6c10778826
Remove the QAPI doc section heading syntax, use plain rST section headings instead. Tests and documentation are updated to match. Interestingly, Plain rST headings work fine before this patch, except for over- and underlining with '=', which the doc parser rejected as invalid QAPI doc section heading in free-form comments. Signed-off-by: John Snow <jsnow@redhat.com> Message-ID: <20250618165353.1980365-5-jsnow@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> [Add more detail to commit message] Signed-off-by: Markus Armbruster <armbru@redhat.com>
119 lines
2.5 KiB
Python
119 lines
2.5 KiB
Python
# -*- Mode: Python -*-
|
|
# vim: filetype=python
|
|
|
|
##
|
|
# ******************
|
|
# User authorization
|
|
# ******************
|
|
##
|
|
|
|
##
|
|
# @QAuthZListPolicy:
|
|
#
|
|
# The authorization policy result
|
|
#
|
|
# @deny: deny access
|
|
#
|
|
# @allow: allow access
|
|
#
|
|
# Since: 4.0
|
|
##
|
|
{ 'enum': 'QAuthZListPolicy',
|
|
'prefix': 'QAUTHZ_LIST_POLICY',
|
|
'data': ['deny', 'allow']}
|
|
|
|
##
|
|
# @QAuthZListFormat:
|
|
#
|
|
# The authorization policy match format
|
|
#
|
|
# @exact: an exact string match
|
|
#
|
|
# @glob: string with ? and * shell wildcard support
|
|
#
|
|
# Since: 4.0
|
|
##
|
|
{ 'enum': 'QAuthZListFormat',
|
|
'prefix': 'QAUTHZ_LIST_FORMAT',
|
|
'data': ['exact', 'glob']}
|
|
|
|
##
|
|
# @QAuthZListRule:
|
|
#
|
|
# A single authorization rule.
|
|
#
|
|
# @match: a string or glob to match against a user identity
|
|
#
|
|
# @policy: the result to return if @match evaluates to true
|
|
#
|
|
# @format: the format of the @match rule (default 'exact')
|
|
#
|
|
# Since: 4.0
|
|
##
|
|
{ 'struct': 'QAuthZListRule',
|
|
'data': {'match': 'str',
|
|
'policy': 'QAuthZListPolicy',
|
|
'*format': 'QAuthZListFormat'}}
|
|
|
|
##
|
|
# @AuthZListProperties:
|
|
#
|
|
# Properties for authz-list objects.
|
|
#
|
|
# @policy: Default policy to apply when no rule matches (default:
|
|
# deny)
|
|
#
|
|
# @rules: Authorization rules based on matching user
|
|
#
|
|
# Since: 4.0
|
|
##
|
|
{ 'struct': 'AuthZListProperties',
|
|
'data': { '*policy': 'QAuthZListPolicy',
|
|
'*rules': ['QAuthZListRule'] } }
|
|
|
|
##
|
|
# @AuthZListFileProperties:
|
|
#
|
|
# Properties for authz-listfile objects.
|
|
#
|
|
# @filename: File name to load the configuration from. The file must
|
|
# contain valid JSON for AuthZListProperties.
|
|
#
|
|
# @refresh: If true, inotify is used to monitor the file,
|
|
# automatically reloading changes. If an error occurs during
|
|
# reloading, all authorizations will fail until the file is next
|
|
# successfully loaded. (default: true if the binary was built
|
|
# with CONFIG_INOTIFY1, false otherwise)
|
|
#
|
|
# Since: 4.0
|
|
##
|
|
{ 'struct': 'AuthZListFileProperties',
|
|
'data': { 'filename': 'str',
|
|
'*refresh': 'bool' } }
|
|
|
|
##
|
|
# @AuthZPAMProperties:
|
|
#
|
|
# Properties for authz-pam objects.
|
|
#
|
|
# @service: PAM service name to use for authorization
|
|
#
|
|
# Since: 4.0
|
|
##
|
|
{ 'struct': 'AuthZPAMProperties',
|
|
'data': { 'service': 'str' } }
|
|
|
|
##
|
|
# @AuthZSimpleProperties:
|
|
#
|
|
# Properties for authz-simple objects.
|
|
#
|
|
# @identity: Identifies the allowed user. Its format depends on the
|
|
# network service that authorization object is associated with.
|
|
# For authorizing based on TLS x509 certificates, the identity
|
|
# must be the x509 distinguished name.
|
|
#
|
|
# Since: 4.0
|
|
##
|
|
{ 'struct': 'AuthZSimpleProperties',
|
|
'data': { 'identity': 'str' } }
|