diff options
author | Daniel P. Berrangé <berrange@redhat.com> | 2018-05-02 15:40:33 +0100 |
---|---|---|
committer | Daniel P. Berrangé <berrange@redhat.com> | 2019-02-26 15:25:58 +0000 |
commit | fb5c4ebc0872e5f41634aec2f5a2cb5d83aefcd0 (patch) | |
tree | f5d26fc069216b70f6e756ce317ab1e4e2219e54 /authz/trace-events | |
parent | 5b76dd132c5346f335a85161dddaae022b47ccf9 (diff) |
authz: add QAuthZSimple object type for easy whitelist auth checks
In many cases a single VM will just need to whitelist a single identity
as the allowed user of network services. This is especially the case for
TLS live migration (optionally with NBD storage) where we just need to
whitelist the x509 certificate distinguished name of the source QEMU
host.
Via QMP this can be configured with:
{
"execute": "object-add",
"arguments": {
"qom-type": "authz-simple",
"id": "authz0",
"props": {
"identity": "fred"
}
}
}
Or via the command line
-object authz-simple,id=authz0,identity=fred
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Diffstat (limited to 'authz/trace-events')
-rw-r--r-- | authz/trace-events | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/authz/trace-events b/authz/trace-events index 481c90f511..1ef796c1e1 100644 --- a/authz/trace-events +++ b/authz/trace-events @@ -2,3 +2,6 @@ # authz/base.c qauthz_is_allowed(void *authz, const char *identity, bool allowed) "AuthZ %p check identity=%s allowed=%d" + +# auth/simple.c +qauthz_simple_is_allowed(void *authz, const char *wantidentity, const char *gotidentity) "AuthZ simple %p check want identity=%s got identity=%s" |