render / rpms / libvirt

Forked from rpms/libvirt 11 months ago
Clone
edecca
From 075028e74f4d11c8b0d3bb3e857e4811b148a4e1 Mon Sep 17 00:00:00 2001
edecca
Message-Id: <075028e74f4d11c8b0d3bb3e857e4811b148a4e1@dist-git>
edecca
From: John Ferlan <jferlan@redhat.com>
edecca
Date: Mon, 5 Nov 2018 07:48:38 -0500
edecca
Subject: [PATCH] docs: Enhance polkit documentation to describe secondary
edecca
 connection
edecca
edecca
https://bugzilla.redhat.com/show_bug.cgi?id=1631608 (RHEL 8.0)
edecca
https://bugzilla.redhat.com/show_bug.cgi?id=1631606 (RHEL 7.7)
edecca
edecca
Since commit 8259255 usage of a primary connection driver for
edecca
a virConnect has been modified to open (virConnectOpen) and use
edecca
a connection to the specific driver in order to handle the API
edecca
calls to/for that driver. This causes some confusion and issues
edecca
for ACL polkit rule scripts to know exactly which driver by
edecca
name will be used.
edecca
edecca
Add some documentation describing the processing of the primary
edecca
and secondary connection as well as the list of the connect_driver
edecca
names used for each driver.
edecca
edecca
Signed-off-by: John Ferlan <jferlan@redhat.com>
edecca
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
edecca
(cherry picked from commit 4f1107614dc1384c4aa7a5582a16aecba8b9310f)
edecca
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
edecca
---
edecca
 docs/aclpolkit.html.in | 117 +++++++++++++++++++++++++++++++++++++++++
edecca
 docs/libvirt.css       |   1 +
edecca
 2 files changed, 118 insertions(+)
edecca
edecca
diff --git a/docs/aclpolkit.html.in b/docs/aclpolkit.html.in
edecca
index ee00b98461..ac54f125da 100644
edecca
--- a/docs/aclpolkit.html.in
edecca
+++ b/docs/aclpolkit.html.in
edecca
@@ -287,6 +287,123 @@
edecca
       
edecca
     
edecca
 
edecca
+    

Hypervisor Driver connect_driver

edecca
+    

edecca
+      The connect_driver parameter describes the
edecca
+      client's remote Connection Driver
edecca
+      name based on the URI used for the
edecca
+      connection.
edecca
+    

edecca
+    

edecca
+      Since 4.1.0, when calling an API
edecca
+      outside the scope of the primary connection driver, the
edecca
+      primary driver will attempt to open a secondary connection
edecca
+      to the specific API driver in order to process the API. For
edecca
+      example, when hypervisor domain processing needs to make an
edecca
+      API call within the storage driver or the network filter driver
edecca
+      an attempt to open a connection to the "storage" or "nwfilter"
edecca
+      driver will be made. Similarly, a "storage" primary connection
edecca
+      may need to create a connection to the "secret" driver in order
edecca
+      to process secrets for the API. If successful, then calls to
edecca
+      those API's will occur in the connect_driver context
edecca
+      of the secondary connection driver rather than in the context of
edecca
+      the primary driver. This affects the connect_driver
edecca
+      returned from rule generation from the action.loookup
edecca
+      function. The following table provides a list of the various
edecca
+      connection drivers and the connect_driver name
edecca
+      used by each regardless of primary or secondary connection.
edecca
+      The access denied error message from libvirt will list the
edecca
+      connection driver by name that denied the access.
edecca
+    

edecca
+
edecca
+    

Connection Driver Name

edecca
+    
edecca
+      
edecca
+        
edecca
+          Connection Driver
edecca
+          connect_driver name
edecca
+        
edecca
+      
edecca
+      
edecca
+        
edecca
+          bhyve
edecca
+          bhyve
edecca
+        
edecca
+        
edecca
+          esx
edecca
+          ESX
edecca
+        
edecca
+        
edecca
+          hyperv
edecca
+          Hyper-V
edecca
+        
edecca
+        
edecca
+          interface
edecca
+          interface
edecca
+        
edecca
+        
edecca
+          libxl
edecca
+          xenlight
edecca
+        
edecca
+        
edecca
+          lxc
edecca
+          LXC
edecca
+        
edecca
+        
edecca
+          network
edecca
+          network
edecca
+        
edecca
+        
edecca
+          nodedev
edecca
+          nodedev
edecca
+        
edecca
+        
edecca
+          nwfilter
edecca
+          NWFilter
edecca
+        
edecca
+        
edecca
+          openvz
edecca
+          OPENVZ
edecca
+        
edecca
+        
edecca
+          phyp
edecca
+          PHYP
edecca
+        
edecca
+        
edecca
+          qemu
edecca
+          QEMU
edecca
+        
edecca
+        
edecca
+          secret
edecca
+          secret
edecca
+        
edecca
+        
edecca
+          storage
edecca
+          storage
edecca
+        
edecca
+        
edecca
+          uml
edecca
+          UML
edecca
+        
edecca
+        
edecca
+          vbox
edecca
+          VBOX
edecca
+        
edecca
+        
edecca
+          vmware
edecca
+          VMWARE
edecca
+        
edecca
+        
edecca
+          vz
edecca
+          vz
edecca
+        
edecca
+        
edecca
+          xenapi
edecca
+          XenAPI
edecca
+        
edecca
+      
edecca
+    
edecca
+
edecca
 
edecca
     

User identity attributes

edecca
 
edecca
diff --git a/docs/libvirt.css b/docs/libvirt.css
edecca
index b2ed33926a..e590b33cfb 100644
edecca
--- a/docs/libvirt.css
edecca
+++ b/docs/libvirt.css
edecca
@@ -393,6 +393,7 @@ table.acl {
edecca
 
edecca
 table.acl tr, table.acl td {
edecca
     padding: 0.3em;
edecca
+    border: 1px solid #ccc;
edecca
 }
edecca
 
edecca
 table.acl thead {
edecca
-- 
edecca
2.19.1
edecca