[PATCH 02/11] qemuDomainValidateStorageSource: Reorganize encryption config validation

Move the two ad-hoc checks below into the block which already tests whether encryption is requested. If we first disallow the old-style qcow2 encryption we can remove a whole block of validation later on. Also the capability check for qcow2+luks can be simplified by moving it into the same block. Signed-off-by: Peter Krempa <pkrempa(a)redhat.com&gt; --- src/qemu/qemu_domain.c | 55 +++++++++++++----------------------------- 1 file changed, 17 insertions(+), 38 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 00c209313b..f3d9b2e48e 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -4821,25 +4821,6 @@ qemuDomainValidateStorageSource(virStorageSource *src, return -1; } - if ((src->format == VIR_STORAGE_FILE_QCOW || - src->format == VIR_STORAGE_FILE_QCOW2) && - src->encryption && - (src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT || - src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_QCOW)) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("old qcow/qcow2 encryption is not supported")); - return -1; - } - - if (src->format == VIR_STORAGE_FILE_QCOW2 && - src->encryption && - src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS && - !virQEMUCapsGet(qemuCaps, QEMU_CAPS_QCOW2_LUKS)) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("LUKS encrypted QCOW2 images are not supported by this QEMU")); - return -1; - } - if (src->format == VIR_STORAGE_FILE_FAT && actualType != VIR_STORAGE_TYPE_VOLUME && actualType != VIR_STORAGE_TYPE_DIR) { @@ -5019,6 +5000,13 @@ qemuDomainValidateStorageSource(virStorageSource *src, } if (src->encryption) { + if (src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT || + src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_QCOW) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("old qcow/qcow2 encryption is not supported")); + return -1; + } + switch (src->encryption->engine) { case VIR_STORAGE_ENCRYPTION_ENGINE_QEMU: switch ((virStorageEncryptionFormatType) src->encryption->format) { @@ -5040,38 +5028,29 @@ qemuDomainValidateStorageSource(virStorageSource *src, } break; + case VIR_STORAGE_ENCRYPTION_ENGINE_LIBRBD: if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_RBD_ENCRYPTION)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("librbd encryption is not supported by this QEMU binary")); return -1; } - - switch ((virStorageEncryptionFormatType) src->encryption->format) { - case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS: - case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2: - break; - - case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW: - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("librbd encryption engine only supports luks/luks2 formats")); - return -1; - - case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT: - case VIR_STORAGE_ENCRYPTION_FORMAT_LAST: - default: - virReportEnumRangeError(virStorageEncryptionFormatType, - src->encryption->format); - return -1; - } - break; + case VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT: case VIR_STORAGE_ENCRYPTION_ENGINE_LAST: virReportEnumRangeError(virStorageEncryptionEngine, src->encryption->engine); return -1; } + + if (src->format == VIR_STORAGE_FILE_QCOW2 && + src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS && + !virQEMUCapsGet(qemuCaps, QEMU_CAPS_QCOW2_LUKS)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("LUKS encrypted QCOW2 images are not supported by this QEMU")); + return -1; + } } if (src->tlsHostname) { -- 2.35.1