[libvirt] [PATCH 32/35] tests: qemublock: Add test combining authentication and encryption

Peter Krempa pkrempa at redhat.com
Wed Apr 25 15:15:40 UTC 2018


iscsi and rbd support authentication of the connection. Combine it with
encryption of qcow2.

The top level disk image would generate the following '-drive' cmdline:

-drive file=rbd:rbdpool/rbdimg:id=testuser-rbd:auth_supported=cephx\;none:
            mon_host=host1.example.com\;host2.example.com,
            file.password-secret=node-a-s-secalias,encrypt.format=luks,
            encrypt.key-secret=node-b-f-encalias,format=qcow2,
            if=none,id=drive-dummy
-device virtio-blk-pci,scsi=off,drive=drive-dummy,id=dummy

Signed-off-by: Peter Krempa <pkrempa at redhat.com>
---
 tests/qemublocktest.c                              |  1 +
 ...etwork-qcow2-backing-chain-encryption_auth.json | 51 ++++++++++++++++++++++
 ...network-qcow2-backing-chain-encryption_auth.xml | 40 +++++++++++++++++
 3 files changed, 92 insertions(+)
 create mode 100644 tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.json
 create mode 100644 tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.xml

diff --git a/tests/qemublocktest.c b/tests/qemublocktest.c
index 44d76bebbb..34509be543 100644
--- a/tests/qemublocktest.c
+++ b/tests/qemublocktest.c
@@ -463,6 +463,7 @@ mymain(void)
     TEST_DISK_TO_JSON("file-qcow2-backing-chain-noopts");
     TEST_DISK_TO_JSON("file-qcow2-backing-chain-unterminated");
     TEST_DISK_TO_JSON("file-qcow2-backing-chain-encryption");
+    TEST_DISK_TO_JSON("network-qcow2-backing-chain-encryption_auth");

  cleanup:
     virHashFree(diskxmljsondata.schema);
diff --git a/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.json b/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.json
new file mode 100644
index 0000000000..f307ba8805
--- /dev/null
+++ b/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.json
@@ -0,0 +1,51 @@
+{
+  "node-name": "node-b-f",
+  "read-only": false,
+  "driver": "qcow2",
+  "encrypt": {
+    "format": "luks",
+    "key-secret": "node-b-f-encalias"
+  },
+  "file": {
+    "driver": "rbd",
+    "pool": "rbdpool",
+    "image": "rbdimg",
+    "server": [
+      {
+        "host": "host1.example.com",
+        "port": "0"
+      },
+      {
+        "host": "host2.example.com",
+        "port": "0"
+      }
+    ],
+    "user": "testuser-rbd",
+    "node-name": "node-a-s",
+    "read-only": false,
+    "discard": "unmap"
+  },
+  "backing": "node-b-f"
+}
+{
+  "node-name": "node-b-f",
+  "read-only": true,
+  "driver": "qcow2",
+  "encrypt": {
+    "format": "aes",
+    "key-secret": "node-b-f-encalias"
+  },
+  "file": {
+    "driver": "iscsi",
+    "portal": "example.org:3260",
+    "target": "iscsitarget",
+    "lun": 1,
+    "transport": "tcp",
+    "user": "testuser-iscsi",
+    "password-secret": "node-b-s-secalias",
+    "node-name": "node-b-s",
+    "read-only": true,
+    "discard": "unmap"
+  },
+  "backing": null
+}
diff --git a/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.xml b/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.xml
new file mode 100644
index 0000000000..775886801b
--- /dev/null
+++ b/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.xml
@@ -0,0 +1,40 @@
+<disk type='network' device='disk'>
+  <driver name='qemu' type='qcow2'/>
+  <source protocol='rbd' name='rbdpool/rbdimg'>
+    <host name='host1.example.com'/>
+    <host name='host2.example.com'/>
+    <encryption format='luks'>
+      <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
+    </encryption>
+    <auth username='testuser-rbd'>
+      <secret type='ceph' usage='testuser-rbd-secret'/>
+    </auth>
+    <privateData>
+      <nodenames>
+        <nodename type='storage' name='node-a-s'/>
+        <nodename type='format' name='node-b-f'/>
+      </nodenames>
+    </privateData>
+  </source>
+  <backingStore type='network' index='1'>
+    <format type='qcow2'/>
+    <source protocol='iscsi' name='iscsitarget/1'>
+      <host name='example.org'/>
+      <privateData>
+        <nodenames>
+          <nodename type='storage' name='node-b-s'/>
+          <nodename type='format' name='node-b-f'/>
+        </nodenames>
+      </privateData>
+      <encryption format='qcow'>
+        <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
+      </encryption>
+      <auth username='testuser-iscsi'>
+        <secret type='iscsi' usage='testuser-iscsi-secret'/>
+      </auth>
+    </source>
+    <backingStore/>
+  </backingStore>
+  <target dev='vda' bus='virtio'/>
+  <alias name='virtio-disk0'/>
+</disk>
-- 
2.16.2




More information about the libvir-list mailing list