[PATCH v4 3/5] conf: add encryption engine property

Thu Oct 21 11:10:32 UTC 2021

On Thu, Oct 07, 2021 at 14:21:19 -0500, Or Ozeri wrote:
> This commit extends libvirt XML configuration to support a custom encryption engine.
> This means that <encryption format="luks" engine="qemu">  becomes valid.
> The only engine for now is qemu. However, a new engine (librbd) will be added in an upcoming commit.
> If no engine is specified, qemu will be used (assuming qemu driver is used).
> 
> Signed-off-by: Or Ozeri <oro at il.ibm.com>
> ---
>  docs/formatstorageencryption.html.in          |  6 +++++
>  docs/schemas/domainbackup.rng                 |  7 +++++
>  docs/schemas/storagecommon.rng                |  7 +++++
>  src/conf/storage_encryption_conf.c            | 27 ++++++++++++++++++-
>  src/conf/storage_encryption_conf.h            |  9 +++++++
>  src/qemu/qemu_block.c                         |  2 ++
>  src/qemu/qemu_domain.c                        | 20 ++++++++++++++
>  tests/qemustatusxml2xmldata/upgrade-out.xml   |  6 ++---
>  tests/qemuxml2argvdata/disk-nvme.xml          |  2 +-
>  .../qemuxml2argvdata/encrypted-disk-usage.xml |  2 +-
>  tests/qemuxml2argvdata/luks-disks.xml         |  4 +--
>  tests/qemuxml2argvdata/user-aliases.xml       |  2 +-
>  .../disk-slices.x86_64-latest.xml             |  4 +--
>  tests/qemuxml2xmloutdata/encrypted-disk.xml   |  2 +-
>  .../luks-disks-source-qcow2.x86_64-latest.xml | 14 +++++-----
>  .../qemuxml2xmloutdata/luks-disks-source.xml  | 10 +++----
>  16 files changed, 100 insertions(+), 24 deletions(-)
> 
> diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencryption.html.in
> index 7215c307d7..178fcd0d7c 100644
> --- a/docs/formatstorageencryption.html.in
> +++ b/docs/formatstorageencryption.html.in
> @@ -23,6 +23,12 @@
>        content of the <code>encryption</code> tag.  Other format values may be
>        defined in the future.
>      </p>
> +    <p>
> +      The <code>encryption</code> tag supports an optional <code>engine</code>
> +      tag, which allows selecting which component actually handles
> +      the encryption. Currently defined values of <code>engine</code> are
> +      <code>qemu</code>.
> +    </p>

I'll add a note and possibly also a check that this works only in the
qemu VM driver, and not in the storage driver as this part of the docs
is shared between those two.

>      <p>
>        The <code>encryption</code> tag can currently contain a sequence of
>        <code>secret</code> tags, each with mandatory attributes <code>type</code>

> @@ -217,6 +223,7 @@ virStorageEncryptionParseNode(xmlNodePtr node,
>      xmlNodePtr *nodes = NULL;
>      virStorageEncryption *encdef = NULL;
>      virStorageEncryption *ret = NULL;
> +    g_autofree char *engine_str = NULL;

This is unused. I'll remove it before pushing.

>      g_autofree char *format_str = NULL;
>      int n;
>      size_t i;

Reviewed-by: Peter Krempa <pkrempa at redhat.com>