2:38 p.m.
Since the virStorageAuthDefPtr auth; is a member of _virStorageSource
it really should be allowed to be a subelement of the disk <source>
for the RBD and iSCSI prototcols. That way we can set up to allow
the <auth> element to be formatted within the disk source.
Since we've allowed the <auth> to be a child of <disk>, we'll need
to keep track of how it was read so that when writing out we'll know
whether to format as child of <disk> or <source>. For the argv2xml
parsing, let's format under <source> as a preference. Do not allow
<auth> to be both a child of <disk> and <source>.
Modify the qemuxml2argvtest to add a parse failure when there is an
<auth> as a child of <disk> *and* an <auth> as a child of
<source>.
Add tests to validate that if the <auth> was found in <source>, then
the resulting xml2xml and xml2arg works just fine. The two new .args
file are exact copies of the non "-source" version of the file.
The virschematest will read the new test files and validate from a
RNG viewpoint things are fine
Update the virstoragefile, virstoragetest, and args2xml file to show
the "preference" to place <auth> as a child of <source>.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
docs/formatdomain.html.in | 67 +++++++++++++---------
docs/schemas/domaincommon.rng | 18 +++++-
src/conf/domain_conf.c | 67 +++++++++++++++++++++-
src/util/virstoragefile.c | 1 +
src/util/virstoragefile.h | 1 +
.../qemuargv2xml-disk-drive-network-rbd-auth.xml | 6 +-
...ml2argv-disk-drive-network-source-auth-both.xml | 51 ++++++++++++++++
...emuxml2argv-disk-drive-network-source-auth.args | 32 +++++++++++
...qemuxml2argv-disk-drive-network-source-auth.xml | 45 +++++++++++++++
tests/qemuxml2argvtest.c | 2 +
...muxml2xmlout-disk-drive-network-source-auth.xml | 49 ++++++++++++++++
tests/qemuxml2xmltest.c | 1 +
tests/virstoragetest.c | 6 ++
13 files changed, 311 insertions(+), 35 deletions(-)
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-source-auth-both.xml
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-source-auth.args
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-source-auth.xml
create mode 100644
tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-network-source-auth.xml
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 1602ed3e9..e773b2939 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -2293,11 +2293,11 @@
<host name="hostname" port="7000"/>
<snapshot name="snapname"/>
<config file="/path/to/file"/>
+ <auth username='myuser'>
+ <secret type='ceph' usage='mypassid'/>
+ </auth>
</source>
<target dev="hdc" bus="ide"/>
- <auth username='myuser'>
- <secret type='ceph' usage='mypassid'/>
- </auth>
</disk>
<disk type='block' device='cdrom'>
<driver name='qemu' type='raw'/>
@@ -2366,20 +2366,20 @@
<driver name='qemu' type='raw'/>
<source protocol='iscsi'
name='iqn.2013-07.com.example:iscsi-nopool/2'>
<host name='example.com' port='3260'/>
+ <auth username='myuser'>
+ <secret type='iscsi' usage='libvirtiscsi'/>
+ </auth>
</source>
- <auth username='myuser'>
- <secret type='iscsi' usage='libvirtiscsi'/>
- </auth>
<target dev='vda' bus='virtio'/>
</disk>
<disk type='network' device='lun'>
<driver name='qemu' type='raw'/>
<source protocol='iscsi'
name='iqn.2013-07.com.example:iscsi-nopool/1'>
<host name='example.com' port='3260'/>
+ <auth username='myuser'>
+ <secret type='iscsi' usage='libvirtiscsi'/>
+ </auth>
</source>
- <auth username='myuser'>
- <secret type='iscsi' usage='libvirtiscsi'/>
- </auth>
<target dev='sdb' bus='scsi'/>
</disk>
<disk type='volume' device='disk'>
@@ -2659,6 +2659,28 @@
protocol. Supported for 'rbd' <span
class="since">since 1.2.11
(QEMU only).</span>
</dd>
+ <dt><code>auth</code></dt>
+ <dd><span class="since">Since libvirt 3.8.0</span>,
the
+ <code>auth</code> element is supported for a disk
+ <code>type</code> "network" that is using a
<code>source</code>
+ element with the <code>protocol</code> attributes "rbd"
or "iscsi".
+ If present, the <code>auth</code> element provides the
+ authentication credentials needed to access the source. It
+ includes a mandatory attribute <code>username</code>, which
+ identifies the username to use during authentication, as well
+ as a sub-element <code>secret</code> with mandatory
+ attribute <code>type</code>, to tie back to
+ a <a href="formatsecret.html">libvirt secret object</a>
that
+ holds the actual password or other credentials (the domain XML
+ intentionally does not expose the password, only the reference
+ to the object that does manage the password).
+ Known secret types are "ceph" for Ceph RBD network sources and
+ "iscsi" for CHAP authentication of iSCSI targets.
+ Both will require either a <code>uuid</code> attribute
+ with the UUID of the secret object or a <code>usage</code>
+ attribute matching the key that was specified in the
+ secret object.
+ </dd>
</dl>
<p>
@@ -3128,25 +3150,14 @@
are available, each defaulting to 0.
</dd>
<dt><code>auth</code></dt>
- <dd>The <code>auth</code> element is supported for a disk
- <code>type</code> "network" that is using a
<code>source</code>
- element with the <code>protocol</code> attributes "rbd" or
"iscsi".
- If present, the <code>auth</code> element provides the
- authentication credentials needed to access the source. It
- includes a mandatory attribute <code>username</code>, which
- identifies the username to use during authentication, as well
- as a sub-element <code>secret</code> with mandatory
- attribute <code>type</code>, to tie back to
- a <a href="formatsecret.html">libvirt secret object</a>
that
- holds the actual password or other credentials (the domain XML
- intentionally does not expose the password, only the reference
- to the object that does manage the password).
- Known secret types are "ceph" for Ceph RBD network sources and
- "iscsi" for CHAP authentication of iSCSI targets.
- Both will require either a <code>uuid</code> attribute
- with the UUID of the secret object or a <code>usage</code>
- attribute matching the key that was specified in the
- secret object. <span class="since">libvirt 0.9.7</span>
+ <dd>Starting with <span class="since">libvirt
3.8.0</span> the
+ <code>auth</code> element is preferred to be a sub-element of
+ the <code>source</code> element. The element is still read and
+ managed as a <code>disk</code> sub-element. It is invalid to use
+ <code>auth</code> as both a sub-element of
<code>disk</code>
+ and <code>source</code>. The <code>auth</code> element
was
+ introduced as a <code>disk</code> sub-element in
+ <span class="since">libvirt 0.9.7.</span>
</dd>
<dt><code>geometry</code></dt>
<dd>The optional <code>geometry</code> element provides the
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 36e2966f2..0f8c0ab8f 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -1578,11 +1578,27 @@
<empty/>
</element>
</optional>
+ <optional>
+ <ref name="diskAuth"/>
+ </optional>
<empty/>
</interleave>
</element>
</define>
+ <define name="diskSourceNetworkProtocolISCSI">
+ <element name="source">
+ <attribute name="protocol">
+ <value>iscsi</value>
+ </attribute>
+ <attribute name="name"/>
+ <ref name="diskSourceNetworkHost"/>
+ <optional>
+ <ref name="diskAuth"/>
+ </optional>
+ </element>
+ </define>
+
<define name="diskSourceNetworkProtocolHTTP">
<element name="source">
<attribute name="protocol">
@@ -1601,7 +1617,6 @@
<attribute name="protocol">
<choice>
<value>sheepdog</value>
- <value>iscsi</value>
<value>ftp</value>
<value>ftps</value>
<value>tftp</value>
@@ -1656,6 +1671,7 @@
<ref name="diskSourceNetworkProtocolNBD"/>
<ref name="diskSourceNetworkProtocolGluster"/>
<ref name="diskSourceNetworkProtocolRBD"/>
+ <ref name="diskSourceNetworkProtocolISCSI"/>
<ref name="diskSourceNetworkProtocolHTTP"/>
<ref name="diskSourceNetworkProtocolSimple"/>
<ref name="diskSourceNetworkProtocolVxHS"/>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 44cfb52b4..fa20840c0 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -8106,6 +8106,29 @@ virDomainDiskSourcePoolDefParse(xmlNodePtr node,
}
+static int
+virDomainDiskSourceAuthParse(xmlNodePtr node,
+ virStorageAuthDefPtr *authdefsrc)
+{
+ xmlNodePtr child;
+ virStorageAuthDefPtr authdef;
+
+ for (child = node->children; child; child = child->next) {
+ if (child->type == XML_ELEMENT_NODE &&
+ virXMLNodeNameEqual(child, "auth")) {
+
+ if (!(authdef = virStorageAuthDefParse(node->doc, child)))
+ return -1;
+
+ *authdefsrc = authdef;
+ return 0;
+ }
+ }
+
+ return 0;
+}
+
+
int
virDomainDiskSourceParse(xmlNodePtr node,
xmlXPathContextPtr ctxt,
@@ -8192,6 +8215,9 @@ virDomainDiskSourceParse(xmlNodePtr node,
goto cleanup;
}
+ if (virDomainDiskSourceAuthParse(node, &src->auth) < 0)
+ goto cleanup;
+
/* People sometimes pass a bogus '' source path when they mean to omit the
* source element completely (e.g. CDROM without media). This is just a
* little compatibility check to help those broken apps */
@@ -8818,6 +8844,19 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt,
if (virDomainDiskSourceParse(cur, ctxt, def->src) < 0)
goto error;
+ /* If we've already found an <auth> as a child of <disk> and
+ * we find one as a child of <source>, then force an error to
+ * avoid ambiguity */
+ if (authdef && def->src->auth) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("an <auth> definition already found for
"
+ "the <disk> definition"));
+ goto error;
+ }
+
+ if (def->src->auth)
+ def->src->authDefined = true;
+
source = true;
startupPolicy = virXMLPropString(cur, "startupPolicy");
@@ -8875,6 +8914,15 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt,
goto error;
} else if (!authdef &&
virXMLNodeNameEqual(cur, "auth")) {
+ /* If we've already parsed <source> and found an <auth>
child,
+ * then generate an error to avoid ambiguity */
+ if (def->src->authDefined) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("an <auth> definition already found for
"
+ "disk source"));
+ goto error;
+ }
+
if (!(authdef = virStorageAuthDefParse(node->doc, cur)))
goto error;
} else if (virXMLNodeNameEqual(cur, "iotune")) {
@@ -9110,8 +9158,8 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt,
def->dst = target;
target = NULL;
- def->src->auth = authdef;
- authdef = NULL;
+ if (authdef)
+ VIR_STEAL_PTR(def->src->auth, authdef);
def->src->encryption = encryption;
encryption = NULL;
def->domain_name = domain_name;
@@ -21800,6 +21848,17 @@ virDomainDiskSourceFormatInternal(virBufferPtr buf,
goto error;
}
+ /* Storage Source formatting will not carry through the blunder
+ * that disk source formatting had at one time to format the
+ * <auth> for a volume source type. The <auth> information is
+ * kept in the storage pool and would be overwritten anyway.
+ * So avoid formatting it for volumes. */
+ if (src->auth && src->authDefined &&
+ src->type != VIR_STORAGE_TYPE_VOLUME) {
+ if (virStorageAuthDefFormat(&childBuf, src->auth) < 0)
+ goto error;
+ }
+
if (virXMLFormatElement(buf, "source", &attrBuf, &childBuf)
< 0)
goto error;
}
@@ -21985,7 +22044,9 @@ virDomainDiskDefFormat(virBufferPtr buf,
virBufferAddLit(buf, "/>\n");
}
- if (def->src->auth) {
+ /* Format as child of <disk> if defined there; otherwise,
+ * if defined as child of <source>, then format later */
+ if (def->src->auth && !def->src->authDefined) {
if (virStorageAuthDefFormat(buf, def->src->auth) < 0)
return -1;
}
diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
index 484a5c806..488798252 100644
--- a/src/util/virstoragefile.c
+++ b/src/util/virstoragefile.c
@@ -2551,6 +2551,7 @@ virStorageSourceParseRBDColonString(const char *rbdstr,
virSecretUsageTypeToString(VIR_SECRET_USAGE_TYPE_CEPH)) <
0)
goto error;
src->auth = authdef;
+ src->authDefined = true;
authdef = NULL;
/* Cannot formulate a secretType (eg, usage or uuid) given
diff --git a/src/util/virstoragefile.h b/src/util/virstoragefile.h
index f7e897f25..b3a786b42 100644
--- a/src/util/virstoragefile.h
+++ b/src/util/virstoragefile.h
@@ -238,6 +238,7 @@ struct _virStorageSource {
virStorageNetHostDefPtr hosts;
virStorageSourcePoolDefPtr srcpool;
virStorageAuthDefPtr auth;
+ bool authDefined;
virStorageEncryptionPtr encryption;
char *driverName;
diff --git a/tests/qemuargv2xmldata/qemuargv2xml-disk-drive-network-rbd-auth.xml
b/tests/qemuargv2xmldata/qemuargv2xml-disk-drive-network-rbd-auth.xml
index 3f30296c0..e1326b925 100644
--- a/tests/qemuargv2xmldata/qemuargv2xml-disk-drive-network-rbd-auth.xml
+++ b/tests/qemuargv2xmldata/qemuargv2xml-disk-drive-network-rbd-auth.xml
@@ -22,13 +22,13 @@
</disk>
<disk type='network' device='disk'>
<driver name='qemu' type='raw'/>
- <auth username='myname'>
- <secret type='ceph' usage='qemuargv2xml_usage'/>
- </auth>
<source protocol='rbd' name='pool/image'>
<host name='mon1.example.org' port='6321'/>
<host name='mon2.example.org' port='6322'/>
<host name='mon3.example.org' port='6322'/>
+ <auth username='myname'>
+ <secret type='ceph' usage='qemuargv2xml_usage'/>
+ </auth>
</source>
<target dev='vda' bus='virtio'/>
<address type='pci' domain='0x0000' bus='0x00'
slot='0x03' function='0x0'/>
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-source-auth-both.xml
b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-source-auth-both.xml
new file mode 100644
index 000000000..fed75ad70
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-source-auth-both.xml
@@ -0,0 +1,51 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-i686</emulator>
+ <disk type='network' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <auth username='myname'>
+ <secret type='iscsi' usage='mycluster_myname'/>
+ </auth>
+ <source protocol='iscsi'
name='iqn.1992-01.com.example:storage/1'>
+ <host name='example.org' port='6000'/>
+ <auth username='myname'>
+ <secret type='iscsi' usage='mycluster_myname'/>
+ </auth>
+ </source>
+ <target dev='vda' bus='virtio'/>
+ </disk>
+ <disk type='network' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <auth username='myname'>
+ <secret type='ceph' usage='mycluster_myname'/>
+ </auth>
+ <source protocol='rbd' name='pool/image'>
+ <host name='mon1.example.org' port='6321'/>
+ <host name='mon2.example.org' port='6322'/>
+ <host name='mon3.example.org' port='6322'/>
+ <auth username='myname'>
+ <secret type='ceph' usage='mycluster_myname'/>
+ </auth>
+ </source>
+ <target dev='vdb' bus='virtio'/>
+ </disk>
+ <controller type='usb' index='0'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-source-auth.args
b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-source-auth.args
new file mode 100644
index 000000000..23b1490ee
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-source-auth.args
@@ -0,0 +1,32 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/home/test \
+USER=test \
+LOGNAME=test \
+QEMU_AUDIO_DRV=none \
+/usr/bin/qemu-system-i686 \
+-name QEMUGuest1 \
+-S \
+-M pc \
+-m 214 \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-nographic \
+-nodefaults \
+-chardev socket,id=charmonitor,path=/tmp/lib/domain--1-QEMUGuest1/monitor.sock,\
+server,nowait \
+-mon chardev=charmonitor,id=monitor,mode=readline \
+-no-acpi \
+-boot c \
+-usb \
+-drive file=iscsi://myname:AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A@example.org:\
+6000/iqn.1992-01.com.example%3Astorage/1,format=raw,if=none,\
+id=drive-virtio-disk0 \
+-device virtio-blk-pci,bus=pci.0,addr=0x3,drive=drive-virtio-disk0,\
+id=virtio-disk0 \
+-drive 'file=rbd:pool/image:id=myname:\
+key=QVFDVm41aE82SHpGQWhBQXEwTkN2OGp0SmNJY0UrSE9CbE1RMUE=:\
+auth_supported=cephx\;none:mon_host=mon1.example.org\:6321\;mon2.example.org\:\
+6322\;mon3.example.org\:6322,format=raw,if=none,id=drive-virtio-disk1' \
+-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk1,\
+id=virtio-disk1
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-source-auth.xml
b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-source-auth.xml
new file mode 100644
index 000000000..bd84cc42f
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-source-auth.xml
@@ -0,0 +1,45 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-i686</emulator>
+ <disk type='network' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source protocol='iscsi'
name='iqn.1992-01.com.example:storage/1'>
+ <host name='example.org' port='6000'/>
+ <auth username='myname'>
+ <secret type='iscsi' usage='mycluster_myname'/>
+ </auth>
+ </source>
+ <target dev='vda' bus='virtio'/>
+ </disk>
+ <disk type='network' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source protocol='rbd' name='pool/image'>
+ <host name='mon1.example.org' port='6321'/>
+ <host name='mon2.example.org' port='6322'/>
+ <host name='mon3.example.org' port='6322'/>
+ <auth username='myname'>
+ <secret type='ceph' usage='mycluster_myname'/>
+ </auth>
+ </source>
+ <target dev='vdb' bus='virtio'/>
+ </disk>
+ <controller type='usb' index='0'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 70be0c32d..a240a21a6 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -927,6 +927,7 @@ mymain(void)
DO_TEST("disk-drive-network-iscsi-auth", NONE);
DO_TEST_PARSE_ERROR("disk-drive-network-iscsi-auth-secrettype-invalid",
NONE);
DO_TEST_PARSE_ERROR("disk-drive-network-iscsi-auth-wrong-secrettype",
NONE);
+ DO_TEST_PARSE_ERROR("disk-drive-network-source-auth-both", NONE);
DO_TEST("disk-drive-network-iscsi-lun",
QEMU_CAPS_NODEFCONFIG, QEMU_CAPS_VIRTIO_SCSI,
QEMU_CAPS_SCSI_BLOCK);
@@ -935,6 +936,7 @@ mymain(void)
DO_TEST("disk-drive-network-rbd", NONE);
DO_TEST("disk-drive-network-sheepdog", NONE);
DO_TEST("disk-drive-network-rbd-auth", NONE);
+ DO_TEST("disk-drive-network-source-auth", NONE);
# ifdef HAVE_GNUTLS_CIPHER_ENCRYPT
DO_TEST("disk-drive-network-rbd-auth-AES",
QEMU_CAPS_OBJECT_SECRET, QEMU_CAPS_VIRTIO_SCSI);
diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-network-source-auth.xml
b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-network-source-auth.xml
new file mode 100644
index 000000000..9dc063dea
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-network-source-auth.xml
@@ -0,0 +1,49 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-i686</emulator>
+ <disk type='network' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source protocol='iscsi'
name='iqn.1992-01.com.example:storage/1'>
+ <host name='example.org' port='6000'/>
+ <auth username='myname'>
+ <secret type='iscsi' usage='mycluster_myname'/>
+ </auth>
+ </source>
+ <target dev='vda' bus='virtio'/>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x03' function='0x0'/>
+ </disk>
+ <disk type='network' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source protocol='rbd' name='pool/image'>
+ <host name='mon1.example.org' port='6321'/>
+ <host name='mon2.example.org' port='6322'/>
+ <host name='mon3.example.org' port='6322'/>
+ <auth username='myname'>
+ <secret type='ceph' usage='mycluster_myname'/>
+ </auth>
+ </source>
+ <target dev='vdb' bus='virtio'/>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x04' function='0x0'/>
+ </disk>
+ <controller type='usb' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x01' function='0x2'/>
+ </controller>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index 4b2fbd990..f733953e5 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -473,6 +473,7 @@ mymain(void)
DO_TEST("disk-drive-network-rbd-auth", NONE);
DO_TEST("disk-drive-network-rbd-ipv6", NONE);
DO_TEST("disk-drive-network-rbd-ceph-env", NONE);
+ DO_TEST("disk-drive-network-source-auth", NONE);
DO_TEST("disk-drive-network-sheepdog", NONE);
DO_TEST("disk-drive-network-vxhs", NONE);
DO_TEST("disk-scsi-device",
diff --git a/tests/virstoragetest.c b/tests/virstoragetest.c
index ffebd4dc1..fe1521d9c 100644
--- a/tests/virstoragetest.c
+++ b/tests/virstoragetest.c
@@ -1361,6 +1361,9 @@ mymain(void)
TEST_BACKING_PARSE("rbd:testshare:id=asdf:mon_host=example.com",
"<source protocol='rbd'
name='testshare'>\n"
" <host name='example.com'/>\n"
+ " <auth username='asdf'>\n"
+ " <secret type='ceph'/>\n"
+ " </auth>\n"
"</source>\n");
TEST_BACKING_PARSE("nbd:example.org:6000:exportname=blah",
"<source protocol='nbd'
name='blah'>\n"
@@ -1526,6 +1529,9 @@ mymain(void)
"}",
"<source protocol='rbd'
name='testshare'>\n"
" <host name='example.com'/>\n"
+ " <auth username='asdf'>\n"
+ " <secret type='ceph'/>\n"
+ " </auth>\n"
"</source>\n");
TEST_BACKING_PARSE("json:{\"file\":{\"driver\":\"rbd\","
"\"image\":\"test\","
--
2.13.5