Re: [libvirt] [PATCH v3 2/6] nbd: allow authorization with nbd-server-start QMP command

Wednesday, 17 October 2018

Daniel P. Berrangé <berrange(a)redhat.com&gt; wrote:
...
 From: "Daniel P. Berrange" <berrange(a)redhat.com&gt;

 As with the previous patch to qemu-nbd, the nbd-server-start QMP command
 also needs to be able to specify authorization when enabling TLS encryption.

 First the client must create a QAuthZ object instance using the
 'object-add' command:

    {
      'execute': 'object-add',
      'arguments': {
        'qom-type': 'authz-list',
        'id': 'authz0',
        'parameters': {
          'policy': 'deny',
          'rules': [
            {
              'match': '*CN=fred',
              'policy': 'allow'
            }
          ]
        }
      }
    }

 They can then reference this in the new 'tls-authz' parameter when
 executing the 'nbd-server-start' command:

    {
      'execute': 'nbd-server-start',
      'arguments': {
        'addr': {
            'type': 'inet',
            'host': '127.0.0.1',
            'port': '9000'
        },
        'tls-creds': 'tls0',
        'tls-authz': 'authz0'
      }
    }

 Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt; 
Reviewed-by: Juan Quintela <quintela(a)redhat.com&gt;

similar to previous patch in series.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [libvirt] [PATCH v3 2/6] nbd: allow authorization with nbd-server-start QMP command