code/cache_acls.py

   1 #!/usr/bin/python
   2 from invirt.database import *
   3 from invirt.config import structs as config
   4 import sys
   5 import getafsgroups
   6 import subprocess
   7
   8 def expandLocker(name):
   9     try:
  10         groups = getafsgroups.getLockerAcl(name)
  11     except getafsgroups.AfsProcessError, e:
  12         if e.message.startswith("fs: You don't have the required access rights on"):
  13             groups = []
  14         else:
  15             raise
  16     cell = getafsgroups.getCell(name)
  17     ans = set()
  18     for group in groups:
  19         if ':' in group:
  20             ans.update(getafsgroups.getAfsGroupMembers(group, cell))
  21         else:
  22             ans.add(group)
  23     return ans
  24
  25 def isUser(name):
  26     p = subprocess.Popen(['vos', 'examine', 'user.'+name],
  27                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
  28     if p.wait():
  29         return False
  30     return True
  31
  32
  33 def expandName(name):
  34     if ':' not in name:
  35         if isUser(name):
  36             return [name]
  37         return []
  38     try:
  39         return getafsgroups.getAfsGroupMembers(name, config.authz[0].cell)
  40     except getafsgroups.AfsProcessError:
  41         return []
  42
  43 def accessList(m):
  44     people = set()
  45     people.update(expandLocker(m.owner))
  46     if m.administrator is not None:
  47         people.update(expandName(m.administrator))
  48     return people
  49
  50 def refreshMachine(m):
  51     people = accessList(m)
  52     old_people = set(a.user for a in m.acl)
  53     for removed in old_people - people:
  54         ma = [x for x in m.acl if x.user == removed][0]
  55         session.delete(ma)
  56     for p in people - old_people:
  57         ma = MachineAccess(user=p)
  58         m.acl.append(ma)
  59         session.save_or_update(ma)
  60
  61 def refreshCache():
  62     session.begin()
  63
  64     try:
  65         machines = Machine.query().all()
  66         for m in machines:
  67             refreshMachine(m)
  68         session.flush()
  69
  70         # Atomically execute our changes
  71         session.commit()
  72     except:
  73         # Failed! Rollback all the changes.
  74         session.rollback()
  75         raise
  76
  77 if __name__ == '__main__':
  78     connect()
  79     refreshCache()