finish sipb_xen_database -> invirt.database in web
[invirt/packages/invirt-web.git] / code / cache_acls.py
1 #!/usr/bin/python
2 from invirt.database import *
3 import sys
4 import getafsgroups
5 import subprocess
6
7 def expandLocker(name):
8     groups = getafsgroups.getLockerAcl(name)
9     cell = getafsgroups.getCell(name)
10     ans = set()
11     for group in groups:
12         if ':' in group:
13             ans.update(getafsgroups.getAfsGroupMembers(group, cell))
14         else:
15             ans.add(group)
16     return ans
17
18 def isUser(name):
19     p = subprocess.Popen(['vos', 'examine', 'user.'+name],
20                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
21     if p.wait():
22         return False
23     return True
24     
25
26 def expandName(name):
27     if ':' not in name:
28         if isUser(name):
29             return [name]
30         return []
31     try:
32         return getafsgroups.getAfsGroupMembers(name, 'athena.mit.edu')
33     except getafsgroups.AfsProcessError:
34         return []
35
36 def accessList(m):
37     people = set()
38     people.update(expandLocker(m.owner))
39     people.update(expandName(m.administrator))
40     return people
41
42 def refreshMachine(m):
43     people = accessList(m)
44     old_people = set(a.user for a in m.acl)
45     for removed in old_people - people:
46         ma = [x for x in m.acl if x.user == removed][0]
47         ctx.current.delete(ma)
48     for p in people - old_people:
49         ma = MachineAccess(user=p)
50         m.acl.append(ma)
51         ctx.current.save(ma)
52     
53 def refreshCache():
54     transaction = ctx.current.create_transaction()
55
56     try:
57         machines = Machine.select()
58         for m in machines:
59             refreshMachine(m)
60         ctx.current.flush()
61             
62         # Atomically execute our changes
63         transaction.commit()
64     except:
65         # Failed! Rollback all the changes.
66         transaction.rollback()
67         raise
68
69 if __name__ == '__main__':
70     connect()
71     refreshCache()