X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/blobdiff_plain/fcfdb35beb5e69fa3355743472dd956ba929c5b0..021528d994812f6e794cffbd098109ced57866a3:/code/validation.py?ds=inline diff --git a/code/validation.py b/code/validation.py old mode 100644 new mode 100755 index 39c0084..9b7a0b0 --- a/code/validation.py +++ b/code/validation.py @@ -5,18 +5,12 @@ import getafsgroups import re import string import dns.resolver -from invirt.database import Machine, NIC, Type, Disk, CDROM, Autoinstall +from invirt.database import Machine, NIC, Type, Disk, CDROM, Autoinstall, Owner from invirt.config import structs as config -from webcommon import InvalidInput +from invirt.common import InvalidInput, CodeError -MAX_MEMORY_TOTAL = 512 -MAX_MEMORY_SINGLE = 256 MIN_MEMORY_SINGLE = 16 -MAX_DISK_TOTAL = 50 -MAX_DISK_SINGLE = 50 MIN_DISK_SINGLE = 0.1 -MAX_VMS_TOTAL = 10 -MAX_VMS_ACTIVE = 4 class Validate: def __init__(self, username, state, machine_id=None, name=None, description=None, owner=None, @@ -44,9 +38,7 @@ class Validate: owner = testOwner(username, owner, machine) if owner is not None: self.owner = owner - admin = testAdmin(username, admin, machine) - if admin is not None: - self.admin = admin + self.admin = testAdmin(username, admin, machine) contact = testContact(username, contact, machine) if contact is not None: self.contact = contact @@ -68,6 +60,8 @@ class Validate: raise CodeError("Invalid cdrom type '%s'" % cdrom) self.cdrom = cdrom if autoinstall is not None: + #raise InvalidInput('autoinstall', 'install', + # "The autoinstaller has been temporarily disabled") self.autoinstall = Autoinstall.query().get(autoinstall) @@ -91,15 +85,14 @@ def maxMemory(owner, g, machine=None, on=True): memory for the machine to change to, if it is left off, is returned. """ - if machine is not None and machine.memory > MAX_MEMORY_SINGLE: - # If they've been blessed, let them have it - return machine.memory + (quota_total, quota_single) = Owner.getMemoryQuotas(machine.owner if machine else owner) + if not on: - return MAX_MEMORY_SINGLE + return quota_single machines = getMachinesByOwner(owner, machine) active_machines = [m for m in machines if m.name in g.xmlist_raw] mem_usage = sum([x.memory for x in active_machines if x != machine]) - return min(MAX_MEMORY_SINGLE, MAX_MEMORY_TOTAL-mem_usage) + return min(quota_single, quota_total-mem_usage) def maxDisk(owner, machine=None): """Return the maximum disk that a machine can reach. @@ -107,6 +100,8 @@ def maxDisk(owner, machine=None): If machine is None, the maximum disk for a new machine. Otherwise, return the maximum that a given machine can be changed to. """ + (quota_total, quota_single) = Owner.getDiskQuotas(machine.owner if machine else owner) + if machine is not None: machine_id = machine.machine_id else: @@ -114,14 +109,15 @@ def maxDisk(owner, machine=None): disk_usage = Disk.query().filter(Disk.c.machine_id != machine_id).\ join('machine').\ filter_by(owner=owner).sum(Disk.c.size) or 0 - return min(MAX_DISK_SINGLE, MAX_DISK_TOTAL-disk_usage/1024.) + return min(quota_single, quota_total-disk_usage/1024.) def cantAddVm(owner, g): machines = getMachinesByOwner(owner) active_machines = [m for m in machines if m.name in g.xmlist_raw] - if machines.count() >= MAX_VMS_TOTAL: + (quota_total, quota_active) = Owner.getVMQuotas(owner) + if machines.count() >= quota_total: return 'You have too many VMs to create a new one.' - if len(active_machines) >= MAX_VMS_ACTIVE: + if len(active_machines) >= quota_active: return ('You already have the maximum number of VMs turned on. ' 'To create more, turn one off.') return False @@ -218,7 +214,7 @@ def testAdmin(user, admin, machine): if admin is None: return None if machine is not None and admin == machine.administrator: - return None + return admin if admin == user: return admin if ':' not in admin: @@ -226,7 +222,7 @@ def testAdmin(user, admin, machine): return admin admin = 'system:' + admin try: - if user in getafsgroups.getAfsGroupMembers(admin, config.authz[0].cell): + if user in getafsgroups.getAfsGroupMembers(admin, config.authz.afs.cells[0].cell): return admin except getafsgroups.AfsProcessError, e: errmsg = str(e) @@ -241,12 +237,12 @@ def testOwner(user, owner, machine=None): If machine is None, this is the owner of a new machine. """ - if owner == user: - return owner if machine is not None and owner in (machine.owner, None): return machine.owner if owner is None: raise InvalidInput('owner', owner, "Owner must be specified") + if '@' in owner: + raise InvalidInput('owner', owner, "No cross-realm Hesiod lockers allowed") try: if user not in cache_acls.expandLocker(owner): raise InvalidInput('owner', owner, 'You do not have access to the ' @@ -262,9 +258,6 @@ def testContact(user, contact, machine=None): raise InvalidInput('contact', contact, "Not a valid email.") return contact -def testDisk(user, disksize, machine=None): - return disksize - def testName(user, name, machine=None): if name is None: return None @@ -273,15 +266,17 @@ def testName(user, name, machine=None): return None try: hostname = '%s.%s.' % (name, config.dns.domains[0]) + resolver = dns.resolver.Resolver() + resolver.nameservers = ['127.0.0.1'] try: - dns.resolver.query(hostname, 'A') + resolver.query(hostname, 'A') except dns.resolver.NoAnswer, e: # If we can get the TXT record, then we can verify it's # reserved. If this lookup fails, let it bubble up and be # dealt with - answer = dns.resolver.query(hostname, 'TXT') + answer = resolver.query(hostname, 'TXT') txt = answer[0].strings[0] - if txt.startswith('Reserved'): + if txt.startswith('reserved'): raise InvalidInput('name', name, 'The name you have requested has been %s. For more information, contact us at %s' % (txt, config.dns.contact)) # If the hostname didn't exist, it would have thrown an