Re: [libvirt] [PATCH v2 12/12] qemu: Utilize qemu secret objects for SCSI/RBD auth/secret
On Sat, Apr 16, 2016 at 10:17:45AM -0400, John Ferlan wrote:
+/* qemuDomainSecretInfoGetAlias:
+ * @secinfo: pointer to the secret info object
+ * @qemuCaps: pointer to the emulator capabilities
+ *
+ * If the emulator supports it, secinfo is available and associated with
+ * an IV secret, then return the alias created during the disk or hostdev
+ * prepare step.
+ *
+ * Returns pointer to the object alias string or NULL if not found/supported
+ */
+const char *
+qemuDomainSecretInfoGetAlias(qemuDomainSecretInfoPtr secinfo,
+ virQEMUCapsPtr qemuCaps)
+{
+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_SECRET)) {
+ VIR_INFO("secret object is not supported by this QEMU binary");
+ return NULL;
+ }
This check is not necessary - if QEMU does not support OBJECT_SECRET,
we did not generate SECRET_INFO_IV in the first place.
@@ -941,9 +1103,23 @@ qemuDomainSecretDiskPrepare(virConnectPtr
conn,
if (VIR_ALLOC(secinfo) < 0)
return -1;
- if (qemuDomainSecretPlainSetup(conn, secinfo, src->protocol,
- src->auth) < 0)
- goto error;
+ /* If we have the encryption API present and can support a
+ * secret object, then build the IV secret - this is the magic
+ * decision point for utilizing the IV secrets for a disk
+ * whether it's an iSCSI or an RBD disk.
+ */
+ if (qemuDomainSecretHaveEncrypt() &&
+ virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET)) {
This code is shared with HostdevPrepare and could be separated to
another function.
Jan