search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: 5b76dd1) | patch
authz: add QAuthZSimple object type for easy whitelist auth checks
commitfb5c4ebc0872e5f41634aec2f5a2cb5d83aefcd0
authorDaniel P. Berrangé <berrange@redhat.com>
Wed, 2 May 2018 14:40:33 +0000 (2 15:40 +0100)
committerDaniel P. Berrangé <berrange@redhat.com>
Tue, 26 Feb 2019 15:25:58 +0000 (26 15:25 +0000)
treef5d26fc069216b70f6e756ce317ab1e4e2219e54tree | snapshot (tar.gz zip)
parent5b76dd132c5346f335a85161dddaae022b47ccf9commit | diff
authz: add QAuthZSimple object type for easy whitelist auth checks

In many cases a single VM will just need to whitelist a single identity
as the allowed user of network services. This is especially the case for
TLS live migration (optionally with NBD storage) where we just need to
whitelist the x509 certificate distinguished name of the source QEMU
host.

Via QMP this can be configured with:

  {
    "execute": "object-add",
    "arguments": {
      "qom-type": "authz-simple",
      "id": "authz0",
      "props": {
        "identity": "fred"
      }
    }
  }

Or via the command line

  -object authz-simple,id=authz0,identity=fred

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
authz/Makefile.objs diff | blob | blame | history
authz/simple.c [new file with mode: 0644] blob
authz/trace-events diff | blob | blame | history
include/authz/simple.h [new file with mode: 0644] blob
qemu-options.hx diff | blob | blame | history
tests/Makefile.include diff | blob | blame | history
tests/test-authz-simple.c [new file with mode: 0644] blob
AR7 emulation for QEMU