qemu/qapi/authz.json
<<
>>
Prefs 
   1# -*- Mode: Python -*-
   2# vim: filetype=python
   3
   4##
   5# = User authorization
   6##
   7
   8##
   9# @QAuthZListPolicy:
  10#
  11# The authorization policy result
  12#
  13# @deny: deny access
  14# @allow: allow access
  15#
  16# Since: 4.0
  17##
  18{ 'enum': 'QAuthZListPolicy',
  19  'prefix': 'QAUTHZ_LIST_POLICY',
  20  'data': ['deny', 'allow']}
  21
  22##
  23# @QAuthZListFormat:
  24#
  25# The authorization policy match format
  26#
  27# @exact: an exact string match
  28# @glob: string with ? and * shell wildcard support
  29#
  30# Since: 4.0
  31##
  32{ 'enum': 'QAuthZListFormat',
  33  'prefix': 'QAUTHZ_LIST_FORMAT',
  34  'data': ['exact', 'glob']}
  35
  36##
  37# @QAuthZListRule:
  38#
  39# A single authorization rule.
  40#
  41# @match: a string or glob to match against a user identity
  42# @policy: the result to return if @match evaluates to true
  43# @format: the format of the @match rule (default 'exact')
  44#
  45# Since: 4.0
  46##
  47{ 'struct': 'QAuthZListRule',
  48  'data': {'match': 'str',
  49           'policy': 'QAuthZListPolicy',
  50           '*format': 'QAuthZListFormat'}}
  51
  52##
  53# @AuthZListProperties:
  54#
  55# Properties for authz-list objects.
  56#
  57# @policy: Default policy to apply when no rule matches (default: deny)
  58#
  59# @rules: Authorization rules based on matching user
  60#
  61# Since: 4.0
  62##
  63{ 'struct': 'AuthZListProperties',
  64  'data': { '*policy': 'QAuthZListPolicy',
  65            '*rules': ['QAuthZListRule'] } }
  66
  67##
  68# @AuthZListFileProperties:
  69#
  70# Properties for authz-listfile objects.
  71#
  72# @filename: File name to load the configuration from. The file must
  73#            contain valid JSON for AuthZListProperties.
  74#
  75# @refresh: If true, inotify is used to monitor the file, automatically
  76#           reloading changes. If an error occurs during reloading, all
  77#           authorizations will fail until the file is next successfully
  78#           loaded. (default: true if the binary was built with
  79#           CONFIG_INOTIFY1, false otherwise)
  80#
  81# Since: 4.0
  82##
  83{ 'struct': 'AuthZListFileProperties',
  84  'data': { 'filename': 'str',
  85            '*refresh': 'bool' } }
  86
  87##
  88# @AuthZPAMProperties:
  89#
  90# Properties for authz-pam objects.
  91#
  92# @service: PAM service name to use for authorization
  93#
  94# Since: 4.0
  95##
  96{ 'struct': 'AuthZPAMProperties',
  97  'data': { 'service': 'str' } }
  98
  99##
 100# @AuthZSimpleProperties:
 101#
 102# Properties for authz-simple objects.
 103#
 104# @identity: Identifies the allowed user. Its format depends on the network
 105#            service that authorization object is associated with. For
 106#            authorizing based on TLS x509 certificates, the identity must be
 107#            the x509 distinguished name.
 108#
 109# Since: 4.0
 110##
 111{ 'struct': 'AuthZSimpleProperties',
 112  'data': { 'identity': 'str' } }
 113
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.