Ok - I think this will load the iptables rules on boot

[invirt/packages/invirt-web.git] / cache_acls.py

diff --git a/cache_acls.py b/cache_acls.py
index 3b68129..34d5e1e 100644 (file)
--- a/cache_acls.py
+++ b/cache_acls.py
@@ -30,20 +30,34 @@ def expandName(name):
         name = 'system:'+name
     return getafsgroups.getAfsGroupMembers(name, 'athena.mit.edu')
 
-if __name__ == '__main__':
-    connect('postgres://sipb-xen@sipb-xen-dev/sipb_xen')
+def refreshMachine(m):
+    people = set()
+    people.update(expandLocker(m.owner))
+    people.update(expandName(m.administrator))
+    old_people = set(a.user for a in m.acl)
+    for removed in old_people - people:
+        ma = [x for x in m.acl if x.user == removed][0]
+        ctx.current.delete(ma)
+    for p in people - old_people:
+        ma = MachineAccess(machine_id=m.machine_id, user=p)
+        ctx.current.save(ma)
     
-    machines = Machine.select()
-    for m in machines:
-        people = set()
-        people.update(expandLocker(m.owner))
-        people.update(expandName(m.administrator))
-        print '%s: %s' % (m.name, ' '.join(people))
-        transaction = ctx.current.create_transaction()
-        for u in m.users:
-            ctx.current.delete(u)
-        for p in people:
-            ma = MachineAccess(machine_id=m.machine_id, user=p)
-            ctx.current.save(ma)
+def refreshCache():
+    transaction = ctx.current.create_transaction()
+
+    try:
+        machines = Machine.select()
+        for m in machines:
+            refreshMachine(m)
         ctx.current.flush()
+            
+        # Atomically execute our changes
         transaction.commit()
+    except:
+        # Failed! Rollback all the changes.
+        transaction.rollback()
+        raise
+
+if __name__ == '__main__':
+    connect('postgres://sipb-xen@sipb-xen-dev/sipb_xen')
+    refreshCache()