X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/blobdiff_plain/907f34a95f096535be1b47e99f37b063a2a8245c..7c76c14ecf33a25b58f96b6747c3630805ee0fb9:/code/validation.py diff --git a/code/validation.py b/code/validation.py index dc0fd8c..fe6d7c8 100644 --- a/code/validation.py +++ b/code/validation.py @@ -4,8 +4,10 @@ import cache_acls import getafsgroups import re import string -from sipb_xen_database import Machine, NIC, Type, Disk, CDROM -from webcommon import InvalidInput +import dns.resolver +from invirt.database import Machine, NIC, Type, Disk, CDROM, Autoinstall +from invirt.config import structs as config +from invirt.common import InvalidInput MAX_MEMORY_TOTAL = 512 MAX_MEMORY_SINGLE = 256 @@ -19,7 +21,7 @@ MAX_VMS_ACTIVE = 4 class Validate: def __init__(self, username, state, machine_id=None, name=None, description=None, owner=None, admin=None, contact=None, memory=None, disksize=None, - vmtype=None, cdrom=None, clone_from=None, strict=False): + vmtype=None, cdrom=None, autoinstall=None, strict=False): # XXX Successive quota checks aren't a good idea, since you # can't necessarily change the locker and disk size at the # same time. @@ -36,7 +38,7 @@ class Validate: raise InvalidInput('disk', disksize, "You must provide a disk size.") if machine_id is not None: - self.machine = testMachineId(username, machine_id) + self.machine = testMachineId(username, state, machine_id) machine = getattr(self, 'machine', None) owner = testOwner(username, owner, machine) @@ -58,17 +60,15 @@ class Validate: self.memory = validMemory(self.owner, state, memory, machine, on=not created_new) if disksize is not None: - self.disksize = validDisk(self.owner, disksize, machine) + self.disksize = validDisk(self.owner, state, disksize, machine) if vmtype is not None: self.vmtype = validVmType(vmtype) if cdrom is not None: - if not CDROM.get(cdrom): + if not CDROM.query().get(cdrom): raise CodeError("Invalid cdrom type '%s'" % cdrom) self.cdrom = cdrom - if clone_from is not None: - if clone_from not in ('ice3', ): - raise CodeError("Invalid clone image '%s'" % clone_from) - self.clone_from = clone_from + if autoinstall is not None: + self.autoinstall = Autoinstall.query().get(autoinstall) def getMachinesByOwner(owner, machine=None): @@ -79,7 +79,7 @@ def getMachinesByOwner(owner, machine=None): """ if machine: owner = machine.owner - return Machine.select_by(owner=owner) + return Machine.query().filter_by(owner=owner) def maxMemory(owner, g, machine=None, on=True): """Return the maximum memory for a machine or a user. @@ -111,23 +111,25 @@ def maxDisk(owner, machine=None): machine_id = machine.machine_id else: machine_id = None - disk_usage = Disk.query().filter_by(Disk.c.machine_id != machine_id, - owner=owner).sum(Disk.c.size) or 0 + disk_usage = Disk.query().filter(Disk.c.machine_id != machine_id).\ + join('machine').\ + filter_by(owner=owner).sum(Disk.c.size) or 0 return min(MAX_DISK_SINGLE, MAX_DISK_TOTAL-disk_usage/1024.) def cantAddVm(owner, g): machines = getMachinesByOwner(owner) active_machines = [m for m in machines if m.name in g.xmlist_raw] - if len(machines) >= MAX_VMS_TOTAL: + if machines.count() >= MAX_VMS_TOTAL: return 'You have too many VMs to create a new one.' if len(active_machines) >= MAX_VMS_ACTIVE: return ('You already have the maximum number of VMs turned on. ' 'To create more, turn one off.') return False -def haveAccess(user, machine): +def haveAccess(user, state, machine): """Return whether a user has administrative access to a machine""" - return user in cache_acls.accessList(machine) + return (user in cache_acls.accessList(machine) + or (machine.adminable and state.isadmin)) def owns(user, machine): """Return whether a user owns a machine""" @@ -137,8 +139,8 @@ def validMachineName(name): """Check that name is valid for a machine name""" if not name: return False - charset = string.ascii_letters + string.digits + '-_' - if name[0] in '-_' or len(name) > 22: + charset = string.lowercase + string.digits + '-' + if '-' in (name[0], name[-1]) or len(name) > 63: return False for x in name: if x not in charset: @@ -159,16 +161,16 @@ def validMemory(owner, g, memory, machine=None, on=True): raise InvalidInput('memory', memory, "Minimum %s MiB" % MIN_MEMORY_SINGLE) max_val = maxMemory(owner, g, machine, on) - if memory > max_val: + if not g.isadmin and memory > max_val: raise InvalidInput('memory', memory, 'Maximum %s MiB for %s' % (max_val, owner)) return memory -def validDisk(owner, disk, machine=None): +def validDisk(owner, g, disk, machine=None): """Parse and validate limits for disk for a given owner and machine.""" try: disk = float(disk) - if disk > maxDisk(owner, machine): + if not g.isadmin and disk > maxDisk(owner, machine): raise InvalidInput('disk', disk, "Maximum %s G" % maxDisk(owner, machine)) disk = int(disk * 1024) @@ -182,12 +184,12 @@ def validDisk(owner, disk, machine=None): def validVmType(vm_type): if vm_type is None: return None - t = Type.get(vm_type) + t = Type.query().get(vm_type) if t is None: raise CodeError("Invalid vm type '%s'" % vm_type) return t -def testMachineId(user, machine_id, exists=True): +def testMachineId(user, state, machine_id, exists=True): """Parse, validate and check authorization for a given user and machine. If exists is False, don't check that it exists. @@ -199,10 +201,10 @@ def testMachineId(user, machine_id, exists=True): machine_id = int(machine_id) except ValueError: raise InvalidInput('machine_id', machine_id, "Must be an integer.") - machine = Machine.get(machine_id) + machine = Machine.query().get(machine_id) if exists and machine is None: raise InvalidInput('machine_id', machine_id, "Does not exist.") - if machine is not None and not haveAccess(user, machine): + if machine is not None and not haveAccess(user, state, machine): raise InvalidInput('machine_id', machine_id, "You do not have access to this machine.") return machine @@ -224,7 +226,7 @@ def testAdmin(user, admin, machine): return admin admin = 'system:' + admin try: - if user in getafsgroups.getAfsGroupMembers(admin, 'athena.mit.edu'): + if user in getafsgroups.getAfsGroupMembers(admin, config.authz[0].cell): return admin except getafsgroups.AfsProcessError, e: errmsg = str(e) @@ -266,13 +268,36 @@ def testDisk(user, disksize, machine=None): def testName(user, name, machine=None): if name is None: return None + name = name.lower() if machine is not None and name == machine.name: return None - if not Machine.select_by(name=name): + try: + hostname = '%s.%s.' % (name, config.dns.domains[0]) + resolver = dns.resolver.Resolver() + resolver.nameservers = ['127.0.0.1'] + try: + resolver.query(hostname, 'A') + except dns.resolver.NoAnswer, e: + # If we can get the TXT record, then we can verify it's + # reserved. If this lookup fails, let it bubble up and be + # dealt with + answer = resolver.query(hostname, 'TXT') + txt = answer[0].strings[0] + if txt.startswith('reserved'): + raise InvalidInput('name', name, 'The name you have requested has been %s. For more information, contact us at %s' % (txt, config.dns.contact)) + + # If the hostname didn't exist, it would have thrown an + # exception by now - error out + raise InvalidInput('name', name, 'Name is already taken.') + except dns.resolver.NXDOMAIN, e: if not validMachineName(name): - raise InvalidInput('name', name, 'You must provide a machine name. Max 22 chars, alnum plus \'-\' and \'_\'.') + raise InvalidInput('name', name, 'You must provide a machine name. Max 63 chars, alnum plus \'-\', does not begin or end with \'-\'.') return name - raise InvalidInput('name', name, "Name is already taken.") + except InvalidInput: + raise + except: + # Any other error is a validation failure + raise InvalidInput('name', name, 'We were unable to verify that this name is available. If you believe this is in error, please contact us at %s' % config.dns.contact) def testDescription(user, description, machine=None): if description is None or description.strip() == '':