rescue SystemExit, IOError
       raise
-    rescue UserError, RuntimeError, RbVmomi::Fault
+    rescue RVC::Util::UserError, RuntimeError, RbVmomi::Fault
       if ruby or debug
         puts "#{$!.class}: #{$!.message}"
         puts $!.backtrace * "\n"
       else
         case $!
-        when RbVmomi::Fault, UserError
+        when RbVmomi::Fault, RVC::Util::UserError
           puts $!.message
         else
           puts "#{$!.class}: #{$!.message}"
@@ -78,20 +79,20 @@ class Shell
   def eval_command input
     cmd, *args = Shellwords.shellwords(input)
     return unless cmd
-    err "invalid command" unless cmd.is_a? String
+    RVC::Util.err "invalid command" unless cmd.is_a? String
     case cmd
     when RVC::FS::MARK_PATTERN
-      CMD.basic.cd lookup_single(cmd)
+      CMD.basic.cd RVC::Util.lookup_single(cmd)
     else
       if cmd.include? '.'
         module_name, cmd, = cmd.split '.'
       elsif ALIASES.member? cmd
         module_name, cmd, = ALIASES[cmd].split '.'
       else
-        err "unknown alias #{cmd}"
+        RVC::Util.err "unknown alias #{cmd}"
       end
 
-      m = MODULES[module_name] or err("unknown module #{module_name}")
+      m = MODULES[module_name] or RVC::Util.err("unknown module #{module_name}")
 
       opts_block = m.opts_for(cmd.to_sym)
       parser = RVC::OptionParser.new cmd, &opts_block
@@ -123,7 +124,11 @@ class Shell
   end
 
   def prompt
-    "#{@fs.display_path}#{$terminal.color(@persist_ruby ? '~' : '>', :yellow)} "
+    if false
+      "#{@fs.display_path}#{$terminal.color(@persist_ruby ? '~' : '>', :yellow)} "
+    else
+      "#{@fs.display_path}#{@persist_ruby ? '~' : '>'} "
+    end
   end
 
   def introspect_object obj
@@ -175,6 +180,10 @@ class Shell
       puts klass
     end
   end
+
+  def delete_numeric_marks
+    @session.marks.grep(/^\d+$/).each { |x| @session.set_mark x, nil }
+  end
 end
 
 class RubyEvaluator
@@ -204,7 +213,7 @@ class RubyEvaluator
     if a.empty?
       if MODULES.member? str
         MODULES[str]
-      elsif str =~ /_?([\w\d]+)(!?)/ && objs = @fs.marks[$1]
+      elsif str =~ /_?([\w\d]+)(!?)/ && objs = $shell.session.get_mark($1)
         if $2 == '!'
           objs
         else