mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-03-07 17:28:15 +00:00
Add ACL annotations to all RPC messages
Introduce annotations to all RPC messages to declare what access control checks are required. There are two new annotations defined: @acl: <object>:<permission> @acl: <object>:<permission>:<flagname> Declare the access control requirements for the API. May be repeated multiple times, if multiple rules are required. <object> is one of 'connect', 'domain', 'network', 'storagepool', 'interface', 'nodedev', 'secret'. <permission> is one of the permissions in access/viraccessperm.h <flagname> indicates the rule only applies if the named flag is set in the API call @aclfilter: <object>:<permission> Declare an access control filter that will be applied to a list of objects being returned by an API. This allows the returned list to be filtered to only show those the user has permissions against Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
parent
b904bba7f4
commit
e341435e50
@ -105,41 +105,49 @@ enum virLockSpaceProtocolProcedure {
|
||||
|
||||
/**
|
||||
* @generate: none
|
||||
* @acl: none
|
||||
*/
|
||||
VIR_LOCK_SPACE_PROTOCOL_PROC_REGISTER = 1,
|
||||
|
||||
/**
|
||||
* @generate: none
|
||||
* @acl: none
|
||||
*/
|
||||
VIR_LOCK_SPACE_PROTOCOL_PROC_RESTRICT = 2,
|
||||
|
||||
/**
|
||||
* @generate: none
|
||||
* @acl: none
|
||||
*/
|
||||
VIR_LOCK_SPACE_PROTOCOL_PROC_NEW = 3,
|
||||
|
||||
/**
|
||||
* @generate: none
|
||||
* @acl: none
|
||||
*/
|
||||
VIR_LOCK_SPACE_PROTOCOL_PROC_CREATE_RESOURCE = 4,
|
||||
|
||||
/**
|
||||
* @generate: none
|
||||
* @acl: none
|
||||
*/
|
||||
VIR_LOCK_SPACE_PROTOCOL_PROC_DELETE_RESOURCE = 5,
|
||||
|
||||
/**
|
||||
* @generate: none
|
||||
* @acl: none
|
||||
*/
|
||||
VIR_LOCK_SPACE_PROTOCOL_PROC_ACQUIRE_RESOURCE = 6,
|
||||
|
||||
/**
|
||||
* @generate: none
|
||||
* @acl: none
|
||||
*/
|
||||
VIR_LOCK_SPACE_PROTOCOL_PROC_RELEASE_RESOURCE = 7,
|
||||
|
||||
/**
|
||||
* @generate: none
|
||||
* @acl: none
|
||||
*/
|
||||
VIR_LOCK_SPACE_PROTOCOL_PROC_CREATE_LOCKSPACE = 8
|
||||
};
|
||||
|
@ -65,6 +65,7 @@ enum lxc_procedure {
|
||||
/**
|
||||
* @generate: none
|
||||
* @priority: low
|
||||
* @acl: domain:open_namespace
|
||||
*/
|
||||
LXC_PROC_DOMAIN_OPEN_NAMESPACE = 1
|
||||
};
|
||||
|
@ -91,18 +91,22 @@ enum qemu_procedure {
|
||||
/**
|
||||
* @generate: none
|
||||
* @priority: low
|
||||
* @acl: domain:write
|
||||
*/
|
||||
QEMU_PROC_DOMAIN_MONITOR_COMMAND = 1,
|
||||
|
||||
/**
|
||||
* @generate: both
|
||||
* @priority: low
|
||||
* @acl: domain:start
|
||||
* @acl: domain:write
|
||||
*/
|
||||
QEMU_PROC_DOMAIN_ATTACH = 2,
|
||||
|
||||
/**
|
||||
* @generate: both
|
||||
* @priority: low
|
||||
* @acl: domain:write
|
||||
*/
|
||||
QEMU_PROC_DOMAIN_AGENT_COMMAND = 3
|
||||
};
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -123,7 +123,7 @@ while (<PROTOCOL>) {
|
||||
push(@{$calls{$name}->{ret_members}}, $1);
|
||||
}
|
||||
} elsif ($collect_opts) {
|
||||
if (m,^\s*\*\s*\@(\w+)\s*:\s*(\w+)\s*$,) {
|
||||
if (m,^\s*\*\s*\@(\w+)\s*:\s*((?:\w|:|\!|\|)+)\s*$,) {
|
||||
$opts{$1} = $2;
|
||||
} elsif (m,^\s*\*/\s*$,) {
|
||||
$collect_opts = 0;
|
||||
|
Loading…
x
Reference in New Issue
Block a user