creds: define a proper varlink type for the credential scope

diff --git a/src/shared/varlink-io.systemd.Credentials.c b/src/shared/varlink-io.systemd.Credentials.c
index ab99adefe52eaae4bcd518fef1fde00bfa0dd68d..ac250c8a796b85c3b3aa184ed1738e5d527c06e8 100644 (file)
--- a/src/shared/varlink-io.systemd.Credentials.c
+++ b/src/shared/varlink-io.systemd.Credentials.c
@@ -3,6 +3,13 @@
 #include "bus-polkit.h"
 #include "varlink-io.systemd.Credentials.h"
 
+static SD_VARLINK_DEFINE_ENUM_TYPE(
+                Scope,
+                SD_VARLINK_FIELD_COMMENT("Generate a system-bound credential"),
+                SD_VARLINK_DEFINE_ENUM_VALUE(system),
+                SD_VARLINK_FIELD_COMMENT("Generate a system and user bound credential"),
+                SD_VARLINK_DEFINE_ENUM_VALUE(user));
+
 static SD_VARLINK_DEFINE_METHOD(
                 Encrypt,
                 SD_VARLINK_FIELD_COMMENT("The name for the encrypted credential, a string suitable for inclusion in a file name. If not specified no name is encoded in the credential. Typically, if this credential is stored on disk, this is how the file should be called, and permits authentication of the filename."),
@@ -16,7 +23,7 @@ static SD_VARLINK_DEFINE_METHOD(
                 SD_VARLINK_FIELD_COMMENT("Timestamp when to the credential should be considered invalid. In µs since the UNIX epoch. If not specified, the credential remains valid forever."),
                 SD_VARLINK_DEFINE_INPUT(notAfter, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
                 SD_VARLINK_FIELD_COMMENT("The intended scope for the credential. One of 'system' or 'user'. If not specified defaults to 'system', unless an uid is specified (see below), in which case it default to 'user'."),
-                SD_VARLINK_DEFINE_INPUT(scope, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
+                SD_VARLINK_DEFINE_INPUT_BY_TYPE(scope, Scope, SD_VARLINK_NULLABLE),
                 SD_VARLINK_FIELD_COMMENT("The numeric UNIX UID of the user the credential shall be scoped to. Only relevant if 'user' scope is selected (see above). If not specified and 'user' scope is selected defaults to the UID of the calling user, if that can be determined."),
                 SD_VARLINK_DEFINE_INPUT(uid, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
                 VARLINK_DEFINE_POLKIT_INPUT,
@@ -32,7 +39,7 @@ static SD_VARLINK_DEFINE_METHOD(
                 SD_VARLINK_FIELD_COMMENT("The timestamp to use when validating the credential's time validity range. If not specified the current time is used."),
                 SD_VARLINK_DEFINE_INPUT(timestamp, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
                 SD_VARLINK_FIELD_COMMENT("The scope for this credential. If not specified no restrictions on the credential scope are made."),
-                SD_VARLINK_DEFINE_INPUT(scope, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
+                SD_VARLINK_DEFINE_INPUT_BY_TYPE(scope, Scope, SD_VARLINK_NULLABLE),
                 SD_VARLINK_FIELD_COMMENT("If the 'user' scope is selected, specifies the numeric UNIX UID of the user the credential is associated with. If not specified this is automatically derived from the UID of the calling user, if that can be determined."),
                 SD_VARLINK_DEFINE_INPUT(uid, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
                 VARLINK_DEFINE_POLKIT_INPUT,
@@ -54,6 +61,8 @@ SD_VARLINK_DEFINE_INTERFACE(
                 io_systemd_Credentials,
                 "io.systemd.Credentials",
                 SD_VARLINK_INTERFACE_COMMENT("APIs for encrypting and decrypting service credentials."),
+                SD_VARLINK_SYMBOL_COMMENT("The intended scope for the credential."),
+                &vl_type_Scope,
                 SD_VARLINK_SYMBOL_COMMENT("Encrypts some plaintext data, returns an encrypted credential."),
                 &vl_method_Encrypt,
                 SD_VARLINK_SYMBOL_COMMENT("Decrypts an encrypted credential, returns plaintext data."),