Re: [libvirt] [PATCH v3 03/10] util: Add 'usage' for encryption

On 06/25/2016 01:27 AM, Ján Tomko wrote: In 3 out of the 4 cases, I agree; however, for qcow storage encryption, sadly it's the path to the volume, see virStorageGenerateQcowEncryption: def->usage_type = VIR_SECRET_USAGE_TYPE_VOLUME; if (VIR_STRDUP(def->usage.volume, vol->target.path) < 0) goto cleanup; This then would be carried over into virSecretObjListFindByUsageLocked where it searches through the secret objects comparing the 'value': <secret... <usage ...> <{volume, name, target, name}>value</{}> with the usage 'value' here: <auth...> or <encryption...> <secret type='{passphrase|ceph|iscsi|passphrase}' usage='value'/> (FYI: the on list TLS/TCP will have <serial type='tcp'> for <secret>) So for qcow disk encryption one has: <disk...> ... <source file='$path'> <driver name='qemu' type='{qcow|qcow2}'/> ... <encryption> <secret type='passphrase' {uuid,usage}='$string'/> </encryption> ... </disk> TBH: I suppose we "could" change that to be "any" string, but since this type of secret is not useful, it's probably not worth the effort. I added the usage field for two reasons #1 a comment in some changes a while back that we should try to use virSecretGetSecretString for all callers instead of conn->secretDriver->secretGetValue and #2 since I was going to reuse the <encryption> for <driver name='qemu' type='luks'/> processing and I wanted to be able to allow someone to provide "whatever" string they wanted there. I will adjust the commit message to provide details as to why for this one type of usage model it's the volume name. John