Certain APIs are allowed also without authentication but the ACL page
didn't outline which. Generate a new column with the information.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---
docs/acl.html.in | 3 ++-
scripts/genaclperms.py | 7 +++++++
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/docs/acl.html.in b/docs/acl.html.in
index 3d0f651864..268d3aebd3 100644
--- a/docs/acl.html.in
+++ b/docs/acl.html.in
@@ -20,7 +20,8 @@
state, where the only API operations allowed are those required
to complete authentication. After successful authentication, a
connection either has full, unrestricted access to all libvirt
- API calls, or is locked down to only "read only" operations,
+ API calls, or is locked down to only "read only" (see 'Anonymous'
+ in the table below) operations,
according to what socket a client connection originated on.
</p>
diff --git a/scripts/genaclperms.py b/scripts/genaclperms.py
index e228b3ef60..43616dad04 100755
--- a/scripts/genaclperms.py
+++ b/scripts/genaclperms.py
@@ -96,6 +96,7 @@ for obj in sorted(perms.keys()):
print(' <tr>')
print(' <th>Permission</th>')
print(' <th>Description</th>')
+ print(' <th>Anonymous</th>')
print(' </tr>')
print(' </thead>')
print(' <tbody>')
@@ -103,6 +104,11 @@ for obj in sorted(perms.keys()):
for perm in sorted(perms[obj].keys()):
description = perms[obj][perm]["desc"]
+ if perms[obj][perm]["anonymous"]:
+ anonymous = 'yes'
+ else:
+ anonymous = ''
+
if description is None:
raise Exception("missing description for %s.%s" % (obj, perm))
@@ -112,6 +118,7 @@ for obj in sorted(perms.keys()):
print(' <tr>')
print(' <td><a id="%s">%s</a></td>' % (plink, perm))
print(' <td>%s</td>' % description)
+ print(' <td>%s</td>' % anonymous)
print(' </tr>')
print(' </tbody>')
--
2.39.1
On Fri, Feb 17, 2023 at 04:33:12PM +0100, Peter Krempa wrote: > Certain APIs are allowed also without authentication but the ACL page > didn't outline which. Generate a new column with the information. > > Signed-off-by: Peter Krempa <pkrempa@redhat.com> > --- > docs/acl.html.in | 3 ++- > scripts/genaclperms.py | 7 +++++++ > 2 files changed, 9 insertions(+), 1 deletion(-) Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> > > diff --git a/docs/acl.html.in b/docs/acl.html.in > index 3d0f651864..268d3aebd3 100644 > --- a/docs/acl.html.in > +++ b/docs/acl.html.in > @@ -20,7 +20,8 @@ > state, where the only API operations allowed are those required > to complete authentication. After successful authentication, a > connection either has full, unrestricted access to all libvirt > - API calls, or is locked down to only "read only" operations, > + API calls, or is locked down to only "read only" (see 'Anonymous' > + in the table below) operations, > according to what socket a client connection originated on. > </p> > > diff --git a/scripts/genaclperms.py b/scripts/genaclperms.py > index e228b3ef60..43616dad04 100755 > --- a/scripts/genaclperms.py > +++ b/scripts/genaclperms.py > @@ -96,6 +96,7 @@ for obj in sorted(perms.keys()): > print(' <tr>') > print(' <th>Permission</th>') > print(' <th>Description</th>') > + print(' <th>Anonymous</th>') > print(' </tr>') > print(' </thead>') > print(' <tbody>') > @@ -103,6 +104,11 @@ for obj in sorted(perms.keys()): > for perm in sorted(perms[obj].keys()): > description = perms[obj][perm]["desc"] > > + if perms[obj][perm]["anonymous"]: > + anonymous = 'yes' > + else: > + anonymous = '' > + > if description is None: > raise Exception("missing description for %s.%s" % (obj, perm)) > > @@ -112,6 +118,7 @@ for obj in sorted(perms.keys()): > print(' <tr>') > print(' <td><a id="%s">%s</a></td>' % (plink, perm)) > print(' <td>%s</td>' % description) > + print(' <td>%s</td>' % anonymous) > print(' </tr>') > > print(' </tbody>') > -- > 2.39.1 > With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
© 2016 - 2024 Red Hat, Inc.