Changeset 2557 for trunk/packages/invirt-web

Timestamp:

Nov 22, 2009, 8:54:11 PM (15 years ago)

Author:

broder

Message:

Re-arrange the authz configuration.

In particular, even if we allow for mixing of multiple authz
mechanisms at some point, you won't have multiple instances of the
locker authz type, so the "type" shouldn't be a property of each of
the cells we specify how to authenticate against.

Location:

trunk/packages/invirt-web

Files:

• code/cache_acls.py (modified) (1 diff)
• code/getafsgroups.py (modified) (1 diff)
• code/validation.py (modified) (1 diff)
• invirt-cache-acls (modified) (1 diff)

trunk/packages/invirt-web/code/cache_acls.py

@@ -40 +40 @@
         return []
     try:
-        return getafsgroups.getAfsGroupMembers(name, config.authz[0].cell)
+        return getafsgroups.getAfsGroupMembers(name, config.authz.cells[0].cell)
     except getafsgroups.AfsProcessError:
         return []

trunk/packages/invirt-web/code/getafsgroups.py

@@ -31 +31 @@
 def getAfsGroupMembers(group, cell):
     encrypt = True
-    for c in config.authz:
-        if c.type == 'afs' and c.cell == cell and hasattr(c, 'auth'):
+    for c in config.authz.cells:
+        if c.cell == cell and hasattr(c, 'auth'):
             encrypt = c.auth
     subprocess.check_call(['aklog', cell], stdout=subprocess.PIPE, stderr=subprocess.PIPE)

trunk/packages/invirt-web/code/validation.py

@@ -223 +223 @@
         admin = 'system:' + admin
     try:
-        if user in getafsgroups.getAfsGroupMembers(admin, config.authz[0].cell):
+        if user in getafsgroups.getAfsGroupMembers(admin, config.authz.cells[0].cell):
             return admin
     except getafsgroups.AfsProcessError, e:

trunk/packages/invirt-web/invirt-cache-acls

@@ -1 +1 @@
 #!/bin/sh
 cells () {
-  for i in $(invirt-getconf -l authz); do
-    if [ afs = "$(invirt-getconf authz.$i.type)" ]; then
-      invirt-getconf authz.$i.cell
-    fi
+  for i in $(invirt-getconf -l authz.cells); do
+    invirt-getconf authz.cells.$i.cell
   done
 }