diff options
Diffstat (limited to 'qapi/authz.json')
| -rw-r--r-- | qapi/authz.json | 61 |
1 files changed, 56 insertions, 5 deletions
diff --git a/qapi/authz.json b/qapi/authz.json index 42afe75..51845e3 100644 --- a/qapi/authz.json +++ b/qapi/authz.json @@ -50,12 +50,63 @@ '*format': 'QAuthZListFormat'}} ## -# @QAuthZListRuleListHack: +# @AuthZListProperties: # -# Not exposed via QMP; hack to generate QAuthZListRuleList -# for use internally by the code. +# Properties for authz-list objects. +# +# @policy: Default policy to apply when no rule matches (default: deny) +# +# @rules: Authorization rules based on matching user +# +# Since: 4.0 +## +{ 'struct': 'AuthZListProperties', + 'data': { '*policy': 'QAuthZListPolicy', + '*rules': ['QAuthZListRule'] } } + +## +# @AuthZListFileProperties: +# +# Properties for authz-listfile objects. +# +# @filename: File name to load the configuration from. The file must +# contain valid JSON for AuthZListProperties. +# +# @refresh: If true, inotify is used to monitor the file, automatically +# reloading changes. If an error occurs during reloading, all +# authorizations will fail until the file is next successfully +# loaded. (default: true if the binary was built with +# CONFIG_INOTIFY1, false otherwise) +# +# Since: 4.0 +## +{ 'struct': 'AuthZListFileProperties', + 'data': { 'filename': 'str', + '*refresh': 'bool' } } + +## +# @AuthZPAMProperties: +# +# Properties for authz-pam objects. +# +# @service: PAM service name to use for authorization +# +# Since: 4.0 +## +{ 'struct': 'AuthZPAMProperties', + 'data': { 'service': 'str' } } + +## +# @AuthZSimpleProperties: +# +# Properties for authz-simple objects. +# +# @identity: Identifies the allowed user. Its format depends on the network +# service that authorization object is associated with. For +# authorizing based on TLS x509 certificates, the identity must be +# the x509 distinguished name. # # Since: 4.0 ## -{ 'struct': 'QAuthZListRuleListHack', - 'data': { 'unused': ['QAuthZListRule'] } } +{ 'struct': 'AuthZSimpleProperties', + 'data': { 'identity': 'str' } } |