X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/blobdiff_plain/cabbf7ab8e35de060f6f4e3f75670558ad25d9b5..874a30391973642d3ff350f977c1ac705644fbb0:/code/validation.py diff --git a/code/validation.py b/code/validation.py index df5bdcc..2e6c7c3 100644 --- a/code/validation.py +++ b/code/validation.py @@ -4,7 +4,7 @@ import cache_acls import getafsgroups import re import string -from sipb_xen_database import Machine, NIC, Type, Disk +from invirt.database import Machine, NIC, Type, Disk, CDROM, Autoinstall from webcommon import InvalidInput MAX_MEMORY_TOTAL = 512 @@ -17,16 +17,26 @@ MAX_VMS_TOTAL = 10 MAX_VMS_ACTIVE = 4 class Validate: - def __init__(self, username, state, machine_id=None, name=None, owner=None, + def __init__(self, username, state, machine_id=None, name=None, description=None, owner=None, admin=None, contact=None, memory=None, disksize=None, - vmtype=None, cdrom=None, clone_from=None): + vmtype=None, cdrom=None, autoinstall=None, strict=False): # XXX Successive quota checks aren't a good idea, since you # can't necessarily change the locker and disk size at the # same time. created_new = (machine_id is None) + if strict: + if name is None: + raise InvalidInput('name', name, "You must provide a machine name.") + if description is None: + raise InvalidInput('description', description, "You must provide a description.") + if memory is None: + raise InvalidInput('memory', memory, "You must provide a memory size.") + if disksize is None: + raise InvalidInput('disk', disksize, "You must provide a disk size.") + if machine_id is not None: - self.machine = testMachineId(username, machine_id) + self.machine = testMachineId(username, state, machine_id) machine = getattr(self, 'machine', None) owner = testOwner(username, owner, machine) @@ -41,21 +51,22 @@ class Validate: name = testName(username, name, machine) if name is not None: self.name = name + description = testDescription(username, description, machine) + if description is not None: + self.description = description if memory is not None: self.memory = validMemory(self.owner, state, memory, machine, on=not created_new) if disksize is not None: - self.disksize = validDisk(self.owner, disksize, machine) + self.disksize = validDisk(self.owner, state, disksize, machine) if vmtype is not None: self.vmtype = validVmType(vmtype) if cdrom is not None: if not CDROM.get(cdrom): raise CodeError("Invalid cdrom type '%s'" % cdrom) self.cdrom = cdrom - if clone_from is not None: - if clone_from not in ('ice3', ): - raise CodeError("Invalid clone image '%s'" % clone_from) - self.clone_from = clone_from + if autoinstall is not None: + self.autoinstall = Autoinstall.get(autoinstall) def getMachinesByOwner(owner, machine=None): @@ -84,7 +95,7 @@ def maxMemory(owner, g, machine=None, on=True): if not on: return MAX_MEMORY_SINGLE machines = getMachinesByOwner(owner, machine) - active_machines = [x for x in machines if g.xmlist.get(x)] + active_machines = [m for m in machines if m.name in g.xmlist_raw] mem_usage = sum([x.memory for x in active_machines if x != machine]) return min(MAX_MEMORY_SINGLE, MAX_MEMORY_TOTAL-mem_usage) @@ -104,7 +115,7 @@ def maxDisk(owner, machine=None): def cantAddVm(owner, g): machines = getMachinesByOwner(owner) - active_machines = [x for x in machines if g.xmlist.get(x)] + active_machines = [m for m in machines if m.name in g.xmlist_raw] if len(machines) >= MAX_VMS_TOTAL: return 'You have too many VMs to create a new one.' if len(active_machines) >= MAX_VMS_ACTIVE: @@ -112,9 +123,10 @@ def cantAddVm(owner, g): 'To create more, turn one off.') return False -def haveAccess(user, machine): +def haveAccess(user, state, machine): """Return whether a user has administrative access to a machine""" - return user in cache_acls.accessList(machine) + return (user in cache_acls.accessList(machine) + or (machine.adminable and state.isadmin)) def owns(user, machine): """Return whether a user owns a machine""" @@ -124,8 +136,8 @@ def validMachineName(name): """Check that name is valid for a machine name""" if not name: return False - charset = string.ascii_letters + string.digits + '-_' - if name[0] in '-_' or len(name) > 22: + charset = string.lowercase + string.digits + '-' + if '-' in (name[0], name[-1]) or len(name) > 63: return False for x in name: if x not in charset: @@ -146,16 +158,16 @@ def validMemory(owner, g, memory, machine=None, on=True): raise InvalidInput('memory', memory, "Minimum %s MiB" % MIN_MEMORY_SINGLE) max_val = maxMemory(owner, g, machine, on) - if memory > max_val: + if not g.isadmin and memory > max_val: raise InvalidInput('memory', memory, 'Maximum %s MiB for %s' % (max_val, owner)) return memory -def validDisk(owner, disk, machine=None): +def validDisk(owner, g, disk, machine=None): """Parse and validate limits for disk for a given owner and machine.""" try: disk = float(disk) - if disk > maxDisk(owner, machine): + if not g.isadmin and disk > maxDisk(owner, machine): raise InvalidInput('disk', disk, "Maximum %s G" % maxDisk(owner, machine)) disk = int(disk * 1024) @@ -174,7 +186,7 @@ def validVmType(vm_type): raise CodeError("Invalid vm type '%s'" % vm_type) return t -def testMachineId(user, machine_id, exists=True): +def testMachineId(user, state, machine_id, exists=True): """Parse, validate and check authorization for a given user and machine. If exists is False, don't check that it exists. @@ -189,7 +201,7 @@ def testMachineId(user, machine_id, exists=True): machine = Machine.get(machine_id) if exists and machine is None: raise InvalidInput('machine_id', machine_id, "Does not exist.") - if machine is not None and not haveAccess(user, machine): + if machine is not None and not haveAccess(user, state, machine): raise InvalidInput('machine_id', machine_id, "You do not have access to this machine.") return machine @@ -200,7 +212,9 @@ def testAdmin(user, admin, machine): Return the value to set the admin field to (possibly 'system:' + admin). XXX is modifying this a good idea? """ - if admin in (None, machine.administrator): + if admin is None: + return None + if machine is not None and admin == machine.administrator: return None if admin == user: return admin @@ -227,7 +241,7 @@ def testOwner(user, owner, machine=None): if owner == user: return owner if machine is not None and owner in (machine.owner, None): - return None + return machine.owner if owner is None: raise InvalidInput('owner', owner, "Owner must be specified") try: @@ -239,7 +253,7 @@ def testOwner(user, owner, machine=None): return owner def testContact(user, contact, machine=None): - if contact in (None, machine.contact): + if contact is None or (machine is not None and contact == machine.contact): return None if not re.match("^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$", contact, re.I): raise InvalidInput('contact', contact, "Not a valid email.") @@ -251,14 +265,20 @@ def testDisk(user, disksize, machine=None): def testName(user, name, machine=None): if name is None: return None + name = name.lower() if machine is not None and name == machine.name: return None if not Machine.select_by(name=name): if not validMachineName(name): - raise InvalidInput('name', name, 'You must provide a machine name. Max 22 chars, alnum plus \'-\' and \'_\'.') + raise InvalidInput('name', name, 'You must provide a machine name. Max 63 chars, alnum plus \'-\', does not begin or end with \'-\'.') return name raise InvalidInput('name', name, "Name is already taken.") +def testDescription(user, description, machine=None): + if description is None or description.strip() == '': + return None + return description.strip() + def testHostname(user, hostname, machine): for nic in machine.nics: if hostname == nic.hostname: