[libvirt] [PATCH v3 2/6] nbd: allow authorization with nbd-server-start QMP command
Juan Quintela
quintela at redhat.com
Wed Oct 17 12:28:53 UTC 2018
Daniel P. Berrangé <berrange at redhat.com> wrote:
> From: "Daniel P. Berrange" <berrange at redhat.com>
>
> As with the previous patch to qemu-nbd, the nbd-server-start QMP command
> also needs to be able to specify authorization when enabling TLS encryption.
>
> First the client must create a QAuthZ object instance using the
> 'object-add' command:
>
> {
> 'execute': 'object-add',
> 'arguments': {
> 'qom-type': 'authz-list',
> 'id': 'authz0',
> 'parameters': {
> 'policy': 'deny',
> 'rules': [
> {
> 'match': '*CN=fred',
> 'policy': 'allow'
> }
> ]
> }
> }
> }
>
> They can then reference this in the new 'tls-authz' parameter when
> executing the 'nbd-server-start' command:
>
> {
> 'execute': 'nbd-server-start',
> 'arguments': {
> 'addr': {
> 'type': 'inet',
> 'host': '127.0.0.1',
> 'port': '9000'
> },
> 'tls-creds': 'tls0',
> 'tls-authz': 'authz0'
> }
> }
>
> Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
Reviewed-by: Juan Quintela <quintela at redhat.com>
similar to previous patch in series.
More information about the libvir-list
mailing list