root/include/pcmki/pcmki_acl.h

/* [previous][next][first][last][top][bottom][index][help] */

INCLUDED FROM

   1 /*
   2  * Copyright 2004-2021 the Pacemaker project contributors
   3  *
   4  * The version control history for this file may have further details.
   5  *
   6  * This source code is licensed under the GNU Lesser General Public License
   7  * version 2.1 or later (LGPLv2.1+) WITHOUT ANY WARRANTY.
   8  */
   9 #ifndef PCMK__PCMKI_PCMKI_ACL__H
  10 #define PCMK__PCMKI_PCMKI_ACL__H
  11 
  12 #include <crm/common/xml.h>
  13 
  14 enum pcmk__acl_cred_type {
  15     pcmk__acl_cred_unset = 0,
  16     pcmk__acl_cred_user,
  17     /* XXX no proper support for groups yet */
  18 };
  19 
  20 enum pcmk__acl_render_how {
  21     pcmk__acl_render_namespace = 1,
  22     pcmk__acl_render_text,
  23     pcmk__acl_render_color,
  24 };
  25 
  26 /*
  27  * Version compatibility tracking incl. open-ended intervals for occasional
  28  * bumps (to avoid hard to follow open-coding throughout).  Grouped by context.
  29  */
  30 
  31 /* Schema version vs. evaluate-as-namespace-annotations-per-credentials */
  32 
  33 #define PCMK__COMPAT_ACL_2_MIN_INCL "pacemaker-2.0"
  34 
  35 /*!
  36  * \brief Mark CIB with namespace-encoded result of ACLs eval'd per credential
  37  *
  38  * \param[in] cred_type        credential type that \p cred represents
  39  * \param[in] cred             credential whose ACL perspective to switch to
  40  * \param[in] cib_doc          XML document representing CIB
  41  * \param[out] acl_evaled_doc  XML document representing CIB, with said
  42  *                             namespace-based annotations throughout
  43  *
  44  * \return  A standard Pacemaker return code
  45  *          Namely:
  46  *          - pcmk_rc_ok upon success,
  47  *          - pcmk_rc_already if ACLs were not applicable,
  48  *          - pcmk_rc_schema_validation if the validation schema version
  49  *              is unsupported (see note), or
  50  *          - EINVAL or ENOMEM as appropriate;
  51  *
  52  * \note Only supported schemas are those following acls-2.0.rng, that is,
  53  *       those validated with pacemaker-2.0.rng and newer.
  54  */
  55 int pcmk__acl_annotate_permissions(const char *cred, xmlDoc *cib_doc,
  56                                   xmlDoc **acl_evaled_doc);
  57 
  58 /*!
  59  * \internal
  60  * \brief Serialize-render already pcmk__acl_annotate_permissions annotated XML
  61  *
  62  * \param[in] annotated_doc pcmk__acl_annotate_permissions annotated XML
  63  * \param[in] how           render kind, see #pcmk__acl_render_how enumeration
  64  * \param[out] doc_txt_ptr  where to put the final outcome string
  65  * \return A standard Pacemaker return code
  66  *
  67  * \note Currently, the function did not receive enough of testing regarding
  68  *       leak of resources, hence it is not recommended for anything other
  69  *       than short-lived processes at this time.
  70  */
  71 int pcmk__acl_evaled_render(xmlDoc *annotated_doc, enum pcmk__acl_render_how,
  72                             xmlChar **doc_txt_ptr);
  73 
  74 #endif
/* [previous][next][first][last][top][bottom][index][help] */