[PATCH] docs: ACL: Show which permissions are allowed for unauthenticated connections
Daniel P. Berrangé
berrange at redhat.com
Fri Feb 17 15:38:48 UTC 2023
On Fri, Feb 17, 2023 at 04:33:12PM +0100, Peter Krempa wrote:
> Certain APIs are allowed also without authentication but the ACL page
> didn't outline which. Generate a new column with the information.
>
> Signed-off-by: Peter Krempa <pkrempa at redhat.com>
> ---
> docs/acl.html.in | 3 ++-
> scripts/genaclperms.py | 7 +++++++
> 2 files changed, 9 insertions(+), 1 deletion(-)
Reviewed-by: Daniel P. Berrangé <berrange at redhat.com>
>
> diff --git a/docs/acl.html.in b/docs/acl.html.in
> index 3d0f651864..268d3aebd3 100644
> --- a/docs/acl.html.in
> +++ b/docs/acl.html.in
> @@ -20,7 +20,8 @@
> state, where the only API operations allowed are those required
> to complete authentication. After successful authentication, a
> connection either has full, unrestricted access to all libvirt
> - API calls, or is locked down to only "read only" operations,
> + API calls, or is locked down to only "read only" (see 'Anonymous'
> + in the table below) operations,
> according to what socket a client connection originated on.
> </p>
>
> diff --git a/scripts/genaclperms.py b/scripts/genaclperms.py
> index e228b3ef60..43616dad04 100755
> --- a/scripts/genaclperms.py
> +++ b/scripts/genaclperms.py
> @@ -96,6 +96,7 @@ for obj in sorted(perms.keys()):
> print(' <tr>')
> print(' <th>Permission</th>')
> print(' <th>Description</th>')
> + print(' <th>Anonymous</th>')
> print(' </tr>')
> print(' </thead>')
> print(' <tbody>')
> @@ -103,6 +104,11 @@ for obj in sorted(perms.keys()):
> for perm in sorted(perms[obj].keys()):
> description = perms[obj][perm]["desc"]
>
> + if perms[obj][perm]["anonymous"]:
> + anonymous = 'yes'
> + else:
> + anonymous = ''
> +
> if description is None:
> raise Exception("missing description for %s.%s" % (obj, perm))
>
> @@ -112,6 +118,7 @@ for obj in sorted(perms.keys()):
> print(' <tr>')
> print(' <td><a id="%s">%s</a></td>' % (plink, perm))
> print(' <td>%s</td>' % description)
> + print(' <td>%s</td>' % anonymous)
> print(' </tr>')
>
> print(' </tbody>')
> --
> 2.39.1
>
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list