X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/blobdiff_plain/b26a7d35e4ac578595f88eef03303cfbfd42a319..e37dd15bbf8683bab8454ea0eec8e9968ce982b2:/code/cache_acls.py diff --git a/code/cache_acls.py b/code/cache_acls.py new file mode 100644 index 0000000..34d5e1e --- /dev/null +++ b/code/cache_acls.py @@ -0,0 +1,63 @@ +#!/usr/bin/python +from sipb_xen_database import * +import sys +import getafsgroups +import subprocess + +def expandLocker(name): + groups = getafsgroups.getLockerAcl(name) + cell = getafsgroups.getCell(name) + ans = set() + for group in groups: + if ':' in group: + ans.update(getafsgroups.getAfsGroupMembers(group, cell)) + else: + ans.add(group) + return ans + +def isUser(name): + p = subprocess.Popen(['vos', 'examine', 'user.'+name], + stdout=subprocess.PIPE, stderr=subprocess.PIPE) + if p.wait(): + return False + return True + + +def expandName(name): + if ':' not in name: + if isUser(name): + return [name] + name = 'system:'+name + return getafsgroups.getAfsGroupMembers(name, 'athena.mit.edu') + +def refreshMachine(m): + people = set() + people.update(expandLocker(m.owner)) + people.update(expandName(m.administrator)) + old_people = set(a.user for a in m.acl) + for removed in old_people - people: + ma = [x for x in m.acl if x.user == removed][0] + ctx.current.delete(ma) + for p in people - old_people: + ma = MachineAccess(machine_id=m.machine_id, user=p) + ctx.current.save(ma) + +def refreshCache(): + transaction = ctx.current.create_transaction() + + try: + machines = Machine.select() + for m in machines: + refreshMachine(m) + ctx.current.flush() + + # Atomically execute our changes + transaction.commit() + except: + # Failed! Rollback all the changes. + transaction.rollback() + raise + +if __name__ == '__main__': + connect('postgres://sipb-xen@sipb-xen-dev/sipb_xen') + refreshCache()