summaryrefslogtreecommitdiffstats
path: root/include/pcmki/pcmki_acl.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/pcmki/pcmki_acl.h')
-rw-r--r--include/pcmki/pcmki_acl.h59
1 files changed, 59 insertions, 0 deletions
diff --git a/include/pcmki/pcmki_acl.h b/include/pcmki/pcmki_acl.h
new file mode 100644
index 0000000..890336e
--- /dev/null
+++ b/include/pcmki/pcmki_acl.h
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2004-2023 the Pacemaker project contributors
+ *
+ * The version control history for this file may have further details.
+ *
+ * This source code is licensed under the GNU Lesser General Public License
+ * version 2.1 or later (LGPLv2.1+) WITHOUT ANY WARRANTY.
+ */
+#ifndef PCMK__PCMKI_PCMKI_ACL__H
+#define PCMK__PCMKI_PCMKI_ACL__H
+
+#include <crm/common/xml.h>
+
+// How ACLs can be displayed (for cibadmin --show-access)
+enum pcmk__acl_render_how {
+ pcmk__acl_render_none = 0,
+ pcmk__acl_render_namespace,
+ pcmk__acl_render_text,
+ pcmk__acl_render_color,
+ pcmk__acl_render_default,
+};
+
+// Minimum CIB schema version that can be used to annotate and display ACLs
+#define PCMK__COMPAT_ACL_2_MIN_INCL "pacemaker-2.0"
+
+/*!
+ * \brief Annotate CIB with XML namespaces indicating ACL evaluation results
+ *
+ * \param[in] cred Credential whose ACL perspective to switch to
+ * \param[in] cib_doc CIB XML to annotate
+ * \param[out] acl_evaled_doc Where to store annotated CIB XML
+ *
+ * \return A standard Pacemaker return code (pcmk_rc_ok on success,
+ * pcmk_rc_already if ACLs were not applicable,
+ * pcmk_rc_schema_validation if the validation schema version
+ * is unsupported, or EINVAL or ENOMEM when appropriate.
+ * \note This supports CIBs validated with the pacemaker-2.0 schema or newer.
+ */
+int pcmk__acl_annotate_permissions(const char *cred, const xmlDoc *cib_doc,
+ xmlDoc **acl_evaled_doc);
+
+/*!
+ * \internal
+ * \brief Create a string representation of a CIB showing ACL evaluation results
+ *
+ * \param[in,out] annotated_doc XML annotated by pcmk__acl_annotate_permissions
+ * \param[in] how Desired rendering
+ * \param[out] doc_txt_ptr Where to put the final outcome string
+ *
+ * \return A standard Pacemaker return code
+ *
+ * \note This function will free \p annotated_doc, which should not be used
+ * after calling this function.
+ * \todo This function could use more extensive testing for resource leaks.
+ */
+int pcmk__acl_evaled_render(xmlDoc *annotated_doc, enum pcmk__acl_render_how,
+ xmlChar **doc_txt_ptr);
+
+#endif