<p>
The <code>encryption</code> tag can currently contain a sequence of
<code>secret</code> tags, each with mandatory attributes <code>type</code>
- and <code>uuid</code>. The only currently defined value of
- <code>type</code> is <code>passphrase</code>. <code>uuid</code>
- refers to a secret known to libvirt. libvirt can use a secret value
- previously set using <code>virSecretSetValue()</code>, or, if supported
+ and either <code>uuid</code> or <code>usage</code>
+ (<span class="since">since 2.1.0</span>). The only currently defined
+ value of <code>type</code> is <code>passphrase</code>. The
+ <code>uuid</code> is "uuid" of the <code>secret</code> while
+ <code>usage</code> is the value "usage" subelement field.
+ A secret value can be set in libvirt by the
+ <a href="html/libvirt-libvirt-secret.html#virSecretSetValue">
+ <code>virSecretSetValue</code></a> API. Alternatively, if supported
by the particular volume format and driver, automatically generate a
secret value at the time of volume creation, and store it using the
specified <code>uuid</code>.
<value>passphrase</value>
</choice>
</attribute>
- <attribute name='uuid'>
- <ref name="UUID"/>
- </attribute>
+ <choice>
+ <attribute name='uuid'>
+ <ref name="UUID"/>
+ </attribute>
+ <attribute name='usage'>
+ <text/>
+ </attribute>
+ </choice>
</element>
</define>
#include "virnuma.h"
#include "virstring.h"
#include "virhostdev.h"
+#include "secret_util.h"
#include "storage/storage_driver.h"
#include "configmake.h"
#include "nwfilter_conf.h"
char **secretRet,
size_t *secretLen)
{
- virSecretPtr secret;
char *passphrase;
unsigned char *data;
size_t size;
goto cleanup;
}
- secret = conn->secretDriver->secretLookupByUUID(conn,
- enc->secrets[0]->uuid);
- if (secret == NULL)
- goto cleanup;
- data = conn->secretDriver->secretGetValue(secret, &size, 0,
- VIR_SECRET_GET_VALUE_INTERNAL_CALL);
- virObjectUnref(secret);
- if (data == NULL)
+ if (virSecretGetSecretString(conn, &enc->secrets[0]->seclookupdef,
+ VIR_SECRET_USAGE_TYPE_VOLUME,
+ &data, &size) < 0)
goto cleanup;
if (memchr(data, '\0', size) != NULL) {
goto cleanup;
enc_secret->type = VIR_STORAGE_ENCRYPTION_SECRET_TYPE_PASSPHRASE;
- memcpy(enc_secret->uuid, secret->uuid, VIR_UUID_BUFLEN);
+ enc_secret->seclookupdef.type = VIR_SECRET_LOOKUP_TYPE_UUID;
+ memcpy(enc_secret->seclookupdef.u.uuid, secret->uuid, VIR_UUID_BUFLEN);
enc->format = VIR_STORAGE_ENCRYPTION_FORMAT_QCOW;
enc->secrets[0] = enc_secret; /* Space for secrets[0] allocated above */
enc_secret = NULL;
vol->target.encryption->secrets[0] = encsec;
encsec->type = VIR_STORAGE_ENCRYPTION_SECRET_TYPE_PASSPHRASE;
- virSecretGetUUID(sec, encsec->uuid);
+ encsec->seclookupdef.type = VIR_SECRET_LOOKUP_TYPE_UUID;
+ virSecretGetUUID(sec, encsec->seclookupdef.u.uuid);
virObjectUnref(sec);
return 0;
#include "virerror.h"
#include "viruuid.h"
#include "virfile.h"
+#include "virsecret.h"
#define VIR_FROM_THIS VIR_FROM_STORAGE
virStorageEncryptionSecretPtr ret;
char *type_str = NULL;
char *uuidstr = NULL;
+ char *usagestr = NULL;
if (VIR_ALLOC(ret) < 0)
return NULL;
type_str);
goto cleanup;
}
- VIR_FREE(type_str);
- if ((uuidstr = virXPathString("string(./@uuid)", ctxt))) {
- if (virUUIDParse(uuidstr, ret->uuid) < 0) {
- virReportError(VIR_ERR_XML_ERROR,
- _("malformed volume encryption uuid '%s'"),
- uuidstr);
- goto cleanup;
- }
- VIR_FREE(uuidstr);
- } else {
- virReportError(VIR_ERR_XML_ERROR, "%s",
- _("missing volume encryption uuid"));
+ if (virSecretLookupParseSecret(node, &ret->seclookupdef) < 0)
goto cleanup;
- }
+
+ VIR_FREE(type_str);
+
ctxt->node = old_node;
return ret;
VIR_FREE(type_str);
virStorageEncryptionSecretFree(ret);
VIR_FREE(uuidstr);
+ VIR_FREE(usagestr);
ctxt->node = old_node;
return NULL;
}
virStorageEncryptionSecretPtr secret)
{
const char *type;
- char uuidstr[VIR_UUID_STRING_BUFLEN];
if (!(type = virStorageEncryptionSecretTypeToString(secret->type))) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
return -1;
}
- virUUIDFormat(secret->uuid, uuidstr);
- virBufferAsprintf(buf, "<secret type='%s' uuid='%s'/>\n",
- type, uuidstr);
+ virSecretLookupFormatSecret(buf, type, &secret->seclookupdef);
+
return 0;
}
# include "internal.h"
# include "virbuffer.h"
+# include "virsecret.h"
# include "virutil.h"
# include <libxml/tree.h>
typedef virStorageEncryptionSecret *virStorageEncryptionSecretPtr;
struct _virStorageEncryptionSecret {
int type; /* virStorageEncryptionSecretType */
- unsigned char uuid[VIR_UUID_BUFLEN];
+ virSecretLookupTypeDef seclookupdef;
};
typedef enum {
--- /dev/null
+LC_ALL=C \
+PATH=/bin \
+HOME=/home/test \
+USER=test \
+LOGNAME=test \
+QEMU_AUDIO_DRV=none \
+/usr/bin/qemu \
+-name encryptdisk \
+-S \
+-M pc \
+-m 1024 \
+-smp 1 \
+-uuid 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 \
+-nographic \
+-nodefaults \
+-monitor unix:/tmp/lib/domain--1-encryptdisk/monitor.sock,server,nowait \
+-no-acpi \
+-boot c \
+-usb \
+-drive file=/storage/guest_disks/encryptdisk,format=qcow2,if=none,\
+id=drive-virtio-disk0 \
+-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
+id=virtio-disk0 \
+-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3
--- /dev/null
+<domain type='qemu'>
+ <name>encryptdisk</name>
+ <uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
+ <memory unit='KiB'>1048576</memory>
+ <currentMemory unit='KiB'>524288</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu</emulator>
+ <disk type='file' device='disk'>
+ <driver name='qemu' type='qcow2'/>
+ <source file='/storage/guest_disks/encryptdisk'/>
+ <target dev='vda' bus='virtio'/>
+ <encryption format='qcow'>
+ <secret type='passphrase' usage='/storage/guest_disks/encryptdisk'/>
+ </encryption>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
+ </disk>
+ <controller type='usb' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
+ </controller>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <memballoon model='virtio'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+ </memballoon>
+ </devices>
+</domain>
driver.caps->host.cpu = cpuDefault;
DO_TEST("encrypted-disk", NONE);
+ DO_TEST("encrypted-disk-usage", NONE);
DO_TEST("memtune", NONE);
DO_TEST("memtune-unlimited", NONE);
--- /dev/null
+../qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.xml
\ No newline at end of file
DO_TEST("pci-serial-dev-chardev");
DO_TEST("encrypted-disk");
+ DO_TEST("encrypted-disk-usage");
DO_TEST("memtune");
DO_TEST("memtune-unlimited");
DO_TEST("blkiotune");
projects / libvirt.git / commitdiff