"Cherry-pick" r2557 (Re-arrange the authz configuration.) to the

cherrypy branch.

(It's somewhat tenuous to claim this is a cherry-pick, given that all
of the changes would have conflicted had I actually tried to
cherry-pick the change. Oh well)

svn path=/package_branches/invirt-web/cherrypy-rebased/; revision=2716

diff --git a/code/cache_acls.py b/code/cache_acls.py
index 7ae4ac8..75f4720 100755 (executable)
--- a/code/cache_acls.py
+++ b/code/cache_acls.py
@@ -39,7 +39,7 @@ def expandName(name):
             return [name]
         return []
     try:
             return [name]
         return []
     try:

-        return getafsgroups.getAfsGroupMembers(name, config.authz.afs.cells[0].cell)
+        return getafsgroups.getAfsGroupMembers(name, config.authz.cells[0].cell)

     except getafsgroups.AfsProcessError:
         return []
 
     except getafsgroups.AfsProcessError:
         return []
 

diff --git a/code/getafsgroups.py b/code/getafsgroups.py
index 1c6b82e..dcb8ee6 100755 (executable)
--- a/code/getafsgroups.py
+++ b/code/getafsgroups.py
@@ -30,7 +30,7 @@ class AfsProcessError(Exception):
 
 def getAfsGroupMembers(group, cell):
     encrypt = True
 
 def getAfsGroupMembers(group, cell):
     encrypt = True

-    for c in config.authz.afs.cells:
+    for c in config.authz.cells:

         if c.cell == cell and hasattr(c, 'auth'):
             encrypt = c.auth
     if encrypt:
         if c.cell == cell and hasattr(c, 'auth'):
             encrypt = c.auth
     if encrypt:

diff --git a/code/main.py b/code/main.py
index 872b17e..f235c53 100755 (executable)
--- a/code/main.py
+++ b/code/main.py
@@ -86,7 +86,7 @@ class InvirtWeb(View):
 
     def __getattr__(self, name):
         if name in ("admin", "overlord"):
 
     def __getattr__(self, name):
         if name in ("admin", "overlord"):

-            if not cherrypy.request.login in getAfsGroupMembers(config.adminacl, config.authz[0].cell):
+            if not cherrypy.request.login in getAfsGroupMembers(config.adminacl, config.authz.cells[0].cell):

                 raise InvalidInput('username', cherrypy.request.login,
                                    'Not in admin group %s.' % config.adminacl)
             cherrypy.request.state = State(cherrypy.request.login, isadmin=True)
                 raise InvalidInput('username', cherrypy.request.login,
                                    'Not in admin group %s.' % config.adminacl)
             cherrypy.request.state = State(cherrypy.request.login, isadmin=True)

diff --git a/code/validation.py b/code/validation.py
old mode 100644 (file)
new mode 100755 (executable)
index 9b7a0b0..fc9b969
--- a/code/validation.py
+++ b/code/validation.py
@@ -222,7 +222,7 @@ def testAdmin(user, admin, machine):
             return admin
         admin = 'system:' + admin
     try:
             return admin
         admin = 'system:' + admin
     try:

-        if user in getafsgroups.getAfsGroupMembers(admin, config.authz.afs.cells[0].cell):
+        if user in getafsgroups.getAfsGroupMembers(admin, config.authz.cells[0].cell):

             return admin
     except getafsgroups.AfsProcessError, e:
         errmsg = str(e)
             return admin
     except getafsgroups.AfsProcessError, e:
         errmsg = str(e)

diff --git a/invirt-cache-acls b/invirt-cache-acls
index 79a7650..922d9ba 100755 (executable)
--- a/invirt-cache-acls
+++ b/invirt-cache-acls
@@ -1,7 +1,7 @@
 #!/bin/sh
 cells () {
 #!/bin/sh
 cells () {

-  for i in $(invirt-getconf -l authz.afs.cells); do
-    invirt-getconf authz.afs.cells.$i.cell
+  for i in $(invirt-getconf -l authz.cells); do
+    invirt-getconf authz.cells.$i.cell

   done
 }
 kinit -k -t /etc/invirt/keytab daemon/$(hostname -f)
   done
 }
 kinit -k -t /etc/invirt/keytab daemon/$(hostname -f)