Do entire ACL update in a transaction, not for each machine.
[invirt/packages/invirt-web.git] / cache_acls.py
1 #!/usr/bin/python
2 from sipb_xen_database import *
3 import sys
4 import getafsgroups
5 import subprocess
6
7 def expandLocker(name):
8     groups = getafsgroups.getLockerAcl(name)
9     cell = getafsgroups.getCell(name)
10     ans = set()
11     for group in groups:
12         if ':' in group:
13             ans.update(getafsgroups.getAfsGroupMembers(group, cell))
14         else:
15             ans.add(group)
16     return ans
17
18 def isUser(name):
19     p = subprocess.Popen(['vos', 'examine', 'user.'+name],
20                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
21     if p.wait():
22         return False
23     return True
24     
25
26 def expandName(name):
27     if ':' not in name:
28         if isUser(name):
29             return [name]
30         name = 'system:'+name
31     return getafsgroups.getAfsGroupMembers(name, 'athena.mit.edu')
32
33 if __name__ == '__main__':
34     connect('postgres://sipb-xen@sipb-xen-dev/sipb_xen')
35     
36     transaction = ctx.current.create_transaction()
37
38     print repr(ctx), repr(ctx.current), repr(transaction)
39     # Remove existing machine access entries
40     machine_access_table.delete()
41     ctx.current.flush()
42
43     try:
44         machines = Machine.select()
45         for m in machines:
46             people = set()
47             people.update(expandLocker(m.owner))
48             people.update(expandName(m.administrator))
49             print '%s: %s' % (m.name, ' '.join(people))
50             for p in people:
51                 ma = MachineAccess(machine_id=m.machine_id, user=p)
52                 ctx.current.save(ma)
53             ctx.current.flush()
54             
55         # Atomically execute our changes
56         transaction.commit()
57     except:
58         # Failed! Rollback all the changes.
59         transaction.rollback()
60         raise