summaryrefslogtreecommitdiffstats
path: root/schemas/acl-metadata.xsd
diff options
context:
space:
mode:
Diffstat (limited to 'schemas/acl-metadata.xsd')
-rw-r--r--schemas/acl-metadata.xsd87
1 files changed, 87 insertions, 0 deletions
diff --git a/schemas/acl-metadata.xsd b/schemas/acl-metadata.xsd
new file mode 100644
index 000000000..643dfec7f
--- /dev/null
+++ b/schemas/acl-metadata.xsd
@@ -0,0 +1,87 @@
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:py="http://genshi.edgewall.org/" xml:lang="en">
+ <xsd:annotation>
+ <xsd:documentation>
+ Schema for metadata-based client ACLs:
+ :ref:`server-plugins-misc-acl` ``metadata.xml``
+ </xsd:documentation>
+ </xsd:annotation>
+
+ <xsd:import namespace="http://genshi.edgewall.org/"
+ schemaLocation="genshi.xsd"/>
+
+ <xsd:complexType name="MetadataACLGroupType">
+ <xsd:annotation>
+ <xsd:documentation>
+ An **MetadataACLGroupType** is a tag used to provide logic.
+ Child entries of a MetadataACLGroupType tag only apply to
+ machines that match the condition specified -- either
+ membership in a group, or a matching client name.
+ :xml:attribute:`MetadataACLGroupType:negate` can be set to
+ negate the sense of the match.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:group ref="MetadataACLElements" minOccurs="1" maxOccurs="unbounded"/>
+ <xsd:attribute name='name' type='xsd:string'>
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of the client or group to match on. Child entries
+ will only apply to this client or group (unless
+ :xml:attribute:`MetadataACLGroupType:negate` is set).
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name='negate' type='xsd:boolean'>
+ <xsd:annotation>
+ <xsd:documentation>
+ Negate the sense of the match, so that child entries only
+ apply to a client if it is not a member of the given group
+ or does not have the given name.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attributeGroup ref="py:genshiAttrs"/>
+ </xsd:complexType>
+
+ <xsd:complexType name="MetadataACLType">
+ <xsd:attribute type="xsd:string" name="method" use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of the XML-RPC method to allow or deny. Limited
+ wildcards are supported.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attributeGroup ref="py:genshiAttrs"/>
+ </xsd:complexType>
+
+ <xsd:complexType name="MetadataACLContainerType">
+ <xsd:annotation>
+ <xsd:documentation>
+ Top-level tag for describing metadata-based client ACLs.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:group ref="MetadataACLElements" minOccurs="1" maxOccurs="unbounded"/>
+ <xsd:attribute name="lax_decryption" type="xsd:boolean">
+ <xsd:annotation>
+ <xsd:documentation>
+ Override the global lax_decryption setting in
+ ``bcfg2.conf``.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+
+ <xsd:group name="MetadataACLElements">
+ <xsd:choice>
+ <xsd:group ref="py:genshiElements"/>
+ <xsd:element name="Allow" type="MetadataACLType"/>
+ <xsd:element name="Deny" type="MetadataACLType"/>
+ <xsd:element name="Group" type="MetadataACLGroupType"/>
+ <xsd:element name="Client" type="MetadataACLGroupType"/>
+ <xsd:element name="ACL" type="MetadataACLContainerType"/>
+ </xsd:choice>
+ </xsd:group>
+
+ <xsd:element name="ACL" type="MetadataACLContainerType"/>
+</xsd:schema>