conf: backup: Store 'tlsAlias' and 'tlsSecretAlias' as internals of a backup

Add fields for storing the aliases necessary to clean up the TLS env for
a backup job after it finishes.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>

diff --git a/src/conf/backup_conf.c b/src/conf/backup_conf.c
index e9eea5af75048ae5f6893129340ff175798a8b7c..2fb741807bfd05ffc6434bfab8e4afa8c494587d 100644 (file)
--- a/src/conf/backup_conf.c
+++ b/src/conf/backup_conf.c
@@ -79,6 +79,10 @@ virDomainBackupDefFree(virDomainBackupDefPtr def)
     }
 
     g_free(def->disks);
+
+    g_free(def->tlsAlias);
+    g_free(def->tlsSecretAlias);
+
     g_free(def);
 }
 
@@ -192,6 +196,19 @@ virDomainBackupDiskDefParseXML(xmlNodePtr node,
 }
 
 
+static void
+virDomainBackupDefParsePrivate(virDomainBackupDefPtr def,
+                               xmlXPathContextPtr ctxt,
+                               unsigned int flags)
+{
+    if (!(flags & VIR_DOMAIN_BACKUP_PARSE_INTERNAL))
+        return;
+
+    def->tlsSecretAlias = virXPathString("string(./privateData/objects/secret[@type='tlskey']/@alias)", ctxt);
+    def->tlsAlias = virXPathString("string(./privateData/objects/TLSx509/@alias)", ctxt);
+}
+
+
 static virDomainBackupDefPtr
 virDomainBackupDefParse(xmlXPathContextPtr ctxt,
                         virDomainXMLOptionPtr xmlopt,
@@ -261,6 +278,8 @@ virDomainBackupDefParse(xmlXPathContextPtr ctxt,
             return NULL;
     }
 
+    virDomainBackupDefParsePrivate(def, ctxt, flags);
+
     return g_steal_pointer(&def);
 }
 
@@ -360,6 +379,26 @@ virDomainBackupDiskDefFormat(virBufferPtr buf,
 }
 
 
+static void
+virDomainBackupDefFormatPrivate(virBufferPtr buf,
+                                virDomainBackupDefPtr def,
+                                bool internal)
+{
+    g_auto(virBuffer) privChildBuf = VIR_BUFFER_INIT_CHILD(buf);
+    g_auto(virBuffer) objectsChildBuf = VIR_BUFFER_INIT_CHILD(&privChildBuf);
+
+    if (!internal)
+        return;
+
+    virBufferEscapeString(&objectsChildBuf, "<secret type='tlskey' alias='%s'/>\n",
+                          def->tlsSecretAlias);
+    virBufferEscapeString(&objectsChildBuf, "<TLSx509 alias='%s'/>\n", def->tlsAlias);
+
+    virXMLFormatElement(&privChildBuf, "objects", NULL, &objectsChildBuf);
+    virXMLFormatElement(buf, "privateData", NULL, &privChildBuf);
+}
+
+
 int
 virDomainBackupDefFormat(virBufferPtr buf,
                          virDomainBackupDefPtr def,
@@ -394,6 +433,9 @@ virDomainBackupDefFormat(virBufferPtr buf,
     }
 
     virXMLFormatElement(&childBuf, "disks", NULL, &disksChildBuf);
+
+    virDomainBackupDefFormatPrivate(&childBuf, def, internal);
+
     virXMLFormatElement(buf, "domainbackup", &attrBuf, &childBuf);
 
     return 0;

diff --git a/src/conf/backup_conf.h b/src/conf/backup_conf.h
index 172eb1cf1cc51ca4ad5807166fd86fb0bc973dd8..ad5d9cb00cbcfe9a849ae79b2387adfef9842527 100644 (file)
--- a/src/conf/backup_conf.h
+++ b/src/conf/backup_conf.h
@@ -75,6 +75,11 @@ struct _virDomainBackupDef {
     virDomainBackupDiskDef *disks;
 
     /* internal data */
+
+    /* NBD TLS internals */
+    char *tlsAlias;
+    char *tlsSecretAlias;
+
     /* statistic totals for completed disks */
     unsigned long long push_transferred;
     unsigned long long push_total;

diff --git a/tests/domainbackupxml2xmlin/backup-pull-internal-invalid.xml b/tests/domainbackupxml2xmlin/backup-pull-internal-invalid.xml
new file mode 100644 (file)
index 0000000..261dec0
--- /dev/null
+++ b/tests/domainbackupxml2xmlin/backup-pull-internal-invalid.xml
@@ -0,0 +1,36 @@
+<domainbackup mode='pull'>
+  <incremental>1525889631</incremental>
+  <server transport='tcp' name='localhost' port='10809'/>
+  <disks>
+    <disk name='vda' backup='yes' state='running' type='file' exportname='test-vda' exportbitmap='blah'>
+      <driver type='qcow2'/>
+      <scratch file='/path/to/file'>
+        <encryption format='luks'>
+          <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
+        </encryption>
+      </scratch>
+    </disk>
+    <disk name='vdb' backup='yes' state='complete' type='file' exportname='test-vda' exportbitmap='blah'>
+      <driver type='qcow2'/>
+      <scratch file='/path/to/file'>
+        <encryption format='luks'>
+          <secret type='passphrase' usage='/storage/backup/vdb'/>
+        </encryption>
+      </scratch>
+    </disk>
+    <disk name='vdc' backup='yes' state='running' type='block'>
+      <driver type='qcow2'/>
+      <scratch dev='/dev/block'>
+        <encryption format='luks'>
+          <secret type='passphrase' usage='/storage/backup/vdc'/>
+        </encryption>
+      </scratch>
+    </disk>
+  </disks>
+  <privateData>
+    <objects>
+      <secret type='tlskey' alias='test-tlskey'/>
+      <TLSx509 alias='test-tlsobj'/>
+    </objects>
+  </privateData>
+</domainbackup>

diff --git a/tests/domainbackupxml2xmlout/backup-pull-internal-invalid.xml b/tests/domainbackupxml2xmlout/backup-pull-internal-invalid.xml
new file mode 120000 (symlink)
index 0000000..055ca37
--- /dev/null
+++ b/tests/domainbackupxml2xmlout/backup-pull-internal-invalid.xml
@@ -0,0 +1 @@
+../domainbackupxml2xmlin/backup-pull-internal-invalid.xml
\ No newline at end of file

diff --git a/tests/genericxml2xmltest.c b/tests/genericxml2xmltest.c
index cf07f9bb795f219a1ffd0f94c8b5e68f2c8ab9e6..2c1e8616ddc86923b636ad2d7d3400dfb5d08822 100644 (file)
--- a/tests/genericxml2xmltest.c
+++ b/tests/genericxml2xmltest.c
@@ -215,6 +215,8 @@ mymain(void)
     DO_TEST_BACKUP("backup-push-seclabel");
     DO_TEST_BACKUP("backup-push-encrypted");
 
+    DO_TEST_BACKUP_FULL("backup-pull-internal-invalid", true);
+
 
     virObjectUnref(caps);
     virObjectUnref(xmlopt);