From 846195518ab335ada11115dfee10d0de5219cddc Mon Sep 17 00:00:00 2001
From: Evan Broder <broder@mit.edu>
Date: Sun, 22 Nov 2009 20:54:11 -0500
Subject: [PATCH 1/1] Re-arrange the authz configuration.

In particular, even if we allow for mixing of multiple authz
mechanisms at some point, you won't have multiple instances of the
locker authz type, so the "type" shouldn't be a property of each of
the cells we specify how to authenticate against.

svn path=/trunk/packages/invirt-web/; revision=2557
---
 code/cache_acls.py   |    2 +-
 code/getafsgroups.py |    4 ++--
 code/validation.py   |    2 +-
 invirt-cache-acls    |    6 ++----
 4 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/code/cache_acls.py b/code/cache_acls.py
index f92ad91..75f4720 100755
--- a/code/cache_acls.py
+++ b/code/cache_acls.py
@@ -39,7 +39,7 @@ def expandName(name):
             return [name]
         return []
     try:
-        return getafsgroups.getAfsGroupMembers(name, config.authz[0].cell)
+        return getafsgroups.getAfsGroupMembers(name, config.authz.cells[0].cell)
     except getafsgroups.AfsProcessError:
         return []
 
diff --git a/code/getafsgroups.py b/code/getafsgroups.py
index 7067e53..21de4d7 100755
--- a/code/getafsgroups.py
+++ b/code/getafsgroups.py
@@ -30,8 +30,8 @@ class AfsProcessError(Exception):
 
 def getAfsGroupMembers(group, cell):
     encrypt = True
-    for c in config.authz:
-        if c.type == 'afs' and c.cell == cell and hasattr(c, 'auth'):
+    for c in config.authz.cells:
+        if c.cell == cell and hasattr(c, 'auth'):
             encrypt = c.auth
     subprocess.check_call(['aklog', cell], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
     p = subprocess.Popen(["pts", "membership", "-encrypt" if encrypt else '-noauth', group, '-c', cell],
diff --git a/code/validation.py b/code/validation.py
index 0285044..4cbc7c0 100644
--- a/code/validation.py
+++ b/code/validation.py
@@ -222,7 +222,7 @@ def testAdmin(user, admin, machine):
             return admin
         admin = 'system:' + admin
     try:
-        if user in getafsgroups.getAfsGroupMembers(admin, config.authz[0].cell):
+        if user in getafsgroups.getAfsGroupMembers(admin, config.authz.cells[0].cell):
             return admin
     except getafsgroups.AfsProcessError, e:
         errmsg = str(e)
diff --git a/invirt-cache-acls b/invirt-cache-acls
index b099eca..922d9ba 100755
--- a/invirt-cache-acls
+++ b/invirt-cache-acls
@@ -1,9 +1,7 @@
 #!/bin/sh
 cells () {
-  for i in $(invirt-getconf -l authz); do
-    if [ afs = "$(invirt-getconf authz.$i.type)" ]; then
-      invirt-getconf authz.$i.cell
-    fi
+  for i in $(invirt-getconf -l authz.cells); do
+    invirt-getconf authz.cells.$i.cell
   done
 }
 kinit -k -t /etc/invirt/keytab daemon/$(hostname -f)
-- 
1.7.9.5