docs: ACL: Show which permissions are allowed for unauthenticated connections

Certain APIs are allowed also without authentication but the ACL page didn't outline which. Generate a new column with the information. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-17 16:31:20 +01:00 · 2023-02-17 16:31:20 +01:00 · ecca805336
parent 74bdc2abb9
commit ecca805336
2 changed files with 9 additions and 1 deletions
--- a/docs/acl.html.in
+++ b/docs/acl.html.in
@ -20,7 +20,8 @@
      state, where the only API operations allowed are those required
      to complete authentication. After successful authentication, a
      connection either has full, unrestricted access to all libvirt
-      API calls, or is locked down to only "read only" operations,
+      API calls, or is locked down to only "read only" (see 'Anonymous'
+      in the table below) operations,
      according to what socket a client connection originated on.
    </p>

--- a/scripts/genaclperms.py
+++ b/scripts/genaclperms.py
@ -96,6 +96,7 @@ for obj in sorted(perms.keys()):
    print('        <tr>')
    print('          <th>Permission</th>')
    print('          <th>Description</th>')
+    print('          <th>Anonymous</th>')
    print('        </tr>')
    print('      </thead>')
    print('      <tbody>')
@ -103,6 +104,11 @@ for obj in sorted(perms.keys()):
    for perm in sorted(perms[obj].keys()):
        description = perms[obj][perm]["desc"]

+        if perms[obj][perm]["anonymous"]:
+            anonymous = 'yes'
+        else:
+            anonymous = ''
+
        if description is None:
            raise Exception("missing description for %s.%s" % (obj, perm))

@ -112,6 +118,7 @@ for obj in sorted(perms.keys()):
        print('        <tr>')
        print('          <td><a id="%s">%s</a></td>' % (plink, perm))
        print('          <td>%s</td>' % description)
+        print('          <td>%s</td>' % anonymous)
        print('        </tr>')

    print('      </tbody>')