[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 04/31] qapi/qom: Add ObjectOptions for authz-*
|
From: |
Eric Blake |
|
Subject: |
Re: [PATCH v2 04/31] qapi/qom: Add ObjectOptions for authz-* |
|
Date: |
Fri, 26 Feb 2021 08:02:50 -0600 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0 |
On 2/24/21 7:52 AM, Kevin Wolf wrote:
> This adds a QAPI schema for the properties of the authz-* objects.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> qapi/authz.json | 62 ++++++++++++++++++++++++++++
> qapi/qom.json | 10 +++++
> storage-daemon/qapi/qapi-schema.json | 1 +
> 3 files changed, 73 insertions(+)
>
> diff --git a/qapi/authz.json b/qapi/authz.json
> index 42afe752d1..99d49aa563 100644
> --- a/qapi/authz.json
> +++ b/qapi/authz.json
> @@ -59,3 +59,65 @@
> ##
> { 'struct': 'QAuthZListRuleListHack',
> 'data': { 'unused': ['QAuthZListRule'] } }
This hack is no longer necessary...
> +
> +##
> +# @AuthZListProperties:
> +#
> +# Properties for authz-list objects.
> +#
> +# @policy: Default policy to apply when no rule matches (default: deny)
> +#
> +# @rules: Authorization rules based on matching user
> +#
> +# Since: 4.0
> +##
> +{ 'struct': 'AuthZListProperties',
> + 'data': { '*policy': 'QAuthZListPolicy',
> + '*rules': ['QAuthZListRule'] } }
...now that we have a real type using the same array and forcing the
QAPI generator to instantiate it.
Matches authz/list.c:qauthz_list_class_init().
> +
> +##
> +# @AuthZListFileProperties:
> +#
> +# Properties for authz-listfile objects.
> +#
> +# @filename: File name to load the configuration from. The file must
> +# contain valid JSON for AuthZListProperties.
> +#
> +# @refresh: If true, inotify is used to monitor the file, automatically
> +# reloading changes. If an error occurs during reloading, all
> +# authorizations will fail until the file is next successfully
> +# loaded. (default: true if the binary was built with
> +# CONFIG_INOTIFY1, false otherwise)
> +#
> +# Since: 4.0
> +##
> +{ 'struct': 'AuthZListFileProperties',
> + 'data': { 'filename': 'str',
> + '*refresh': 'bool' } }
Matches authz/listfile.c:qauthz_list_file_class_init().
> +
> +##
> +# @AuthZPAMProperties:
> +#
> +# Properties for authz-pam objects.
> +#
> +# @service: PAM service name to use for authorization
> +#
> +# Since: 4.0
> +##
> +{ 'struct': 'AuthZPAMProperties',
> + 'data': { 'service': 'str' } }
Matches authz/pamacct.c:qauthz_pam_class_init().
> +
> +##
> +# @AuthZSimpleProperties:
> +#
> +# Properties for authz-simple objects.
> +#
> +# @identity: Identifies the allowed user. Its format depends on the network
> +# service that authorization object is associated with. For
> +# authorizing based on TLS x509 certificates, the identity must be
> +# the x509 distinguished name.
> +#
> +# Since: 4.0
> +##
> +{ 'struct': 'AuthZSimpleProperties',
> + 'data': { 'identity': 'str' } }
Matches authz/simple.c:qauthz_simple_class_init().
> diff --git a/qapi/qom.json b/qapi/qom.json
> index bf2ecb34be..30ed179bc1 100644
> --- a/qapi/qom.json
> +++ b/qapi/qom.json
> @@ -4,6 +4,8 @@
> # This work is licensed under the terms of the GNU GPL, version 2 or later.
> # See the COPYING file in the top-level directory.
>
> +{ 'include': 'authz.json' }
> +
> ##
> # = QEMU Object Model (QOM)
> ##
> @@ -233,6 +235,10 @@
> ##
> { 'enum': 'ObjectType',
> 'data': [
> + 'authz-list',
> + 'authz-listfile',
> + 'authz-pam',
> + 'authz-simple',
> 'iothread'
> ] }
>
> @@ -252,6 +258,10 @@
> 'id': 'str' },
> 'discriminator': 'qom-type',
> 'data': {
> + 'authz-list': 'AuthZListProperties',
> + 'authz-listfile': 'AuthZListFileProperties',
> + 'authz-pam': 'AuthZPAMProperties',
> + 'authz-simple': 'AuthZSimpleProperties',
> 'iothread': 'IothreadProperties'
> } }
>
> diff --git a/storage-daemon/qapi/qapi-schema.json
> b/storage-daemon/qapi/qapi-schema.json
> index 28117c3aac..67749d1101 100644
> --- a/storage-daemon/qapi/qapi-schema.json
> +++ b/storage-daemon/qapi/qapi-schema.json
> @@ -26,6 +26,7 @@
> { 'include': '../../qapi/crypto.json' }
> { 'include': '../../qapi/introspect.json' }
> { 'include': '../../qapi/job.json' }
> +{ 'include': '../../qapi/authz.json' }
> { 'include': '../../qapi/qom.json' }
> { 'include': '../../qapi/sockets.json' }
> { 'include': '../../qapi/transaction.json' }
>
Once you delete the dead QAPI hack,
Reviewed-by: Eric Blake <eblake@redhat.com>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
- Re: [PATCH v2 21/31] qemu-storage-daemon: Implement --object with qmp_object_add(), (continued)
- [PATCH v2 17/31] qapi/qom: Add ObjectOptions for input-*, Kevin Wolf, 2021/02/24
- [PATCH v2 23/31] qom: Factor out user_creatable_process_cmdline(), Kevin Wolf, 2021/02/24
- [PATCH v2 11/31] qapi/qom: Add ObjectOptions for tls-*, deprecate 'loaded', Kevin Wolf, 2021/02/24
- [PATCH v2 18/31] qapi/qom: Add ObjectOptions for x-remote-object, Kevin Wolf, 2021/02/24
- [PATCH v2 04/31] qapi/qom: Add ObjectOptions for authz-*, Kevin Wolf, 2021/02/24
- Re: [PATCH v2 04/31] qapi/qom: Add ObjectOptions for authz-*,
Eric Blake <=
- [PATCH v2 28/31] hmp: QAPIfy object_add, Kevin Wolf, 2021/02/24
- [PATCH v2 25/31] qemu-img: Use user_creatable_process_cmdline() for --object, Kevin Wolf, 2021/02/24
- [PATCH v2 22/31] qom: Remove user_creatable_add_dict(), Kevin Wolf, 2021/02/24
- [PATCH v2 29/31] qom: Add user_creatable_parse_str(), Kevin Wolf, 2021/02/24