From ecca8053363a4135781988f92f5ef1037c29f45e Mon Sep 17 00:00:00 2001 From: Peter Krempa Date: Fri, 17 Feb 2023 16:31:20 +0100 Subject: [PATCH] docs: ACL: Show which permissions are allowed for unauthenticated connections MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Certain APIs are allowed also without authentication but the ACL page didn't outline which. Generate a new column with the information. Signed-off-by: Peter Krempa Reviewed-by: Daniel P. Berrangé --- docs/acl.html.in | 3 ++- scripts/genaclperms.py | 7 +++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/docs/acl.html.in b/docs/acl.html.in index 3d0f651864..268d3aebd3 100644 --- a/docs/acl.html.in +++ b/docs/acl.html.in @@ -20,7 +20,8 @@ state, where the only API operations allowed are those required to complete authentication. After successful authentication, a connection either has full, unrestricted access to all libvirt - API calls, or is locked down to only "read only" operations, + API calls, or is locked down to only "read only" (see 'Anonymous' + in the table below) operations, according to what socket a client connection originated on.

diff --git a/scripts/genaclperms.py b/scripts/genaclperms.py index e228b3ef60..43616dad04 100755 --- a/scripts/genaclperms.py +++ b/scripts/genaclperms.py @@ -96,6 +96,7 @@ for obj in sorted(perms.keys()): print(' ') print(' Permission') print(' Description') + print(' Anonymous') print(' ') print(' ') print(' ') @@ -103,6 +104,11 @@ for obj in sorted(perms.keys()): for perm in sorted(perms[obj].keys()): description = perms[obj][perm]["desc"] + if perms[obj][perm]["anonymous"]: + anonymous = 'yes' + else: + anonymous = '' + if description is None: raise Exception("missing description for %s.%s" % (obj, perm)) @@ -112,6 +118,7 @@ for obj in sorted(perms.keys()): print(' ') print(' %s' % (plink, perm)) print(' %s' % description) + print(' %s' % anonymous) print(' ') print(' ')