[PATCH 02/11] qemuDomainValidateStorageSource: Reorganize encryption config validation
Peter Krempa
pkrempa at redhat.com
Fri Apr 22 15:31:46 UTC 2022
Move the two ad-hoc checks below into the block which already tests
whether encryption is requested.
If we first disallow the old-style qcow2 encryption we can remove a
whole block of validation later on.
Also the capability check for qcow2+luks can be simplified by moving it
into the same block.
Signed-off-by: Peter Krempa <pkrempa at redhat.com>
---
src/qemu/qemu_domain.c | 55 +++++++++++++-----------------------------
1 file changed, 17 insertions(+), 38 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 00c209313b..f3d9b2e48e 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -4821,25 +4821,6 @@ qemuDomainValidateStorageSource(virStorageSource *src,
return -1;
}
- if ((src->format == VIR_STORAGE_FILE_QCOW ||
- src->format == VIR_STORAGE_FILE_QCOW2) &&
- src->encryption &&
- (src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT ||
- src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_QCOW)) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("old qcow/qcow2 encryption is not supported"));
- return -1;
- }
-
- if (src->format == VIR_STORAGE_FILE_QCOW2 &&
- src->encryption &&
- src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS &&
- !virQEMUCapsGet(qemuCaps, QEMU_CAPS_QCOW2_LUKS)) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("LUKS encrypted QCOW2 images are not supported by this QEMU"));
- return -1;
- }
-
if (src->format == VIR_STORAGE_FILE_FAT &&
actualType != VIR_STORAGE_TYPE_VOLUME &&
actualType != VIR_STORAGE_TYPE_DIR) {
@@ -5019,6 +5000,13 @@ qemuDomainValidateStorageSource(virStorageSource *src,
}
if (src->encryption) {
+ if (src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT ||
+ src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_QCOW) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("old qcow/qcow2 encryption is not supported"));
+ return -1;
+ }
+
switch (src->encryption->engine) {
case VIR_STORAGE_ENCRYPTION_ENGINE_QEMU:
switch ((virStorageEncryptionFormatType) src->encryption->format) {
@@ -5040,38 +5028,29 @@ qemuDomainValidateStorageSource(virStorageSource *src,
}
break;
+
case VIR_STORAGE_ENCRYPTION_ENGINE_LIBRBD:
if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_RBD_ENCRYPTION)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("librbd encryption is not supported by this QEMU binary"));
return -1;
}
-
- switch ((virStorageEncryptionFormatType) src->encryption->format) {
- case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS:
- case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2:
- break;
-
- case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("librbd encryption engine only supports luks/luks2 formats"));
- return -1;
-
- case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
- case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
- default:
- virReportEnumRangeError(virStorageEncryptionFormatType,
- src->encryption->format);
- return -1;
- }
-
break;
+
case VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT:
case VIR_STORAGE_ENCRYPTION_ENGINE_LAST:
virReportEnumRangeError(virStorageEncryptionEngine,
src->encryption->engine);
return -1;
}
+
+ if (src->format == VIR_STORAGE_FILE_QCOW2 &&
+ src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS &&
+ !virQEMUCapsGet(qemuCaps, QEMU_CAPS_QCOW2_LUKS)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("LUKS encrypted QCOW2 images are not supported by this QEMU"));
+ return -1;
+ }
}
if (src->tlsHostname) {
--
2.35.1
More information about the libvir-list
mailing list