[PATCH v2 2/7] qemu: add support for multiple secret aliases

Monday, 13 March 2023

Change secret aliases from %s-%s-secret0 to %s-%s-secret%lu,
which will later be used for storage encryption requiring more
than a single secret.

Signed-off-by: Or Ozeri <oro(a)il.ibm.com&gt;
---
 src/qemu/qemu_alias.c            |  8 +++++---
 src/qemu/qemu_alias.h            |  3 ++-
 src/qemu/qemu_domain.c           | 14 ++++++++------
 src/qemu/qemu_hotplug.c          |  2 +-
 src/qemu/qemu_migration_params.c |  2 +-
 5 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c
index a9809797d5..2e0a50b68b 100644
--- a/src/qemu/qemu_alias.c
+++ b/src/qemu/qemu_alias.c
@@ -801,17 +801,19 @@ qemuDomainGetMasterKeyAlias(void)
 /* qemuAliasForSecret:
  * @parentalias: alias of the parent object
  * @obj: optional sub-object of the parent device the secret is for
+ * @secret_idx: secret index number (0 in the case of a single secret)
  *
  * Generate alias for a secret object used by @parentalias device or one of
  * the dependencies of the device described by @obj.
  */
 char *
 qemuAliasForSecret(const char *parentalias,
-                   const char *obj)
+                   const char *obj,
+                   size_t secret_idx)
 {
     if (obj)
-        return g_strdup_printf("%s-%s-secret0", parentalias, obj);
-    return g_strdup_printf("%s-secret0", parentalias);
+        return g_strdup_printf("%s-%s-secret%lu", parentalias, obj,
secret_idx);
+    return g_strdup_printf("%s-secret%lu", parentalias, secret_idx);
 }
 
 /* qemuAliasTLSObjFromSrcAlias
diff --git a/src/qemu/qemu_alias.h b/src/qemu/qemu_alias.h
index f13f4cc5f8..eae08020dc 100644
--- a/src/qemu/qemu_alias.h
+++ b/src/qemu/qemu_alias.h
@@ -86,7 +86,8 @@ char *qemuAliasFromHostdev(const virDomainHostdevDef *hostdev);
 char *qemuDomainGetMasterKeyAlias(void);
 
 char *qemuAliasForSecret(const char *parentalias,
-                         const char *obj);
+                         const char *obj,
+                         size_t secret_idx);
 
 char *qemuAliasTLSObjFromSrcAlias(const char *srcAlias)
     ATTRIBUTE_NONNULL(1);
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 0feab09bee..f62fb453a9 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1317,6 +1317,7 @@ qemuDomainSecretInfoSetup(qemuDomainObjPrivate *priv,
  * @priv: pointer to domain private object
  * @srcalias: Alias of the disk/hostdev used to generate the secret alias
  * @secretuse: specific usage for the secret (may be NULL if main object is using it)
+ * @secret_idx: secret index number (0 in the case of a single secret)
  * @usageType: The virSecretUsageType
  * @username: username to use for authentication (may be NULL)
  * @seclookupdef: Pointer to seclookupdef data
@@ -1329,12 +1330,13 @@ static qemuDomainSecretInfo *
 qemuDomainSecretInfoSetupFromSecret(qemuDomainObjPrivate *priv,
                                     const char *srcalias,
                                     const char *secretuse,
+                                    size_t secret_idx,
                                     virSecretUsageType usageType,
                                     const char *username,
                                     virSecretLookupTypeDef *seclookupdef)
 {
     qemuDomainSecretInfo *secinfo;
-    g_autofree char *alias = qemuAliasForSecret(srcalias, secretuse);
+    g_autofree char *alias = qemuAliasForSecret(srcalias, secretuse, secret_idx);
     g_autofree uint8_t *secret = NULL;
     size_t secretlen = 0;
     VIR_IDENTITY_AUTORESTORE virIdentity *oldident = virIdentityElevateCurrent();
@@ -1384,7 +1386,7 @@ qemuDomainSecretInfoTLSNew(qemuDomainObjPrivate *priv,
     }
     seclookupdef.type = VIR_SECRET_LOOKUP_TYPE_UUID;
 
-    return qemuDomainSecretInfoSetupFromSecret(priv, srcAlias, NULL,
+    return qemuDomainSecretInfoSetupFromSecret(priv, srcAlias, NULL, 0,
                                                VIR_SECRET_USAGE_TYPE_TLS,
                                                NULL, &seclookupdef);
 }
@@ -1411,7 +1413,7 @@ qemuDomainSecretStorageSourcePrepareCookies(qemuDomainObjPrivate
*priv,
                                             virStorageSource *src,
                                             const char *aliasprotocol)
 {
-    g_autofree char *secretalias = qemuAliasForSecret(aliasprotocol,
"httpcookie");
+    g_autofree char *secretalias = qemuAliasForSecret(aliasprotocol,
"httpcookie", 0);
     g_autofree char *cookies = qemuBlockStorageSourceGetCookieString(src);
 
     return qemuDomainSecretInfoSetup(priv, secretalias, NULL,
@@ -1460,7 +1462,7 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivate *priv,
             usageType = VIR_SECRET_USAGE_TYPE_CEPH;
 
         if (!(srcPriv->secinfo = qemuDomainSecretInfoSetupFromSecret(priv,
aliasprotocol,
-                                                                     "auth",
+                                                                     "auth",
0,
                                                                      usageType,
                                                                     
src->auth->username,
                                                                     
&src->auth->seclookupdef)))
@@ -1469,7 +1471,7 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivate *priv,
 
     if (hasEnc) {
         if (!(srcPriv->encinfo = qemuDomainSecretInfoSetupFromSecret(priv,
aliasformat,
-                                                                    
"encryption",
+                                                                    
"encryption", 0,
                                                                     
VIR_SECRET_USAGE_TYPE_VOLUME,
                                                                      NULL,
                                                                     
&src->encryption->secrets[0]->seclookupdef)))
@@ -11185,7 +11187,7 @@ qemuDomainPrepareHostdev(virDomainHostdevDef *hostdev,
 
                 if (!(srcPriv->secinfo = qemuDomainSecretInfoSetupFromSecret(priv,
                                                                             
backendalias,
-                                                                             NULL,
+                                                                             NULL, 0,
                                                                              usageType,
                                                                             
src->auth->username,
                                                                             
&src->auth->seclookupdef)))
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index da17525824..f15b4ea31f 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1753,7 +1753,7 @@ qemuDomainDelChardevTLSObjects(virQEMUDriver *driver,
      * secret UUID and we have a serial TCP chardev, then formulate a
      * secAlias which we'll attempt to destroy. */
     if (cfg->chardevTLSx509secretUUID &&
-        !(secAlias = qemuAliasForSecret(inAlias, NULL)))
+        !(secAlias = qemuAliasForSecret(inAlias, NULL, 0)))
         return -1;
 
     qemuDomainObjEnterMonitor(vm);
diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_params.c
index bd09dcfb23..0d747580f4 100644
--- a/src/qemu/qemu_migration_params.c
+++ b/src/qemu/qemu_migration_params.c
@@ -1129,7 +1129,7 @@ qemuMigrationParamsResetTLS(virDomainObj *vm,
         return;
 
     tlsAlias = qemuAliasTLSObjFromSrcAlias(QEMU_MIGRATION_TLS_ALIAS_BASE);
-    secAlias = qemuAliasForSecret(QEMU_MIGRATION_TLS_ALIAS_BASE, NULL);
+    secAlias = qemuAliasForSecret(QEMU_MIGRATION_TLS_ALIAS_BASE, NULL, 0);
 
     qemuDomainDelTLSObjects(vm, asyncJob, secAlias, tlsAlias);
     g_clear_pointer(&QEMU_DOMAIN_PRIVATE(vm)->migSecinfo,
qemuDomainSecretInfoFree);
-- 
2.25.1


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[PATCH v2 2/7] qemu: add support for multiple secret aliases