doc: fix formating of policy-related documentation
Fix Sphinx warnings and errors in both doc/ and docstrings.
This commit is contained in:
Marek Marczykowski-Górecki
parent
e8e30c8bdf
commit
e7f717ec3d
@ -11,13 +11,14 @@ Policy consists of a file, which is parsed line-by-line. First matching line
|
|||||||
is used as an action.
|
is used as an action.
|
||||||
|
|
||||||
Each line consist of three values separated by white characters (space(s), tab(s)):
|
Each line consist of three values separated by white characters (space(s), tab(s)):
|
||||||
|
|
||||||
1. Source specification, which is one of:
|
1. Source specification, which is one of:
|
||||||
|
|
||||||
- domain name
|
- domain name
|
||||||
- `$anyvm` - any domain
|
- `$anyvm` - any domain
|
||||||
- `$tag:some-tag` - VM having tag `some-tag`
|
- `$tag:some-tag` - VM having tag `some-tag`
|
||||||
- `$type:vm-type` - VM of `vm-type` type, available types:
|
- `$type:vm-type` - VM of `vm-type` type, available types:
|
||||||
AppVM, TemplateVM, StandaloneVM, DispVM
|
AppVM, TemplateVM, StandaloneVM, DispVM
|
||||||
|
|
||||||
2. Target specification, one of:
|
2. Target specification, one of:
|
||||||
|
|
||||||
@ -25,7 +26,7 @@ Each line consist of three values separated by white characters (space(s), tab(s
|
|||||||
- `$anyvm` - any domain, excluding dom0
|
- `$anyvm` - any domain, excluding dom0
|
||||||
- `$tag:some-tag` - domain having tag `some-tag`
|
- `$tag:some-tag` - domain having tag `some-tag`
|
||||||
- `$type:vm-type` - domain of `vm-type` type, available types:
|
- `$type:vm-type` - domain of `vm-type` type, available types:
|
||||||
AppVM, TemplateVM, StandaloneVM, DispVM
|
AppVM, TemplateVM, StandaloneVM, DispVM
|
||||||
- `$default` - used when caller did not specified any VM
|
- `$default` - used when caller did not specified any VM
|
||||||
- `$dispvm:vm-name` - _new_ Disposable VM created from AppVM `vm-name`
|
- `$dispvm:vm-name` - _new_ Disposable VM created from AppVM `vm-name`
|
||||||
- `$dispvm` - _new_ Disposable VM created from AppVM pointed by caller
|
- `$dispvm` - _new_ Disposable VM created from AppVM pointed by caller
|
||||||
@ -38,6 +39,7 @@ Each line consist of three values separated by white characters (space(s), tab(s
|
|||||||
3. Action and optional action parameters, one of:
|
3. Action and optional action parameters, one of:
|
||||||
|
|
||||||
- `allow` - allow the call, without further questions; optional parameters:
|
- `allow` - allow the call, without further questions; optional parameters:
|
||||||
|
|
||||||
- `target=` - override caller provided call target -
|
- `target=` - override caller provided call target -
|
||||||
possible values are: domain name, `$dispvm` or `$dispvm:vm-name`
|
possible values are: domain name, `$dispvm` or `$dispvm:vm-name`
|
||||||
- `user=` - call the service using this user, instead of the user
|
- `user=` - call the service using this user, instead of the user
|
||||||
@ -45,6 +47,7 @@ Each line consist of three values separated by white characters (space(s), tab(s
|
|||||||
- `deny` - deny the call, without further questions; no optional
|
- `deny` - deny the call, without further questions; no optional
|
||||||
parameters are supported
|
parameters are supported
|
||||||
- `ask` - ask the user for confirmation; optional parameters:
|
- `ask` - ask the user for confirmation; optional parameters:
|
||||||
|
|
||||||
- `target=` - override user provided call target
|
- `target=` - override user provided call target
|
||||||
- `user=` - call the service using this user, instead of the user
|
- `user=` - call the service using this user, instead of the user
|
||||||
pointed by target VM's `default_user` property
|
pointed by target VM's `default_user` property
|
||||||
|
|||||||
@ -84,7 +84,7 @@ def verify_special_value(value, for_target=True):
|
|||||||
|
|
||||||
:param value: value to verify
|
:param value: value to verify
|
||||||
:param for_target: should classify target-only values as valid (
|
:param for_target: should classify target-only values as valid (
|
||||||
'$default', '$dispvm')
|
'$default', '$dispvm')
|
||||||
:return: True or False
|
:return: True or False
|
||||||
'''
|
'''
|
||||||
# pylint: disable=too-many-return-statements
|
# pylint: disable=too-many-return-statements
|
||||||
@ -202,7 +202,7 @@ class PolicyRule(object):
|
|||||||
|
|
||||||
:param system_info: information about the system
|
:param system_info: information about the system
|
||||||
:param policy_value: value from qrexec policy (either self.source or
|
:param policy_value: value from qrexec policy (either self.source or
|
||||||
self.target)
|
self.target)
|
||||||
:param value: value to be compared (source or target)
|
:param value: value to be compared (source or target)
|
||||||
:return: True or False
|
:return: True or False
|
||||||
'''
|
'''
|
||||||
@ -265,8 +265,8 @@ class PolicyRule(object):
|
|||||||
Check if given (source, target) matches this policy line.
|
Check if given (source, target) matches this policy line.
|
||||||
|
|
||||||
:param system_info: information about the system - available VMs,
|
:param system_info: information about the system - available VMs,
|
||||||
their types, labels, tags etc. as returned by
|
their types, labels, tags etc. as returned by
|
||||||
:py:func:`app_to_system_info`
|
:py:func:`app_to_system_info`
|
||||||
:param source: name of the source VM
|
:param source: name of the source VM
|
||||||
:param target: name of the target VM, or None if not specified
|
:param target: name of the target VM, or None if not specified
|
||||||
:return: True or False
|
:return: True or False
|
||||||
@ -392,8 +392,8 @@ class PolicyAction(object):
|
|||||||
def execute(self, caller_ident):
|
def execute(self, caller_ident):
|
||||||
''' Execute allowed service call
|
''' Execute allowed service call
|
||||||
|
|
||||||
:param caller_ident: Service caller ident (`process_ident,source_name,
|
:param caller_ident: Service caller ident
|
||||||
source_id`)
|
(`process_ident,source_name, source_id`)
|
||||||
'''
|
'''
|
||||||
assert self.action == Action.allow
|
assert self.action == Action.allow
|
||||||
assert self.target is not None
|
assert self.target is not None
|
||||||
@ -473,7 +473,7 @@ class Policy(object):
|
|||||||
>>> policy = Policy('some-service')
|
>>> policy = Policy('some-service')
|
||||||
>>> action = policy.evaluate(system_info, 'source-name', 'target-name')
|
>>> action = policy.evaluate(system_info, 'source-name', 'target-name')
|
||||||
>>> if action.action == Action.ask:
|
>>> if action.action == Action.ask:
|
||||||
(... ask the user, see action.targets_for_ask ...)
|
>>> # ... ask the user, see action.targets_for_ask ...
|
||||||
>>> action.handle_user_response(response, target_chosen_by_user)
|
>>> action.handle_user_response(response, target_chosen_by_user)
|
||||||
>>> action.execute('process-ident')
|
>>> action.execute('process-ident')
|
||||||
|
|
||||||
@ -668,11 +668,11 @@ def get_system_info():
|
|||||||
data is nested dict structure with this structure:
|
data is nested dict structure with this structure:
|
||||||
|
|
||||||
- domains:
|
- domains:
|
||||||
- <domain name>:
|
- `<domain name>`:
|
||||||
- tags: list of tags
|
- tags: list of tags
|
||||||
- type: domain type
|
- type: domain type
|
||||||
- dispvm_allowed: should DispVM based on this VM be allowed
|
- dispvm_allowed: should DispVM based on this VM be allowed
|
||||||
- default_dispvm: name of default AppVM for DispVMs started from here
|
- default_dispvm: name of default AppVM for DispVMs started from here
|
||||||
|
|
||||||
'''
|
'''
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user