Context Navigation

invirt-remote

Timestamp:

Feb 27, 2009, 9:35:15 PM (16 years ago)

Author:

broder

Message:

Allow anyone on the adminacl to issue web remctls.

Location:

trunk/packages/invirt-remote

Files:

-                      r2188
+                      r2234
+invirt-remote (0.3.8) unstable; urgency=low
+  * Allow anyone on the adminacl to issue web remctls.
+ -- Evan Broder <broder@mit.edu>  Fri, 27 Feb 2009 21:28:19 -0500
 invirt-remote (0.3.7) unstable; urgency=low

r1822	r2234
1		web ALL /usr/sbin/invirt-remote-proxy-web /etc/remctl/~~acl/web~~
	1	web ALL /usr/sbin/invirt-remote-proxy-web /etc/remctl/remconffs/adminacl
2	2	control help /usr/sbin/invirt-remctl-help ANYUSER
3	3	help ALL /usr/sbin/invirt-remctl-help ANYUSER

-                      r1836
+                      r2234
     RemConfFS creates a filesytem for configuring remctl, like this:
+    /
+    |-- adminacl
     |-- acl
     |   |-- machine1
 …
         m.connect('acl', controller='getmachines')
         m.connect('acl/:machine', controller='getacl')
+        m.connect('adminacl', controller='getadmin')
         m.connect('conf', controller='getconf')
         return m
     def getroot(self, **kw):
         return ['acl', 'conf']
+        return ['adminacl', 'acl', 'conf']
     def getacl(self, machine, **kw):
 …
         """Get the list of VMs in the database. Does not cache to prevent race conditions."""
         return list(row[0] for row in database.session.execute(sa.sql.select([database.Machine.c.name])))
+    def getadmin(self, **kw):
+        """
+        Get the list of administrators for the global ACL.
+        """
+        acl = [self.userToPrinc(row[0]) for row in database.session.execute(sa.sql.select([database.admins_table.c.user]))]
+        acl.append('include /etc/remctl/acl/web\n')
+        return '\n'.join(acl)
     def userToPrinc(self, user):

Note: See TracChangeset for help on using the changeset viewer.