#!/usr/bin/python
+import cache_acls
import getafsgroups
import re
import string
-from sipb_xen_database import Machine, NIC
-from webcommon import InvalidInput, g
+from sipb_xen_database import Machine, NIC, Type, Disk
+from webcommon import InvalidInput
MAX_MEMORY_TOTAL = 512
MAX_MEMORY_SINGLE = 256
MAX_VMS_TOTAL = 10
MAX_VMS_ACTIVE = 4
-def getMachinesByOwner(user, machine=None):
+class Validate:
+ def __init__(self, username, state, machine_id=None, name=None, owner=None,
+ admin=None, contact=None, memory=None, disksize=None,
+ vmtype=None, cdrom=None, clone_from=None, strict=False):
+ # XXX Successive quota checks aren't a good idea, since you
+ # can't necessarily change the locker and disk size at the
+ # same time.
+ created_new = (machine_id is None)
+
+ if strict:
+ if name is None:
+ raise InvalidInput('name', name, "You must provide a machine name.")
+ if memory is None:
+ raise InvalidInput('memory', memory, "You must provide a memory size.")
+ if disksize is None:
+ raise InvalidInput('disk', disksize, "You must provide a disk size.")
+
+ if machine_id is not None:
+ self.machine = testMachineId(username, machine_id)
+ machine = getattr(self, 'machine', None)
+
+ owner = testOwner(username, owner, machine)
+ if owner is not None:
+ self.owner = owner
+ admin = testAdmin(username, admin, machine)
+ if admin is not None:
+ self.admin = admin
+ contact = testContact(username, contact, machine)
+ if contact is not None:
+ self.contact = contact
+ name = testName(username, name, machine)
+ if name is not None:
+ self.name = name
+ if memory is not None:
+ self.memory = validMemory(self.owner, state, memory, machine,
+ on=not created_new)
+ if disksize is not None:
+ self.disksize = validDisk(self.owner, disksize, machine)
+ if vmtype is not None:
+ self.vmtype = validVmType(vmtype)
+ if cdrom is not None:
+ if not CDROM.get(cdrom):
+ raise CodeError("Invalid cdrom type '%s'" % cdrom)
+ self.cdrom = cdrom
+ if clone_from is not None:
+ if clone_from not in ('ice3', ):
+ raise CodeError("Invalid clone image '%s'" % clone_from)
+ self.clone_from = clone_from
+
+
+def getMachinesByOwner(owner, machine=None):
"""Return the machines owned by the same as a machine.
-
+
If the machine is None, return the machines owned by the same
user.
"""
if machine:
owner = machine.owner
- else:
- owner = user
return Machine.select_by(owner=owner)
-def maxMemory(user, machine=None, on=True):
+def maxMemory(owner, g, machine=None, on=True):
"""Return the maximum memory for a machine or a user.
- If machine is None, return the memory available for a new
+ If machine is None, return the memory available for a new
machine. Else, return the maximum that machine can have.
on is whether the machine should be turned on. If false, the max
return machine.memory
if not on:
return MAX_MEMORY_SINGLE
- machines = getMachinesByOwner(user, machine)
- active_machines = [x for x in machines if g.uptimes.get(x)]
+ machines = getMachinesByOwner(owner, machine)
+ active_machines = [m for m in machines if m.name in g.xmlist_raw]
mem_usage = sum([x.memory for x in active_machines if x != machine])
return min(MAX_MEMORY_SINGLE, MAX_MEMORY_TOTAL-mem_usage)
-def maxDisk(user, machine=None):
- machines = getMachinesByOwner(user, machine)
- disk_usage = sum([sum([y.size for y in x.disks])
- for x in machines if x != machine])
+def maxDisk(owner, machine=None):
+ """Return the maximum disk that a machine can reach.
+
+ If machine is None, the maximum disk for a new machine. Otherwise,
+ return the maximum that a given machine can be changed to.
+ """
+ if machine is not None:
+ machine_id = machine.machine_id
+ else:
+ machine_id = None
+ disk_usage = Disk.query().filter_by(Disk.c.machine_id != machine_id,
+ owner=owner).sum(Disk.c.size) or 0
return min(MAX_DISK_SINGLE, MAX_DISK_TOTAL-disk_usage/1024.)
-def cantAddVm(user):
- machines = getMachinesByOwner(user)
- active_machines = [x for x in machines if g.uptimes.get(x)]
+def cantAddVm(owner, g):
+ machines = getMachinesByOwner(owner)
+ active_machines = [m for m in machines if m.name in g.xmlist_raw]
if len(machines) >= MAX_VMS_TOTAL:
return 'You have too many VMs to create a new one.'
if len(active_machines) >= MAX_VMS_ACTIVE:
'To create more, turn one off.')
return False
-def validAddVm(user):
- reason = cantAddVm(user)
- if reason:
- raise InvalidInput('create', True, reason)
- return True
-
def haveAccess(user, machine):
"""Return whether a user has administrative access to a machine"""
- if user in (machine.administrator, machine.owner):
- return True
- if getafsgroups.checkAfsGroup(user, machine.administrator,
- 'athena.mit.edu'): #XXX Cell?
- return True
- if not getafsgroups.notLockerOwner(user, machine.owner):
- return True
- return owns(user, machine)
+ return user in cache_acls.accessList(machine)
def owns(user, machine):
"""Return whether a user owns a machine"""
- return not getafsgroups.notLockerOwner(user, machine.owner)
+ return user in expandLocker(machine.owner)
def validMachineName(name):
"""Check that name is valid for a machine name"""
return False
return True
-def validMemory(user, memory, machine=None, on=True):
- """Parse and validate limits for memory for a given user and machine.
+def validMemory(owner, g, memory, machine=None, on=True):
+ """Parse and validate limits for memory for a given owner and machine.
on is whether the memory must be valid after the machine is
switched on.
if memory < MIN_MEMORY_SINGLE:
raise ValueError
except ValueError:
- raise InvalidInput('memory', memory,
+ raise InvalidInput('memory', memory,
"Minimum %s MiB" % MIN_MEMORY_SINGLE)
- if memory > maxMemory(user, machine, on):
+ max_val = maxMemory(owner, g, machine, on)
+ if memory > max_val:
raise InvalidInput('memory', memory,
- 'Maximum %s MiB for %s' % (maxMemory(user, machine),
- user))
+ 'Maximum %s MiB for %s' % (max_val, owner))
return memory
-def validDisk(user, disk, machine=None):
- """Parse and validate limits for disk for a given user and machine."""
+def validDisk(owner, disk, machine=None):
+ """Parse and validate limits for disk for a given owner and machine."""
try:
disk = float(disk)
- if disk > maxDisk(user, machine):
+ if disk > maxDisk(owner, machine):
raise InvalidInput('disk', disk,
- "Maximum %s G" % maxDisk(user, machine))
+ "Maximum %s G" % maxDisk(owner, machine))
disk = int(disk * 1024)
if disk < MIN_DISK_SINGLE * 1024:
raise ValueError
raise InvalidInput('disk', disk,
"Minimum %s GiB" % MIN_DISK_SINGLE)
return disk
-
+
+def validVmType(vm_type):
+ if vm_type is None:
+ return None
+ t = Type.get(vm_type)
+ if t is None:
+ raise CodeError("Invalid vm type '%s'" % vm_type)
+ return t
+
def testMachineId(user, machine_id, exists=True):
"""Parse, validate and check authorization for a given user and machine.
If exists is False, don't check that it exists.
"""
if machine_id is None:
- raise InvalidInput('machine_id', machine_id,
+ raise InvalidInput('machine_id', machine_id,
"Must specify a machine ID.")
try:
machine_id = int(machine_id)
return machine
def testAdmin(user, admin, machine):
- if admin in (None, machine.administrator):
+ """Determine whether a user can set the admin of a machine to this value.
+
+ Return the value to set the admin field to (possibly 'system:' +
+ admin). XXX is modifying this a good idea?
+ """
+ if admin is None:
+ return None
+ if machine is not None and admin == machine.administrator:
return None
if admin == user:
return admin
- if getafsgroups.checkAfsGroup(user, admin, 'athena.mit.edu'):
- return admin
- if getafsgroups.checkAfsGroup(user, 'system:'+admin,
- 'athena.mit.edu'):
- return 'system:'+admin
+ if ':' not in admin:
+ if cache_acls.isUser(admin):
+ return admin
+ admin = 'system:' + admin
+ try:
+ if user in getafsgroups.getAfsGroupMembers(admin, 'athena.mit.edu'):
+ return admin
+ except getafsgroups.AfsProcessError, e:
+ errmsg = str(e)
+ if errmsg.startswith("pts: User or group doesn't exist"):
+ errmsg = 'The group "%s" does not exist.' % admin
+ raise InvalidInput('administrator', admin, errmsg)
+ #XXX Should we require that user is in the admin group?
return admin
-
+
def testOwner(user, owner, machine=None):
- if owner == user or machine is not None and owner == machine.owner:
+ """Determine whether a user can set the owner of a machine to this value.
+
+ If machine is None, this is the owner of a new machine.
+ """
+ if owner == user:
return owner
+ if machine is not None and owner in (machine.owner, None):
+ return machine.owner
if owner is None:
raise InvalidInput('owner', owner, "Owner must be specified")
- value = getafsgroups.notLockerOwner(user, owner)
- if not value:
- return owner
- raise InvalidInput('owner', owner, value)
+ try:
+ if user not in cache_acls.expandLocker(owner):
+ raise InvalidInput('owner', owner, 'You do not have access to the '
+ + owner + ' locker')
+ except getafsgroups.AfsProcessError, e:
+ raise InvalidInput('owner', owner, str(e))
+ return owner
def testContact(user, contact, machine=None):
- if contact in (None, machine.contact):
+ if contact is None or (machine is not None and contact == machine.contact):
return None
if not re.match("^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$", contact, re.I):
raise InvalidInput('contact', contact, "Not a valid email.")
return disksize
def testName(user, name, machine=None):
- if name in (None, machine.name):
+ if name is None:
+ return None
+ if machine is not None and name == machine.name:
return None
if not Machine.select_by(name=name):
+ if not validMachineName(name):
+ raise InvalidInput('name', name, 'You must provide a machine name. Max 22 chars, alnum plus \'-\' and \'_\'.')
return name
raise InvalidInput('name', name, "Name is already taken.")
projects / invirt/packages/invirt-web.git / blobdiff