From nobody Sun Apr 28 06:17:28 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
170.10.129.124 as permitted sender) client-ip=170.10.129.124;
envelope-from=libvir-list-bounces@redhat.com;
helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
dkim=pass;
spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=pass(p=none dis=none) header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1676648020; cv=none;
d=zohomail.com; s=zohoarc;
b=CqMfF936YCTi9OHQ8a1HycINnjYvM1sQEoue9SoTZHO7YvbIAtwgZVmuruWo129XS6WvMMQLKCgaaS0NtnzE3fwGMCSNnJU9iWPl8UnlYvMLS3OlmjJUaCVCMY5QbitGA++Ikhf9s9LxNrjzlcRr7DSR4U8MKzxQbIGlk3plufA=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
s=zohoarc;
t=1676648020;
h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To;
bh=Fs/W2Srf1/8usJTQ1LoKedQyKMXzzw/JVBg32D59zpI=;
b=QXrm/OE0gvLiAQfuhMLm1HIu/eoj6k13Vxbucjp5/9fwAkUbgHpOYqmML1Hwsu/mQzTf2joD3PZCNXeeBfQMzSDzjwSvzZRA+L375H8C9ibp8fLuAnyWyaIIIU+zaAwqIeGRPfOWE0tPvUk3u401s1xbnDxpP16ESw0LCM/yOk0=
ARC-Authentication-Results: i=1; mx.zohomail.com;
dkim=pass;
spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=pass header.from= (p=none dis=none)
Return-Path:
Received: from us-smtp-delivery-124.mimecast.com
(us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
with SMTPS id 1676648020054655.001256614027;
Fri, 17 Feb 2023 07:33:40 -0800 (PST)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
[66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
(version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
us-mta-191-Cv3K2zFZOlGPRmfK0Y2rHQ-1; Fri, 17 Feb 2023 10:33:35 -0500
Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com
[10.11.54.9])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 50EE4857A87;
Fri, 17 Feb 2023 15:33:30 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
(unknown [10.30.29.100])
by smtp.corp.redhat.com (Postfix) with ESMTP id 17134492C14;
Fri, 17 Feb 2023 15:33:30 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
(localhost [IPv6:::1])
by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
ESMTP id BBB891946589;
Fri, 17 Feb 2023 15:33:29 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com
[10.11.54.9])
by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
ESMTP id 9CD9F1946588 for ;
Fri, 17 Feb 2023 15:33:15 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
id 099F5492C1B; Fri, 17 Feb 2023 15:33:15 +0000 (UTC)
Received: from speedmetal.redhat.com (ovpn-208-8.brq.redhat.com [10.40.208.8])
by smtp.corp.redhat.com (Postfix) with ESMTP id 420AC492C14
for ; Fri, 17 Feb 2023 15:33:13 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
s=mimecast20190719; t=1676648019;
h=from:from:sender:sender:reply-to:subject:subject:date:date:
message-id:message-id:to:to:cc:mime-version:mime-version:
content-type:content-type:
content-transfer-encoding:content-transfer-encoding:list-id:list-help:
list-unsubscribe:list-subscribe:list-post;
bh=Fs/W2Srf1/8usJTQ1LoKedQyKMXzzw/JVBg32D59zpI=;
b=DiPmanLRISN58MXhhshsxP8/hnX9EepBAPVLLLifDqOFObTdq+fWHp1xFLDo2jE9G8qAZW
rIFS55jcYk3PYhianzIrUeBDq1sjoGTasNF+BdVgECh3GjmY6kGh/grctQPSM+BazGIOvv
YtiweExu9/P2AwNfyUYiwi8R8Hm/CY8=
X-MC-Unique: Cv3K2zFZOlGPRmfK0Y2rHQ-1
X-Original-To: libvir-list@listman.corp.redhat.com
From: Peter Krempa
To: libvir-list@redhat.com
Subject: [PATCH] docs: ACL: Show which permissions are allowed for
unauthenticated connections
Date: Fri, 17 Feb 2023 16:33:12 +0100
Message-Id:
<5d380b77688e0ebb1579be761e7cc6a05aaed00e.1676647992.git.pkrempa@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development discussions about the libvirt library & tools
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Errors-To: libvir-list-bounces@redhat.com
Sender: "libvir-list"
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1676648021065100001
Content-Type: text/plain; charset="utf-8"
Certain APIs are allowed also without authentication but the ACL page
didn't outline which. Generate a new column with the information.
Signed-off-by: Peter Krempa
Reviewed-by: Daniel P. Berrang=C3=A9
---
docs/acl.html.in | 3 ++-
scripts/genaclperms.py | 7 +++++++
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/docs/acl.html.in b/docs/acl.html.in
index 3d0f651864..268d3aebd3 100644
--- a/docs/acl.html.in
+++ b/docs/acl.html.in
@@ -20,7 +20,8 @@
state, where the only API operations allowed are those required
to complete authentication. After successful authentication, a
connection either has full, unrestricted access to all libvirt
- API calls, or is locked down to only "read only" operations,
+ API calls, or is locked down to only "read only" (see 'Anonymous'
+ in the table below) operations,
according to what socket a client connection originated on.
diff --git a/scripts/genaclperms.py b/scripts/genaclperms.py
index e228b3ef60..43616dad04 100755
--- a/scripts/genaclperms.py
+++ b/scripts/genaclperms.py
@@ -96,6 +96,7 @@ for obj in sorted(perms.keys()):
print(' ')
print(' Permission | ')
print(' Description | ')
+ print(' Anonymous | ')
print('
')
print(' ')
print(' ')
@@ -103,6 +104,11 @@ for obj in sorted(perms.keys()):
for perm in sorted(perms[obj].keys()):
description =3D perms[obj][perm]["desc"]
+ if perms[obj][perm]["anonymous"]:
+ anonymous =3D 'yes'
+ else:
+ anonymous =3D ''
+
if description is None:
raise Exception("missing description for %s.%s" % (obj, perm))
@@ -112,6 +118,7 @@ for obj in sorted(perms.keys()):
print(' ')
print(' %s | ' % (plink, perm))
print(' %s | ' % description)
+ print(' %s | ' % anonymous)
print('
')
print(' ')
--=20
2.39.1