Changeset 2234 for trunk/packages/invirt-remote/server/usr/sbin/invirt-remconffs

Timestamp:

Feb 27, 2009, 9:35:15 PM (15 years ago)

Author:

broder

Message:

Allow anyone on the adminacl to issue web remctls.

File:

• trunk/packages/invirt-remote/server/usr/sbin/invirt-remconffs (modified) (3 diffs)

trunk/packages/invirt-remote/server/usr/sbin/invirt-remconffs

@@ -15 +15 @@
     RemConfFS creates a filesytem for configuring remctl, like this:
     /
+    |-- adminacl
     |-- acl
     |   |-- machine1
@@ -40 +41 @@
         m.connect('acl', controller='getmachines')
         m.connect('acl/:machine', controller='getacl')
+        m.connect('adminacl', controller='getadmin')
         m.connect('conf', controller='getconf')
         return m
     
     def getroot(self, **kw):
-        return ['acl', 'conf']
+        return ['adminacl', 'acl', 'conf']
     
     def getacl(self, machine, **kw):
@@ -71 +73 @@
         """Get the list of VMs in the database. Does not cache to prevent race conditions."""
         return list(row[0] for row in database.session.execute(sa.sql.select([database.Machine.c.name])))
+
+    def getadmin(self, **kw):
+        """
+        Get the list of administrators for the global ACL.
+        """
+        acl = [self.userToPrinc(row[0]) for row in database.session.execute(sa.sql.select([database.admins_table.c.user]))]
+        acl.append('include /etc/remctl/acl/web\n')
+        return '\n'.join(acl)
     
     def userToPrinc(self, user):