Changeset 2234


Ignore:
Timestamp:
Feb 27, 2009, 9:35:15 PM (16 years ago)
Author:
broder
Message:

Allow anyone on the adminacl to issue web remctls.

Location:
trunk/packages/invirt-remote
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/packages/invirt-remote/debian/changelog

    r2188 r2234  
     1invirt-remote (0.3.8) unstable; urgency=low
     2
     3  * Allow anyone on the adminacl to issue web remctls.
     4
     5 -- Evan Broder <broder@mit.edu>  Fri, 27 Feb 2009 21:28:19 -0500
     6
    17invirt-remote (0.3.7) unstable; urgency=low
    28
  • trunk/packages/invirt-remote/server/etc/remctl/conf.d/invirt-web

    r1822 r2234  
    1 web ALL          /usr/sbin/invirt-remote-proxy-web /etc/remctl/acl/web
     1web ALL          /usr/sbin/invirt-remote-proxy-web /etc/remctl/remconffs/adminacl
    22control help     /usr/sbin/invirt-remctl-help   ANYUSER
    33help ALL         /usr/sbin/invirt-remctl-help   ANYUSER
  • trunk/packages/invirt-remote/server/usr/sbin/invirt-remconffs

    r1836 r2234  
    1515    RemConfFS creates a filesytem for configuring remctl, like this:
    1616    /
     17    |-- adminacl
    1718    |-- acl
    1819    |   |-- machine1
     
    4041        m.connect('acl', controller='getmachines')
    4142        m.connect('acl/:machine', controller='getacl')
     43        m.connect('adminacl', controller='getadmin')
    4244        m.connect('conf', controller='getconf')
    4345        return m
    4446   
    4547    def getroot(self, **kw):
    46         return ['acl', 'conf']
     48        return ['adminacl', 'acl', 'conf']
    4749   
    4850    def getacl(self, machine, **kw):
     
    7173        """Get the list of VMs in the database. Does not cache to prevent race conditions."""
    7274        return list(row[0] for row in database.session.execute(sa.sql.select([database.Machine.c.name])))
     75
     76    def getadmin(self, **kw):
     77        """
     78        Get the list of administrators for the global ACL.
     79        """
     80        acl = [self.userToPrinc(row[0]) for row in database.session.execute(sa.sql.select([database.admins_table.c.user]))]
     81        acl.append('include /etc/remctl/acl/web\n')
     82        return '\n'.join(acl)
    7383   
    7484    def userToPrinc(self, user):
Note: See TracChangeset for help on using the changeset viewer.