import re
import string
import dns.resolver
+from invirt import authz
from invirt.database import Machine, NIC, Type, Disk, CDROM, Autoinstall, Owner
from invirt.config import structs as config
from invirt.common import InvalidInput, CodeError
if strict:
if name is None:
raise InvalidInput('name', name, "You must provide a machine name.")
- if description is None:
+ if description is None or description.strip() == '':
raise InvalidInput('description', description, "You must provide a description.")
if memory is None:
raise InvalidInput('memory', memory, "You must provide a memory size.")
if vmtype is not None:
self.vmtype = validVmType(vmtype)
if cdrom is not None:
- if not CDROM.query().get(cdrom):
+ if not CDROM.query.get(cdrom):
raise CodeError("Invalid cdrom type '%s'" % cdrom)
self.cdrom = cdrom
if autoinstall is not None:
#raise InvalidInput('autoinstall', 'install',
# "The autoinstaller has been temporarily disabled")
- self.autoinstall = Autoinstall.query().get(autoinstall)
+ self.autoinstall = Autoinstall.query.get(autoinstall)
def getMachinesByOwner(owner, machine=None):
"""
if machine:
owner = machine.owner
- return Machine.query().filter_by(owner=owner)
+ return Machine.query.filter_by(owner=owner)
def maxMemory(owner, g, machine=None, on=True):
"""Return the maximum memory for a machine or a user.
"""Return the maximum disk that a machine can reach.
If machine is None, the maximum disk for a new machine. Otherwise,
- return the maximum that a given machine can be changed to.
+ return the maximum that a given machine can be changed to. If the
+ disk currently exceeds the quotas, it can be changed to anything up
+ to its current size.
"""
(quota_total, quota_single) = Owner.getDiskQuotas(machine.owner if machine else owner)
- if machine is not None:
+ machine_id, current_size = None, 0
+ if machine is not None and machine.disks:
machine_id = machine.machine_id
- else:
- machine_id = None
- disk_usage = Disk.query().filter(Disk.c.machine_id != machine_id).\
- join('machine').\
- filter_by(owner=owner).sum(Disk.c.size) or 0
- return min(quota_single, quota_total-disk_usage/1024.)
+ # XXX The machine modification form doesn't currently handle the
+ # case of machines with multiple disks. It simply addresses the "first"
+ # disk (which is possibly nondeterministic and wrong). Since we're
+ # doing validation for that form, we have to use the same logic it
+ # does.
+ current_size = machine.disks[0].size / 1024.
+ disk_usage_query = Disk.query.filter(Disk.machine_id != machine_id).\
+ join('machine').filter_by(owner=owner)
+
+ disk_usage = sum([m.size for m in disk_usage_query]) or 0
+ return max(current_size, min(quota_single, quota_total-disk_usage/1024.))
def cantAddVm(owner, g):
machines = getMachinesByOwner(owner)
def owns(user, machine):
"""Return whether a user owns a machine"""
- return user in expandLocker(machine.owner)
+ return user in authz.expandOwner(machine.owner)
def validMachineName(name):
"""Check that name is valid for a machine name"""
def validVmType(vm_type):
if vm_type is None:
return None
- t = Type.query().get(vm_type)
+ t = Type.query.get(vm_type)
if t is None:
raise CodeError("Invalid vm type '%s'" % vm_type)
return t
machine_id = int(machine_id)
except ValueError:
raise InvalidInput('machine_id', machine_id, "Must be an integer.")
- machine = Machine.query().get(machine_id)
+ machine = Machine.query.get(machine_id)
if exists and machine is None:
raise InvalidInput('machine_id', machine_id, "Does not exist.")
if machine is not None and not haveAccess(user, state, machine):
def testAdmin(user, admin, machine):
"""Determine whether a user can set the admin of a machine to this value.
- Return the value to set the admin field to (possibly 'system:' +
- admin). XXX is modifying this a good idea?
+ Return the value to set the admin field to (possibly 'system:' + admin).
"""
if admin is None:
return None
return admin
if admin == user:
return admin
+ # we do not require that the user be in the admin group;
+ # just that it is a non-empty set
+ if authz.expandAdmin(admin):
+ return admin
if ':' not in admin:
- if cache_acls.isUser(admin):
- return admin
- admin = 'system:' + admin
- try:
- if user in getafsgroups.getAfsGroupMembers(admin, config.authz.afs.cells[0].cell):
- return admin
- except getafsgroups.AfsProcessError, e:
- errmsg = str(e)
- if errmsg.startswith("pts: User or group doesn't exist"):
- errmsg = 'The group "%s" does not exist.' % admin
- raise InvalidInput('administrator', admin, errmsg)
- #XXX Should we require that user is in the admin group?
- return admin
+ if authz.expandAdmin('system:' + admin):
+ return 'system:' + admin
+ errmsg = 'No user "%s" or non-empty group "system:%s" found.' % (admin, admin)
+ else:
+ errmsg = 'No non-empty group "%s" found.' % (admin,)
+ raise InvalidInput('administrator', admin, errmsg)
def testOwner(user, owner, machine=None):
"""Determine whether a user can set the owner of a machine to this value.
if '@' in owner:
raise InvalidInput('owner', owner, "No cross-realm Hesiod lockers allowed")
try:
- if user not in cache_acls.expandLocker(owner):
+ if user not in authz.expandOwner(owner):
raise InvalidInput('owner', owner, 'You do not have access to the '
- + owner + ' locker')
+ + owner + ' locker (Is system:anyuser missing '
+ + 'the l permission?)')
except getafsgroups.AfsProcessError, e:
raise InvalidInput('owner', owner, str(e))
return owner
projects / invirt/packages/invirt-web.git / blobdiff