mirror of
https://github.com/xemu-project/xemu.git
synced 2024-11-26 21:10:42 +00:00
qapi/qom: Add ObjectOptions for authz-*
This adds a QAPI schema for the properties of the authz-* objects. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Acked-by: Peter Krempa <pkrempa@redhat.com> Acked-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
This commit is contained in:
parent
2273b2410f
commit
8825587b53
@ -50,12 +50,63 @@
|
||||
'*format': 'QAuthZListFormat'}}
|
||||
|
||||
##
|
||||
# @QAuthZListRuleListHack:
|
||||
# @AuthZListProperties:
|
||||
#
|
||||
# Not exposed via QMP; hack to generate QAuthZListRuleList
|
||||
# for use internally by the code.
|
||||
# Properties for authz-list objects.
|
||||
#
|
||||
# @policy: Default policy to apply when no rule matches (default: deny)
|
||||
#
|
||||
# @rules: Authorization rules based on matching user
|
||||
#
|
||||
# Since: 4.0
|
||||
##
|
||||
{ 'struct': 'QAuthZListRuleListHack',
|
||||
'data': { 'unused': ['QAuthZListRule'] } }
|
||||
{ 'struct': 'AuthZListProperties',
|
||||
'data': { '*policy': 'QAuthZListPolicy',
|
||||
'*rules': ['QAuthZListRule'] } }
|
||||
|
||||
##
|
||||
# @AuthZListFileProperties:
|
||||
#
|
||||
# Properties for authz-listfile objects.
|
||||
#
|
||||
# @filename: File name to load the configuration from. The file must
|
||||
# contain valid JSON for AuthZListProperties.
|
||||
#
|
||||
# @refresh: If true, inotify is used to monitor the file, automatically
|
||||
# reloading changes. If an error occurs during reloading, all
|
||||
# authorizations will fail until the file is next successfully
|
||||
# loaded. (default: true if the binary was built with
|
||||
# CONFIG_INOTIFY1, false otherwise)
|
||||
#
|
||||
# Since: 4.0
|
||||
##
|
||||
{ 'struct': 'AuthZListFileProperties',
|
||||
'data': { 'filename': 'str',
|
||||
'*refresh': 'bool' } }
|
||||
|
||||
##
|
||||
# @AuthZPAMProperties:
|
||||
#
|
||||
# Properties for authz-pam objects.
|
||||
#
|
||||
# @service: PAM service name to use for authorization
|
||||
#
|
||||
# Since: 4.0
|
||||
##
|
||||
{ 'struct': 'AuthZPAMProperties',
|
||||
'data': { 'service': 'str' } }
|
||||
|
||||
##
|
||||
# @AuthZSimpleProperties:
|
||||
#
|
||||
# Properties for authz-simple objects.
|
||||
#
|
||||
# @identity: Identifies the allowed user. Its format depends on the network
|
||||
# service that authorization object is associated with. For
|
||||
# authorizing based on TLS x509 certificates, the identity must be
|
||||
# the x509 distinguished name.
|
||||
#
|
||||
# Since: 4.0
|
||||
##
|
||||
{ 'struct': 'AuthZSimpleProperties',
|
||||
'data': { 'identity': 'str' } }
|
||||
|
@ -4,6 +4,8 @@
|
||||
# This work is licensed under the terms of the GNU GPL, version 2 or later.
|
||||
# See the COPYING file in the top-level directory.
|
||||
|
||||
{ 'include': 'authz.json' }
|
||||
|
||||
##
|
||||
# = QEMU Object Model (QOM)
|
||||
##
|
||||
@ -233,6 +235,10 @@
|
||||
##
|
||||
{ 'enum': 'ObjectType',
|
||||
'data': [
|
||||
'authz-list',
|
||||
'authz-listfile',
|
||||
'authz-pam',
|
||||
'authz-simple',
|
||||
'iothread'
|
||||
] }
|
||||
|
||||
@ -252,6 +258,10 @@
|
||||
'id': 'str' },
|
||||
'discriminator': 'qom-type',
|
||||
'data': {
|
||||
'authz-list': 'AuthZListProperties',
|
||||
'authz-listfile': 'AuthZListFileProperties',
|
||||
'authz-pam': 'AuthZPAMProperties',
|
||||
'authz-simple': 'AuthZSimpleProperties',
|
||||
'iothread': 'IothreadProperties'
|
||||
} }
|
||||
|
||||
|
@ -26,6 +26,7 @@
|
||||
{ 'include': '../../qapi/crypto.json' }
|
||||
{ 'include': '../../qapi/introspect.json' }
|
||||
{ 'include': '../../qapi/job.json' }
|
||||
{ 'include': '../../qapi/authz.json' }
|
||||
{ 'include': '../../qapi/qom.json' }
|
||||
{ 'include': '../../qapi/sockets.json' }
|
||||
{ 'include': '../../qapi/transaction.json' }
|
||||
|
Loading…
Reference in New Issue
Block a user