On Tue, Aug 04, 2009 at 10:28:26PM +0200, Miloslav Trma?? wrote:
Define an <encryption> tag specifying volume encryption format and format-depenedent parameters (e.g. passphrase, cipher name, key length, key).
Currently the only defined parameter is a reference to a "secret" (passphrase/key) managed using the virSecret* API.
Only the qcow/qcow2 encryption format, and a "default" format used to let libvirt choose the format during volume creation, is currently supported.
This patch does not add any users; the <encryption> tag is added in the following patches to both volumes (to support encrypted volume creation) and domains.
Changes since the first submission; - Use <secret type='passphrase' secret_id='...'> instead of <passphrase> with in-line passphrase. - Use a generic "sequence of secrets" representation. - Output the <secret> elements unconditionally (they don't reveal the secrets any more). - Add format "default", to be used during volume creation only. - Use "%s", _("...") for all error messages without parameters. - Add a schema for <encryption>. - Document <encryption>.
diff --git a/docs/schemas/storageencryption.rng b/docs/schemas/storageencryption.rng new file mode 100644 index 0000000..69a2841 --- /dev/null +++ b/docs/schemas/storageencryption.rng @@ -0,0 +1,37 @@ +<!-- A Relax NG schema for the libvirt volume encryption XML format --> +<grammar xmlns="http://relaxng.org/ns/structure/1.0" + datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes"> + + <define name='encryption'> + <optional> + <element name='encryption'> + <attribute name='format'> + <choice> + <value>unencrypted</value> + <value>default</value> + <value>qcow</value> + </choice> + </attribute>
I don't think we should include 'unencrypted' here. If a volume is not encrypted, we should simply omit the <encryption> element entirely in the domain / storage volume XML doc.
+ <zeroOrMore> + <ref name='secret'/> + </zeroOrMore> + </element> + </optional> + </define> + + <define name='secret'> + <element name='secret'> + <attribute name='type'> + <choice> + <value>passphrase</value> + </choice> + </attribute> + <optional> + <attribute name='secret_id'> + <text/> + </attribute>
Lets just call this attribute 'uuid' - no need to have the word 'secret' prefixed on it too.
+ </optional> + </element> + </define> + +</grammar>
+static int +virStorageEncryptionSecretFormat(virConnectPtr conn, + virBufferPtr buf, + virStorageEncryptionSecretPtr secret) +{ + const char *type; + + type = virStorageEncryptionSecretTypeTypeToString(secret->type); + if (!type) { + virStorageReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s", + _("unexpected volume encryption secret type")); + return -1; + } + + virBufferVSprintf(buf, " <secret type='%s'", type); + if (secret->secret_id != NULL) + virBufferEscapeString(buf, " secret_id='%s'", secret->secret_id); + virBufferAddLit(buf, "/>\n"); + return 0; +}
Tiny indentation bug crept in there.
+ +int +virStorageEncryptionFormat(virConnectPtr conn, + virBufferPtr buf, + virStorageEncryptionPtr enc) +{ + const char *format; + size_t i; + + format = virStorageEncryptionFormatTypeToString(enc->format); + if (!format) { + virStorageReportError(conn, VIR_ERR_INTERNAL_ERROR, + "%s", _("unexpected encryption format")); + return -1; + } + virBufferVSprintf(buf, " <encryption format='%s'>\n", format); + + for (i = 0; i < enc->nsecrets; i++) { + if (virStorageEncryptionSecretFormat(conn, buf, enc->secrets[i]) < 0) + return -1; + }
And there too.
+ + virBufferAddLit(buf, " </encryption>\n"); + + return 0; +}
I think this is generally ok, aside from those minor stylist changes. Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|