On Thu, Jun 21, 2018 at 06:36:19PM +0200, Markus Armbruster wrote: > Daniel P. Berrangé <berra...@redhat.com> writes: > > > On Thu, Jun 21, 2018 at 10:28:23AM -0500, Eric Blake wrote: > >> On 06/15/2018 10:42 AM, Daniel P. Berrangé wrote: > >> > From: "Daniel P. Berrange" <berra...@redhat.com> > >> > > >> > Add a QAuthZList object type that implements the QAuthZ interface. This > >> > built-in implementation maintains a trivial access control list with a > >> > sequence of match rules and a final default policy. This replicates the > >> > functionality currently provided by the qemu_acl module. > >> > > >> > >> > > >> > It is not currently possible to create this via -object, since there is > >> > no syntax supported to specify non-scalar properties for objects. This > >> > is likely to be addressed by later support for using JSON with -object, > >> > or an equivalent approach. > >> > >> Is this statement slightly stale, since we have JSON support with --object > >> already? > > > > That's news to me if we do. Markus did a PoC but AFAIK it was never > > proposed for merge so far. > > Correct. Can finish the job if there's a need. > > [...]
I'm not hugely bothered by it - this QAuthZList impl serves two core purposes - a replacement for the HMP monitor commands I deprecated, an an engine for the QAuthZListFile which stores QAuthZList objects in external json files. The latter is what I think we'll use in practice, as it lets us auto-refresh on the fly via inotify which is much more convenient than having libvirt do object_add/object_del. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
