Changeset 2557


Ignore:
Timestamp:
Nov 22, 2009, 8:54:11 PM (15 years ago)
Author:
broder
Message:

Re-arrange the authz configuration.

In particular, even if we allow for mixing of multiple authz
mechanisms at some point, you won't have multiple instances of the
locker authz type, so the "type" shouldn't be a property of each of
the cells we specify how to authenticate against.

Location:
trunk/packages
Files:
8 edited

Legend:

Unmodified
Added
Removed
  • trunk/packages/invirt-database/python/database/validate.py

    r2540 r2557  
    241241        admin = 'system:' + admin
    242242    try:
    243         if user in getafsgroups.getAfsGroupMembers(admin, config.authz[0].cell):
     243        if user in getafsgroups.getAfsGroupMembers(admin, config.authz.cells[0].cell):
    244244            return admin
    245245    except getafsgroups.AfsProcessError, e:
  • trunk/packages/invirt-web/code/cache_acls.py

    r2226 r2557  
    4040        return []
    4141    try:
    42         return getafsgroups.getAfsGroupMembers(name, config.authz[0].cell)
     42        return getafsgroups.getAfsGroupMembers(name, config.authz.cells[0].cell)
    4343    except getafsgroups.AfsProcessError:
    4444        return []
  • trunk/packages/invirt-web/code/getafsgroups.py

    r2119 r2557  
    3131def getAfsGroupMembers(group, cell):
    3232    encrypt = True
    33     for c in config.authz:
    34         if c.type == 'afs' and c.cell == cell and hasattr(c, 'auth'):
     33    for c in config.authz.cells:
     34        if c.cell == cell and hasattr(c, 'auth'):
    3535            encrypt = c.auth
    3636    subprocess.check_call(['aklog', cell], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
  • trunk/packages/invirt-web/code/validation.py

    r2293 r2557  
    223223        admin = 'system:' + admin
    224224    try:
    225         if user in getafsgroups.getAfsGroupMembers(admin, config.authz[0].cell):
     225        if user in getafsgroups.getAfsGroupMembers(admin, config.authz.cells[0].cell):
    226226            return admin
    227227    except getafsgroups.AfsProcessError, e:
  • trunk/packages/invirt-web/invirt-cache-acls

    r1949 r2557  
    11#!/bin/sh
    22cells () {
    3   for i in $(invirt-getconf -l authz); do
    4     if [ afs = "$(invirt-getconf authz.$i.type)" ]; then
    5       invirt-getconf authz.$i.cell
    6     fi
     3  for i in $(invirt-getconf -l authz.cells); do
     4    invirt-getconf authz.cells.$i.cell
    75  done
    86}
  • trunk/packages/xvm-devconfig/master.yaml

    r2463 r2557  
    66
    77authz:
    8  - type: afs
    9    cell: athena.mit.edu
     8 mech: invirt.authz.locker
     9 cells:
     10 - cell: athena.mit.edu
    1011   auth: no
    11  - type: afs
    12    cell: sipb.mit.edu
     12 - cell: sipb.mit.edu
    1313   auth: no
    1414
  • trunk/packages/xvm-prodconfig/debian/changelog

    r2497 r2557  
    22
    33  * Add configuration for the git repositories.
    4 
    5  -- Evan Broder <broder@mit.edu>  Sun, 11 Oct 2009 18:34:39 -0400
     4  * Re-arrange the authz configuration.
     5
     6 -- Evan Broder <broder@mit.edu>  Sun, 22 Nov 2009 20:27:55 -0500
    67
    78xvm-prodconfig (1.1.14) unstable; urgency=low
  • trunk/packages/xvm-prodconfig/master.yaml

    r2514 r2557  
    77
    88authz:
    9  - type: afs
    10    cell: athena.mit.edu
     9 mech: invirt.authz.locker
     10 cells:
     11 - cell: athena.mit.edu
    1112   auth: yes
    12  - type: afs
    13    cell: sipb.mit.edu
     13 - cell: sipb.mit.edu
    1414   auth: yes
    1515
Note: See TracChangeset for help on using the changeset viewer.