[libvirt] [PATCH v2 04/15] util: Add 'usage' for encryption

Peter Krempa pkrempa at redhat.com
Fri Jun 24 13:25:35 UTC 2016


On Thu, Jun 23, 2016 at 13:29:00 -0400, John Ferlan wrote:
> In order to use more common code and set up for a future type, modify the
> encryption secret to allow the "usage" attribute or the "uuid" attribute
> to define the secret. The "usage" in the case of a volume secret would be
> the path to the volume.
> 
> This code will make use of the virSecretLookup{Parse|Format}Secret common code.
> 
> Signed-off-by: John Ferlan <jferlan at redhat.com>
> ---
>  docs/formatstorageencryption.html.in               | 15 ++++++---
>  docs/schemas/storagecommon.rng                     | 11 +++++--
>  src/qemu/qemu_process.c                            | 13 +++-----
>  src/storage/storage_backend.c                      |  3 +-
>  src/storage/storage_backend_fs.c                   |  3 +-
>  src/util/virstorageencryption.c                    | 26 ++++++----------
>  src/util/virstorageencryption.h                    |  3 +-
>  .../qemuxml2argv-encrypted-disk-usage.args         | 24 +++++++++++++++
>  .../qemuxml2argv-encrypted-disk-usage.xml          | 32 +++++++++++++++++++
>  tests/qemuxml2argvtest.c                           |  1 +
>  .../qemuxml2xmlout-encrypted-disk-usage.xml        | 36 ++++++++++++++++++++++
>  tests/qemuxml2xmltest.c                            |  1 +
>  12 files changed, 132 insertions(+), 36 deletions(-)
>  create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.args
>  create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.xml
>  create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-encrypted-disk-usage.xml
> 
> diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencryption.html.in
> index 04c3346..fae86eb 100644
> --- a/docs/formatstorageencryption.html.in
> +++ b/docs/formatstorageencryption.html.in
> @@ -25,10 +25,17 @@
>      <p>
>        The <code>encryption</code> tag can currently contain a sequence of
>        <code>secret</code> tags, each with mandatory attributes <code>type</code>
> -      and <code>uuid</code>.  The only currently defined value of
> -      <code>type</code> is <code>passphrase</code>.  <code>uuid</code>
> -      refers to a secret known to libvirt.  libvirt can use a secret value
> -      previously set using <code>virSecretSetValue()</code>, or, if supported
> +      and either <code>uuid</code> or
> +      <code>usage</code> (<span class="since">since 2.0.0</span>).
> +      The only currently defined value of
> +      <code>type</code> is <code>passphrase</code>. The <code>uuid</code>
> +      refers to a secret known to libvirt by it's "uuid" value (from the
> +      output of a <code>virsh secret-list</code>.  The <code>usage</code>

I don't think it's necessary to describe how to use virsh here.

> +      is the path to the volume as it appears in the volume

This looks wrong. Passprhase type secrets list 'name' or 'id' as usage
not the path. This contradicts changes in previous patch.

> +      <code>source</code> element. A secret value can be set in libvirt by
> +      using either <code>virsh secret-set-value</code> or the

Again. Mentioning the API is good enoguh.

> +      <a href="html/libvirt-libvirt-secret.html#virSecretSetValue">
> +      <code>virSecretSetValue</code></a> API. Alternatively, if supported
>        by the particular volume format and driver, automatically generate a
>        secret value at the time of volume creation, and store it using the
>        specified <code>uuid</code>.


> diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
> index 63da600..7d56ec8 100644
> --- a/src/qemu/qemu_process.c
> +++ b/src/qemu/qemu_process.c

[...]

> @@ -416,14 +416,9 @@ qemuProcessGetVolumeQcowPassphrase(virConnectPtr conn,
>          goto cleanup;
>      }
>  
> -    secret = conn->secretDriver->secretLookupByUUID(conn,
> -                                                    enc->secrets[0]->uuid);
> -    if (secret == NULL)
> -        goto cleanup;
> -    data = conn->secretDriver->secretGetValue(secret, &size, 0,
> -                                              VIR_SECRET_GET_VALUE_INTERNAL_CALL);
> -    virObjectUnref(secret);
> -    if (data == NULL)
> +    if (virSecretGetSecretString(conn, &enc->secrets[0]->seclookupdef,
> +                                 VIR_SECRET_USAGE_TYPE_VOLUME,

Wrong type.

> +                                 &data, &size) < 0)
>          goto cleanup;
>  
>      if (memchr(data, '\0', size) != NULL) {





More information about the libvir-list mailing list