From: Peter Krempa
Date: Fri, 17 Feb 2023 15:31:20 +0000 (+0100)
Subject: docs: ACL: Show which permissions are allowed for unauthenticated connections
X-Git-Tag: v9.1.0-rc1~40
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ecca8053363a4135781988f92f5ef1037c29f45e;p=thirdparty%2Flibvirt.git
docs: ACL: Show which permissions are allowed for unauthenticated connections
Certain APIs are allowed also without authentication but the ACL page
didn't outline which. Generate a new column with the information.
Signed-off-by: Peter Krempa
Reviewed-by: Daniel P. Berrangé
---
diff --git a/docs/acl.html.in b/docs/acl.html.in
index 3d0f651864..268d3aebd3 100644
--- a/docs/acl.html.in
+++ b/docs/acl.html.in
@@ -20,7 +20,8 @@
state, where the only API operations allowed are those required
to complete authentication. After successful authentication, a
connection either has full, unrestricted access to all libvirt
- API calls, or is locked down to only "read only" operations,
+ API calls, or is locked down to only "read only" (see 'Anonymous'
+ in the table below) operations,
according to what socket a client connection originated on.
diff --git a/scripts/genaclperms.py b/scripts/genaclperms.py
index e228b3ef60..43616dad04 100755
--- a/scripts/genaclperms.py
+++ b/scripts/genaclperms.py
@@ -96,6 +96,7 @@ for obj in sorted(perms.keys()):
print(' ')
print(' Permission | ')
print(' Description | ')
+ print(' Anonymous | ')
print('
')
print(' ')
print(' ')
@@ -103,6 +104,11 @@ for obj in sorted(perms.keys()):
for perm in sorted(perms[obj].keys()):
description = perms[obj][perm]["desc"]
+ if perms[obj][perm]["anonymous"]:
+ anonymous = 'yes'
+ else:
+ anonymous = ''
+
if description is None:
raise Exception("missing description for %s.%s" % (obj, perm))
@@ -112,6 +118,7 @@ for obj in sorted(perms.keys()):
print(' ')
print(' %s | ' % (plink, perm))
print(' %s | ' % description)
+ print(' %s | ' % anonymous)
print('
')
print(' ')