qemu/tests
Daniel P. Berrange c8c99887d1 authz: add QAuthZList object type for an access control list
Add a QAuthZList object type that implements the QAuthZ interface. This
built-in implementation maintains a trivial access control list with a
sequence of match rules and a final default policy. This replicates the
functionality currently provided by the qemu_acl module.

To create an instance of this object via the QMP monitor, the syntax
used would be:

  {
    "execute": "object-add",
    "arguments": {
      "qom-type": "authz-list",
      "id": "authz0",
      "props": {
        "rules": [
           { "match": "fred", "policy": "allow", "format": "exact" },
           { "match": "bob", "policy": "allow", "format": "exact" },
           { "match": "danb", "policy": "deny", "format": "glob" },
           { "match": "dan*", "policy": "allow", "format": "exact" },
        ],
        "policy": "deny"
      }
    }
  }

This sets up an authorization rule that allows 'fred', 'bob' and anyone
whose name starts with 'dan', except for 'danb'. Everyone unmatched is
denied.

It is not currently possible to create this via -object, since there is
no syntax supported to specify non-scalar properties for objects. This
is likely to be addressed by later support for using JSON with -object,
or an equivalent approach.

In any case the future "authz-listfile" object can be used from the
CLI and is likely a better choice, as it allows the ACL to be refreshed
automatically on change.

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2019-02-26 15:32:18 +00:00
..
acceptance Acceptance tests: add Linux initrd checking test 2019-01-17 17:52:40 -02:00
data acpi: update expected files 2019-01-17 21:10:57 -05:00
decode scripts: Add decodetree.py 2018-02-22 15:44:07 -08:00
docker tests/docker: peg netmap code to a specific version 2019-02-22 09:32:32 +00:00
fp tests/fp/platform.h: include config-host.h 2019-01-22 20:48:15 +00:00
guest-debug tests/guest-debug: fix scoping of failcount 2018-11-13 10:47:59 +00:00
image-fuzzer python: futurize -f lib2to3.fixes.fix_renames 2018-06-08 14:39:24 -03:00
keys
libqos qemu/queue.h: simplify reverse access to QTAILQ 2019-01-11 15:46:55 +01:00
migration migration-test: Only generate a single target architecture 2018-10-11 19:58:26 +01:00
multiboot tests/multiboot: Add .gitignore 2018-03-21 15:13:40 +01:00
qapi-schema qapi: Clean up modular built-in code generation a bit 2019-02-18 14:44:04 +01:00
qemu-iotests dirty-bitmap: Expose persistent flag to 'query-block' 2019-02-19 17:49:43 -05:00
rocker
tcg tests/tcg: target/mips: Add wrappers for MSA integer compare instructions 2019-02-21 19:36:47 +01:00
vm tests/vm: Be verbose while extracting compressed images 2019-02-11 12:47:08 +00:00
vmstate-static-checker-data
.gitignore tests/.gitignore: don't ignore docker tests 2018-07-24 11:45:25 +01:00
ac97-test.c
acpi-utils.c tests: acpi: reuse fetch_table() in vmgenid-test 2019-01-17 21:10:57 -05:00
acpi-utils.h tests: acpi: use AcpiSdtTable::aml instead of AcpiSdtTable::header::signature 2019-01-17 21:10:57 -05:00
ahci-test.c Testing patches for 2018-08-16 2018-08-16 09:50:54 +01:00
atomic64-bench.c tests: use g_usleep instead of rem = sleep(time) 2019-01-14 14:52:30 +00:00
atomic_add-bench.c tests: use g_usleep instead of rem = sleep(time) 2019-01-14 14:52:30 +00:00
benchmark-crypto-cipher.c crypto: expand algorithm coverage for cipher benchmark 2018-10-24 19:03:37 +01:00
benchmark-crypto-hash.c tests/crypto: Use the IEC binary prefix definitions 2018-07-02 15:41:17 +02:00
benchmark-crypto-hmac.c tests/crypto: Use the IEC binary prefix definitions 2018-07-02 15:41:17 +02:00
bios-tables-test.c tests: acpi: use AcpiSdtTable::aml instead of AcpiSdtTable::header::signature 2019-01-17 21:10:57 -05:00
boot-order-test.c tests/boot-order: Make test independent of global_qtest 2019-01-22 05:14:32 +01:00
boot-sector.c tests/boot-sector: Add magic bytes to s390x boot code header 2018-06-08 13:17:39 -04:00
boot-sector.h tests/boot-sector: Drop dependence on global_qtest 2018-02-14 11:43:41 +01:00
boot-serial-test.c tests: Exit boot-serial-test loop if child dies 2018-12-17 15:37:50 +01:00
cdrom-test.c tests/cdrom-test: only include isapc cdrom test when g_test_slow() 2019-02-22 09:32:32 +00:00
check-block-qdict.c tests: fix crumple/recursive leak 2018-08-15 08:12:19 +02:00
check-block.sh qemu-iotests: convert pwd and $(pwd) to $PWD 2018-11-19 10:08:19 -06:00
check-qdict.c tests: Restore check-qdict unit test 2018-10-10 08:00:00 +02:00
check-qjson.c json: Fix % handling when not interpolating 2019-01-24 15:20:59 +01:00
check-qlist.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
check-qlit.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
check-qnull.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
check-qnum.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
check-qobject.c qstring: Move qstring_from_substr()'s @end one to the right 2018-07-28 09:09:58 +02:00
check-qom-interface.c qom: make interface types abstract 2018-12-11 15:45:22 -02:00
check-qom-proplist.c tests/qom-proplist: check class properties iterator 2018-10-05 16:27:09 +04:00
check-qstring.c qstring: Move qstring_from_substr()'s @end one to the right 2018-07-28 09:09:58 +02:00
cpu-plug-test.c hw/i386: Remove deprecated machines pc-0.10 and pc-0.11 2018-12-20 11:19:12 -05:00
crypto-tls-psk-helpers.c crypto: Implement TLS Pre-Shared Keys (PSK). 2018-07-03 13:04:38 +01:00
crypto-tls-psk-helpers.h crypto: Implement TLS Pre-Shared Keys (PSK). 2018-07-03 13:04:38 +01:00
crypto-tls-x509-helpers.c tests: call qcrypto_init instead of gnutls_global_init 2018-07-24 17:33:39 +01:00
crypto-tls-x509-helpers.h crypto: require gnutls >= 3.1.18 for building QEMU 2018-10-19 12:26:57 +01:00
device-introspect-test.c tests/device-introspect: Test with all machines, not only with "none" 2018-08-23 18:46:25 +02:00
display-vga-test.c tests/display-vga: Enable virtio-vga test 2019-01-11 11:45:00 +01:00
drive_del-test.c tests: add qmp_assert_error_class() 2018-08-31 09:53:10 +02:00
ds1338-test.c libqos: Use explicit QTestState for i2c operations 2018-02-14 11:43:41 +01:00
e1000-test.c
e1000e-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
eepro100-test.c
endianness-test.c tests/endianesss: Make test independent of global_qtest 2019-01-22 05:14:32 +01:00
es1370-test.c
fdc-test.c libqtest: Remove qtest_qmp_discard_response() & friends 2018-08-16 08:42:06 +02:00
fw_cfg-test.c fw_cfg: import & use linux/qemu_fw_cfg.h 2018-08-23 18:46:25 +02:00
hd-geo-test.c block: Remove deprecated -drive geometry options 2018-08-15 12:50:39 +02:00
hexloader-test.c tests/hexloader-test: Don't pass -nographic to the QEMU under test 2019-01-22 06:26:32 +01:00
i440fx-test.c libqos: Track QTestState with QPCIBus 2018-02-14 11:43:02 +01:00
i82801b11-test.c
ide-test.c tests/ide: Free pcibus when finishing a test 2018-11-19 21:59:44 +01:00
intel-hda-test.c
io-channel-helpers.c Include qapi/error.h exactly where needed 2018-02-09 13:50:17 +01:00
io-channel-helpers.h
ioh3420-test.c
iothread.c
iothread.h
ipmi-bt-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
ipmi-kcs-test.c
ipoctal232-test.c
ivshmem-test.c chardev: forbid 'wait' option with client sockets 2019-02-12 17:35:56 +01:00
libqtest.c chardev: forbid 'wait' option with client sockets 2019-02-12 17:35:56 +01:00
libqtest.h tests/libqtest: Introduce qtest_init_with_serial() 2019-01-29 11:46:04 +00:00
m25p80-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
m48t59-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
machine-none-test.c tests/machine-none: Make test independent of global_qtest 2018-12-17 15:36:40 +01:00
Makefile.include authz: add QAuthZList object type for an access control list 2019-02-26 15:32:18 +00:00
megasas-test.c libqos: Use explicit QTestState for remaining libqos operations 2018-02-14 11:43:41 +01:00
microbit-test.c tests/microbit-test: Add tests for nRF51 NVMC 2019-02-01 15:32:17 +00:00
migration-test.c test: execute g_test_run when tests are skipped 2019-01-11 13:57:25 +01:00
ne2000-test.c
numa-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
nvme-test.c nvme: fix out-of-bounds access to the CMB 2018-11-22 16:43:52 +01:00
pca9552-test.c misc: add pca9552 LED blinker model 2018-06-08 13:15:32 +01:00
pcnet-test.c
pkix_asn1_tab.c
pnv-xscom-test.c tests/pnv-xscom: Make test independent of global_qtest 2019-01-22 05:14:32 +01:00
prom-env-test.c tests/prom-env: Make test independent of global_qtest 2018-12-17 15:36:40 +01:00
ptimer-test-stubs.c qemu-timer: introduce timer attributes 2018-10-19 13:44:03 +02:00
ptimer-test.c ptimer: Add TRIGGER_ONLY_ON_DECREMENT policy option 2018-07-09 14:51:34 +01:00
ptimer-test.h
pvpanic-test.c tests/pvpanic: Make the pvpanic test independent of global_qtest 2018-12-17 15:36:40 +01:00
pxe-test.c tests/pxe: Make test independent of global_qtest 2018-12-17 15:36:40 +01:00
q35-test.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
qemu-iotests-quick.sh
qht-bench.c tests: use g_usleep instead of rem = sleep(time) 2019-01-14 14:52:30 +00:00
qmp-cmd-test.c tests: add qmp/object-add-without-props test 2018-08-31 09:53:10 +02:00
qmp-test.c Revert "tests: Add parameter to qtest_init_without_qmp_handshake" 2018-12-12 10:28:27 +01:00
qom-test.c tests: Skip old versioned machine types in quick testing mode 2018-08-23 18:46:23 +02:00
rcutorture.c rcutorture: remove synchronize_rcu from readers 2018-03-12 16:12:47 +01:00
requirements.txt Acceptance tests: add make rule for running them 2018-10-30 21:13:54 -03:00
rtas-test.c libqos: Use explicit QTestState for remaining libqos operations 2018-02-14 11:43:41 +01:00
rtc-test.c
rtl8139-test.c libqos: Track QTestState with QPCIBus 2018-02-14 11:43:02 +01:00
sdhci-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
socket-helpers.c sockets: strengthen test suite IP protocol availability checks 2018-03-13 18:06:06 +00:00
socket-helpers.h sockets: strengthen test suite IP protocol availability checks 2018-03-13 18:06:06 +00:00
spapr-phb-test.c
tco-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
test-aio-multithread.c Include qapi/error.h exactly where needed 2018-02-09 13:50:17 +01:00
test-aio.c coroutine: add test-aio coroutine queue chaining test case 2018-03-27 13:05:28 +01:00
test-arm-mptimer.c tests/test-arm-mptimer: Don't leak string memory 2018-12-14 13:30:54 +00:00
test-authz-list.c authz: add QAuthZList object type for an access control list 2019-02-26 15:32:18 +00:00
test-authz-simple.c authz: add QAuthZSimple object type for easy whitelist auth checks 2019-02-26 15:25:58 +00:00
test-base64.c
test-bdrv-drain.c tests/test-bdrv-drain: use QEMU_IOVEC_INIT_BUF 2019-02-22 09:42:13 +00:00
test-bitcnt.c
test-bitops.c
test-block-backend.c block: test blk_aio_flush() with blk->root == NULL 2018-03-02 18:39:07 +01:00
test-block-iothread.c block: Fix hangs in synchronous APIs with iothreads 2019-02-01 13:46:44 +01:00
test-blockjob-txn.c tests/test-blockjob-txn: move .exit to .clean 2018-09-25 15:31:15 +02:00
test-blockjob.c test-blockjob: Acquire AioContext around job_cancel_sync() 2018-09-25 15:50:15 +02:00
test-bufferiszero.c
test-char.c char: allow specifying a GMainContext at opening time 2019-02-13 14:23:39 +01:00
test-clone-visitor.c Eliminate qapi/qmp/types.h 2018-02-09 13:52:15 +01:00
test-coroutine.c lockable: add QemuLockable 2018-02-08 09:22:03 +08:00
test-crypto-afsplit.c
test-crypto-block.c crypto: support multiple threads accessing one QCryptoBlock 2018-12-12 11:16:49 +00:00
test-crypto-cipher.c
test-crypto-hash.c
test-crypto-hmac.c
test-crypto-ivgen.c
test-crypto-pbkdf.c test: execute g_test_run when tests are skipped 2019-01-11 13:57:25 +01:00
test-crypto-secret.c
test-crypto-tlscredsx509.c crypto: require gnutls >= 3.1.18 for building QEMU 2018-10-19 12:26:57 +01:00
test-crypto-tlssession.c tests: fix TLS handshake failure with TLS 1.3 2018-07-24 17:36:12 +01:00
test-crypto-xts.c crypto: add testing for unaligned buffers with XTS cipher mode 2018-10-24 19:03:37 +01:00
test-cutils.c cutils: Fix qemu_strtosz() & friends to reject non-finite sizes 2018-12-13 19:10:06 +01:00
test-filter-mirror.c test-filter-mirror: pass UNIX domain socket through fd 2019-02-04 16:03:20 +00:00
test-filter-redirector.c chardev: forbid 'wait' option with client sockets 2019-02-12 17:35:56 +01:00
test-hbitmap.c Revert "hbitmap: Add @advance param to hbitmap_iter_next()" 2019-01-15 18:26:50 -05:00
test-hmp.c tests: Skip old versioned machine types in quick testing mode 2018-08-23 18:46:23 +02:00
test-image-locking.c tests: Add unit tests for image locking 2018-11-12 17:46:57 +01:00
test-int128.c
test-io-channel-buffer.c
test-io-channel-command.c
test-io-channel-file.c io: Fix QIOChannelFile when creating and opening read-write 2018-02-15 16:54:57 +00:00
test-io-channel-socket.c io: ensure UNIX client doesn't unlink server socket 2019-01-24 12:23:35 +00:00
test-io-channel-tls.c tests: use error_abort in places expecting errors 2018-07-24 17:35:57 +01:00
test-io-task.c qio: non-default context for threaded qtask 2018-03-06 10:19:05 +00:00
test-iov.c
test-keyval.c hw: Use IEC binary prefix definitions from "qemu/units.h" 2018-07-02 15:41:10 +02:00
test-logging.c
test-mul64.c
test-netfilter.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
test-opts-visitor.c
test-qapi-util.c Drop superfluous includes of qapi-types.h and test-qapi-types.h 2018-02-09 05:05:11 +01:00
test-qdev-global-props.c qdev: all globals are now user-provided 2019-01-07 16:18:42 +04:00
test-qdist.c
test-qemu-opts.c hw: Use IEC binary prefix definitions from "qemu/units.h" 2018-07-02 15:41:10 +02:00
test-qga.c tests: add qmp_assert_error_class() 2018-08-31 09:53:10 +02:00
test-qht-par.c
test-qht.c qht: drop ht argument from qht iterators 2018-09-26 08:55:54 -07:00
test-qmp-cmds.c tests: add oob functional test for test-qmp-cmds 2018-12-12 10:28:27 +01:00
test-qmp-event.c qapi: Generate QAPIEvent stuff into separate files 2019-02-18 14:44:04 +01:00
test-qobject-input-visitor.c build-sys: move qmp-introspect per target 2019-02-18 14:44:04 +01:00
test-qobject-output-visitor.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
test-rcu-list.c qemu/queue.h: leave head structs anonymous unless necessary 2019-01-11 15:46:55 +01:00
test-rcu-simpleq.c tests: add test-list-simpleq 2018-08-23 18:46:25 +02:00
test-rcu-tailq.c tests: add test-rcu-tailq 2018-08-23 18:46:25 +02:00
test-replication.c test-replication: Lock AioContext around blk_unref() 2018-10-01 19:13:55 +02:00
test-shift128.c
test-string-input-visitor.c test-string-input-visitor: Add range overflow tests 2018-12-13 19:10:06 +01:00
test-string-output-visitor.c tests/qapi: use ARRAY_SIZE macro 2018-02-10 10:45:14 +03:00
test-thread-pool.c Remove unnecessary variables for function return value 2018-05-20 08:48:13 +03:00
test-throttle.c
test-timed-average.c
test-util-filemonitor.c util: add helper APIs for dealing with inotify in portable manner 2019-02-26 15:25:58 +00:00
test-util-sockets.c monitor: Fix unsafe sharing of @cur_mon among threads 2018-07-23 14:00:03 +02:00
test-uuid.c
test-visitor-serialization.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
test-vmstate.c tests: add /vmstate/simple/array 2019-01-23 15:51:47 +00:00
test-write-threshold.c
test-x86-cpuid-compat.c build-sys: remove glib_subprocess check 2018-08-23 18:46:25 +02:00
test-x86-cpuid.c
test-xbzrle.c
tmp105-test.c misc: add pca9552 LED blinker model 2018-06-08 13:15:32 +01:00
tpci200-test.c
tpm-crb-swtpm-test.c test: Pass TPM interface model to functions creating command line 2018-06-06 15:44:07 -04:00
tpm-crb-test.c tests: Fix signalling race condition in TPM tests 2018-09-07 16:37:47 -04:00
tpm-emu.c tests: Fix signalling race condition in TPM tests 2018-09-07 16:37:47 -04:00
tpm-emu.h tests: Fix signalling race condition in TPM tests 2018-09-07 16:37:47 -04:00
tpm-tests.c tests: tpm: Use g_test_message rather than fprintf 2018-11-14 16:12:24 -05:00
tpm-tests.h test: Pass TPM interface model to functions creating command line 2018-06-06 15:44:07 -04:00
tpm-tis-swtpm-test.c test: Add swtpm migration test for the TPM TIS interface 2018-06-06 15:44:12 -04:00
tpm-tis-test.c tests: Fix signalling race condition in TPM tests 2018-09-07 16:37:47 -04:00
tpm-util.c tests/tpm: Display if swtpm is not found or --tpm2 not supported 2018-10-30 13:53:15 -04:00
tpm-util.h Clean up includes 2018-12-20 10:29:08 +01:00
usb-hcd-ehci-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
usb-hcd-ohci-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
usb-hcd-uhci-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
usb-hcd-xhci-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
vhost-user-bridge.c Clean up includes 2018-12-20 10:29:08 +01:00
vhost-user-test.c char: allow specifying a GMainContext at opening time 2019-02-13 14:23:39 +01:00
virtio-9p-test.c libqos: Use explicit QTestState for remaining libqos operations 2018-02-14 11:43:41 +01:00
virtio-balloon-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
virtio-blk-test.c tests/virtio-blk: add test for DISCARD command 2019-02-22 09:42:17 +00:00
virtio-ccw-test.c tests: virtio: separate ccw tests from libqos 2018-08-23 13:32:50 +02:00
virtio-console-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
virtio-net-test.c virtio-net-test: add large tx buffer test 2018-12-04 11:06:15 +00:00
virtio-rng-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
virtio-scsi-test.c tests: Clean up string interpolation around qtest_qmp_device_add() 2018-08-16 08:42:06 +02:00
virtio-serial-test.c libqtest: Replace qtest_startf() by qtest_initf() 2018-08-16 08:42:06 +02:00
vmgenid-test.c uuid: Make qemu_uuid_bswap() take and return a QemuUUID 2019-02-01 13:46:45 +01:00
vmxnet3-test.c
wdt_ib700-test.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00