invirt-cache-acls: get afs cell list from invirt-config
[invirt/packages/invirt-web.git] / code / cache_acls.py
index f7575e1..7634b7e 100644 (file)
@@ -1,11 +1,17 @@
 #!/usr/bin/python
 #!/usr/bin/python
-from sipb_xen_database import *
+from invirt.database import *
+from invirt.config import structs as config
 import sys
 import getafsgroups
 import subprocess
 
 def expandLocker(name):
 import sys
 import getafsgroups
 import subprocess
 
 def expandLocker(name):
-    groups = getafsgroups.getLockerAcl(name)
+    try:
+        groups = getafsgroups.getLockerAcl(name)
+    except getafsgroups.AfsProcessError, e:
+        if e.message.startswith("fs: You don't have the required access rights on"):
+            groups = []
+        raise
     cell = getafsgroups.getCell(name)
     ans = set()
     for group in groups:
     cell = getafsgroups.getCell(name)
     ans = set()
     for group in groups:
@@ -27,16 +33,17 @@ def expandName(name):
     if ':' not in name:
         if isUser(name):
             return [name]
     if ':' not in name:
         if isUser(name):
             return [name]
-        name = 'system:'+name
+        return []
     try:
     try:
-        return getafsgroups.getAfsGroupMembers(name, 'athena.mit.edu')
+        return getafsgroups.getAfsGroupMembers(name, config.authz[0].cell)
     except getafsgroups.AfsProcessError:
         return []
 
 def accessList(m):
     people = set()
     people.update(expandLocker(m.owner))
     except getafsgroups.AfsProcessError:
         return []
 
 def accessList(m):
     people = set()
     people.update(expandLocker(m.owner))
-    people.update(expandName(m.administrator))
+    if m.administrator is not None:
+        people.update(expandName(m.administrator))
     return people
 
 def refreshMachine(m):
     return people
 
 def refreshMachine(m):
@@ -44,27 +51,28 @@ def refreshMachine(m):
     old_people = set(a.user for a in m.acl)
     for removed in old_people - people:
         ma = [x for x in m.acl if x.user == removed][0]
     old_people = set(a.user for a in m.acl)
     for removed in old_people - people:
         ma = [x for x in m.acl if x.user == removed][0]
-        ctx.current.delete(ma)
+        session.delete(ma)
     for p in people - old_people:
     for p in people - old_people:
-        ma = MachineAccess(machine_id=m.machine_id, user=p)
-        ctx.current.save(ma)
+        ma = MachineAccess(user=p)
+        m.acl.append(ma)
+        session.save_or_update(ma)
     
 def refreshCache():
     
 def refreshCache():
-    transaction = ctx.current.create_transaction()
+    session.begin()
 
     try:
 
     try:
-        machines = Machine.select()
+        machines = Machine.query().all()
         for m in machines:
             refreshMachine(m)
         for m in machines:
             refreshMachine(m)
-        ctx.current.flush()
+        session.flush()
             
         # Atomically execute our changes
             
         # Atomically execute our changes
-        transaction.commit()
+        session.commit()
     except:
         # Failed! Rollback all the changes.
     except:
         # Failed! Rollback all the changes.
-        transaction.rollback()
+        session.rollback()
         raise
 
 if __name__ == '__main__':
         raise
 
 if __name__ == '__main__':
-    connect('postgres://sipb-xen@sipb-xen-dev/sipb_xen')
+    connect()
     refreshCache()
     refreshCache()