def _remove_user_from_volume_helper(owner_id, volume_id):
# helper function for remove_user_from_volume, to be run deferred.
def _remove_gateway(gw):
Gateway.Delete(gw.g_id)
return None
Gateway.ListAll(
{
"Gateway.owner_id ==": owner_id,
"Gateway.volume_id ==": volume_id
},
map_func=_remove_gateway,
projection=['g_id'])
def list_gateways_by_user(email, **q_opts):
caller_user = _check_authenticated(q_opts)
# user must exist
user = read_user(email)
if user == None:
raise Exception("No such user '%s'" % email)
# only admin can list other users' gateways
if caller_user.owner_id != user.owner_id and not caller_user.is_admin:
raise Exception("User '%s' is not sufficiently privileged" %
caller_user.email)
return Gateway.ListAll({"Gateway.owner_id ==": user.owner_id}, **q_opts)
def list_gateways_by_volume(volume_name_or_id, **q_opts):
caller_user = _check_authenticated(q_opts)
# volume must exist
volume = read_volume(volume_name_or_id)
if volume == None or volume.deleted:
raise Exception("No such Volume '%s'" % volume_name_or_id)
# only admin can list gateways of volumes she doesn't own
if volume.owner_id != caller_user.owner_id and not caller_user.is_admin:
raise Exception("User '%s' is not sufficiently privileged" %
caller_user.email)
return Gateway.ListAll({"Gateway.volume_id ==": volume.volume_id},
**q_opts)
def list_gateways_by_user_and_volume(email, volume_name_or_id, **q_opts):
caller_user = _check_authenticated(q_opts)
user, volume = _read_user_and_volume(email, volume_name_or_id)
# user and volume must exist
if user is None:
raise Exception("No such user '%s'" % email)
if volume is None or volume.deleted:
raise Exception("No such Volume '%s'" % email)
# only admin can list other users' gateways
if caller_user.owner_id != user.owner_id and not caller_user.is_admin:
raise Exception("User '%s' is not sufficiently privileged" %
caller_user.email)
return Gateway.ListAll(
{
"Gateway.owner_id ==": user.owner_id,
"Gateway.volume_id ==": volume.volume_id
}, **q_opts)
def protobuf_gateway_cert_manifest(self,
manifest,
include_cert=None,
sign=True):
"""
Generate a specially-crafted manifest protobuf, which a gateway can use to learn
the IDs and types of all gateways in the Volume, as well as their certs' versions.
"""
manifest.volume_id = self.volume_id
manifest.coordinator_id = 0
manifest.file_id = 0
manifest.owner_id = 0
manifest.file_version = self.cert_version
manifest.mtime_sec = 0
manifest.mtime_nsec = 0
manifest.fent_mtime_sec = 0
manifest.fent_mtime_nsec = 0
sz = 0
# query certificate versions, types, and caps of all gateways that need to be trusted
listing = Gateway.ListAll(
{
"Gateway.volume_id ==": self.volume_id,
"Gateway.need_cert ==": True
},
projection=["g_id", "gateway_type", "cert_version", "caps"])
# if the caller wants to include a particular gateway's cert, do so
has_included_cert = False
for gateway_metadata in listing:
cert_block = manifest.block_url_set.add()
self.protobuf_gateway_cert_manifest_record(
cert_block, gateway_metadata.g_id,
gateway_metadata.gateway_type, gateway_metadata.caps,
gateway_metadata.cert_version)
logging.info(
"cert block: (%s, %s, %s, %x)" %
(gateway_metadata.gateway_type, gateway_metadata.g_id,
gateway_metadata.cert_version, gateway_metadata.caps))
sz += 1
if gateway_metadata.g_id == include_cert:
has_included_cert = True
if not has_included_cert and include_cert is not None:
# get this gateway's cert as well
gw = Gateway.Read(include_cert)
if gw is not None:
cert_block = manifest.block_url_set.add()
self.protobuf_gateway_cert_manifest_record(
cert_block, gw.g_id, gw.gateway_type, gw.caps,
gw.cert_version)
logging.info("cert block (included for %s): (%s, %s, %s, %x)" %
(include_cert, gw.gateway_type, gw.g_id,
gw.cert_version, gw.caps))
sz += 1
manifest.size = sz
manifest.signature = ""
if sign:
data = manifest.SerializeToString()
sig = self.sign_message(data)
manifest.signature = sig
return
def list_gateways_by_host(hostname, **q_opts):
return Gateway.ListAll({"Gateway.host ==": hostname}, **q_opts)
def list_gateways(attrs=None, **q_opts):
return Gateway.ListAll(attrs, **q_opts)
def list_gateways_by_host(hostname, **q_opts):
return Gateway.ListAll(
{
"Gateway.host ==": hostname,
"Gateway.deleted ==": False
}, **q_opts)
if volume.private:
# only volume owner or admin can create gateways in private volumes
if not caller_user.is_admin and caller_user.owner_id != volume.owner_id:
raise Exception(
"User '%s' is not allowed to create gateways for '%s'" %
(caller_user.email, volume.name))
# if this is an archive volume, then there can be no other writers (DEPRECATED)
if volume.archive and (
gateway_cert.caps &
(GATEWAY_CAP_WRITE_DATA | GATEWAY_CAP_WRITE_METADATA)):
writer_gateways_qry = Gateway.ListAll(
{
"Gateway.need_cert ==": True,
'Gateway.volume_id ==': volume_id
},
keys_only=True,
query_only=True)
if writer_gateways_qry.count() > 0:
# there's already a writer
raise Exception("Archive volume '%s' already has a writer" %
(volume.name))
# sanity check: name can't be numeric
tmp = None
try:
tmp = int(gateway_name)
except:
pass
