Re: [libvirt] [PATCH 15/19] encryption: Add luks parsing for storageencryption

Add parse and format of the luks/key secret including tests for volume XML parsing. Signed-off-by: John Ferlan <jferlan(a)redhat.com&gt; --- docs/formatsecret.html.in | 7 +++- docs/formatstorageencryption.html.in | 24 +++++++++++- docs/schemas/storagecommon.rng | 3 ++ src/qemu/qemu_process.c | 6 +++ src/storage/storage_backend.c | 3 +- src/storage/storage_backend_fs.c | 7 +++- src/storage/storage_backend_gluster.c | 2 + src/util/virstorageencryption.c | 4 +- src/util/virstorageencryption.h | 2 + tests/qemuxml2argvdata/qemuxml2argv-luks-disks.xml | 41 ++++++++++++++++++++ .../qemuxml2xmlout-luks-disks.xml | 45 ++++++++++++++++++++++ tests/qemuxml2xmltest.c | 1 + tests/storagevolxml2xmlin/vol-luks.xml | 21 ++++++++++ tests/storagevolxml2xmlout/vol-luks.xml | 21 ++++++++++ tests/storagevolxml2xmltest.c | 1 + 15 files changed, 181 insertions(+), 7 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks.xml create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml create mode 100644 tests/storagevolxml2xmlin/vol-luks.xml create mode 100644 tests/storagevolxml2xmlout/vol-luks.xml

diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencryption.html.in index 048cc8e..ae2e815 100644 --- a/docs/formatstorageencryption.html.in +++ b/docs/formatstorageencryption.html.in @@ -59,8 +59,20 @@ the <code>secret</code> element is not present during volume creation, a secret is automatically generated and attached to the volume. </p> + <h3><a name="StorageEncryptionLuks">"luks" format</a></h3> + <p> + The <code>luks</code> format is specific to a luks encrypted volume + and the secret used in order to either encrypt or decrypt the volume. + A single <code>&lt;secret type='key'&gt;</code> element is expected.

+ The secret may be referenced via either a <code>uuid</code> or + <code>usage</code> attribute. One of the two must be present. When + present for volume creation, the secret will be used in order for + volume encryption. When present for domain usage, the secret will + be used as the key to decrypt the volume. + <span class="since">Since 1.3.6</span>. + </p> - <h2><a name="example">Example</a></h2> + <h2><a name="example">Examples</a></h2> <p> Here is a simple example, specifying use of the <code>qcow</code> format: