[PATCH] docs: ACL: Show which permissions are allowed for unauthenticated connections

Daniel P. Berrangé berrange at redhat.com
Fri Feb 17 15:38:48 UTC 2023 

On Fri, Feb 17, 2023 at 04:33:12PM +0100, Peter Krempa wrote:
> Certain APIs are allowed also without authentication but the ACL page
> didn't outline which. Generate a new column with the information.
> 
> Signed-off-by: Peter Krempa <pkrempa at redhat.com>
> ---
>  docs/acl.html.in       | 3 ++-
>  scripts/genaclperms.py | 7 +++++++
>  2 files changed, 9 insertions(+), 1 deletion(-)

Reviewed-by: Daniel P. Berrangé <berrange at redhat.com>


> 
> diff --git a/docs/acl.html.in b/docs/acl.html.in
> index 3d0f651864..268d3aebd3 100644
> --- a/docs/acl.html.in
> +++ b/docs/acl.html.in
> @@ -20,7 +20,8 @@
>        state, where the only API operations allowed are those required
>        to complete authentication. After successful authentication, a
>        connection either has full, unrestricted access to all libvirt
> -      API calls, or is locked down to only "read only" operations,
> +      API calls, or is locked down to only "read only" (see 'Anonymous'
> +      in the table below) operations,
>        according to what socket a client connection originated on.
>      </p>
> 
> diff --git a/scripts/genaclperms.py b/scripts/genaclperms.py
> index e228b3ef60..43616dad04 100755
> --- a/scripts/genaclperms.py
> +++ b/scripts/genaclperms.py
> @@ -96,6 +96,7 @@ for obj in sorted(perms.keys()):
>      print('        <tr>')
>      print('          <th>Permission</th>')
>      print('          <th>Description</th>')
> +    print('          <th>Anonymous</th>')
>      print('        </tr>')
>      print('      </thead>')
>      print('      <tbody>')
> @@ -103,6 +104,11 @@ for obj in sorted(perms.keys()):
>      for perm in sorted(perms[obj].keys()):
>          description = perms[obj][perm]["desc"]
> 
> +        if perms[obj][perm]["anonymous"]:
> +            anonymous = 'yes'
> +        else:
> +            anonymous = ''
> +
>          if description is None:
>              raise Exception("missing description for %s.%s" % (obj, perm))
> 
> @@ -112,6 +118,7 @@ for obj in sorted(perms.keys()):
>          print('        <tr>')
>          print('          <td><a id="%s">%s</a></td>' % (plink, perm))
>          print('          <td>%s</td>' % description)
> +        print('          <td>%s</td>' % anonymous)
>          print('        </tr>')
> 
>      print('      </tbody>')
> -- 
> 2.39.1
> 

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

More information about the libvir-list mailing list