6:35 a.m.
QEMU supports the 'password-secret' parameter to pass a QCryptoSecret
since 2.9. Remove the alternate plaintext logic.
Unfortunately this had a ripple effect of removing qemuCaps from a lot
of functions.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
src/qemu/qemu_command.c | 23 ++-
src/qemu/qemu_domain.c | 131 ++----------------
.../qemuxml2argvdata/disk-network-iscsi.args | 12 +-
.../disk-network-source-auth.args | 3 +-
.../disk-source-pool-mode.args | 4 +-
.../luks-disks-source-qcow2.args | 5 +-
tests/qemuxml2argvdata/luks-disks-source.args | 5 +-
tests/qemuxml2argvdata/name-escape.args | 2 +-
tests/qemuxml2argvtest.c | 3 +-
9 files changed, 43 insertions(+), 145 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 7a441b4a04..39659fe4f6 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -1194,8 +1194,7 @@ qemuDiskBusIsSD(int bus)
* the legacy representation.
*/
static bool
-qemuDiskSourceNeedsProps(virStorageSource *src,
- virQEMUCaps *qemuCaps)
+qemuDiskSourceNeedsProps(virStorageSource *src)
{
int actualType = virStorageSourceGetActualType(src);
@@ -1209,8 +1208,7 @@ qemuDiskSourceNeedsProps(virStorageSource *src,
return true;
if (actualType == VIR_STORAGE_TYPE_NETWORK &&
- src->protocol == VIR_STORAGE_NET_PROTOCOL_ISCSI &&
- virQEMUCapsGet(qemuCaps, QEMU_CAPS_ISCSI_PASSWORD_SECRET))
+ src->protocol == VIR_STORAGE_NET_PROTOCOL_ISCSI)
return true;
if (actualType == VIR_STORAGE_TYPE_NETWORK &&
@@ -1272,7 +1270,6 @@ qemuBuildDriveSourcePR(virBuffer *buf,
static int
qemuBuildDriveSourceStr(virDomainDiskDef *disk,
- virQEMUCaps *qemuCaps,
virBuffer *buf)
{
int actualType = virStorageSourceGetActualType(disk->src);
@@ -1288,7 +1285,7 @@ qemuBuildDriveSourceStr(virDomainDiskDef *disk,
encinfo = srcpriv->encinfo;
}
- if (qemuDiskSourceNeedsProps(disk->src, qemuCaps) &&
+ if (qemuDiskSourceNeedsProps(disk->src) &&
!(srcprops = qemuDiskSourceGetProps(disk->src)))
return -1;
@@ -1469,7 +1466,7 @@ qemuBuildDriveStr(virDomainDiskDef *disk,
int detect_zeroes = virDomainDiskGetDetectZeroesMode(disk->discard,
disk->detect_zeroes);
- if (qemuBuildDriveSourceStr(disk, qemuCaps, &opt) < 0)
+ if (qemuBuildDriveSourceStr(disk, &opt) < 0)
return NULL;
if (!qemuDiskBusIsSD(disk->bus)) {
@@ -4556,8 +4553,7 @@ qemuBuildHubCommandLine(virCommand *cmd,
static char *
-qemuBuildSCSIiSCSIHostdevDrvStr(virDomainHostdevDef *dev,
- virQEMUCaps *qemuCaps)
+qemuBuildSCSIiSCSIHostdevDrvStr(virDomainHostdevDef *dev)
{
g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
g_autofree char *netsource = NULL;
@@ -4567,7 +4563,7 @@ qemuBuildSCSIiSCSIHostdevDrvStr(virDomainHostdevDef *dev,
qemuDomainStorageSourcePrivate *srcPriv =
QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(iscsisrc->src);
- if (qemuDiskSourceNeedsProps(iscsisrc->src, qemuCaps)) {
+ if (qemuDiskSourceNeedsProps(iscsisrc->src)) {
if (!(srcprops = qemuDiskSourceGetProps(iscsisrc->src)))
return NULL;
if (!(netsource = virQEMUBuildDriveCommandlineFromJSON(srcprops)))
@@ -4612,8 +4608,7 @@ qemuBuildSCSIVHostHostdevDevStr(const virDomainDef *def,
}
static char *
-qemuBuildSCSIHostdevDrvStr(virDomainHostdevDef *dev,
- virQEMUCaps *qemuCaps)
+qemuBuildSCSIHostdevDrvStr(virDomainHostdevDef *dev)
{
g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
g_autofree char *source = NULL;
@@ -4621,7 +4616,7 @@ qemuBuildSCSIHostdevDrvStr(virDomainHostdevDef *dev,
virDomainHostdevSubsysSCSI *scsisrc = &dev->source.subsys.u.scsi;
if (scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI) {
- if (!(source = qemuBuildSCSIiSCSIHostdevDrvStr(dev, qemuCaps)))
+ if (!(source = qemuBuildSCSIiSCSIHostdevDrvStr(dev)))
return NULL;
virBufferAdd(&buf, source, -1);
} else {
@@ -5170,7 +5165,7 @@ qemuBuildHostdevSCSIAttachPrepare(virDomainHostdevDef *hostdev,
} else {
if (scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI)
src = scsisrc->u.iscsi.src;
- ret->driveCmd = qemuBuildSCSIHostdevDrvStr(hostdev, qemuCaps);
+ ret->driveCmd = qemuBuildSCSIHostdevDrvStr(hostdev);
ret->driveAlias = qemuAliasFromHostdev(hostdev);
*backendAlias = ret->driveAlias;
}
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 903e86f8dc..73e69d1558 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1093,43 +1093,6 @@ qemuDomainVideoPrivateDispose(void *obj)
}
-/* qemuDomainSecretPlainSetup:
- * @secinfo: Pointer to secret info
- * @usageType: The virSecretUsageType
- * @username: username to use for authentication (may be NULL)
- * @seclookupdef: Pointer to seclookupdef data
- *
- * Taking a secinfo, fill in the plaintext information
- *
- * Returns 0 on success, -1 on failure with error message
- */
-static int
-qemuDomainSecretPlainSetup(qemuDomainSecretInfo *secinfo,
- virSecretUsageType usageType,
- const char *username,
- virSecretLookupTypeDef *seclookupdef)
-{
- VIR_IDENTITY_AUTORESTORE virIdentity *oldident = virIdentityElevateCurrent();
- g_autoptr(virConnect) conn = virGetConnectSecret();
- int ret = -1;
-
- if (!oldident)
- return -1;
-
- if (!conn)
- return -1;
-
- secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN;
- secinfo->s.plain.username = g_strdup(username);
-
- ret = virSecretGetSecretString(conn, seclookupdef, usageType,
- &secinfo->s.plain.secret,
- &secinfo->s.plain.secretlen);
-
- return ret;
-}
-
-
/* qemuDomainSecretAESSetup:
* @priv: pointer to domain private object
* @alias: alias of the secret
@@ -1229,35 +1192,6 @@ qemuDomainSecretAESSetupFromSecret(qemuDomainObjPrivate *priv,
}
-/* qemuDomainSecretInfoNewPlain:
- * @usageType: Secret usage type
- * @username: username
- * @lookupDef: lookup def describing secret
- *
- * Helper function to create a secinfo to be used for secinfo consumers. This
- * sets up a 'plain' (unencrypted) secret for legacy consumers.
- *
- * Returns @secinfo on success, NULL on failure. Caller is responsible
- * to eventually free @secinfo.
- */
-static qemuDomainSecretInfo *
-qemuDomainSecretInfoNewPlain(virSecretUsageType usageType,
- const char *username,
- virSecretLookupTypeDef *lookupDef)
-{
- qemuDomainSecretInfo *secinfo = NULL;
-
- secinfo = g_new0(qemuDomainSecretInfo, 1);
-
- if (qemuDomainSecretPlainSetup(secinfo, usageType, username, lookupDef) < 0) {
- g_clear_pointer(&secinfo, qemuDomainSecretInfoFree);
- return NULL;
- }
-
- return secinfo;
-}
-
-
/**
* qemuDomainSecretInfoTLSNew:
* @priv: pointer to domain private object
@@ -1366,7 +1300,6 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivate *priv,
const char *aliasformat)
{
qemuDomainStorageSourcePrivate *srcPriv;
- bool iscsiHasPS = virQEMUCapsGet(priv->qemuCaps,
QEMU_CAPS_ISCSI_PASSWORD_SECRET);
bool hasAuth = qemuDomainStorageSourceHasAuth(src);
bool hasEnc = qemuDomainDiskHasEncryptionSecret(src);
@@ -1384,19 +1317,11 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivate *priv,
if (src->protocol == VIR_STORAGE_NET_PROTOCOL_RBD)
usageType = VIR_SECRET_USAGE_TYPE_CEPH;
- if (src->protocol == VIR_STORAGE_NET_PROTOCOL_ISCSI && !iscsiHasPS) {
- srcPriv->secinfo = qemuDomainSecretInfoNewPlain(usageType,
- src->auth->username,
-
&src->auth->seclookupdef);
- } else {
- srcPriv->secinfo = qemuDomainSecretAESSetupFromSecret(priv,
aliasprotocol,
- "auth",
- usageType,
-
src->auth->username,
-
&src->auth->seclookupdef);
- }
-
- if (!srcPriv->secinfo)
+ if (!(srcPriv->secinfo = qemuDomainSecretAESSetupFromSecret(priv,
aliasprotocol,
+ "auth",
+ usageType,
+
src->auth->username,
+
&src->auth->seclookupdef)))
return -1;
}
@@ -4777,15 +4702,6 @@ qemuDomainValidateStorageSource(virStorageSource *src,
return -1;
}
- /* Use QEMU_CAPS_ISCSI_PASSWORD_SECRET as witness that iscsi
'initiator-name'
- * option is available, it was introduced at the same time. */
- if (src->initiator.iqn &&
- !virQEMUCapsGet(qemuCaps, QEMU_CAPS_ISCSI_PASSWORD_SECRET)) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("iSCSI initiator IQN not supported with this QEMU
binary"));
- return -1;
- }
-
if (src->sliceStorage) {
/* In pre-blockdev era we can't configure the slice so we can allow them
* only for detected backing store entries as they are populated
@@ -5322,7 +5238,6 @@ qemuDomainChrDefPostParse(virDomainChrDef *chr,
*/
static int
qemuDomainDeviceDiskDefPostParseRestoreSecAlias(virDomainDiskDef *disk,
- virQEMUCaps *qemuCaps,
unsigned int parseFlags)
{
qemuDomainStorageSourcePrivate *priv =
QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(disk->src);
@@ -5344,8 +5259,7 @@ qemuDomainDeviceDiskDefPostParseRestoreSecAlias(virDomainDiskDef
*disk,
* status XML */
if (virStorageSourceGetActualType(disk->src) == VIR_STORAGE_TYPE_NETWORK
&&
(disk->src->protocol == VIR_STORAGE_NET_PROTOCOL_RBD ||
- (disk->src->protocol == VIR_STORAGE_NET_PROTOCOL_ISCSI &&
- virQEMUCapsGet(qemuCaps, QEMU_CAPS_ISCSI_PASSWORD_SECRET))))
+ disk->src->protocol == VIR_STORAGE_NET_PROTOCOL_ISCSI))
restoreAuthSecret = true;
}
@@ -5385,7 +5299,6 @@ qemuDomainDeviceDiskDefPostParseRestoreSecAlias(virDomainDiskDef
*disk,
static int
qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
- virQEMUCaps *qemuCaps,
unsigned int parseFlags)
{
/* set default disk types and drivers */
@@ -5402,8 +5315,7 @@ qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
disk->mirror->format == VIR_STORAGE_FILE_NONE)
disk->mirror->format = VIR_STORAGE_FILE_RAW;
- if (qemuDomainDeviceDiskDefPostParseRestoreSecAlias(disk, qemuCaps,
- parseFlags) < 0)
+ if (qemuDomainDeviceDiskDefPostParseRestoreSecAlias(disk, parseFlags) < 0)
return -1;
/* regenerate TLS alias for old status XMLs */
@@ -5507,7 +5419,6 @@ qemuDomainVsockDefPostParse(virDomainVsockDef *vsock)
*/
static int
qemuDomainDeviceHostdevDefPostParseRestoreSecAlias(virDomainHostdevDef *hostdev,
- virQEMUCaps *qemuCaps,
unsigned int parseFlags)
{
qemuDomainStorageSourcePrivate *priv;
@@ -5521,7 +5432,6 @@
qemuDomainDeviceHostdevDefPostParseRestoreSecAlias(virDomainHostdevDef *hostdev,
if (hostdev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS ||
hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI ||
scsisrc->protocol != VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI ||
- !virQEMUCapsGet(qemuCaps, QEMU_CAPS_ISCSI_PASSWORD_SECRET) ||
!qemuDomainStorageSourceHasAuth(iscsisrc->src))
return 0;
@@ -5611,8 +5521,7 @@ qemuDomainHostdevDefPostParse(virDomainHostdevDef *hostdev,
{
virDomainHostdevSubsys *subsys = &hostdev->source.subsys;
- if (qemuDomainDeviceHostdevDefPostParseRestoreSecAlias(hostdev, qemuCaps,
- parseFlags) < 0)
+ if (qemuDomainDeviceHostdevDefPostParseRestoreSecAlias(hostdev, parseFlags) < 0)
return -1;
if (qemuDomainDeviceHostdevDefPostParseRestoreBackendAlias(hostdev, qemuCaps,
@@ -5732,8 +5641,7 @@ qemuDomainDeviceDefPostParse(virDomainDeviceDef *dev,
break;
case VIR_DOMAIN_DEVICE_DISK:
- ret = qemuDomainDeviceDiskDefPostParse(dev->data.disk, qemuCaps,
- parseFlags);
+ ret = qemuDomainDeviceDiskDefPostParse(dev->data.disk, parseFlags);
break;
case VIR_DOMAIN_DEVICE_VIDEO:
@@ -10863,24 +10771,15 @@ qemuDomainPrepareHostdev(virDomainHostdevDef *hostdev,
}
if (src->auth) {
- bool iscsiHasPS = virQEMUCapsGet(priv->qemuCaps,
QEMU_CAPS_ISCSI_PASSWORD_SECRET);
virSecretUsageType usageType = VIR_SECRET_USAGE_TYPE_ISCSI;
qemuDomainStorageSourcePrivate *srcPriv =
qemuDomainStorageSourcePrivateFetch(src);
- if (!iscsiHasPS) {
- srcPriv->secinfo = qemuDomainSecretInfoNewPlain(usageType,
-
src->auth->username,
-
&src->auth->seclookupdef);
- } else {
- srcPriv->secinfo = qemuDomainSecretAESSetupFromSecret(priv,
- backendalias,
- NULL,
- usageType,
-
src->auth->username,
-
&src->auth->seclookupdef);
- }
-
- if (!srcPriv->secinfo)
+ if (!(srcPriv->secinfo = qemuDomainSecretAESSetupFromSecret(priv,
+
backendalias,
+ NULL,
+ usageType,
+
src->auth->username,
+
&src->auth->seclookupdef)))
return -1;
}
}
diff --git a/tests/qemuxml2argvdata/disk-network-iscsi.args
b/tests/qemuxml2argvdata/disk-network-iscsi.args
index 4e6d920c88..e63f2f073f 100644
--- a/tests/qemuxml2argvdata/disk-network-iscsi.args
+++ b/tests/qemuxml2argvdata/disk-network-iscsi.args
@@ -27,14 +27,16 @@ QEMU_AUDIO_DRV=none \
-boot strict=on \
-device virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x2 \
-usb \
--drive
file=iscsi://example.org:6000/iqn.1992-01.com.example/0,format=raw,if=none,id=drive-virtio-disk0
\
+-drive
file.driver=iscsi,file.portal=example.org:6000,file.target=iqn.1992-01.com.example,file.lun=0,file.transport=tcp,format=raw,if=none,id=drive-virtio-disk0
\
-device
virtio-blk-pci,bus=pci.0,addr=0x3,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 \
--drive
file=iscsi://example.org:6000/iqn.1992-01.com.example/1,format=raw,if=none,id=drive-virtio-disk1
\
+-drive
file.driver=iscsi,file.portal=example.org:6000,file.target=iqn.1992-01.com.example,file.lun=1,file.transport=tcp,format=raw,if=none,id=drive-virtio-disk1
\
-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk1,id=virtio-disk1 \
--drive
file=iscsi://myname:AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A@example.org:6000/iqn.1992-01.com.example%3Astorage/1,format=raw,if=none,id=drive-virtio-disk2
\
+-object
secret,id=virtio-disk2-auth-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64
\
+-drive
file.driver=iscsi,file.portal=example.org:6000,file.target=iqn.1992-01.com.example:storage,file.lun=1,file.transport=tcp,file.user=myname,file.password-secret=virtio-disk2-auth-secret0,format=raw,if=none,id=drive-virtio-disk2
\
-device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk2,id=virtio-disk2 \
--drive
file=iscsi://myname:AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A@example.org:6000/iqn.1992-01.com.example%3Astorage/2,format=raw,if=none,id=drive-virtio-disk3
\
+-object
secret,id=virtio-disk3-auth-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64
\
+-drive
file.driver=iscsi,file.portal=example.org:6000,file.target=iqn.1992-01.com.example:storage,file.lun=2,file.transport=tcp,file.user=myname,file.password-secret=virtio-disk3-auth-secret0,format=raw,if=none,id=drive-virtio-disk3
\
-device virtio-blk-pci,bus=pci.0,addr=0x6,drive=drive-virtio-disk3,id=virtio-disk3 \
--drive
file=iscsi://example.org:3260/iqn.1992-01.com.example/0,format=raw,if=none,id=drive-scsi0-0-0-0
\
+-drive
file.driver=iscsi,file.portal=example.org:3260,file.target=iqn.1992-01.com.example,file.lun=0,file.transport=tcp,format=raw,if=none,id=drive-scsi0-0-0-0
\
-device
scsi-block,bus=scsi0.0,channel=0,scsi-id=0,lun=0,drive=drive-scsi0-0-0-0,id=scsi0-0-0-0 \
-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/disk-network-source-auth.args
b/tests/qemuxml2argvdata/disk-network-source-auth.args
index 9c58a9c8c0..0a040ac4ea 100644
--- a/tests/qemuxml2argvdata/disk-network-source-auth.args
+++ b/tests/qemuxml2argvdata/disk-network-source-auth.args
@@ -26,7 +26,8 @@ QEMU_AUDIO_DRV=none \
-no-acpi \
-boot strict=on \
-usb \
--drive
file=iscsi://myname:AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A@example.org:6000/iqn.1992-01.com.example%3Astorage/1,format=raw,if=none,id=drive-virtio-disk0
\
+-object
secret,id=virtio-disk0-auth-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64
\
+-drive
file.driver=iscsi,file.portal=example.org:6000,file.target=iqn.1992-01.com.example:storage,file.lun=1,file.transport=tcp,file.user=myname,file.password-secret=virtio-disk0-auth-secret0,format=raw,if=none,id=drive-virtio-disk0
\
-device
virtio-blk-pci,bus=pci.0,addr=0x2,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 \
-object
secret,id=virtio-disk1-auth-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64
\
-drive
'file=rbd:pool/image:id=myname:auth_supported=cephx\;none:mon_host=mon1.example.org\:6321\;mon2.example.org\:6322\;mon3.example.org\:6322,file.password-secret=virtio-disk1-auth-secret0,format=raw,if=none,id=drive-virtio-disk1'
\
diff --git a/tests/qemuxml2argvdata/disk-source-pool-mode.args
b/tests/qemuxml2argvdata/disk-source-pool-mode.args
index d78637613e..f4f4a72a2a 100644
--- a/tests/qemuxml2argvdata/disk-source-pool-mode.args
+++ b/tests/qemuxml2argvdata/disk-source-pool-mode.args
@@ -28,11 +28,11 @@ QEMU_AUDIO_DRV=none \
-usb \
-drive
file=/some/block/device/unit:0:0:1,format=raw,if=none,id=drive-ide0-0-1,readonly=on \
-device ide-cd,bus=ide.0,unit=1,drive=drive-ide0-0-1,id=ide0-0-1 \
--drive
file=iscsi://iscsi.example.com:3260/demo-target/2,format=raw,if=none,id=drive-ide0-0-2,readonly=on
\
+-drive
file.driver=iscsi,file.portal=iscsi.example.com:3260,file.target=demo-target,file.lun=2,file.transport=tcp,format=raw,if=none,id=drive-ide0-0-2,readonly=on
\
-device ide-cd,bus=ide.0,unit=2,drive=drive-ide0-0-2,id=ide0-0-2 \
-drive file=/tmp/idedisk.img,format=raw,if=none,id=drive-ide0-0-3 \
-device ide-hd,bus=ide.0,unit=3,drive=drive-ide0-0-3,id=ide0-0-3,bootindex=1 \
--drive
file=iscsi://iscsi.example.com:3260/demo-target/3,format=raw,if=none,id=drive-ide0-0-4,readonly=on
\
+-drive
file.driver=iscsi,file.portal=iscsi.example.com:3260,file.target=demo-target,file.lun=3,file.transport=tcp,format=raw,if=none,id=drive-ide0-0-4,readonly=on
\
-device ide-cd,bus=ide.0,unit=4,drive=drive-ide0-0-4,id=ide0-0-4 \
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x2 \
-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/luks-disks-source-qcow2.args
b/tests/qemuxml2argvdata/luks-disks-source-qcow2.args
index 881fa5c1ca..a0aa131ca5 100644
--- a/tests/qemuxml2argvdata/luks-disks-source-qcow2.args
+++ b/tests/qemuxml2argvdata/luks-disks-source-qcow2.args
@@ -32,11 +32,12 @@ QEMU_AUDIO_DRV=none \
-object
secret,id=virtio-disk1-encryption-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64
\
-drive
file=/storage/guest_disks/encryptdisk2,encrypt.format=luks,encrypt.key-secret=virtio-disk1-encryption-secret0,format=qcow2,if=none,id=drive-virtio-disk1
\
-device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk1,id=virtio-disk1 \
+-object
secret,id=virtio-disk2-auth-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64
\
-object
secret,id=virtio-disk2-encryption-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64
\
--drive
file=iscsi://myname:AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A@example.org:6000/iqn.1992-01.com.example%3Astorage/1,encrypt.format=luks,encrypt.key-secret=virtio-disk2-encryption-secret0,format=qcow2,if=none,id=drive-virtio-disk2
\
+-drive
file.driver=iscsi,file.portal=example.org:6000,file.target=iqn.1992-01.com.example:storage,file.lun=1,file.transport=tcp,file.user=myname,file.password-secret=virtio-disk2-auth-secret0,encrypt.format=luks,encrypt.key-secret=virtio-disk2-encryption-secret0,format=qcow2,if=none,id=drive-virtio-disk2
\
-device virtio-blk-pci,bus=pci.0,addr=0x2,drive=drive-virtio-disk2,id=virtio-disk2 \
-object
secret,id=virtio-disk3-encryption-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64
\
--drive
file=iscsi://iscsi.example.com:3260/demo-target/3,encrypt.format=luks,encrypt.key-secret=virtio-disk3-encryption-secret0,format=qcow2,if=none,id=drive-virtio-disk3
\
+-drive
file.driver=iscsi,file.portal=iscsi.example.com:3260,file.target=demo-target,file.lun=3,file.transport=tcp,encrypt.format=luks,encrypt.key-secret=virtio-disk3-encryption-secret0,format=qcow2,if=none,id=drive-virtio-disk3
\
-device virtio-blk-pci,bus=pci.0,addr=0x6,drive=drive-virtio-disk3,id=virtio-disk3 \
-object
secret,id=virtio-disk4-encryption-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64
\
-drive
'file=rbd:pool/image:auth_supported=none:mon_host=mon1.example.org\:6321\;mon2.example.org\:6322\;mon3.example.org\:6322,encrypt.format=luks,encrypt.key-secret=virtio-disk4-encryption-secret0,format=qcow2,if=none,id=drive-virtio-disk4'
\
diff --git a/tests/qemuxml2argvdata/luks-disks-source.args
b/tests/qemuxml2argvdata/luks-disks-source.args
index 5854f3b153..4d056da220 100644
--- a/tests/qemuxml2argvdata/luks-disks-source.args
+++ b/tests/qemuxml2argvdata/luks-disks-source.args
@@ -32,11 +32,12 @@ QEMU_AUDIO_DRV=none \
-object
secret,id=virtio-disk1-encryption-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64
\
-drive
file=/storage/guest_disks/encryptdisk2,key-secret=virtio-disk1-encryption-secret0,format=luks,if=none,id=drive-virtio-disk1
\
-device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk1,id=virtio-disk1 \
+-object
secret,id=virtio-disk2-auth-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64
\
-object
secret,id=virtio-disk2-encryption-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64
\
--drive
file=iscsi://myname:AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A@example.org:6000/iqn.1992-01.com.example%3Astorage/1,key-secret=virtio-disk2-encryption-secret0,format=luks,if=none,id=drive-virtio-disk2
\
+-drive
file.driver=iscsi,file.portal=example.org:6000,file.target=iqn.1992-01.com.example:storage,file.lun=1,file.transport=tcp,file.user=myname,file.password-secret=virtio-disk2-auth-secret0,key-secret=virtio-disk2-encryption-secret0,format=luks,if=none,id=drive-virtio-disk2
\
-device virtio-blk-pci,bus=pci.0,addr=0x2,drive=drive-virtio-disk2,id=virtio-disk2 \
-object
secret,id=virtio-disk3-encryption-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64
\
--drive
file=iscsi://iscsi.example.com:3260/demo-target/3,key-secret=virtio-disk3-encryption-secret0,format=luks,if=none,id=drive-virtio-disk3
\
+-drive
file.driver=iscsi,file.portal=iscsi.example.com:3260,file.target=demo-target,file.lun=3,file.transport=tcp,key-secret=virtio-disk3-encryption-secret0,format=luks,if=none,id=drive-virtio-disk3
\
-device virtio-blk-pci,bus=pci.0,addr=0x6,drive=drive-virtio-disk3,id=virtio-disk3 \
-object
secret,id=virtio-disk4-encryption-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64
\
-drive
'file=rbd:pool/image:auth_supported=none:mon_host=mon1.example.org\:6321\;mon2.example.org\:6322\;mon3.example.org\:6322,key-secret=virtio-disk4-encryption-secret0,format=luks,if=none,id=drive-virtio-disk4'
\
diff --git a/tests/qemuxml2argvdata/name-escape.args
b/tests/qemuxml2argvdata/name-escape.args
index 028b6efbbd..449244a082 100644
--- a/tests/qemuxml2argvdata/name-escape.args
+++ b/tests/qemuxml2argvdata/name-escape.args
@@ -39,7 +39,7 @@ QEMU_AUDIO_DRV=spice \
-vnc unix:/tmp/lib/domain--1-foo=1,,bar=2/vnc.sock \
-spice
unix,addr=/tmp/lib/domain--1-foo=1,,bar=2/spice.sock,gl=on,rendernode=/dev/dri/foo,,bar,seamless-migration=on
\
-device cirrus-vga,id=video0,bus=pci.0,addr=0x2 \
--drive
file=iscsi://example.foo.org:3260/iqn.1992-01.com.example%3Amy,,storage/1,if=none,format=raw,id=drive-hostdev0
\
+-drive
file.driver=iscsi,file.portal=example.foo.org:3260,file.target=iqn.1992-01.com.example:my,,storage,file.lun=1,file.transport=tcp,if=none,format=raw,id=drive-hostdev0
\
-device
scsi-generic,bus=scsi0.0,channel=0,scsi-id=0,lun=4,drive=drive-hostdev0,id=hostdev0 \
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x4 \
-msg timestamp=on
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 8c068b4a4f..f0cfca014c 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1353,8 +1353,7 @@ mymain(void)
DO_TEST("disk-network-iscsi", QEMU_CAPS_VIRTIO_SCSI,
QEMU_CAPS_SCSI_BLOCK);
DO_TEST("disk-network-iscsi-modern",
QEMU_CAPS_VIRTIO_SCSI,
- QEMU_CAPS_SCSI_BLOCK,
- QEMU_CAPS_ISCSI_PASSWORD_SECRET);
+ QEMU_CAPS_SCSI_BLOCK);
DO_TEST_CAPS_VER("disk-network-iscsi", "2.12.0");
DO_TEST_CAPS_LATEST("disk-network-iscsi");
DO_TEST_PARSE_ERROR_NOCAPS("disk-network-iscsi-auth-secrettype-invalid");
--
2.31.1