From 0df865916ecdf9c225aaeceef596c65d33b8ae64 Mon Sep 17 00:00:00 2001 From: Miguel Pires Date: Mon, 18 Aug 2025 15:45:57 +0100 Subject: [PATCH 1/3] Add indexed paths to format and example Signed-off-by: Miguel Pires --- docs/reference/assertions/confdb-schema.md | 30 ++++++++++++++++------ 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/docs/reference/assertions/confdb-schema.md b/docs/reference/assertions/confdb-schema.md index 817967ba..86f7c247 100644 --- a/docs/reference/assertions/confdb-schema.md +++ b/docs/reference/assertions/confdb-schema.md @@ -23,13 +23,13 @@ views: summary: rules: - - request: # optional, defaults to storage - storage: + request: # optional, defaults to storage + storage: access: # optional, defaults to read-write content: # optional, shorthand for a new nested rule - - request: - storage: + request: + storage: ... ... ... @@ -50,9 +50,9 @@ sign-key-sha3-384: # Encoded key id of signing key The `views` header can have any number of views, each with a fine-grained set of rules and access controls tailored to a specific use case. Each view must contain a `rules` list with each rule describing how a particular configuration can be accessed from outside the system and where snapd should store and retrieve it: - **`request`** (*optional*) - A dotted path describing how the configuration can be accessed. If omitted, defaults to the storage path. May contain placeholder path parts wrapped in curly brackets (see example) which match any request value. The placeholder value is mapped to an equally named placeholder in the storage path. + A path describing how the configuration can be accessed. The path parts are separated by dots or square brackets, corresponding to maps or arrays being accessed. If omitted, defaults to the storage path. May contain placeholder path parts wrapped in curly brackets (see example) which match any request value. The placeholder value is mapped to an equally named placeholder in the storage path. - **`storage`** (*required*) - A dotted path to a stored JSON value. Must not be prohibited by the storage schema declared in the body. May contain placeholder path parts matching the ones in the request path. + A path to a stored JSON value, following the same syntax as the `request` path. Must not be prohibited by the storage schema declared in the body. May contain placeholder path parts matching the ones in the request path. - **`access`** (*optional*) Access control for the given rule. Can be read-only, write-only or read-write. If omitted, defaults to read-write. - **`content`** (*optional*) @@ -77,15 +77,22 @@ views: - request: {sensor}.sample-rate storage: sample-rate.{sensor} + - + request: {sensor}.calibration-offsets[{n}] + storage: calibration-offsets.{sensor}[{n}] read-sensor-1-params: - summary: Read sensor-1’s configuration + summary: Read sensor-1’s parameters rules: - request: sensor-1.min-activation storage: min-value.sensor-1 access: read + - + request: sensor-1.calibration-offsets[{n}] + storage: calibration-offsets[{n}].sensor-1 + access: read read-sensor-2-params: - summary: Read sensor-2’s configuration + summary: Read sensor-2’s parameters rules: - request: sensor-2.sample-rate @@ -121,6 +128,13 @@ sign-key-sha3-384: 74KHeq1foV... ], "type": "int" } + }, + "calibration-offsets": { + "keys": "${sensor-name}", + "values": { + "type": "array", + "values": "number" + } } } } From d6bb5789bac4a4f1cd6d36d771553e126ef487a2 Mon Sep 17 00:00:00 2001 From: Miguel Pires Date: Mon, 18 Aug 2025 15:46:36 +0100 Subject: [PATCH 2/3] Content rules now inherit the parent's access Signed-off-by: Miguel Pires --- docs/reference/assertions/confdb-schema.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/assertions/confdb-schema.md b/docs/reference/assertions/confdb-schema.md index 86f7c247..d2016ccc 100644 --- a/docs/reference/assertions/confdb-schema.md +++ b/docs/reference/assertions/confdb-schema.md @@ -56,7 +56,7 @@ The `views` header can have any number of views, each with a fine-grained set of - **`access`** (*optional*) Access control for the given rule. Can be read-only, write-only or read-write. If omitted, defaults to read-write. - **`content`** (*optional*) - Describes a nested rule that will be created with the parent's rule `request` and `storage` paths as prefixes. Semantically equal to creating a parallel rule with the same prefix. The `access` value is not inherited. + Describes a nested rule that will be created with the parent's rule `request` and `storage` paths as prefixes. The `access` value is inherited from the parent and cannot be overridden. An example of this assertion is: From c4f5155a41fe6c46f43d56cdad25a65484ec60f4 Mon Sep 17 00:00:00 2001 From: Miguel Pires Date: Mon, 18 Aug 2025 15:47:00 +0100 Subject: [PATCH 3/3] Fix old alias reference syntax Signed-off-by: Miguel Pires --- docs/reference/assertions/confdb-schema.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/assertions/confdb-schema.md b/docs/reference/assertions/confdb-schema.md index d2016ccc..5553e631 100644 --- a/docs/reference/assertions/confdb-schema.md +++ b/docs/reference/assertions/confdb-schema.md @@ -111,7 +111,7 @@ sign-key-sha3-384: 74KHeq1foV... }, "schema": { "min-value": { - "keys": "$sensor-name", + "keys": "${sensor-name}", "values": { "max": 5600, "min": -273.15,