From nobody Sun Apr 28 06:17:28 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1676648020; cv=none;
	d=zohomail.com; s=zohoarc;
	b=CqMfF936YCTi9OHQ8a1HycINnjYvM1sQEoue9SoTZHO7YvbIAtwgZVmuruWo129XS6WvMMQLKCgaaS0NtnzE3fwGMCSNnJU9iWPl8UnlYvMLS3OlmjJUaCVCMY5QbitGA++Ikhf9s9LxNrjzlcRr7DSR4U8MKzxQbIGlk3plufA=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1676648020;
 h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To;
	bh=Fs/W2Srf1/8usJTQ1LoKedQyKMXzzw/JVBg32D59zpI=;
	b=QXrm/OE0gvLiAQfuhMLm1HIu/eoj6k13Vxbucjp5/9fwAkUbgHpOYqmML1Hwsu/mQzTf2joD3PZCNXeeBfQMzSDzjwSvzZRA+L375H8C9ibp8fLuAnyWyaIIIU+zaAwqIeGRPfOWE0tPvUk3u401s1xbnDxpP16ESw0LCM/yOk0=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<pkrempa@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1676648020054655.001256614027;
 Fri, 17 Feb 2023 07:33:40 -0800 (PST)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-191-Cv3K2zFZOlGPRmfK0Y2rHQ-1; Fri, 17 Feb 2023 10:33:35 -0500
Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com
 [10.11.54.9])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 50EE4857A87;
	Fri, 17 Feb 2023 15:33:30 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (unknown [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 17134492C14;
	Fri, 17 Feb 2023 15:33:30 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id BBB891946589;
	Fri, 17 Feb 2023 15:33:29 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com
 [10.11.54.9])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 9CD9F1946588 for <libvir-list@listman.corp.redhat.com>;
 Fri, 17 Feb 2023 15:33:15 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id 099F5492C1B; Fri, 17 Feb 2023 15:33:15 +0000 (UTC)
Received: from speedmetal.redhat.com (ovpn-208-8.brq.redhat.com [10.40.208.8])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 420AC492C14
 for <libvir-list@redhat.com>; Fri, 17 Feb 2023 15:33:13 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1676648019;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=Fs/W2Srf1/8usJTQ1LoKedQyKMXzzw/JVBg32D59zpI=;
	b=DiPmanLRISN58MXhhshsxP8/hnX9EepBAPVLLLifDqOFObTdq+fWHp1xFLDo2jE9G8qAZW
	rIFS55jcYk3PYhianzIrUeBDq1sjoGTasNF+BdVgECh3GjmY6kGh/grctQPSM+BazGIOvv
	YtiweExu9/P2AwNfyUYiwi8R8Hm/CY8=
X-MC-Unique: Cv3K2zFZOlGPRmfK0Y2rHQ-1
X-Original-To: libvir-list@listman.corp.redhat.com
From: Peter Krempa <pkrempa@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH] docs: ACL: Show which permissions are allowed for
 unauthenticated connections
Date: Fri, 17 Feb 2023 16:33:12 +0100
Message-Id: 
 <5d380b77688e0ebb1579be761e7cc6a05aaed00e.1676647992.git.pkrempa@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/libvir-list/>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
Errors-To: libvir-list-bounces@redhat.com
Sender: "libvir-list" <libvir-list-bounces@redhat.com>
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1676648021065100001
Content-Type: text/plain; charset="utf-8"

Certain APIs are allowed also without authentication but the ACL page
didn't outline which. Generate a new column with the information.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 docs/acl.html.in       | 3 ++-
 scripts/genaclperms.py | 7 +++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/docs/acl.html.in b/docs/acl.html.in
index 3d0f651864..268d3aebd3 100644
--- a/docs/acl.html.in
+++ b/docs/acl.html.in
@@ -20,7 +20,8 @@
       state, where the only API operations allowed are those required
       to complete authentication. After successful authentication, a
       connection either has full, unrestricted access to all libvirt
-      API calls, or is locked down to only "read only" operations,
+      API calls, or is locked down to only "read only" (see 'Anonymous'
+      in the table below) operations,
       according to what socket a client connection originated on.
     </p>

diff --git a/scripts/genaclperms.py b/scripts/genaclperms.py
index e228b3ef60..43616dad04 100755
--- a/scripts/genaclperms.py
+++ b/scripts/genaclperms.py
@@ -96,6 +96,7 @@ for obj in sorted(perms.keys()):
     print('        <tr>')
     print('          <th>Permission</th>')
     print('          <th>Description</th>')
+    print('          <th>Anonymous</th>')
     print('        </tr>')
     print('      </thead>')
     print('      <tbody>')
@@ -103,6 +104,11 @@ for obj in sorted(perms.keys()):
     for perm in sorted(perms[obj].keys()):
         description =3D perms[obj][perm]["desc"]

+        if perms[obj][perm]["anonymous"]:
+            anonymous =3D 'yes'
+        else:
+            anonymous =3D ''
+
         if description is None:
             raise Exception("missing description for %s.%s" % (obj, perm))

@@ -112,6 +118,7 @@ for obj in sorted(perms.keys()):
         print('        <tr>')
         print('          <td><a id=3D"%s">%s</a></td>' % (plink, perm))
         print('          <td>%s</td>' % description)
+        print('          <td>%s</td>' % anonymous)
         print('        </tr>')

     print('      </tbody>')
--=20
2.39.1