Add overlord mode, accessible from xvm.mit.edu/overlord by

system:sipb-xen.

svn path=/trunk/packages/sipb-xen-www/; revision=632

diff --git a/code/main.py b/code/main.py
index 91ce41f..2740a74 100755 (executable)
--- a/code/main.py
+++ b/code/main.py
@@ -39,6 +39,15 @@ import validation
 import cache_acls
 from webcommon import InvalidInput, CodeError, State
 import controls
+from getafsgroups import getAfsGroupMembers
+
+def pathSplit(path):
+    if path.startswith('/'):
+        path = path[1:]
+    i = path.find('/')
+    if i == -1:
+        i = len(path)
+    return path[:i], path[i:]
 
 class Checkpoint:
     def __init__(self):
@@ -141,7 +150,7 @@ def parseCreate(username, state, fields):
                 cdrom=getattr(validate, 'cdrom', None),
                 autoinstall=getattr(validate, 'autoinstall', None))
 
-def create(username, state, fields):
+def create(username, state, path, fields):
     """Handler for create requests."""
     try:
         parsed_fields = parseCreate(username, state, fields)
@@ -204,14 +213,14 @@ def getListDict(username, state):
              can_clone=can_clone)
     return d
 
-def listVms(username, state, fields):
+def listVms(username, state, path, fields):
     """Handler for list requests."""
     checkpoint.checkpoint('Getting list dict')
     d = getListDict(username, state)
     checkpoint.checkpoint('Got list dict')
     return templates.list(searchList=[d])
 
-def vnc(username, state, fields):
+def vnc(username, state, path, fields):
     """VNC applet page.
 
     Note that due to same-domain restrictions, the applet connects to
@@ -308,7 +317,7 @@ def getDiskInfo(data_dict, machine):
         data_dict['%s_size' % name] = "%0.1f GiB" % (disk.size / 1024.)
     return disk_fields
 
-def command(username, state, fields):
+def command(username, state, path, fields):
     """Handler for running commands like boot and delete on a VM."""
     back = fields.getfirst('back')
     try:
@@ -394,7 +403,7 @@ def modifyDict(username, state, fields):
                 command="modify",
                 machine=machine)
 
-def modify(username, state, fields):
+def modify(username, state, path, fields):
     """Handler for modifying attributes of a machine."""
     try:
         modify_dict = modifyDict(username, state, fields)
@@ -414,7 +423,7 @@ def modify(username, state, fields):
     return templates.info(searchList=[info_dict])
 
 
-def helpHandler(username, state, fields):
+def helpHandler(username, state, path, fields):
     """Handler for help messages."""
     simple = fields.getfirst('simple')
     subjects = fields.getlist('subject')
@@ -465,7 +474,7 @@ console will suffer artifacts.
     return templates.help(searchList=[d])
 
 
-def badOperation(u, s, e):
+def badOperation(u, s, p, e):
     """Function called when accessing an unknown URI."""
     return ({'Status': '404 Not Found'}, 'Invalid operation.')
 
@@ -564,18 +573,25 @@ def infoDict(username, state, machine):
              fields = fields)
     return d
 
-def info(username, state, fields):
+def info(username, state, path, fields):
     """Handler for info on a single VM."""
     machine = validation.Validate(username, state, machine_id=fields.getfirst('machine_id')).machine
     d = infoDict(username, state, machine)
     checkpoint.checkpoint('Got infodict')
     return templates.info(searchList=[d])
 
-def unauthFront(_, _2, fields):
+def unauthFront(_, _2, _3, fields):
     """Information for unauth'd users."""
     return templates.unauth(searchList=[{'simple' : True}])
 
-def throwError(_, __, ___):
+def overlord(username, state, path, fields):
+    if not username in getAfsGroupMembers('system:xvm', 'athena.mit.edu'):
+        raise InvalidInput('username', username, 'Not an overlord.')
+    newstate = State(username, overlord=True)
+    newstate.environ = state.environ
+    return handler(username, newstate, path, fields)
+
+def throwError(_, __, ___, ____):
     """Throw an error, to test the error-tracing mechanisms."""
     raise RuntimeError("test of the emergency broadcast system")
 
@@ -587,6 +603,7 @@ mapping = dict(list=listVms,
                create=create,
                help=helpHandler,
                unauth=unauthFront,
+               overlord=overlord,
                errortest=throwError)
 
 def printHeaders(headers):
@@ -625,6 +642,14 @@ def getUser(environ):
     """Return the current user based on the SSL environment variables"""
     return environ.get('REMOTE_USER', None)
 
+def handler(username, state, path, fields):
+    operation, path = pathSplit(path)
+    if not operation:
+        operation = 'list'
+    print 'Starting', operation
+    fun = mapping.get(operation, badOperation)
+    return fun(username, state, path, fields)
+
 class App:
     def __init__(self, environ, start_response):
         self.environ = environ
@@ -635,6 +660,7 @@ class App:
         self.state.environ = environ
 
     def __iter__(self):
+        start_time = time.time()
         sipb_xen_database.clear_cache()
         sys.stderr = StringIO()
         fields = cgi.FieldStorage(fp=self.environ['wsgi.input'], environ=self.environ)
@@ -645,17 +671,10 @@ class App:
             return
         if self.username is None:
             operation = 'unauth'
-        if operation.startswith('/'):
-            operation = operation[1:]
-        if not operation:
-            operation = 'list'
-        print 'Starting', operation
 
-        start_time = time.time()
-        fun = mapping.get(operation, badOperation)
         try:
             checkpoint.checkpoint('Before')
-            output = fun(self.username, self.state, fields)
+            output = handler(self.username, self.state, operation, fields)
             checkpoint.checkpoint('After')
 
             headers = dict(DEFAULT_HEADERS)

diff --git a/code/validation.py b/code/validation.py
index 8f81625..d291d61 100644 (file)
--- a/code/validation.py
+++ b/code/validation.py
@@ -36,7 +36,7 @@ class Validate:
                 raise InvalidInput('disk', disksize, "You must provide a disk size.")
 
         if machine_id is not None:
-            self.machine = testMachineId(username, machine_id)
+            self.machine = testMachineId(username, state, machine_id)
         machine = getattr(self, 'machine', None)
 
         owner = testOwner(username, owner, machine)
@@ -58,7 +58,7 @@ class Validate:
             self.memory = validMemory(self.owner, state, memory, machine,
                                       on=not created_new)
         if disksize is not None:
-            self.disksize = validDisk(self.owner, disksize, machine)
+            self.disksize = validDisk(self.owner, state, disksize, machine)
         if vmtype is not None:
             self.vmtype = validVmType(vmtype)
         if cdrom is not None:
@@ -123,9 +123,9 @@ def cantAddVm(owner, g):
                 'To create more, turn one off.')
     return False
 
-def haveAccess(user, machine):
+def haveAccess(user, state, machine):
     """Return whether a user has administrative access to a machine"""
-    return user in cache_acls.accessList(machine)
+    return state.overlord or user in cache_acls.accessList(machine)
 
 def owns(user, machine):
     """Return whether a user owns a machine"""
@@ -157,16 +157,16 @@ def validMemory(owner, g, memory, machine=None, on=True):
         raise InvalidInput('memory', memory,
                            "Minimum %s MiB" % MIN_MEMORY_SINGLE)
     max_val = maxMemory(owner, g, machine, on)
-    if memory > max_val:
+    if not g.overlord and memory > max_val:
         raise InvalidInput('memory', memory,
                            'Maximum %s MiB for %s' % (max_val, owner))
     return memory
 
-def validDisk(owner, disk, machine=None):
+def validDisk(owner, g, disk, machine=None):
     """Parse and validate limits for disk for a given owner and machine."""
     try:
         disk = float(disk)
-        if disk > maxDisk(owner, machine):
+        if not g.overlord and disk > maxDisk(owner, machine):
             raise InvalidInput('disk', disk,
                                "Maximum %s G" % maxDisk(owner, machine))
         disk = int(disk * 1024)
@@ -185,7 +185,7 @@ def validVmType(vm_type):
         raise CodeError("Invalid vm type '%s'"  % vm_type)
     return t
 
-def testMachineId(user, machine_id, exists=True):
+def testMachineId(user, state, machine_id, exists=True):
     """Parse, validate and check authorization for a given user and machine.
 
     If exists is False, don't check that it exists.
@@ -200,7 +200,7 @@ def testMachineId(user, machine_id, exists=True):
     machine = Machine.get(machine_id)
     if exists and machine is None:
         raise InvalidInput('machine_id', machine_id, "Does not exist.")
-    if machine is not None and not haveAccess(user, machine):
+    if machine is not None and not haveAccess(user, state, machine):
         raise InvalidInput('machine_id', machine_id,
                            "You do not have access to this machine.")
     return machine

diff --git a/code/webcommon.py b/code/webcommon.py
index 9a9453a..ce0ddc7 100644 (file)
--- a/code/webcommon.py
+++ b/code/webcommon.py
@@ -38,11 +38,17 @@ def cachedproperty(func):
 
 class State(object):
     """State for a request"""
-    def __init__(self, user):
+    def __init__(self, user, overlord=False):
         self.username = user
+        self.overlord = overlord
 
-    machines = cachedproperty(lambda self:
-                                  Machine.query().join('acl').select_by(user=self.username))
+    def getMachines(self):
+        if self.overlord:
+            return Machine.select()
+        else:
+            return Machine.query().join('acl').select_by(user=self.username)
+
+    machines = cachedproperty(getMachines)
     xmlist_raw = cachedproperty(lambda self: controls.getList())
     xmlist = cachedproperty(lambda self:
                                 dict((m, self.xmlist_raw[m.name])