Daniel P. Berrangé <berrange@xxxxxxxxxx> wrote:
> From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
>
> As with the previous patch to qemu-nbd, the nbd-server-start QMP command
> also needs to be able to specify authorization when enabling TLS encryption.
>
> First the client must create a QAuthZ object instance using the
> 'object-add' command:
>
> {
> 'execute': 'object-add',
> 'arguments': {
> 'qom-type': 'authz-list',
> 'id': 'authz0',
> 'parameters': {
> 'policy': 'deny',
> 'rules': [
> {
> 'match': '*CN=fred',
> 'policy': 'allow'
> }
> ]
> }
> }
> }
>
> They can then reference this in the new 'tls-authz' parameter when
> executing the 'nbd-server-start' command:
>
> {
> 'execute': 'nbd-server-start',
> 'arguments': {
> 'addr': {
> 'type': 'inet',
> 'host': '127.0.0.1',
> 'port': '9000'
> },
> 'tls-creds': 'tls0',
> 'tls-authz': 'authz0'
> }
> }
>
> Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
similar to previous patch in series.
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
