[libvirt] [PATCH] secret: Add check/validation for correct usage when LookupByUUID

Mon Dec 10 22:32:48 UTC 2018

ping?

Thanks,

John

On 12/4/18 3:32 PM, John Ferlan wrote:
> If virSecretGetSecretString is using by secretLookupByUUID,
> then it's possible the found sec->usageType doesn't match the
> desired @secretUsageType. If this occurs for the encrypted
> volume creation processing and a subsequent pool refresh is
> executed, then the secret used to create the volume will not
> be found by the storageBackendLoadDefaultSecrets which expects
> to find secrets by VIR_SECRET_USAGE_TYPE_VOLUME.
> 
> Add a check to virSecretGetSecretString to avoid the possibility
> along with an error indicating the incorrect matched types.
> 
> Signed-off-by: John Ferlan <jferlan at redhat.com>
> ---
> 
>  If someone has an idea regarding how the usage could be filled
>  in "properly" for the qemuxml2argvtest, I'm willing to give it
>  a shot. However, fair warning trying to "mock" for tls, volume,
>  iscsi, and ceph could be rather painful. Thus the NONE was the
>  well, easiest way to go since the stored secret (ahem) shouldn't
>  be of usageType "none" (famous last words).
> 
>  src/secret/secret_util.c | 17 +++++++++++++++++
>  tests/qemuxml2argvtest.c |  4 +++-
>  2 files changed, 20 insertions(+), 1 deletion(-)
> 
> diff --git a/src/secret/secret_util.c b/src/secret/secret_util.c
> index 16e43ab2cc..27e164a425 100644
> --- a/src/secret/secret_util.c
> +++ b/src/secret/secret_util.c
> @@ -71,6 +71,23 @@ virSecretGetSecretString(virConnectPtr conn,
>      if (!sec)
>          goto cleanup;
>  
> +    /* NB: NONE is a byproduct of the qemuxml2argvtest test mocking
> +     * for UUID lookups. Normal secret XML processing would fail if
> +     * the usage type was NONE and since we have no way to set the
> +     * expected usage in that environment, let's just accept NONE */
> +    if (sec->usageType != VIR_SECRET_USAGE_TYPE_NONE &&
> +        sec->usageType != secretUsageType) {
> +        char uuidstr[VIR_UUID_STRING_BUFLEN];
> +
> +        virUUIDFormat(seclookupdef->u.uuid, uuidstr);
> +        virReportError(VIR_ERR_INVALID_ARG,
> +                       _("secret with uuid %s is of type '%s' not "
> +                         "expected '%s' type"),
> +                       uuidstr, virSecretUsageTypeToString(sec->usageType),
> +                       virSecretUsageTypeToString(secretUsageType));
> +        goto cleanup;
> +    }
> +
>      *secret = conn->secretDriver->secretGetValue(sec, secret_size, 0,
>                                                   VIR_SECRET_GET_VALUE_INTERNAL_CALL);
>  
> diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
> index e17709e7e1..700868ca0b 100644
> --- a/tests/qemuxml2argvtest.c
> +++ b/tests/qemuxml2argvtest.c
> @@ -77,7 +77,9 @@ static virSecretPtr
>  fakeSecretLookupByUUID(virConnectPtr conn,
>                         const unsigned char *uuid)
>  {
> -    return virGetSecret(conn, uuid, 0, "");
> +    /* NB: This mocked value could be "tls" or "volume" depending on
> +     * which test is being run, we'll leave at NONE (or 0) */
> +    return virGetSecret(conn, uuid, VIR_SECRET_USAGE_TYPE_NONE, "");
>  }
>  
>  static virSecretDriver fakeSecretDriver = {
> 