On Mon, Jun 13, 2016 at 20:27:54 -0400, John Ferlan wrote:
Add parse and format of the luks/key secret including tests for volume XML parsing.
Signed-off-by: John Ferlan <jferlan@redhat.com> --- docs/formatsecret.html.in | 7 +++- docs/formatstorageencryption.html.in | 24 +++++++++++- docs/schemas/storagecommon.rng | 3 ++ src/qemu/qemu_process.c | 6 +++ src/storage/storage_backend.c | 3 +- src/storage/storage_backend_fs.c | 7 +++- src/storage/storage_backend_gluster.c | 2 + src/util/virstorageencryption.c | 4 +- src/util/virstorageencryption.h | 2 + tests/qemuxml2argvdata/qemuxml2argv-luks-disks.xml | 41 ++++++++++++++++++++ .../qemuxml2xmlout-luks-disks.xml | 45 ++++++++++++++++++++++ tests/qemuxml2xmltest.c | 1 + tests/storagevolxml2xmlin/vol-luks.xml | 21 ++++++++++ tests/storagevolxml2xmlout/vol-luks.xml | 21 ++++++++++ tests/storagevolxml2xmltest.c | 1 + 15 files changed, 181 insertions(+), 7 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks.xml create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml create mode 100644 tests/storagevolxml2xmlin/vol-luks.xml create mode 100644 tests/storagevolxml2xmlout/vol-luks.xml
[]
diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencryption.html.in index 048cc8e..ae2e815 100644 --- a/docs/formatstorageencryption.html.in +++ b/docs/formatstorageencryption.html.in @@ -59,8 +59,20 @@ the <code>secret</code> element is not present during volume creation, a secret is automatically generated and attached to the volume. </p> + <h3><a name="StorageEncryptionLuks">"luks" format</a></h3> + <p> + The <code>luks</code> format is specific to a luks encrypted volume + and the secret used in order to either encrypt or decrypt the volume. + A single <code><secret type='key'></code> element is expected.
I've explained in some other patch why 'key' is not a desired name.
+ The secret may be referenced via either a <code>uuid</code> or + <code>usage</code> attribute. One of the two must be present. When + present for volume creation, the secret will be used in order for + volume encryption. When present for domain usage, the secret will + be used as the key to decrypt the volume. + <span class="since">Since 1.3.6</span>. + </p>
- <h2><a name="example">Example</a></h2> + <h2><a name="example">Examples</a></h2>
<p> Here is a simple example, specifying use of the <code>qcow</code> format:
I'll like to see a updated version.