X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-remote.git/blobdiff_plain/58e42fcbe55f1045e86ae0b8f85d8ee5180a3e7d..14b583f6b332877718c82caf2cf3ec0913a53778:/server/usr/sbin/invirt-remconffs?ds=inline diff --git a/server/usr/sbin/invirt-remconffs b/server/usr/sbin/invirt-remconffs index 6421164..ac4fe15 100755 --- a/server/usr/sbin/invirt-remconffs +++ b/server/usr/sbin/invirt-remconffs @@ -14,6 +14,7 @@ class RemConfFS(routefs.RouteFS): """ RemConfFS creates a filesytem for configuring remctl, like this: / + |-- adminacl |-- acl | |-- machine1 | ... @@ -39,11 +40,12 @@ class RemConfFS(routefs.RouteFS): m.connect('', controller='getroot') m.connect('acl', controller='getmachines') m.connect('acl/:machine', controller='getacl') + m.connect('adminacl', controller='getadmin') m.connect('conf', controller='getconf') return m def getroot(self, **kw): - return ['acl', 'conf'] + return ['adminacl', 'acl', 'conf'] def getacl(self, machine, **kw): """Build the ACL file for a machine @@ -70,6 +72,14 @@ class RemConfFS(routefs.RouteFS): def getmachines(self, **kw): """Get the list of VMs in the database. Does not cache to prevent race conditions.""" return list(row[0] for row in database.session.execute(sa.sql.select([database.Machine.c.name]))) + + def getadmin(self, **kw): + """ + Get the list of administrators for the global ACL. + """ + acl = [self.userToPrinc(row[0]) for row in database.session.execute(sa.sql.select([database.admins_table.c.user]))] + acl.append('include /etc/remctl/acl/web\n') + return '\n'.join(acl) def userToPrinc(self, user): """Convert Kerberos v4-style names to v5-style and append a default