]>
Commit | Line | Data |
---|---|---|
c8c99887 | 1 | # -*- Mode: Python -*- |
f7160f32 | 2 | # vim: filetype=python |
c8c99887 DB |
3 | # |
4 | # QAPI authz definitions | |
5 | ||
6 | ## | |
7 | # @QAuthZListPolicy: | |
8 | # | |
9 | # The authorization policy result | |
10 | # | |
11 | # @deny: deny access | |
12 | # @allow: allow access | |
13 | # | |
14 | # Since: 4.0 | |
15 | ## | |
16 | { 'enum': 'QAuthZListPolicy', | |
17 | 'prefix': 'QAUTHZ_LIST_POLICY', | |
18 | 'data': ['deny', 'allow']} | |
19 | ||
20 | ## | |
21 | # @QAuthZListFormat: | |
22 | # | |
23 | # The authorization policy match format | |
24 | # | |
25 | # @exact: an exact string match | |
26 | # @glob: string with ? and * shell wildcard support | |
27 | # | |
28 | # Since: 4.0 | |
29 | ## | |
30 | { 'enum': 'QAuthZListFormat', | |
31 | 'prefix': 'QAUTHZ_LIST_FORMAT', | |
32 | 'data': ['exact', 'glob']} | |
33 | ||
34 | ## | |
35 | # @QAuthZListRule: | |
36 | # | |
37 | # A single authorization rule. | |
38 | # | |
39 | # @match: a string or glob to match against a user identity | |
40 | # @policy: the result to return if @match evaluates to true | |
41 | # @format: the format of the @match rule (default 'exact') | |
42 | # | |
43 | # Since: 4.0 | |
44 | ## | |
45 | { 'struct': 'QAuthZListRule', | |
46 | 'data': {'match': 'str', | |
47 | 'policy': 'QAuthZListPolicy', | |
48 | '*format': 'QAuthZListFormat'}} | |
49 | ||
50 | ## | |
51 | # @QAuthZListRuleListHack: | |
52 | # | |
53 | # Not exposed via QMP; hack to generate QAuthZListRuleList | |
54 | # for use internally by the code. | |
55 | # | |
56 | # Since: 4.0 | |
57 | ## | |
58 | { 'struct': 'QAuthZListRuleListHack', | |
59 | 'data': { 'unused': ['QAuthZListRule'] } } |