qapi/authz.json - third_party/qemu - Git at Google

 # -*- Mode: Python -*-
 # vim: filetype=python

 ##
 # = User authorization
 ##

 ##
 # @QAuthZListPolicy:
 #
 # The authorization policy result
 #
 # @deny: deny access
 # @allow: allow access
 #
 # Since: 4.0
 ##
 { 'enum': 'QAuthZListPolicy',
   'prefix': 'QAUTHZ_LIST_POLICY',
   'data': ['deny', 'allow']}

 ##
 # @QAuthZListFormat:
 #
 # The authorization policy match format
 #
 # @exact: an exact string match
 # @glob: string with ? and * shell wildcard support
 #
 # Since: 4.0
 ##
 { 'enum': 'QAuthZListFormat',
   'prefix': 'QAUTHZ_LIST_FORMAT',
   'data': ['exact', 'glob']}

 ##
 # @QAuthZListRule:
 #
 # A single authorization rule.
 #
 # @match: a string or glob to match against a user identity
 # @policy: the result to return if @match evaluates to true
 # @format: the format of the @match rule (default 'exact')
 #
 # Since: 4.0
 ##
 { 'struct': 'QAuthZListRule',
   'data': {'match': 'str',
            'policy': 'QAuthZListPolicy',
            '*format': 'QAuthZListFormat'}}

 ##
 # @AuthZListProperties:
 #
 # Properties for authz-list objects.
 #
 # @policy: Default policy to apply when no rule matches (default: deny)
 #
 # @rules: Authorization rules based on matching user
 #
 # Since: 4.0
 ##
 { 'struct': 'AuthZListProperties',
   'data': { '*policy': 'QAuthZListPolicy',
             '*rules': ['QAuthZListRule'] } }

 ##
 # @AuthZListFileProperties:
 #
 # Properties for authz-listfile objects.
 #
 # @filename: File name to load the configuration from. The file must
 #            contain valid JSON for AuthZListProperties.
 #
 # @refresh: If true, inotify is used to monitor the file, automatically
 #           reloading changes. If an error occurs during reloading, all
 #           authorizations will fail until the file is next successfully
 #           loaded. (default: true if the binary was built with
 #           CONFIG_INOTIFY1, false otherwise)
 #
 # Since: 4.0
 ##
 { 'struct': 'AuthZListFileProperties',
   'data': { 'filename': 'str',
             '*refresh': 'bool' } }

 ##
 # @AuthZPAMProperties:
 #
 # Properties for authz-pam objects.
 #
 # @service: PAM service name to use for authorization
 #
 # Since: 4.0
 ##
 { 'struct': 'AuthZPAMProperties',
   'data': { 'service': 'str' } }

 ##
 # @AuthZSimpleProperties:
 #
 # Properties for authz-simple objects.
 #
 # @identity: Identifies the allowed user. Its format depends on the network
 #            service that authorization object is associated with. For
 #            authorizing based on TLS x509 certificates, the identity must be
 #            the x509 distinguished name.
 #
 # Since: 4.0
 ##
 { 'struct': 'AuthZSimpleProperties',
   'data': { 'identity': 'str' } }
	# -- Mode: Python --
	# vim: filetype=python

	##
	# = User authorization
	##

	##
	# @QAuthZListPolicy:
	#
	# The authorization policy result
	#
	# @deny: deny access
	# @allow: allow access
	#
	# Since: 4.0
	##
	{ 'enum': 'QAuthZListPolicy',
	'prefix': 'QAUTHZ_LIST_POLICY',
	'data': ['deny', 'allow']}

	##
	# @QAuthZListFormat:
	#
	# The authorization policy match format
	#
	# @exact: an exact string match
	# @glob: string with ? and * shell wildcard support
	#
	# Since: 4.0
	##
	{ 'enum': 'QAuthZListFormat',
	'prefix': 'QAUTHZ_LIST_FORMAT',
	'data': ['exact', 'glob']}

	##
	# @QAuthZListRule:
	#
	# A single authorization rule.
	#
	# @match: a string or glob to match against a user identity
	# @policy: the result to return if @match evaluates to true
	# @format: the format of the @match rule (default 'exact')
	#
	# Since: 4.0
	##
	{ 'struct': 'QAuthZListRule',
	'data': {'match': 'str',
	'policy': 'QAuthZListPolicy',
	'*format': 'QAuthZListFormat'}}

	##
	# @AuthZListProperties:
	#
	# Properties for authz-list objects.
	#
	# @policy: Default policy to apply when no rule matches (default: deny)
	#
	# @rules: Authorization rules based on matching user
	#
	# Since: 4.0
	##
	{ 'struct': 'AuthZListProperties',
	'data': { '*policy': 'QAuthZListPolicy',
	'*rules': ['QAuthZListRule'] } }

	##
	# @AuthZListFileProperties:
	#
	# Properties for authz-listfile objects.
	#
	# @filename: File name to load the configuration from. The file must
	# contain valid JSON for AuthZListProperties.
	#
	# @refresh: If true, inotify is used to monitor the file, automatically
	# reloading changes. If an error occurs during reloading, all
	# authorizations will fail until the file is next successfully
	# loaded. (default: true if the binary was built with
	# CONFIG_INOTIFY1, false otherwise)
	#
	# Since: 4.0
	##
	{ 'struct': 'AuthZListFileProperties',
	'data': { 'filename': 'str',
	'*refresh': 'bool' } }

	##
	# @AuthZPAMProperties:
	#
	# Properties for authz-pam objects.
	#
	# @service: PAM service name to use for authorization
	#
	# Since: 4.0
	##
	{ 'struct': 'AuthZPAMProperties',
	'data': { 'service': 'str' } }

	##
	# @AuthZSimpleProperties:
	#
	# Properties for authz-simple objects.
	#
	# @identity: Identifies the allowed user. Its format depends on the network
	# service that authorization object is associated with. For
	# authorizing based on TLS x509 certificates, the identity must be
	# the x509 distinguished name.
	#
	# Since: 4.0
	##
	{ 'struct': 'AuthZSimpleProperties',
	'data': { 'identity': 'str' } }