From: John Ferlan Date: Mon, 30 May 2016 11:47:46 +0000 (-0400) Subject: util: Add 'usage' for encryption X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=47e88b33befa1aafa4fd4db99c77a45c66d41c0a;p=libvirt.git util: Add 'usage' for encryption In order to use more common code and set up for a future type, modify the encryption secret to allow the "usage" attribute or the "uuid" attribute to define the secret. The "usage" in the case of a volume secret would be the path to the volume as dictated by the backwards compatibility brought on by virStorageGenerateQcowEncryption where it set up the usage field as the vol->target.path and didn't allow someone to provide it. This carries into virSecretObjListFindByUsageLocked which takes the secret usage attribute value from from the domain disk definition and compares it against the usage type from the secret definition. Since none of the code dealing with qcow/qcow2 encryption secrets uses usage for lookup, it's a mostly cosmetic change. The real usage comes in a future path where the encryption is expanded to be a luks volume and the secret will allow definition of the usage field. This code will make use of the virSecretLookup{Parse|Format}Secret common code. Signed-off-by: John Ferlan --- diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencryption.html.in index 04c3346614..58e1073561 100644 --- a/docs/formatstorageencryption.html.in +++ b/docs/formatstorageencryption.html.in @@ -25,10 +25,14 @@

The encryption tag can currently contain a sequence of secret tags, each with mandatory attributes type - and uuid. The only currently defined value of - type is passphrase. uuid - refers to a secret known to libvirt. libvirt can use a secret value - previously set using virSecretSetValue(), or, if supported + and either uuid or usage + (since 2.1.0). The only currently defined + value of type is passphrase. The + uuid is "uuid" of the secret while + usage is the value "usage" subelement field. + A secret value can be set in libvirt by the + + virSecretSetValue API. Alternatively, if supported by the particular volume format and driver, automatically generate a secret value at the time of volume creation, and store it using the specified uuid. diff --git a/docs/schemas/storagecommon.rng b/docs/schemas/storagecommon.rng index 7c0446247c..c5b71deb7c 100644 --- a/docs/schemas/storagecommon.rng +++ b/docs/schemas/storagecommon.rng @@ -27,9 +27,14 @@ passphrase - - - + + + + + + + + diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 4eb35ea93d..4ffd9b7f14 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -70,6 +70,7 @@ #include "virnuma.h" #include "virstring.h" #include "virhostdev.h" +#include "secret_util.h" #include "storage/storage_driver.h" #include "configmake.h" #include "nwfilter_conf.h" @@ -377,7 +378,6 @@ qemuProcessGetVolumeQcowPassphrase(virConnectPtr conn, char **secretRet, size_t *secretLen) { - virSecretPtr secret; char *passphrase; unsigned char *data; size_t size; @@ -416,14 +416,9 @@ qemuProcessGetVolumeQcowPassphrase(virConnectPtr conn, goto cleanup; } - secret = conn->secretDriver->secretLookupByUUID(conn, - enc->secrets[0]->uuid); - if (secret == NULL) - goto cleanup; - data = conn->secretDriver->secretGetValue(secret, &size, 0, - VIR_SECRET_GET_VALUE_INTERNAL_CALL); - virObjectUnref(secret); - if (data == NULL) + if (virSecretGetSecretString(conn, &enc->secrets[0]->seclookupdef, + VIR_SECRET_USAGE_TYPE_VOLUME, + &data, &size) < 0) goto cleanup; if (memchr(data, '\0', size) != NULL) { diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c index 5adf1fd71b..d6a451d20c 100644 --- a/src/storage/storage_backend.c +++ b/src/storage/storage_backend.c @@ -648,7 +648,8 @@ virStorageGenerateQcowEncryption(virConnectPtr conn, goto cleanup; enc_secret->type = VIR_STORAGE_ENCRYPTION_SECRET_TYPE_PASSPHRASE; - memcpy(enc_secret->uuid, secret->uuid, VIR_UUID_BUFLEN); + enc_secret->seclookupdef.type = VIR_SECRET_LOOKUP_TYPE_UUID; + memcpy(enc_secret->seclookupdef.u.uuid, secret->uuid, VIR_UUID_BUFLEN); enc->format = VIR_STORAGE_ENCRYPTION_FORMAT_QCOW; enc->secrets[0] = enc_secret; /* Space for secrets[0] allocated above */ enc_secret = NULL; diff --git a/src/storage/storage_backend_fs.c b/src/storage/storage_backend_fs.c index 44dabf4774..839a2c70b2 100644 --- a/src/storage/storage_backend_fs.c +++ b/src/storage/storage_backend_fs.c @@ -1312,7 +1312,8 @@ virStorageBackendFileSystemLoadDefaultSecrets(virConnectPtr conn, vol->target.encryption->secrets[0] = encsec; encsec->type = VIR_STORAGE_ENCRYPTION_SECRET_TYPE_PASSPHRASE; - virSecretGetUUID(sec, encsec->uuid); + encsec->seclookupdef.type = VIR_SECRET_LOOKUP_TYPE_UUID; + virSecretGetUUID(sec, encsec->seclookupdef.u.uuid); virObjectUnref(sec); return 0; diff --git a/src/util/virstorageencryption.c b/src/util/virstorageencryption.c index 8105158d18..afb44da54d 100644 --- a/src/util/virstorageencryption.c +++ b/src/util/virstorageencryption.c @@ -34,6 +34,7 @@ #include "virerror.h" #include "viruuid.h" #include "virfile.h" +#include "virsecret.h" #define VIR_FROM_THIS VIR_FROM_STORAGE @@ -114,6 +115,7 @@ virStorageEncryptionSecretParse(xmlXPathContextPtr ctxt, virStorageEncryptionSecretPtr ret; char *type_str = NULL; char *uuidstr = NULL; + char *usagestr = NULL; if (VIR_ALLOC(ret) < 0) return NULL; @@ -133,21 +135,12 @@ virStorageEncryptionSecretParse(xmlXPathContextPtr ctxt, type_str); goto cleanup; } - VIR_FREE(type_str); - if ((uuidstr = virXPathString("string(./@uuid)", ctxt))) { - if (virUUIDParse(uuidstr, ret->uuid) < 0) { - virReportError(VIR_ERR_XML_ERROR, - _("malformed volume encryption uuid '%s'"), - uuidstr); - goto cleanup; - } - VIR_FREE(uuidstr); - } else { - virReportError(VIR_ERR_XML_ERROR, "%s", - _("missing volume encryption uuid")); + if (virSecretLookupParseSecret(node, &ret->seclookupdef) < 0) goto cleanup; - } + + VIR_FREE(type_str); + ctxt->node = old_node; return ret; @@ -155,6 +148,7 @@ virStorageEncryptionSecretParse(xmlXPathContextPtr ctxt, VIR_FREE(type_str); virStorageEncryptionSecretFree(ret); VIR_FREE(uuidstr); + VIR_FREE(usagestr); ctxt->node = old_node; return NULL; } @@ -244,7 +238,6 @@ virStorageEncryptionSecretFormat(virBufferPtr buf, virStorageEncryptionSecretPtr secret) { const char *type; - char uuidstr[VIR_UUID_STRING_BUFLEN]; if (!(type = virStorageEncryptionSecretTypeToString(secret->type))) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -252,9 +245,8 @@ virStorageEncryptionSecretFormat(virBufferPtr buf, return -1; } - virUUIDFormat(secret->uuid, uuidstr); - virBufferAsprintf(buf, "\n", - type, uuidstr); + virSecretLookupFormatSecret(buf, type, &secret->seclookupdef); + return 0; } diff --git a/src/util/virstorageencryption.h b/src/util/virstorageencryption.h index 04641b1dcd..c68c66ebde 100644 --- a/src/util/virstorageencryption.h +++ b/src/util/virstorageencryption.h @@ -25,6 +25,7 @@ # include "internal.h" # include "virbuffer.h" +# include "virsecret.h" # include "virutil.h" # include @@ -40,7 +41,7 @@ typedef struct _virStorageEncryptionSecret virStorageEncryptionSecret; typedef virStorageEncryptionSecret *virStorageEncryptionSecretPtr; struct _virStorageEncryptionSecret { int type; /* virStorageEncryptionSecretType */ - unsigned char uuid[VIR_UUID_BUFLEN]; + virSecretLookupTypeDef seclookupdef; }; typedef enum { diff --git a/tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.args b/tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.args new file mode 100644 index 0000000000..4371413230 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.args @@ -0,0 +1,24 @@ +LC_ALL=C \ +PATH=/bin \ +HOME=/home/test \ +USER=test \ +LOGNAME=test \ +QEMU_AUDIO_DRV=none \ +/usr/bin/qemu \ +-name encryptdisk \ +-S \ +-M pc \ +-m 1024 \ +-smp 1 \ +-uuid 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 \ +-nographic \ +-nodefaults \ +-monitor unix:/tmp/lib/domain--1-encryptdisk/monitor.sock,server,nowait \ +-no-acpi \ +-boot c \ +-usb \ +-drive file=/storage/guest_disks/encryptdisk,format=qcow2,if=none,\ +id=drive-virtio-disk0 \ +-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\ +id=virtio-disk0 \ +-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.xml b/tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.xml new file mode 100644 index 0000000000..ec6413f71f --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.xml @@ -0,0 +1,36 @@ + + encryptdisk + 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 + 1048576 + 524288 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu + + + + + + + +

+ + +
+ + + + + +
+ + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index a73db5ec85..f8bd91c01a 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -1341,6 +1341,7 @@ mymain(void) driver.caps->host.cpu = cpuDefault; DO_TEST("encrypted-disk", NONE); + DO_TEST("encrypted-disk-usage", NONE); DO_TEST("memtune", NONE); DO_TEST("memtune-unlimited", NONE); diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-encrypted-disk-usage.xml b/tests/qemuxml2xmloutdata/qemuxml2xmlout-encrypted-disk-usage.xml new file mode 120000 index 0000000000..824120a52a --- /dev/null +++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-encrypted-disk-usage.xml @@ -0,0 +1 @@ +../qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.xml \ No newline at end of file diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c index 7db9cb7931..d045fd4fc4 100644 --- a/tests/qemuxml2xmltest.c +++ b/tests/qemuxml2xmltest.c @@ -501,6 +501,7 @@ mymain(void) DO_TEST("pci-serial-dev-chardev"); DO_TEST("encrypted-disk"); + DO_TEST("encrypted-disk-usage"); DO_TEST("memtune"); DO_TEST("memtune-unlimited"); DO_TEST("blkiotune");