Re: [libvirt] [PATCH v2 8/8] qemu: Utilize qemu secret objects for SCSI/RBD auth/secret

https://bugzilla.redhat.com/show_bug.cgi?id=1182074 If they're available and we need to pass secrets to qemu, then use the qemu domain secret object in order to pass the secrets for iSCSI and RBD volumes instead of passing plaintext or base64 encoded secrets on the command line. Adjust the qemuDomainSecretHaveEncrypt API in order to check for the HAVE_GNUTLS_CIPHER_ENCRYPT being set as the primary decision point to whether an IV secret can be attempted and fall back to plain secret if the API is not available. The goal is to make IV secrets the default and have no user interaction required in order to allow using the IV mechanism. If the mechanism is not available, then fall back to the current mechanism. New API's: qemuBuildSecretInfoProps: (private) Generate/return a JSON properties object for the IV secret to be used by both the command building and eventually the hotplug code in order to add the secret object. Code was designed so that in the future perhaps hotplug could use it if it made sense. qemuBuildSecretIVCommandLine (private) Generate and add to the command line the -object secret for the IV secret. This will be required for the subsequent iSCSI or RBD reference to the object. qemuBuildiSCSICommandLine: (private) Required for iSCSI since qemu only processes the "user=" and "password-secret=" options for an "-iscsi" entry. At some point in a future release, qemu may support those options on the -drive command line for iscsi devices. The one caveat to this code is rather than provide an 'id=' field for the -iscsi command, use the "initiator-name=" argument since it doesn't have the same restrictions regarding characters. The initiator-name is described as taking an IQN, which is the path argument.