[PATCH] docs: ACL: Show which permissions are allowed for unauthenticated connections
Certain APIs are allowed also without authentication but the ACL page didn't outline which. Generate a new column with the information. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- docs/acl.html.in | 3 ++- scripts/genaclperms.py | 7 +++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/docs/acl.html.in b/docs/acl.html.in index 3d0f651864..268d3aebd3 100644 --- a/docs/acl.html.in +++ b/docs/acl.html.in @@ -20,7 +20,8 @@ state, where the only API operations allowed are those required to complete authentication. After successful authentication, a connection either has full, unrestricted access to all libvirt - API calls, or is locked down to only "read only" operations, + API calls, or is locked down to only "read only" (see 'Anonymous' + in the table below) operations, according to what socket a client connection originated on. </p> diff --git a/scripts/genaclperms.py b/scripts/genaclperms.py index e228b3ef60..43616dad04 100755 --- a/scripts/genaclperms.py +++ b/scripts/genaclperms.py @@ -96,6 +96,7 @@ for obj in sorted(perms.keys()): print(' <tr>') print(' <th>Permission</th>') print(' <th>Description</th>') + print(' <th>Anonymous</th>') print(' </tr>') print(' </thead>') print(' <tbody>') @@ -103,6 +104,11 @@ for obj in sorted(perms.keys()): for perm in sorted(perms[obj].keys()): description = perms[obj][perm]["desc"] + if perms[obj][perm]["anonymous"]: + anonymous = 'yes' + else: + anonymous = '' + if description is None: raise Exception("missing description for %s.%s" % (obj, perm)) @@ -112,6 +118,7 @@ for obj in sorted(perms.keys()): print(' <tr>') print(' <td><a id="%s">%s</a></td>' % (plink, perm)) print(' <td>%s</td>' % description) + print(' <td>%s</td>' % anonymous) print(' </tr>') print(' </tbody>') -- 2.39.1
On Fri, Feb 17, 2023 at 04:33:12PM +0100, Peter Krempa wrote:
Certain APIs are allowed also without authentication but the ACL page didn't outline which. Generate a new column with the information.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- docs/acl.html.in | 3 ++- scripts/genaclperms.py | 7 +++++++ 2 files changed, 9 insertions(+), 1 deletion(-)
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
diff --git a/docs/acl.html.in b/docs/acl.html.in index 3d0f651864..268d3aebd3 100644 --- a/docs/acl.html.in +++ b/docs/acl.html.in @@ -20,7 +20,8 @@ state, where the only API operations allowed are those required to complete authentication. After successful authentication, a connection either has full, unrestricted access to all libvirt - API calls, or is locked down to only "read only" operations, + API calls, or is locked down to only "read only" (see 'Anonymous' + in the table below) operations, according to what socket a client connection originated on. </p>
diff --git a/scripts/genaclperms.py b/scripts/genaclperms.py index e228b3ef60..43616dad04 100755 --- a/scripts/genaclperms.py +++ b/scripts/genaclperms.py @@ -96,6 +96,7 @@ for obj in sorted(perms.keys()): print(' <tr>') print(' <th>Permission</th>') print(' <th>Description</th>') + print(' <th>Anonymous</th>') print(' </tr>') print(' </thead>') print(' <tbody>') @@ -103,6 +104,11 @@ for obj in sorted(perms.keys()): for perm in sorted(perms[obj].keys()): description = perms[obj][perm]["desc"]
+ if perms[obj][perm]["anonymous"]: + anonymous = 'yes' + else: + anonymous = '' + if description is None: raise Exception("missing description for %s.%s" % (obj, perm))
@@ -112,6 +118,7 @@ for obj in sorted(perms.keys()): print(' <tr>') print(' <td><a id="%s">%s</a></td>' % (plink, perm)) print(' <td>%s</td>' % description) + print(' <td>%s</td>' % anonymous) print(' </tr>')
print(' </tbody>') -- 2.39.1
With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
participants (2)
-
Daniel P. Berrangé -
Peter Krempa