@xen-orchestra/acl 1.0.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,5 +1,8 @@
1
1
  declare const _default: {
2
2
  'allow-vm': boolean;
3
+ disable: boolean;
4
+ enable: boolean;
5
+ evacuate: boolean;
3
6
  export: {
4
7
  logs: boolean;
5
8
  };
@@ -1,5 +1,8 @@
1
1
  export default {
2
2
  'allow-vm': true,
3
+ disable: true,
4
+ enable: true,
5
+ evacuate: true,
3
6
  export: {
4
7
  logs: true,
5
8
  },
@@ -53,6 +53,9 @@ export declare const SUPPORTED_ACTIONS_BY_RESOURCE: {
53
53
  };
54
54
  readonly host: {
55
55
  'allow-vm': boolean;
56
+ disable: boolean;
57
+ enable: boolean;
58
+ evacuate: boolean;
56
59
  export: {
57
60
  logs: boolean;
58
61
  };
@@ -83,6 +86,9 @@ export declare const SUPPORTED_ACTIONS_BY_RESOURCE: {
83
86
  };
84
87
  readonly pif: {
85
88
  read: boolean;
89
+ update: {
90
+ management: boolean;
91
+ };
86
92
  };
87
93
  readonly pool: {
88
94
  create: {
@@ -118,6 +124,7 @@ export declare const SUPPORTED_ACTIONS_BY_RESOURCE: {
118
124
  read: boolean;
119
125
  };
120
126
  readonly sr: {
127
+ delete: boolean;
121
128
  import: {
122
129
  vdi: boolean;
123
130
  vm: boolean;
@@ -206,6 +213,7 @@ export declare const SUPPORTED_ACTIONS_BY_RESOURCE: {
206
213
  hard: boolean;
207
214
  };
208
215
  resume: boolean;
216
+ 'revert-snapshot': boolean;
209
217
  shutdown: {
210
218
  clean: boolean;
211
219
  hard: boolean;
@@ -215,8 +223,43 @@ export declare const SUPPORTED_ACTIONS_BY_RESOURCE: {
215
223
  suspend: boolean;
216
224
  unpause: boolean;
217
225
  update: {
226
+ affinityHost: boolean;
227
+ autoPoweron: boolean;
228
+ blockedOperations: boolean;
229
+ coresPerSocket: boolean;
230
+ cpuCap: boolean;
231
+ cpuMask: boolean;
232
+ cpuWeight: boolean;
233
+ cpus: boolean;
234
+ cpusStaticMax: boolean;
235
+ creation: boolean;
218
236
  datasources: boolean;
237
+ expNestedHvm: boolean;
238
+ hasVendorDevice: boolean;
239
+ highAvailability: boolean;
240
+ hvmBootFirmware: boolean;
241
+ memory: boolean;
242
+ memoryMax: boolean;
243
+ memoryMin: boolean;
244
+ memoryStaticMax: boolean;
245
+ nameDescription: boolean;
246
+ nameLabel: boolean;
247
+ nestedVirt: boolean;
248
+ nicType: boolean;
249
+ notes: boolean;
250
+ PV_args: boolean;
251
+ resourceSet: boolean;
252
+ secureBoot: boolean;
253
+ share: boolean;
254
+ startDelay: boolean;
255
+ suspendSr: boolean;
219
256
  tags: boolean;
257
+ uefiMode: boolean;
258
+ vga: boolean;
259
+ videoram: boolean;
260
+ viridian: boolean;
261
+ virtualizationMode: boolean;
262
+ xenStoreData: boolean;
220
263
  };
221
264
  };
222
265
  readonly vtpm: {
@@ -1,4 +1,7 @@
1
1
  declare const _default: {
2
2
  read: boolean;
3
+ update: {
4
+ management: boolean;
5
+ };
3
6
  };
4
7
  export default _default;
@@ -1,3 +1,6 @@
1
1
  export default {
2
2
  read: true,
3
+ update: {
4
+ management: true,
5
+ },
3
6
  };
@@ -1,4 +1,5 @@
1
1
  declare const _default: {
2
+ delete: boolean;
2
3
  import: {
3
4
  vdi: boolean;
4
5
  vm: boolean;
@@ -1,4 +1,5 @@
1
1
  export default {
2
+ delete: true,
2
3
  import: {
3
4
  vdi: true,
4
5
  vm: true,
@@ -8,6 +8,7 @@ declare const _default: {
8
8
  hard: boolean;
9
9
  };
10
10
  resume: boolean;
11
+ 'revert-snapshot': boolean;
11
12
  shutdown: {
12
13
  clean: boolean;
13
14
  hard: boolean;
@@ -17,8 +18,43 @@ declare const _default: {
17
18
  suspend: boolean;
18
19
  unpause: boolean;
19
20
  update: {
21
+ affinityHost: boolean;
22
+ autoPoweron: boolean;
23
+ blockedOperations: boolean;
24
+ coresPerSocket: boolean;
25
+ cpuCap: boolean;
26
+ cpuMask: boolean;
27
+ cpuWeight: boolean;
28
+ cpus: boolean;
29
+ cpusStaticMax: boolean;
30
+ creation: boolean;
20
31
  datasources: boolean;
32
+ expNestedHvm: boolean;
33
+ hasVendorDevice: boolean;
34
+ highAvailability: boolean;
35
+ hvmBootFirmware: boolean;
36
+ memory: boolean;
37
+ memoryMax: boolean;
38
+ memoryMin: boolean;
39
+ memoryStaticMax: boolean;
40
+ nameDescription: boolean;
41
+ nameLabel: boolean;
42
+ nestedVirt: boolean;
43
+ nicType: boolean;
44
+ notes: boolean;
45
+ PV_args: boolean;
46
+ resourceSet: boolean;
47
+ secureBoot: boolean;
48
+ share: boolean;
49
+ startDelay: boolean;
50
+ suspendSr: boolean;
21
51
  tags: boolean;
52
+ uefiMode: boolean;
53
+ vga: boolean;
54
+ videoram: boolean;
55
+ viridian: boolean;
56
+ virtualizationMode: boolean;
57
+ xenStoreData: boolean;
22
58
  };
23
59
  };
24
60
  export default _default;
@@ -8,6 +8,7 @@ export default {
8
8
  hard: true,
9
9
  },
10
10
  resume: true,
11
+ 'revert-snapshot': true,
11
12
  shutdown: {
12
13
  clean: true,
13
14
  hard: true,
@@ -17,7 +18,42 @@ export default {
17
18
  suspend: true,
18
19
  unpause: true,
19
20
  update: {
21
+ affinityHost: true,
22
+ autoPoweron: true,
23
+ blockedOperations: true,
24
+ coresPerSocket: true,
25
+ cpuCap: true,
26
+ cpuMask: true,
27
+ cpuWeight: true,
28
+ cpus: true,
29
+ cpusStaticMax: true,
30
+ creation: true,
20
31
  datasources: true,
32
+ expNestedHvm: true,
33
+ hasVendorDevice: true,
34
+ highAvailability: true,
35
+ hvmBootFirmware: true,
36
+ memory: true,
37
+ memoryMax: true,
38
+ memoryMin: true,
39
+ memoryStaticMax: true,
40
+ nameDescription: true,
41
+ nameLabel: true,
42
+ nestedVirt: true,
43
+ nicType: true,
44
+ notes: true,
45
+ PV_args: true,
46
+ resourceSet: true,
47
+ secureBoot: true,
48
+ share: true,
49
+ startDelay: true,
50
+ suspendSr: true,
21
51
  tags: true,
52
+ uefiMode: true,
53
+ vga: true,
54
+ videoram: true,
55
+ viridian: true,
56
+ virtualizationMode: true,
57
+ xenStoreData: true,
22
58
  },
23
59
  };
@@ -89,7 +89,7 @@ export type GpuGroupPrivilege = {
89
89
  export type HostPrivilege = {
90
90
  id: XoAclBasePrivilege['id']
91
91
  resource: 'host'
92
- action: '*' | 'allow-vm' | 'export' | '*' | 'export:logs' | 'read' | 'update' | '*' | 'update:tags'
92
+ action: '*' | 'allow-vm' | 'disable' | 'enable' | 'evacuate' | 'export' | '*' | 'export:logs' | 'read' | 'update' | '*' | 'update:tags'
93
93
  selector?: XoAclBasePrivilege['selector']
94
94
  effect: XoAclBasePrivilege['effect']
95
95
  roleId: XoAclBasePrivilege['roleId']
@@ -143,7 +143,7 @@ export type PgpuPrivilege = {
143
143
  export type PifPrivilege = {
144
144
  id: XoAclBasePrivilege['id']
145
145
  resource: 'pif'
146
- action: '*' | 'read'
146
+ action: '*' | 'read' | 'update' | '*' | 'update:management'
147
147
  selector?: XoAclBasePrivilege['selector']
148
148
  effect: XoAclBasePrivilege['effect']
149
149
  roleId: XoAclBasePrivilege['roleId']
@@ -206,7 +206,7 @@ export type SmPrivilege = {
206
206
  export type SrPrivilege = {
207
207
  id: XoAclBasePrivilege['id']
208
208
  resource: 'sr'
209
- action: '*' | 'import' | '*' | 'import:vdi' | 'import:vm' | 'read' | 'update' | '*' | 'update:tags'
209
+ action: '*' | 'delete' | 'import' | '*' | 'import:vdi' | 'import:vm' | 'read' | 'update' | '*' | 'update:tags'
210
210
  selector?: XoAclBasePrivilege['selector']
211
211
  effect: XoAclBasePrivilege['effect']
212
212
  roleId: XoAclBasePrivilege['roleId']
@@ -323,7 +323,7 @@ export type VmTemplatePrivilege = {
323
323
  export type VmPrivilege = {
324
324
  id: XoAclBasePrivilege['id']
325
325
  resource: 'vm'
326
- action: '*' | 'delete' | 'export' | 'pause' | 'read' | 'reboot' | '*' | 'reboot:clean' | 'reboot:hard' | 'resume' | 'shutdown' | '*' | 'shutdown:clean' | 'shutdown:hard' | 'snapshot' | 'start' | 'suspend' | 'unpause' | 'update' | '*' | 'update:datasources' | 'update:tags'
326
+ action: '*' | 'delete' | 'export' | 'pause' | 'read' | 'reboot' | '*' | 'reboot:clean' | 'reboot:hard' | 'resume' | 'revert-snapshot' | 'shutdown' | '*' | 'shutdown:clean' | 'shutdown:hard' | 'snapshot' | 'start' | 'suspend' | 'unpause' | 'update' | '*' | 'update:affinityHost' | 'update:autoPoweron' | 'update:blockedOperations' | 'update:coresPerSocket' | 'update:cpuCap' | 'update:cpuMask' | 'update:cpuWeight' | 'update:cpus' | 'update:cpusStaticMax' | 'update:creation' | 'update:datasources' | 'update:expNestedHvm' | 'update:hasVendorDevice' | 'update:highAvailability' | 'update:hvmBootFirmware' | 'update:memory' | 'update:memoryMax' | 'update:memoryMin' | 'update:memoryStaticMax' | 'update:nameDescription' | 'update:nameLabel' | 'update:nestedVirt' | 'update:nicType' | 'update:notes' | 'update:PV_args' | 'update:resourceSet' | 'update:secureBoot' | 'update:share' | 'update:startDelay' | 'update:suspendSr' | 'update:tags' | 'update:uefiMode' | 'update:vga' | 'update:videoram' | 'update:viridian' | 'update:virtualizationMode' | 'update:xenStoreData'
327
327
  selector?: XoAclBasePrivilege['selector']
328
328
  effect: XoAclBasePrivilege['effect']
329
329
  roleId: XoAclBasePrivilege['roleId']
package/dist/index.d.mts CHANGED
@@ -23,7 +23,7 @@ export declare function hasPrivilegeOn<T extends SupportedResource>({ user, acti
23
23
  export declare function getMissingPrivileges(params: AnyPrivilegeOnParam[], userPrivileges: AnyPrivilege[]): {
24
24
  objectId: unknown;
25
25
  objectIds: unknown[] | undefined;
26
- action: "create" | "delete" | "read" | "update" | "allow-vm" | "export" | "emergency-shutdown" | "rolling-reboot" | "rolling-update" | "run" | "connect" | "disconnect" | "import" | "abort" | "boot" | "export-content" | "import-content" | "instantiate" | "pause" | "reboot" | "resume" | "shutdown" | "snapshot" | "start" | "suspend" | "unpause" | "*" | "update:action" | "update:resource" | "update:effect" | "update:selector" | "update:description" | "update:groups" | "update:name" | "update:users" | "update:tags" | "export:logs" | "create:network" | "create:vm" | "import:vdi" | "import:vm" | "update:password" | "update:permission" | "update:preferences" | "update:datasources" | "reboot:clean" | "reboot:hard" | "shutdown:clean" | "shutdown:hard";
26
+ action: "create" | "delete" | "read" | "update" | "allow-vm" | "disable" | "enable" | "evacuate" | "export" | "emergency-shutdown" | "rolling-reboot" | "rolling-update" | "run" | "connect" | "disconnect" | "import" | "abort" | "boot" | "export-content" | "import-content" | "instantiate" | "pause" | "reboot" | "resume" | "revert-snapshot" | "shutdown" | "snapshot" | "start" | "suspend" | "unpause" | "*" | "update:action" | "update:resource" | "update:effect" | "update:selector" | "update:description" | "update:groups" | "update:name" | "update:users" | "update:tags" | "export:logs" | "update:management" | "create:network" | "create:vm" | "import:vdi" | "import:vm" | "update:password" | "update:permission" | "update:preferences" | "update:affinityHost" | "update:autoPoweron" | "update:blockedOperations" | "update:coresPerSocket" | "update:cpuCap" | "update:cpuMask" | "update:cpuWeight" | "update:cpus" | "update:cpusStaticMax" | "update:creation" | "update:datasources" | "update:expNestedHvm" | "update:hasVendorDevice" | "update:highAvailability" | "update:hvmBootFirmware" | "update:memory" | "update:memoryMax" | "update:memoryMin" | "update:memoryStaticMax" | "update:nameDescription" | "update:nameLabel" | "update:nestedVirt" | "update:nicType" | "update:notes" | "update:PV_args" | "update:resourceSet" | "update:secureBoot" | "update:share" | "update:startDelay" | "update:suspendSr" | "update:uefiMode" | "update:vga" | "update:videoram" | "update:viridian" | "update:virtualizationMode" | "update:xenStoreData" | "reboot:clean" | "reboot:hard" | "shutdown:clean" | "shutdown:hard";
27
27
  resource: "acl-privilege" | "acl-role" | "alarm" | "backup-archive" | "backup-job" | "backup-log" | "backup-repository" | "group" | "gpuGroup" | "host" | "message" | "network" | "pbd" | "pci" | "pgpu" | "pif" | "pool" | "proxy" | "restore-log" | "schedule" | "server" | "sm" | "sr" | "task" | "user" | "vbd" | "vdi-snapshot" | "vdi-unmanaged" | "vdi" | "vgpu" | "vgpuType" | "vif" | "vm-controller" | "vm-snapshot" | "vm-template" | "vm" | "vtpm";
28
28
  }[];
29
29
  export declare function hasPrivileges(params: AnyPrivilegeOnParam[], userPrivileges: AnyPrivilege[]): boolean;
package/package.json CHANGED
@@ -6,7 +6,7 @@
6
6
  "main": "dist/index.mjs",
7
7
  "name": "@xen-orchestra/acl",
8
8
  "homepage": "https://github.com/vatesfr/xen-orchestra/tree/master/@xen-orchestra/acl",
9
- "version": "1.0.0",
9
+ "version": "1.2.0",
10
10
  "license": "AGPL-3.0-or-later",
11
11
  "private": false,
12
12
  "type": "module",
@@ -30,7 +30,7 @@
30
30
  },
31
31
  "devDependencies": {
32
32
  "@eslint/js": "^9.19.0",
33
- "@vates/types": "^1.24.0",
33
+ "@vates/types": "^1.26.0",
34
34
  "rimraf": "^6.0.1",
35
35
  "typescript": "~5.6",
36
36
  "typescript-eslint": "^8.23.0"