qapi/authz.json - qemu - Git at Google

 # -*- Mode: Python -*-
 # vim: filetype=python

 ##
 # = User authorization
 ##

 ##
 # @QAuthZListPolicy:
 #
 # The authorization policy result
 #
 # @deny: deny access
 #
 # @allow: allow access
 #
 # Since: 4.0
 ##
 { 'enum': 'QAuthZListPolicy',
   'prefix': 'QAUTHZ_LIST_POLICY',
   'data': ['deny', 'allow']}

 ##
 # @QAuthZListFormat:
 #
 # The authorization policy match format
 #
 # @exact: an exact string match
 #
 # @glob: string with ? and * shell wildcard support
 #
 # Since: 4.0
 ##
 { 'enum': 'QAuthZListFormat',
   'prefix': 'QAUTHZ_LIST_FORMAT',
   'data': ['exact', 'glob']}

 ##
 # @QAuthZListRule:
 #
 # A single authorization rule.
 #
 # @match: a string or glob to match against a user identity
 #
 # @policy: the result to return if @match evaluates to true
 #
 # @format: the format of the @match rule (default 'exact')
 #
 # Since: 4.0
 ##
 { 'struct': 'QAuthZListRule',
   'data': {'match': 'str',
            'policy': 'QAuthZListPolicy',
            '*format': 'QAuthZListFormat'}}

 ##
 # @AuthZListProperties:
 #
 # Properties for authz-list objects.
 #
 # @policy: Default policy to apply when no rule matches (default:
 #     deny)
 #
 # @rules: Authorization rules based on matching user
 #
 # Since: 4.0
 ##
 { 'struct': 'AuthZListProperties',
   'data': { '*policy': 'QAuthZListPolicy',
             '*rules': ['QAuthZListRule'] } }

 ##
 # @AuthZListFileProperties:
 #
 # Properties for authz-listfile objects.
 #
 # @filename: File name to load the configuration from.  The file must
 #     contain valid JSON for AuthZListProperties.
 #
 # @refresh: If true, inotify is used to monitor the file,
 #     automatically reloading changes.  If an error occurs during
 #     reloading, all authorizations will fail until the file is next
 #     successfully loaded.  (default: true if the binary was built
 #     with CONFIG_INOTIFY1, false otherwise)
 #
 # Since: 4.0
 ##
 { 'struct': 'AuthZListFileProperties',
   'data': { 'filename': 'str',
             '*refresh': 'bool' } }

 ##
 # @AuthZPAMProperties:
 #
 # Properties for authz-pam objects.
 #
 # @service: PAM service name to use for authorization
 #
 # Since: 4.0
 ##
 { 'struct': 'AuthZPAMProperties',
   'data': { 'service': 'str' } }

 ##
 # @AuthZSimpleProperties:
 #
 # Properties for authz-simple objects.
 #
 # @identity: Identifies the allowed user.  Its format depends on the
 #     network service that authorization object is associated with.
 #     For authorizing based on TLS x509 certificates, the identity
 #     must be the x509 distinguished name.
 #
 # Since: 4.0
 ##
 { 'struct': 'AuthZSimpleProperties',
   'data': { 'identity': 'str' } }
	# -- Mode: Python --
	# vim: filetype=python

	##
	# = User authorization
	##

	##
	# @QAuthZListPolicy:
	#
	# The authorization policy result
	#
	# @deny: deny access
	#
	# @allow: allow access
	#
	# Since: 4.0
	##
	{ 'enum': 'QAuthZListPolicy',
	'prefix': 'QAUTHZ_LIST_POLICY',
	'data': ['deny', 'allow']}

	##
	# @QAuthZListFormat:
	#
	# The authorization policy match format
	#
	# @exact: an exact string match
	#
	# @glob: string with ? and * shell wildcard support
	#
	# Since: 4.0
	##
	{ 'enum': 'QAuthZListFormat',
	'prefix': 'QAUTHZ_LIST_FORMAT',
	'data': ['exact', 'glob']}

	##
	# @QAuthZListRule:
	#
	# A single authorization rule.
	#
	# @match: a string or glob to match against a user identity
	#
	# @policy: the result to return if @match evaluates to true
	#
	# @format: the format of the @match rule (default 'exact')
	#
	# Since: 4.0
	##
	{ 'struct': 'QAuthZListRule',
	'data': {'match': 'str',
	'policy': 'QAuthZListPolicy',
	'*format': 'QAuthZListFormat'}}

	##
	# @AuthZListProperties:
	#
	# Properties for authz-list objects.
	#
	# @policy: Default policy to apply when no rule matches (default:
	# deny)
	#
	# @rules: Authorization rules based on matching user
	#
	# Since: 4.0
	##
	{ 'struct': 'AuthZListProperties',
	'data': { '*policy': 'QAuthZListPolicy',
	'*rules': ['QAuthZListRule'] } }

	##
	# @AuthZListFileProperties:
	#
	# Properties for authz-listfile objects.
	#
	# @filename: File name to load the configuration from. The file must
	# contain valid JSON for AuthZListProperties.
	#
	# @refresh: If true, inotify is used to monitor the file,
	# automatically reloading changes. If an error occurs during
	# reloading, all authorizations will fail until the file is next
	# successfully loaded. (default: true if the binary was built
	# with CONFIG_INOTIFY1, false otherwise)
	#
	# Since: 4.0
	##
	{ 'struct': 'AuthZListFileProperties',
	'data': { 'filename': 'str',
	'*refresh': 'bool' } }

	##
	# @AuthZPAMProperties:
	#
	# Properties for authz-pam objects.
	#
	# @service: PAM service name to use for authorization
	#
	# Since: 4.0
	##
	{ 'struct': 'AuthZPAMProperties',
	'data': { 'service': 'str' } }

	##
	# @AuthZSimpleProperties:
	#
	# Properties for authz-simple objects.
	#
	# @identity: Identifies the allowed user. Its format depends on the
	# network service that authorization object is associated with.
	# For authorizing based on TLS x509 certificates, the identity
	# must be the x509 distinguished name.
	#
	# Since: 4.0
	##
	{ 'struct': 'AuthZSimpleProperties',
	'data': { 'identity': 'str' } }