From: Kevin Wolf <kwolf@redhat.com>
To: qemu-devel@nongnu.org
Cc: kwolf@redhat.com, lvivier@redhat.com, thuth@redhat.com,
pkrempa@redhat.com, berrange@redhat.com, ehabkost@redhat.com,
qemu-block@nongnu.org, libvir-list@redhat.com,
jasowang@redhat.com, armbru@redhat.com, mreitz@redhat.com,
kraxel@redhat.com, pbonzini@redhat.com, dgilbert@redhat.com
Subject: [PATCH v2 04/31] qapi/qom: Add ObjectOptions for authz-*
Date: Wed, 24 Feb 2021 14:52:28 +0100 [thread overview]
Message-ID: <20210224135255.253837-5-kwolf@redhat.com> (raw)
In-Reply-To: <20210224135255.253837-1-kwolf@redhat.com>
This adds a QAPI schema for the properties of the authz-* objects.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
qapi/authz.json | 62 ++++++++++++++++++++++++++++
qapi/qom.json | 10 +++++
storage-daemon/qapi/qapi-schema.json | 1 +
3 files changed, 73 insertions(+)
diff --git a/qapi/authz.json b/qapi/authz.json
index 42afe752d1..99d49aa563 100644
--- a/qapi/authz.json
+++ b/qapi/authz.json
@@ -59,3 +59,65 @@
##
{ 'struct': 'QAuthZListRuleListHack',
'data': { 'unused': ['QAuthZListRule'] } }
+
+##
+# @AuthZListProperties:
+#
+# Properties for authz-list objects.
+#
+# @policy: Default policy to apply when no rule matches (default: deny)
+#
+# @rules: Authorization rules based on matching user
+#
+# Since: 4.0
+##
+{ 'struct': 'AuthZListProperties',
+ 'data': { '*policy': 'QAuthZListPolicy',
+ '*rules': ['QAuthZListRule'] } }
+
+##
+# @AuthZListFileProperties:
+#
+# Properties for authz-listfile objects.
+#
+# @filename: File name to load the configuration from. The file must
+# contain valid JSON for AuthZListProperties.
+#
+# @refresh: If true, inotify is used to monitor the file, automatically
+# reloading changes. If an error occurs during reloading, all
+# authorizations will fail until the file is next successfully
+# loaded. (default: true if the binary was built with
+# CONFIG_INOTIFY1, false otherwise)
+#
+# Since: 4.0
+##
+{ 'struct': 'AuthZListFileProperties',
+ 'data': { 'filename': 'str',
+ '*refresh': 'bool' } }
+
+##
+# @AuthZPAMProperties:
+#
+# Properties for authz-pam objects.
+#
+# @service: PAM service name to use for authorization
+#
+# Since: 4.0
+##
+{ 'struct': 'AuthZPAMProperties',
+ 'data': { 'service': 'str' } }
+
+##
+# @AuthZSimpleProperties:
+#
+# Properties for authz-simple objects.
+#
+# @identity: Identifies the allowed user. Its format depends on the network
+# service that authorization object is associated with. For
+# authorizing based on TLS x509 certificates, the identity must be
+# the x509 distinguished name.
+#
+# Since: 4.0
+##
+{ 'struct': 'AuthZSimpleProperties',
+ 'data': { 'identity': 'str' } }
diff --git a/qapi/qom.json b/qapi/qom.json
index bf2ecb34be..30ed179bc1 100644
--- a/qapi/qom.json
+++ b/qapi/qom.json
@@ -4,6 +4,8 @@
# This work is licensed under the terms of the GNU GPL, version 2 or later.
# See the COPYING file in the top-level directory.
+{ 'include': 'authz.json' }
+
##
# = QEMU Object Model (QOM)
##
@@ -233,6 +235,10 @@
##
{ 'enum': 'ObjectType',
'data': [
+ 'authz-list',
+ 'authz-listfile',
+ 'authz-pam',
+ 'authz-simple',
'iothread'
] }
@@ -252,6 +258,10 @@
'id': 'str' },
'discriminator': 'qom-type',
'data': {
+ 'authz-list': 'AuthZListProperties',
+ 'authz-listfile': 'AuthZListFileProperties',
+ 'authz-pam': 'AuthZPAMProperties',
+ 'authz-simple': 'AuthZSimpleProperties',
'iothread': 'IothreadProperties'
} }
diff --git a/storage-daemon/qapi/qapi-schema.json b/storage-daemon/qapi/qapi-schema.json
index 28117c3aac..67749d1101 100644
--- a/storage-daemon/qapi/qapi-schema.json
+++ b/storage-daemon/qapi/qapi-schema.json
@@ -26,6 +26,7 @@
{ 'include': '../../qapi/crypto.json' }
{ 'include': '../../qapi/introspect.json' }
{ 'include': '../../qapi/job.json' }
+{ 'include': '../../qapi/authz.json' }
{ 'include': '../../qapi/qom.json' }
{ 'include': '../../qapi/sockets.json' }
{ 'include': '../../qapi/transaction.json' }
--
2.29.2
next prev parent reply other threads:[~2021-02-24 15:11 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-24 13:52 [PATCH v2 00/31] qapi/qom: QAPIfy --object and object-add Kevin Wolf
2021-02-24 13:52 ` [PATCH v2 01/31] tests: Drop 'props' from object-add calls Kevin Wolf
2021-02-25 22:40 ` Eric Blake
2021-02-24 13:52 ` [PATCH v2 02/31] qapi/qom: Drop deprecated 'props' from object-add Kevin Wolf
2021-02-25 22:42 ` Eric Blake
2021-02-24 13:52 ` [PATCH v2 03/31] qapi/qom: Add ObjectOptions for iothread Kevin Wolf
2021-02-25 22:55 ` Eric Blake
2021-03-02 17:27 ` Kevin Wolf
2021-02-24 13:52 ` Kevin Wolf [this message]
2021-02-26 14:02 ` [PATCH v2 04/31] qapi/qom: Add ObjectOptions for authz-* Eric Blake
2021-02-24 13:52 ` [PATCH v2 05/31] qapi/qom: Add ObjectOptions for cryptodev-* Kevin Wolf
2021-02-26 14:36 ` Eric Blake
2021-02-24 13:52 ` [PATCH v2 06/31] qapi/qom: Add ObjectOptions for dbus-vmstate Kevin Wolf
2021-02-26 15:58 ` Eric Blake
2021-03-02 17:36 ` Kevin Wolf
2021-02-24 13:52 ` [PATCH v2 07/31] qapi/qom: Add ObjectOptions for memory-backend-* Kevin Wolf
2021-02-26 16:23 ` Eric Blake
2021-03-02 18:11 ` Kevin Wolf
2021-02-24 13:52 ` [PATCH v2 08/31] qapi/qom: Add ObjectOptions for rng-*, deprecate 'opened' Kevin Wolf
2021-02-26 16:54 ` Eric Blake
2021-02-24 13:52 ` [PATCH v2 09/31] qapi/qom: Add ObjectOptions for throttle-group Kevin Wolf
2021-02-26 17:26 ` Eric Blake
2021-03-02 18:18 ` Kevin Wolf
2021-02-24 13:52 ` [PATCH v2 10/31] qapi/qom: Add ObjectOptions for secret*, deprecate 'loaded' Kevin Wolf
2021-02-26 19:17 ` Eric Blake
2021-03-02 18:23 ` Kevin Wolf
2021-02-24 13:52 ` [PATCH v2 11/31] qapi/qom: Add ObjectOptions for tls-*, " Kevin Wolf
2021-02-26 19:33 ` Eric Blake
2021-03-02 18:27 ` Kevin Wolf
2021-02-24 13:52 ` [PATCH v2 12/31] qapi/qom: Add ObjectOptions for can-* Kevin Wolf
2021-02-26 19:42 ` Eric Blake
2021-03-02 18:32 ` Kevin Wolf
2021-03-02 20:03 ` Eric Blake
2021-02-24 13:52 ` [PATCH v2 13/31] qapi/qom: Add ObjectOptions for colo-compare Kevin Wolf
2021-02-26 19:46 ` Eric Blake
2021-02-24 13:52 ` [PATCH v2 14/31] qapi/qom: Add ObjectOptions for filter-* Kevin Wolf
2021-02-26 20:03 ` Eric Blake
2021-02-24 13:52 ` [PATCH v2 15/31] qapi/qom: Add ObjectOptions for pr-manager-helper Kevin Wolf
2021-02-26 20:04 ` Eric Blake
2021-02-24 13:52 ` [PATCH v2 16/31] qapi/qom: Add ObjectOptions for confidential-guest-support Kevin Wolf
2021-02-24 15:21 ` Dr. David Alan Gilbert
2021-02-24 16:25 ` Kevin Wolf
2021-02-26 20:27 ` Eric Blake
2021-02-24 13:52 ` [PATCH v2 17/31] qapi/qom: Add ObjectOptions for input-* Kevin Wolf
2021-02-26 20:55 ` Eric Blake
2021-03-02 18:42 ` Kevin Wolf
2021-02-24 13:52 ` [PATCH v2 18/31] qapi/qom: Add ObjectOptions for x-remote-object Kevin Wolf
2021-02-26 21:01 ` Eric Blake
2021-02-24 13:52 ` [PATCH v2 19/31] qapi/qom: QAPIfy object-add Kevin Wolf
2021-02-26 11:30 ` Paolo Bonzini
2021-03-01 11:54 ` Kevin Wolf
2021-03-01 12:03 ` Paolo Bonzini
2021-02-26 21:18 ` Eric Blake
2021-03-02 18:54 ` Kevin Wolf
2021-02-24 13:52 ` [PATCH v2 20/31] qom: Make "object" QemuOptsList optional Kevin Wolf
2021-02-26 21:20 ` Eric Blake
2021-02-24 13:52 ` [PATCH v2 21/31] qemu-storage-daemon: Implement --object with qmp_object_add() Kevin Wolf
2021-02-26 21:22 ` Eric Blake
2021-02-24 13:52 ` [PATCH v2 22/31] qom: Remove user_creatable_add_dict() Kevin Wolf
2021-02-26 21:23 ` Eric Blake
2021-02-24 13:52 ` [PATCH v2 23/31] qom: Factor out user_creatable_process_cmdline() Kevin Wolf
2021-02-26 21:26 ` Eric Blake
2021-02-24 13:52 ` [PATCH v2 24/31] qemu-io: Use user_creatable_process_cmdline() for --object Kevin Wolf
2021-02-26 21:27 ` Eric Blake
2021-02-24 13:52 ` [PATCH v2 25/31] qemu-img: " Kevin Wolf
2021-02-26 21:56 ` Eric Blake
2021-02-26 22:17 ` Eric Blake
2021-02-24 13:52 ` [PATCH v2 26/31] qemu-nbd: " Kevin Wolf
2021-02-26 22:18 ` Eric Blake
2021-02-24 13:52 ` [PATCH v2 27/31] qom: Add user_creatable_add_from_str() Kevin Wolf
2021-02-26 22:21 ` Eric Blake
2021-03-02 19:39 ` Kevin Wolf
2021-02-24 13:52 ` [PATCH v2 28/31] hmp: QAPIfy object_add Kevin Wolf
2021-02-24 15:31 ` Dr. David Alan Gilbert
2021-02-26 22:23 ` Eric Blake
2021-02-24 13:52 ` [PATCH v2 29/31] qom: Add user_creatable_parse_str() Kevin Wolf
2021-02-26 22:24 ` Eric Blake
2021-02-24 13:52 ` [PATCH v2 30/31] vl: QAPIfy -object Kevin Wolf
2021-02-26 22:40 ` Eric Blake
2021-02-24 13:52 ` [PATCH v2 31/31] qom: Drop QemuOpts based interfaces Kevin Wolf
2021-02-26 22:42 ` Eric Blake
2021-02-24 16:01 ` [PATCH v2 00/31] qapi/qom: QAPIfy --object and object-add Peter Krempa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210224135255.253837-5-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=dgilbert@redhat.com \
--cc=ehabkost@redhat.com \
--cc=jasowang@redhat.com \
--cc=kraxel@redhat.com \
--cc=libvir-list@redhat.com \
--cc=lvivier@redhat.com \
--cc=mreitz@redhat.com \
--cc=pbonzini@redhat.com \
--cc=pkrempa@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).