[PATCH v1 3/7] qemu: add support for multiple secret aliases
Or Ozeri
oro at il.ibm.com
Mon Mar 6 12:53:08 UTC 2023
Change secret aliases from %s-%s-secret0 to %s-%s-secret%lu,
which will later be used for storage encryption requiring more
than a single secret.
Signed-off-by: Or Ozeri <oro at il.ibm.com>
---
src/qemu/qemu_alias.c | 8 +++++---
src/qemu/qemu_alias.h | 3 ++-
src/qemu/qemu_domain.c | 14 ++++++++------
src/qemu/qemu_hotplug.c | 2 +-
src/qemu/qemu_migration_params.c | 2 +-
5 files changed, 17 insertions(+), 12 deletions(-)
diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c
index a9809797d5..2e0a50b68b 100644
--- a/src/qemu/qemu_alias.c
+++ b/src/qemu/qemu_alias.c
@@ -801,17 +801,19 @@ qemuDomainGetMasterKeyAlias(void)
/* qemuAliasForSecret:
* @parentalias: alias of the parent object
* @obj: optional sub-object of the parent device the secret is for
+ * @secret_idx: secret index number (0 in the case of a single secret)
*
* Generate alias for a secret object used by @parentalias device or one of
* the dependencies of the device described by @obj.
*/
char *
qemuAliasForSecret(const char *parentalias,
- const char *obj)
+ const char *obj,
+ size_t secret_idx)
{
if (obj)
- return g_strdup_printf("%s-%s-secret0", parentalias, obj);
- return g_strdup_printf("%s-secret0", parentalias);
+ return g_strdup_printf("%s-%s-secret%lu", parentalias, obj, secret_idx);
+ return g_strdup_printf("%s-secret%lu", parentalias, secret_idx);
}
/* qemuAliasTLSObjFromSrcAlias
diff --git a/src/qemu/qemu_alias.h b/src/qemu/qemu_alias.h
index f13f4cc5f8..eae08020dc 100644
--- a/src/qemu/qemu_alias.h
+++ b/src/qemu/qemu_alias.h
@@ -86,7 +86,8 @@ char *qemuAliasFromHostdev(const virDomainHostdevDef *hostdev);
char *qemuDomainGetMasterKeyAlias(void);
char *qemuAliasForSecret(const char *parentalias,
- const char *obj);
+ const char *obj,
+ size_t secret_idx);
char *qemuAliasTLSObjFromSrcAlias(const char *srcAlias)
ATTRIBUTE_NONNULL(1);
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index f5fd140c85..80c9852dae 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1317,6 +1317,7 @@ qemuDomainSecretInfoSetup(qemuDomainObjPrivate *priv,
* @priv: pointer to domain private object
* @srcalias: Alias of the disk/hostdev used to generate the secret alias
* @secretuse: specific usage for the secret (may be NULL if main object is using it)
+ * @secret_idx: secret index number (0 in the case of a single secret)
* @usageType: The virSecretUsageType
* @username: username to use for authentication (may be NULL)
* @seclookupdef: Pointer to seclookupdef data
@@ -1329,12 +1330,13 @@ static qemuDomainSecretInfo *
qemuDomainSecretInfoSetupFromSecret(qemuDomainObjPrivate *priv,
const char *srcalias,
const char *secretuse,
+ size_t secret_idx,
virSecretUsageType usageType,
const char *username,
virSecretLookupTypeDef *seclookupdef)
{
qemuDomainSecretInfo *secinfo;
- g_autofree char *alias = qemuAliasForSecret(srcalias, secretuse);
+ g_autofree char *alias = qemuAliasForSecret(srcalias, secretuse, secret_idx);
g_autofree uint8_t *secret = NULL;
size_t secretlen = 0;
VIR_IDENTITY_AUTORESTORE virIdentity *oldident = virIdentityElevateCurrent();
@@ -1384,7 +1386,7 @@ qemuDomainSecretInfoTLSNew(qemuDomainObjPrivate *priv,
}
seclookupdef.type = VIR_SECRET_LOOKUP_TYPE_UUID;
- return qemuDomainSecretInfoSetupFromSecret(priv, srcAlias, NULL,
+ return qemuDomainSecretInfoSetupFromSecret(priv, srcAlias, NULL, 0,
VIR_SECRET_USAGE_TYPE_TLS,
NULL, &seclookupdef);
}
@@ -1411,7 +1413,7 @@ qemuDomainSecretStorageSourcePrepareCookies(qemuDomainObjPrivate *priv,
virStorageSource *src,
const char *aliasprotocol)
{
- g_autofree char *secretalias = qemuAliasForSecret(aliasprotocol, "httpcookie");
+ g_autofree char *secretalias = qemuAliasForSecret(aliasprotocol, "httpcookie", 0);
g_autofree char *cookies = qemuBlockStorageSourceGetCookieString(src);
return qemuDomainSecretInfoSetup(priv, secretalias, NULL,
@@ -1460,7 +1462,7 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivate *priv,
usageType = VIR_SECRET_USAGE_TYPE_CEPH;
if (!(srcPriv->secinfo = qemuDomainSecretInfoSetupFromSecret(priv, aliasprotocol,
- "auth",
+ "auth", 0,
usageType,
src->auth->username,
&src->auth->seclookupdef)))
@@ -1469,7 +1471,7 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivate *priv,
if (hasEnc) {
if (!(srcPriv->encinfo = qemuDomainSecretInfoSetupFromSecret(priv, aliasformat,
- "encryption",
+ "encryption", 0,
VIR_SECRET_USAGE_TYPE_VOLUME,
NULL,
&src->encryption->secrets[0]->seclookupdef)))
@@ -11181,7 +11183,7 @@ qemuDomainPrepareHostdev(virDomainHostdevDef *hostdev,
if (!(srcPriv->secinfo = qemuDomainSecretInfoSetupFromSecret(priv,
backendalias,
- NULL,
+ NULL, 0,
usageType,
src->auth->username,
&src->auth->seclookupdef)))
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index da17525824..f15b4ea31f 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1753,7 +1753,7 @@ qemuDomainDelChardevTLSObjects(virQEMUDriver *driver,
* secret UUID and we have a serial TCP chardev, then formulate a
* secAlias which we'll attempt to destroy. */
if (cfg->chardevTLSx509secretUUID &&
- !(secAlias = qemuAliasForSecret(inAlias, NULL)))
+ !(secAlias = qemuAliasForSecret(inAlias, NULL, 0)))
return -1;
qemuDomainObjEnterMonitor(vm);
diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_params.c
index bd09dcfb23..0d747580f4 100644
--- a/src/qemu/qemu_migration_params.c
+++ b/src/qemu/qemu_migration_params.c
@@ -1129,7 +1129,7 @@ qemuMigrationParamsResetTLS(virDomainObj *vm,
return;
tlsAlias = qemuAliasTLSObjFromSrcAlias(QEMU_MIGRATION_TLS_ALIAS_BASE);
- secAlias = qemuAliasForSecret(QEMU_MIGRATION_TLS_ALIAS_BASE, NULL);
+ secAlias = qemuAliasForSecret(QEMU_MIGRATION_TLS_ALIAS_BASE, NULL, 0);
qemuDomainDelTLSObjects(vm, asyncJob, secAlias, tlsAlias);
g_clear_pointer(&QEMU_DOMAIN_PRIVATE(vm)->migSecinfo, qemuDomainSecretInfoFree);
--
2.25.1
More information about the libvir-list
mailing list