[PATCH 7/7] schema: secret: Relax requirements for usage name
Peter Krempa
pkrempa at redhat.com
Wed Jan 6 16:58:01 UTC 2021
There's plenty of existing documentation [1] which shows as example a
name which contains a space and a dot ('client.admin secret') as ceph
usage name.
Use a more relaxed type in the RNG schema since the usage name is
actually just a string used to look up the secret.
[1]:
https://docs.ceph.com/en/latest/rbd/libvirt/#configuring-the-vm
https://documentation.suse.com/ses/6/html/ses-all/cha-ceph-libvirt.html#ceph-libvirt-cfg-vm
Libvirt docs were correct though:
https://libvirt.org/formatsecret.html#CephUsageType
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1689168
Signed-off-by: Peter Krempa <pkrempa at redhat.com>
---
docs/schemas/domaincommon.rng | 2 +-
docs/schemas/secret.rng | 8 ++---
.../disk-network-source-auth.args | 8 ++++-
...isk-network-source-auth.x86_64-2.12.0.args | 9 ++++++
...isk-network-source-auth.x86_64-latest.args | 29 ++++++++++++++-----
.../disk-network-source-auth.xml | 12 ++++++++
tests/qemuxml2argvtest.c | 3 +-
.../disk-network-source-auth.xml | 13 +++++++++
tests/secretxml2xmlin/usage-ceph-space.xml | 7 +++++
tests/secretxml2xmltest.c | 1 +
10 files changed, 77 insertions(+), 15 deletions(-)
create mode 100644 tests/secretxml2xmlin/usage-ceph-space.xml
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 4fc6a7ee7a..701db7e7d2 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -6261,7 +6261,7 @@
<ref name="UUID"/>
</attribute>
<attribute name="usage">
- <ref name="genericName"/>
+ <ref name="objectName"/>
</attribute>
</choice>
</element>
diff --git a/docs/schemas/secret.rng b/docs/schemas/secret.rng
index 1aafe03e61..c90e2eb81f 100644
--- a/docs/schemas/secret.rng
+++ b/docs/schemas/secret.rng
@@ -60,7 +60,7 @@
<value>ceph</value>
</attribute>
<element name="name">
- <ref name="genericName"/>
+ <ref name="objectName"/>
</element>
</define>
@@ -69,7 +69,7 @@
<value>iscsi</value>
</attribute>
<element name="target">
- <ref name="genericName"/>
+ <ref name="objectName"/>
</element>
</define>
@@ -78,7 +78,7 @@
<value>tls</value>
</attribute>
<element name="name">
- <ref name="genericName"/>
+ <ref name="objectName"/>
</element>
</define>
@@ -87,7 +87,7 @@
<value>vtpm</value>
</attribute>
<element name="name">
- <ref name="genericName"/>
+ <ref name="objectName"/>
</element>
</define>
diff --git a/tests/qemuxml2argvdata/disk-network-source-auth.args b/tests/qemuxml2argvdata/disk-network-source-auth.args
index e68b81fde0..18d48b263f 100644
--- a/tests/qemuxml2argvdata/disk-network-source-auth.args
+++ b/tests/qemuxml2argvdata/disk-network-source-auth.args
@@ -35,4 +35,10 @@ key=QVFDVm41aE82SHpGQWhBQXEwTkN2OGp0SmNJY0UrSE9CbE1RMUE=:\
auth_supported=cephx\;none:mon_host=mon1.example.org\:6321\;mon2.example.org\:\
6322\;mon3.example.org\:6322,format=raw,if=none,id=drive-virtio-disk1' \
-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk1,\
-id=virtio-disk1
+id=virtio-disk1 \
+-drive 'file=rbd:pool/image2:id=myname:\
+key=QVFDVm41aE82SHpGQWhBQXEwTkN2OGp0SmNJY0UrSE9CbE1RMUE=:\
+auth_supported=cephx\;none:mon_host=mon1.example.org\:6321\;mon2.example.org\:\
+6322\;mon3.example.org\:6322,format=raw,if=none,id=drive-virtio-disk2' \
+-device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk2,\
+id=virtio-disk2
diff --git a/tests/qemuxml2argvdata/disk-network-source-auth.x86_64-2.12.0.args b/tests/qemuxml2argvdata/disk-network-source-auth.x86_64-2.12.0.args
index 279d5c73ec..0ccf3df106 100644
--- a/tests/qemuxml2argvdata/disk-network-source-auth.x86_64-2.12.0.args
+++ b/tests/qemuxml2argvdata/disk-network-source-auth.x86_64-2.12.0.args
@@ -45,6 +45,15 @@ mon_host=mon1.example.org\:6321\;mon2.example.org\:6322\;mon3.example.org\:\
id=drive-virtio-disk1' \
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x3,drive=drive-virtio-disk1,\
id=virtio-disk1 \
+-object secret,id=virtio-disk2-auth-secret0,\
+data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
+keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
+-drive 'file=rbd:pool/image2:id=myname:auth_supported=cephx\;none:\
+mon_host=mon1.example.org\:6321\;mon2.example.org\:6322\;mon3.example.org\:\
+6322,file.password-secret=virtio-disk2-auth-secret0,format=raw,if=none,\
+id=drive-virtio-disk2' \
+-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=drive-virtio-disk2,\
+id=virtio-disk2 \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\
resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/disk-network-source-auth.x86_64-latest.args b/tests/qemuxml2argvdata/disk-network-source-auth.x86_64-latest.args
index 257ca1376c..879a52123c 100644
--- a/tests/qemuxml2argvdata/disk-network-source-auth.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/disk-network-source-auth.x86_64-latest.args
@@ -29,21 +29,34 @@ file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \
-no-acpi \
-boot strict=on \
-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \
--object secret,id=libvirt-2-storage-auth-secret0,\
+-object secret,id=libvirt-3-storage-auth-secret0,\
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
-blockdev '{"driver":"iscsi","portal":"example.org:6000",\
"target":"iqn.1992-01.com.example:storage","lun":1,"transport":"tcp",\
-"user":"myname","password-secret":"libvirt-2-storage-auth-secret0",\
-"node-name":"libvirt-2-storage","auto-read-only":true,"discard":"unmap"}' \
+"user":"myname","password-secret":"libvirt-3-storage-auth-secret0",\
+"node-name":"libvirt-3-storage","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-3-format","read-only":false,"driver":"raw",\
+"file":"libvirt-3-storage"}' \
+-device virtio-blk-pci,bus=pci.0,addr=0x2,drive=libvirt-3-format,\
+id=virtio-disk0,bootindex=1 \
+-object secret,id=libvirt-2-storage-auth-secret0,\
+data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
+keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image",\
+"server":[{"host":"mon1.example.org","port":"6321"},{"host":"mon2.example.org",\
+"port":"6322"},{"host":"mon3.example.org","port":"6322"}],"user":"myname",\
+"auth-client-required":["cephx","none"],\
+"key-secret":"libvirt-2-storage-auth-secret0","node-name":"libvirt-2-storage",\
+"auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-2-format","read-only":false,"driver":"raw",\
"file":"libvirt-2-storage"}' \
--device virtio-blk-pci,bus=pci.0,addr=0x2,drive=libvirt-2-format,\
-id=virtio-disk0,bootindex=1 \
+-device virtio-blk-pci,bus=pci.0,addr=0x3,drive=libvirt-2-format,\
+id=virtio-disk1 \
-object secret,id=libvirt-1-storage-auth-secret0,\
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
--blockdev '{"driver":"rbd","pool":"pool","image":"image",\
+-blockdev '{"driver":"rbd","pool":"pool","image":"image2",\
"server":[{"host":"mon1.example.org","port":"6321"},{"host":"mon2.example.org",\
"port":"6322"},{"host":"mon3.example.org","port":"6322"}],"user":"myname",\
"auth-client-required":["cephx","none"],\
@@ -51,8 +64,8 @@ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
"auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw",\
"file":"libvirt-1-storage"}' \
--device virtio-blk-pci,bus=pci.0,addr=0x3,drive=libvirt-1-format,\
-id=virtio-disk1 \
+-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=libvirt-1-format,\
+id=virtio-disk2 \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\
resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/disk-network-source-auth.xml b/tests/qemuxml2argvdata/disk-network-source-auth.xml
index 7cc5c96ae7..0f8d29070f 100644
--- a/tests/qemuxml2argvdata/disk-network-source-auth.xml
+++ b/tests/qemuxml2argvdata/disk-network-source-auth.xml
@@ -36,6 +36,18 @@
</source>
<target dev='vdb' bus='virtio'/>
</disk>
+ <disk type='network' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source protocol='rbd' name='pool/image2'>
+ <host name='mon1.example.org' port='6321'/>
+ <host name='mon2.example.org' port='6322'/>
+ <host name='mon3.example.org' port='6322'/>
+ <auth username='myname'>
+ <secret type='ceph' usage='client.admin secret'/>
+ </auth>
+ </source>
+ <target dev='vdc' bus='virtio'/>
+ </disk>
<controller type='usb' index='0'/>
<controller type='pci' index='0' model='pci-root'/>
<input type='mouse' bus='ps2'/>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index d2712e0dce..b63ba29739 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -64,7 +64,8 @@ fakeSecretLookupByUsage(virConnectPtr conn,
usageID);
return NULL;
}
- } else if (STRNEQ(usageID, "mycluster_myname")) {
+ } else if (STRNEQ(usageID, "mycluster_myname") &&
+ STRNEQ(usageID, "client.admin secret")) {
virReportError(VIR_ERR_INTERNAL_ERROR,
"test provided incorrect usage '%s'", usageID);
return NULL;
diff --git a/tests/qemuxml2xmloutdata/disk-network-source-auth.xml b/tests/qemuxml2xmloutdata/disk-network-source-auth.xml
index b9f06448c1..d9c85c478d 100644
--- a/tests/qemuxml2xmloutdata/disk-network-source-auth.xml
+++ b/tests/qemuxml2xmloutdata/disk-network-source-auth.xml
@@ -38,6 +38,19 @@
<target dev='vdb' bus='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</disk>
+ <disk type='network' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source protocol='rbd' name='pool/image2'>
+ <host name='mon1.example.org' port='6321'/>
+ <host name='mon2.example.org' port='6322'/>
+ <host name='mon3.example.org' port='6322'/>
+ <auth username='myname'>
+ <secret type='ceph' usage='client.admin secret'/>
+ </auth>
+ </source>
+ <target dev='vdc' bus='virtio'/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
+ </disk>
<controller type='usb' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
</controller>
diff --git a/tests/secretxml2xmlin/usage-ceph-space.xml b/tests/secretxml2xmlin/usage-ceph-space.xml
new file mode 100644
index 0000000000..557b12474d
--- /dev/null
+++ b/tests/secretxml2xmlin/usage-ceph-space.xml
@@ -0,0 +1,7 @@
+<secret ephemeral='no' private='yes'>
+ <uuid>f52a81b2-424e-490c-823d-6bd4235bc573</uuid>
+ <description>Ceph secret with space and dot</description>
+ <usage type='ceph'>
+ <name>client.admin secret</name>
+ </usage>
+</secret>
diff --git a/tests/secretxml2xmltest.c b/tests/secretxml2xmltest.c
index 9eb3c460e7..74a262e1e8 100644
--- a/tests/secretxml2xmltest.c
+++ b/tests/secretxml2xmltest.c
@@ -74,6 +74,7 @@ mymain(void)
DO_TEST("ephemeral-usage-volume");
DO_TEST("usage-volume");
DO_TEST("usage-ceph");
+ DO_TEST("usage-ceph-space");
DO_TEST("usage-iscsi");
DO_TEST("usage-tls");
DO_TEST("usage-vtpm");
--
2.29.2
More information about the libvir-list
mailing list