1:40 p.m.
This prepares encryption secrets and authentication secrets. When we add
nbdkit-backed network storage sources, we will not need to send
authentication secrets to qemu, since they will be sent to nbdkit
instead. So split this into two different functions.
Signed-off-by: Jonathon Jongsma <jjongsma(a)redhat.com>
---
src/qemu/qemu_domain.c | 83 ++++++++++++++++++++++++++----------------
1 file changed, 52 insertions(+), 31 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 5b3b2d3e9c..1fd1db2f11 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1267,24 +1267,19 @@ qemuDomainSecretStorageSourcePrepareCookies(qemuDomainObjPrivate
*priv,
/**
- * qemuDomainSecretStorageSourcePrepare:
+ * qemuDomainSecretStorageSourcePrepareEncryption:
* @priv: domain private object
* @src: storage source struct to setup
- * @authalias: prefix of the alias for secret holding authentication data
- * @encalias: prefix of the alias for secret holding encryption password
+ * @alias: prefix of the alias for secret holding encryption password
*
- * Prepares data necessary for encryption and authentication of @src. The two
- * alias prefixes are provided since in the backing chain authentication belongs
- * to the storage protocol data whereas encryption is relevant to the format
- * driver in qemu. The two will have different node names.
+ * Prepares data necessary for encryption of @src.
*
* Returns 0 on success; -1 on error while reporting an libvirt error.
*/
static int
-qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivate *priv,
- virStorageSource *src,
- const char *aliasprotocol,
- const char *aliasformat)
+qemuDomainSecretStorageSourcePrepareEncryption(qemuDomainObjPrivate *priv,
+ virStorageSource *src,
+ const char *alias)
{
qemuDomainStorageSourcePrivate *srcPriv;
bool hasEnc = src->encryption && src->encryption->nsecrets > 0;
@@ -1292,13 +1287,43 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivate *priv,
if (virStorageSourceIsEmpty(src))
return 0;
- if (!src->auth && !hasEnc && src->ncookies == 0)
+ if (!hasEnc)
return 0;
- if (!(src->privateData = qemuDomainStorageSourcePrivateNew()))
+ srcPriv = qemuDomainStorageSourcePrivateFetch(src);
+
+ if (!(srcPriv->encinfo = qemuDomainSecretInfoSetupFromSecret(priv, alias,
+ "encryption",
+
VIR_SECRET_USAGE_TYPE_VOLUME,
+ NULL,
+
&src->encryption->secrets[0]->seclookupdef)))
return -1;
- srcPriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(src);
+ return 0;
+}
+
+
+/**
+ * qemuDomainSecretStorageSourcePrepareAuth:
+ * @priv: domain private object
+ * @src: storage source struct to setup
+ * @alias: prefix of the alias for secret holding authentication data
+ *
+ * Prepares data necessary for authentication of @src.
+ *
+ * Returns 0 on success; -1 on error while reporting an libvirt error.
+ */
+static int
+qemuDomainSecretStorageSourcePrepareAuth(qemuDomainObjPrivate *priv,
+ virStorageSource *src,
+ const char *alias)
+{
+ qemuDomainStorageSourcePrivate *srcPriv;
+
+ if (virStorageSourceIsEmpty(src))
+ return 0;
+
+ srcPriv = qemuDomainStorageSourcePrivateFetch(src);
if (src->auth) {
virSecretUsageType usageType = VIR_SECRET_USAGE_TYPE_ISCSI;
@@ -1306,7 +1331,7 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivate *priv,
if (src->protocol == VIR_STORAGE_NET_PROTOCOL_RBD)
usageType = VIR_SECRET_USAGE_TYPE_CEPH;
- if (!(srcPriv->secinfo = qemuDomainSecretInfoSetupFromSecret(priv,
aliasprotocol,
+ if (!(srcPriv->secinfo = qemuDomainSecretInfoSetupFromSecret(priv, alias,
"auth",
usageType,
src->auth->username,
@@ -1314,19 +1339,10 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivate *priv,
return -1;
}
- if (hasEnc) {
- if (!(srcPriv->encinfo = qemuDomainSecretInfoSetupFromSecret(priv,
aliasformat,
-
"encryption",
-
VIR_SECRET_USAGE_TYPE_VOLUME,
- NULL,
-
&src->encryption->secrets[0]->seclookupdef)))
- return -1;
- }
-
if (src->ncookies &&
!(srcPriv->httpcookie = qemuDomainSecretStorageSourcePrepareCookies(priv,
src,
-
aliasprotocol)))
+ alias)))
return -1;
return 0;
@@ -10761,9 +10777,12 @@ qemuDomainPrepareDiskSourceLegacy(virDomainDiskDef *disk,
qemuDomainPrepareStorageSourceConfig(disk->src, cfg);
qemuDomainPrepareDiskSourceData(disk, disk->src);
- if (qemuDomainSecretStorageSourcePrepare(priv, disk->src,
- disk->info.alias,
- disk->info.alias) < 0)
+ if (qemuDomainSecretStorageSourcePrepareEncryption(priv, disk->src,
+ disk->info.alias) < 0)
+ return -1;
+
+ if (qemuDomainSecretStorageSourcePrepareAuth(priv, disk->src,
+ disk->info.alias) < 0)
return -1;
if (qemuDomainPrepareStorageSourcePR(disk->src, priv, disk->info.alias) <
0)
@@ -10799,9 +10818,11 @@ qemuDomainPrepareStorageSourceBlockdevNodename(virDomainDiskDef
*disk,
qemuDomainPrepareStorageSourceConfig(src, cfg);
qemuDomainPrepareDiskSourceData(disk, src);
- if (qemuDomainSecretStorageSourcePrepare(priv, src,
- src->nodestorage,
- src->nodeformat) < 0)
+ if (qemuDomainSecretStorageSourcePrepareEncryption(priv, src,
+ src->nodeformat) < 0)
+ return -1;
+ if (qemuDomainSecretStorageSourcePrepareAuth(priv, src,
+ src->nodestorage) < 0)
return -1;
if (qemuDomainPrepareStorageSourcePR(src, priv, src->nodestorage) < 0)
--
2.37.1