[libvirt] [PATCH 32/35] tests: qemublock: Add test combining authentication and encryption

iscsi and rbd support authentication of the connection. Combine it with encryption of qcow2. The top level disk image would generate the following '-drive' cmdline: -drive file=rbd:rbdpool/rbdimg:id=testuser-rbd:auth_supported=cephx\;none: mon_host=host1.example.com\;host2.example.com, file.password-secret=node-a-s-secalias,encrypt.format=luks, encrypt.key-secret=node-b-f-encalias,format=qcow2, if=none,id=drive-dummy -device virtio-blk-pci,scsi=off,drive=drive-dummy,id=dummy Signed-off-by: Peter Krempa <pkrempa(a)redhat.com&gt; --- tests/qemublocktest.c | 1 + ...etwork-qcow2-backing-chain-encryption_auth.json | 51 ++++++++++++++++++++++ ...network-qcow2-backing-chain-encryption_auth.xml | 40 +++++++++++++++++ 3 files changed, 92 insertions(+) create mode 100644 tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.json create mode 100644 tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.xml diff --git a/tests/qemublocktest.c b/tests/qemublocktest.c index 44d76bebbb..34509be543 100644 --- a/tests/qemublocktest.c +++ b/tests/qemublocktest.c @@ -463,6 +463,7 @@ mymain(void) TEST_DISK_TO_JSON("file-qcow2-backing-chain-noopts"); TEST_DISK_TO_JSON("file-qcow2-backing-chain-unterminated"); TEST_DISK_TO_JSON("file-qcow2-backing-chain-encryption"); + TEST_DISK_TO_JSON("network-qcow2-backing-chain-encryption_auth"); cleanup: virHashFree(diskxmljsondata.schema); diff --git a/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.json b/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.json new file mode 100644 index 0000000000..f307ba8805 --- /dev/null +++ b/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.json @@ -0,0 +1,51 @@ +{ + "node-name": "node-b-f", + "read-only": false, + "driver": "qcow2", + "encrypt": { + "format": "luks", + "key-secret": "node-b-f-encalias" + }, + "file": { + "driver": "rbd", + "pool": "rbdpool", + "image": "rbdimg", + "server": [ + { + "host": "host1.example.com", + "port": "0" + }, + { + "host": "host2.example.com", + "port": "0" + } + ], + "user": "testuser-rbd", + "node-name": "node-a-s", + "read-only": false, + "discard": "unmap" + }, + "backing": "node-b-f" +} +{ + "node-name": "node-b-f", + "read-only": true, + "driver": "qcow2", + "encrypt": { + "format": "aes", + "key-secret": "node-b-f-encalias" + }, + "file": { + "driver": "iscsi", + "portal": "example.org:3260", + "target": "iscsitarget", + "lun": 1, + "transport": "tcp", + "user": "testuser-iscsi", + "password-secret": "node-b-s-secalias", + "node-name": "node-b-s", + "read-only": true, + "discard": "unmap" + }, + "backing": null +} diff --git a/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.xml b/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.xml new file mode 100644 index 0000000000..775886801b --- /dev/null +++ b/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.xml @@ -0,0 +1,40 @@ +<disk type='network' device='disk'> + <driver name='qemu' type='qcow2'/> + <source protocol='rbd' name='rbdpool/rbdimg'> + <host name='host1.example.com'/> + <host name='host2.example.com'/> + <encryption format='luks'> + <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/> + </encryption> + <auth username='testuser-rbd'> + <secret type='ceph' usage='testuser-rbd-secret'/> + </auth> + <privateData> + <nodenames> + <nodename type='storage' name='node-a-s'/> + <nodename type='format' name='node-b-f'/> + </nodenames> + </privateData> + </source> + <backingStore type='network' index='1'> + <format type='qcow2'/> + <source protocol='iscsi' name='iscsitarget/1'> + <host name='example.org'/> + <privateData> + <nodenames> + <nodename type='storage' name='node-b-s'/> + <nodename type='format' name='node-b-f'/> + </nodenames> + </privateData> + <encryption format='qcow'> + <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/> + </encryption> + <auth username='testuser-iscsi'> + <secret type='iscsi' usage='testuser-iscsi-secret'/> + </auth> + </source> + <backingStore/> + </backingStore> + <target dev='vda' bus='virtio'/> + <alias name='virtio-disk0'/> +</disk> -- 2.16.2