We're no longer an alpha service
[invirt/packages/invirt-web.git] / code / cache_acls.py
1 #!/usr/bin/python
2 from invirt.database import *
3 from invirt.config import structs as config
4 import sys
5 import getafsgroups
6 import subprocess
7
8 def expandLocker(name):
9     try:
10         groups = getafsgroups.getLockerAcl(name)
11     except getafsgroups.AfsProcessError, e:
12         if e.message.startswith("fs: You don't have the required access rights on"):
13             groups = []
14         raise
15     cell = getafsgroups.getCell(name)
16     ans = set()
17     for group in groups:
18         if ':' in group:
19             ans.update(getafsgroups.getAfsGroupMembers(group, cell))
20         else:
21             ans.add(group)
22     return ans
23
24 def isUser(name):
25     p = subprocess.Popen(['vos', 'examine', 'user.'+name],
26                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
27     if p.wait():
28         return False
29     return True
30     
31
32 def expandName(name):
33     if ':' not in name:
34         if isUser(name):
35             return [name]
36         return []
37     try:
38         return getafsgroups.getAfsGroupMembers(name, config.authz[0].cell)
39     except getafsgroups.AfsProcessError:
40         return []
41
42 def accessList(m):
43     people = set()
44     people.update(expandLocker(m.owner))
45     people.update(expandName(m.administrator))
46     return people
47
48 def refreshMachine(m):
49     people = accessList(m)
50     old_people = set(a.user for a in m.acl)
51     for removed in old_people - people:
52         ma = [x for x in m.acl if x.user == removed][0]
53         session.delete(ma)
54     for p in people - old_people:
55         ma = MachineAccess(user=p)
56         m.acl.append(ma)
57         session.save_or_update(ma)
58     
59 def refreshCache():
60     session.begin()
61
62     try:
63         machines = Machine.query().all()
64         for m in machines:
65             refreshMachine(m)
66         session.flush()
67             
68         # Atomically execute our changes
69         session.commit()
70     except:
71         # Failed! Rollback all the changes.
72         session.rollback()
73         raise
74
75 if __name__ == '__main__':
76     connect()
77     refreshCache()