aboutsummaryrefslogtreecommitdiff
path: root/authz/trace-events
diff options
context:
space:
mode:
authorDaniel P. Berrangé <berrange@redhat.com>2018-05-02 15:40:33 +0100
committerDaniel P. Berrangé <berrange@redhat.com>2019-02-26 15:25:58 +0000
commitfb5c4ebc0872e5f41634aec2f5a2cb5d83aefcd0 (patch)
treef5d26fc069216b70f6e756ce317ab1e4e2219e54 /authz/trace-events
parent5b76dd132c5346f335a85161dddaae022b47ccf9 (diff)
authz: add QAuthZSimple object type for easy whitelist auth checks
In many cases a single VM will just need to whitelist a single identity as the allowed user of network services. This is especially the case for TLS live migration (optionally with NBD storage) where we just need to whitelist the x509 certificate distinguished name of the source QEMU host. Via QMP this can be configured with: { "execute": "object-add", "arguments": { "qom-type": "authz-simple", "id": "authz0", "props": { "identity": "fred" } } } Or via the command line -object authz-simple,id=authz0,identity=fred Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Diffstat (limited to 'authz/trace-events')
-rw-r--r--authz/trace-events3
1 files changed, 3 insertions, 0 deletions
diff --git a/authz/trace-events b/authz/trace-events
index 481c90f511..1ef796c1e1 100644
--- a/authz/trace-events
+++ b/authz/trace-events
@@ -2,3 +2,6 @@
# authz/base.c
qauthz_is_allowed(void *authz, const char *identity, bool allowed) "AuthZ %p check identity=%s allowed=%d"
+
+# auth/simple.c
+qauthz_simple_is_allowed(void *authz, const char *wantidentity, const char *gotidentity) "AuthZ simple %p check want identity=%s got identity=%s"