depend on remctl-client in invirt-base, not invirt-web
[invirt/packages/invirt-web.git] / code / cache_acls.py
1 #!/usr/bin/python
2 from invirt.database import *
3 from invirt.config import structs as config
4 import sys
5 import getafsgroups
6 import subprocess
7
8 def expandLocker(name):
9     try:
10         groups = getafsgroups.getLockerAcl(name)
11     except getafsgroups.AfsProcessError, e:
12         if e.message.startswith("fs: You don't have the required access rights on"):
13             return []
14         elif e.message.endswith("doesn't exist\n"):
15             # presumably deactivated
16             return []
17         else:
18             raise
19     cell = getafsgroups.getCell(name)
20     ans = set()
21     for group in groups:
22         if ':' in group:
23             ans.update(getafsgroups.getAfsGroupMembers(group, cell))
24         else:
25             ans.add(group)
26     return ans
27
28 def isUser(name):
29     p = subprocess.Popen(['vos', 'examine', 'user.'+name],
30                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
31     if p.wait():
32         return False
33     return True
34     
35
36 def expandName(name):
37     if ':' not in name:
38         if isUser(name):
39             return [name]
40         return []
41     try:
42         return getafsgroups.getAfsGroupMembers(name, config.authz[0].cell)
43     except getafsgroups.AfsProcessError:
44         return []
45
46 def accessList(m):
47     people = set()
48     people.update(expandLocker(m.owner))
49     if m.administrator is not None:
50         people.update(expandName(m.administrator))
51     return people
52
53 def refreshMachine(m):
54     people = accessList(m)
55     old_people = set(a.user for a in m.acl)
56     for removed in old_people - people:
57         ma = [x for x in m.acl if x.user == removed][0]
58         session.delete(ma)
59     for p in people - old_people:
60         ma = MachineAccess(user=p)
61         m.acl.append(ma)
62         session.save_or_update(ma)
63     
64 def refreshCache():
65     session.begin()
66
67     try:
68         machines = Machine.query().all()
69         for m in machines:
70             refreshMachine(m)
71         session.flush()
72             
73         # Atomically execute our changes
74         session.commit()
75     except:
76         # Failed! Rollback all the changes.
77         session.rollback()
78         raise
79
80 if __name__ == '__main__':
81     connect()
82     refreshCache()