[PATCH 07/24] qemu: domain: Add infrastructure passing in TLS key's decryption key via 'secret'
Peter Krempa
pkrempa at redhat.com
Thu Jul 2 14:39:53 UTC 2020
Store the required data in the private data of a storage source and
ensure that the 'alias' of the secret is formatted in the status XML.
Signed-off-by: Peter Krempa <pkrempa at redhat.com>
---
src/qemu/qemu_domain.c | 10 +++++++++-
src/qemu/qemu_domain.h | 3 +++
tests/qemustatusxml2xmldata/modern-in.xml | 1 +
3 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 697ddab727..7f0be22f20 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -567,6 +567,7 @@ qemuDomainStorageSourcePrivateDispose(void *obj)
g_clear_pointer(&priv->secinfo, qemuDomainSecretInfoFree);
g_clear_pointer(&priv->encinfo, qemuDomainSecretInfoFree);
g_clear_pointer(&priv->httpcookie, qemuDomainSecretInfoFree);
+ g_clear_pointer(&priv->tlsKeySecret, qemuDomainSecretInfoFree);
}
@@ -1083,6 +1084,7 @@ qemuDomainSecretDiskDestroy(virDomainDiskDefPtr disk)
if ((srcPriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(n))) {
qemuDomainSecretInfoDestroy(srcPriv->secinfo);
qemuDomainSecretInfoDestroy(srcPriv->encinfo);
+ qemuDomainSecretInfoDestroy(srcPriv->tlsKeySecret);
}
}
}
@@ -1750,6 +1752,7 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,
g_autofree char *authalias = NULL;
g_autofree char *encalias = NULL;
g_autofree char *httpcookiealias = NULL;
+ g_autofree char *tlskeyalias = NULL;
src->nodestorage = virXPathString("string(./nodenames/nodename[@type='storage']/@name)", ctxt);
src->nodeformat = virXPathString("string(./nodenames/nodename[@type='format']/@name)", ctxt);
@@ -1764,8 +1767,9 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,
authalias = virXPathString("string(./objects/secret[@type='auth']/@alias)", ctxt);
encalias = virXPathString("string(./objects/secret[@type='encryption']/@alias)", ctxt);
httpcookiealias = virXPathString("string(./objects/secret[@type='httpcookie']/@alias)", ctxt);
+ tlskeyalias = virXPathString("string(./objects/secret[@type='tlskey']/@alias)", ctxt);
- if (authalias || encalias || httpcookiealias) {
+ if (authalias || encalias || httpcookiealias || tlskeyalias) {
if (!src->privateData &&
!(src->privateData = qemuDomainStorageSourcePrivateNew()))
return -1;
@@ -1780,6 +1784,9 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,
if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->httpcookie, &httpcookiealias) < 0)
return -1;
+
+ if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->tlsKeySecret, &tlskeyalias) < 0)
+ return -1;
}
if (virStorageSourcePrivateDataParseRelPath(ctxt, src) < 0)
@@ -1831,6 +1838,7 @@ qemuStorageSourcePrivateDataFormat(virStorageSourcePtr src,
qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->secinfo, "auth");
qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->encinfo, "encryption");
qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->httpcookie, "httpcookie");
+ qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->tlsKeySecret, "tlskey");
}
if (src->tlsAlias)
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index 1ddac52092..e524fd0002 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -317,6 +317,9 @@ struct _qemuDomainStorageSourcePrivate {
/* secure passthrough of the http cookie */
qemuDomainSecretInfoPtr httpcookie;
+
+ /* key for decrypting TLS certificate */
+ qemuDomainSecretInfoPtr tlsKeySecret;
};
virObjectPtr qemuDomainStorageSourcePrivateNew(void);
diff --git a/tests/qemustatusxml2xmldata/modern-in.xml b/tests/qemustatusxml2xmldata/modern-in.xml
index 64d42200e4..2e0e415bc3 100644
--- a/tests/qemustatusxml2xmldata/modern-in.xml
+++ b/tests/qemustatusxml2xmldata/modern-in.xml
@@ -336,6 +336,7 @@
<secret type='auth' alias='test-auth-alias'/>
<secret type='encryption' alias='test-encryption-alias'/>
<secret type='httpcookie' alias='http-cookie-alias'/>
+ <secret type='tlskey' alias='tls certificate key alias'/>
<TLSx509 alias='transport-alias'/>
</objects>
</privateData>
--
2.26.2
More information about the libvir-list
mailing list