[PATCH 00/30] Support more 'curl' and 'ssh' driver options (mostly for unbreaking libguestfs)
With blockdev we need to interpret the fields in order to actually use them in qemu. Unfortunately we didn't do that for some and libguestfs was using them in backing store strings. Model all known curl driver options and pass-through ssh driver options as we don't model the ssh driver. Changes can be fetched from: git fetch https://gitlab.com/pipo.sk/libvirt.git json-props https://gitlab.com/pipo.sk/libvirt/-/commits/json-props Peter Krempa (30): qemuBlockStorageSourceDetachPrepare: Get rid of cleanup section qemu: Don't take double pointer in qemuDomainSecretInfoFree qemuMigrationParamsResetTLS: Adapt to modern memory management qemuMigrationParamsResetTLS: Fix comment qemu: domain: Split out encryption of secret object data qemu: Introduce another helper for creating alias for a 'secret' object qemuDomainSecretStorageSourcePrepare: Fix naming of alias variables qemuDomainDeviceDiskDefPostParseRestoreSecAlias: Hardcode restored aliases qemu: Split out initialization of secrets for 'iscsi' hostdevs qemuDomainSecretAESSetupFromSecret: Use 'qemuAliasForSecret' qemuDomainSecretStorageSourcePrepare: Change aliases for disk secrets qemuDomainGetSecretAESAlias: Replace outstanding uses with qemuAliasForSecret conf: Add support for modifying ssl validation for https/ftps disks conf: Add support for cookies for HTTP based disks conf: Add support for setting timeout and readahead size for network disks qemuDomainValidateStorageSource: Validate new network storage parameters qemuxml2argvtest: Add test case for disks with http(s) source qemu: block: Implement ssl verification configuration qemu: domain: Store data for 'secret' object representing http cookies qemuDomainSecretStorageSourcePrepare: Setup secret for http cookies qemu: Handle hotplug and commandline for secret objects for http cookies qemu: block: Add support for HTTP cookies qemu: block: Implement readahead and timeout properties for 'curl' driver virstoragefile: Add JSON parser for 'sslverify', 'readahead', 'cookies' and 'timeout' virStorageSourceParseBackingJSONUri: Handle undocumented value 'off' for sslverify qemublocktest: Load QMP schema earlier qemublocktest: Extract schema root for blockdev-add validation qemublocktest: XMLjsonXML: Test formatting/parsing of modern JSON qemublocktest: Add JSON->JSON test cases for block device backends qemu: Pass through arguments of 'ssh' block driver used by libguestfs docs/formatdomain.html.in | 35 ++ docs/schemas/domaincommon.rng | 98 ++++- src/conf/domain_conf.c | 119 +++++++ src/libvirt_private.syms | 1 + src/qemu/qemu_alias.c | 32 +- src/qemu/qemu_alias.h | 4 +- src/qemu/qemu_block.c | 50 ++- src/qemu/qemu_block.h | 3 + src/qemu/qemu_command.c | 5 + src/qemu/qemu_domain.c | 337 +++++++++++------- src/qemu/qemu_domain.h | 7 +- src/qemu/qemu_hotplug.c | 4 +- src/qemu/qemu_migration_params.c | 16 +- src/util/virstoragefile.c | 229 +++++++++++- src/util/virstoragefile.h | 24 ++ .../disk-network-http.xml | 19 + tests/qemublocktest.c | 136 ++++++- .../jsontojson/curl-libguestfs-in.json | 1 + .../jsontojson/curl-libguestfs-out.json | 9 + .../ssh-passthrough-libguestfs-in.json | 1 + .../ssh-passthrough-libguestfs-out.json | 14 + tests/qemustatusxml2xmldata/modern-in.xml | 1 + ...-backing-chains-noindex.x86_64-2.12.0.args | 4 +- ...-backing-chains-noindex.x86_64-latest.args | 6 +- ...sk-hostdev-scsi-virtio-iscsi-auth-AES.args | 6 +- .../disk-network-http.x86_64-latest.args | 67 ++++ tests/qemuxml2argvdata/disk-network-http.xml | 61 ++++ .../disk-network-iscsi.x86_64-2.12.0.args | 12 +- .../disk-network-iscsi.x86_64-latest.args | 8 +- .../disk-network-rbd.x86_64-2.12.0.args | 4 +- .../disk-network-rbd.x86_64-latest.args | 4 +- ...isk-network-source-auth.x86_64-2.12.0.args | 10 +- ...isk-network-source-auth.x86_64-latest.args | 8 +- .../disk-nvme.x86_64-latest.args | 4 +- .../encrypted-disk-usage.args | 4 +- tests/qemuxml2argvdata/encrypted-disk.args | 4 +- .../luks-disks-source-qcow2.args | 24 +- ...luks-disks-source-qcow2.x86_64-latest.args | 32 +- tests/qemuxml2argvdata/luks-disks-source.args | 26 +- tests/qemuxml2argvdata/luks-disks.args | 10 +- tests/qemuxml2argvdata/user-aliases.args | 4 +- tests/qemuxml2argvtest.c | 1 + tests/virstoragetest.c | 30 ++ 43 files changed, 1197 insertions(+), 277 deletions(-) create mode 100644 tests/qemublocktestdata/jsontojson/curl-libguestfs-in.json create mode 100644 tests/qemublocktestdata/jsontojson/curl-libguestfs-out.json create mode 100644 tests/qemublocktestdata/jsontojson/ssh-passthrough-libguestfs-in.json create mode 100644 tests/qemublocktestdata/jsontojson/ssh-passthrough-libguestfs-out.json create mode 100644 tests/qemuxml2argvdata/disk-network-http.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/disk-network-http.xml -- 2.24.1
Use g_new0 to completely avoid the 'cleanup' labe. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_block.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index 152c73f1bf..0357815b07 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -1734,10 +1734,8 @@ qemuBlockStorageSourceDetachPrepare(virStorageSourcePtr src, { qemuDomainStorageSourcePrivatePtr srcpriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(src); g_autoptr(qemuBlockStorageSourceAttachData) data = NULL; - qemuBlockStorageSourceAttachDataPtr ret = NULL; - if (VIR_ALLOC(data) < 0) - goto cleanup; + data = g_new0(qemuBlockStorageSourceAttachData, 1); if (driveAlias) { data->driveAlias = g_steal_pointer(&driveAlias); @@ -1771,11 +1769,7 @@ qemuBlockStorageSourceDetachPrepare(virStorageSourcePtr src, data->encryptsecretAlias = g_strdup(srcpriv->encinfo->s.aes.alias); } - ret = g_steal_pointer(&data); - - cleanup: - VIR_FREE(driveAlias); - return ret; + return g_steal_pointer(&data); } -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
Use g_new0 to completely avoid the 'cleanup' labe.
s/labe/label/ This is neither sparta [0] nor Patrick [1].
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_block.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano [0] https://en.wikipedia.org/wiki/Molon_labe [1] https://en.wikipedia.org/wiki/Patrick_Star
Using a doulble pointer prevents the function from being used as the automatic cleanup function for the given type. Remove the double pointer use by replacing the calls with g_clear_pointer which ensures that the pointer is cleared. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_domain.c | 30 +++++++++++++----------------- src/qemu/qemu_domain.h | 2 +- src/qemu/qemu_migration_params.c | 2 +- 3 files changed, 15 insertions(+), 19 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 33c2158eb5..bd32949e9b 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1099,14 +1099,10 @@ qemuDomainSecretInfoClear(qemuDomainSecretInfoPtr secinfo, void -qemuDomainSecretInfoFree(qemuDomainSecretInfoPtr *secinfo) +qemuDomainSecretInfoFree(qemuDomainSecretInfoPtr secinfo) { - if (!*secinfo) - return; - - qemuDomainSecretInfoClear(*secinfo, false); - - VIR_FREE(*secinfo); + qemuDomainSecretInfoClear(secinfo, false); + g_free(secinfo); } @@ -1196,8 +1192,8 @@ qemuDomainStorageSourcePrivateDispose(void *obj) { qemuDomainStorageSourcePrivatePtr priv = obj; - qemuDomainSecretInfoFree(&priv->secinfo); - qemuDomainSecretInfoFree(&priv->encinfo); + g_clear_pointer(&priv->secinfo, qemuDomainSecretInfoFree); + g_clear_pointer(&priv->encinfo, qemuDomainSecretInfoFree); } @@ -1276,7 +1272,7 @@ qemuDomainChrSourcePrivateDispose(void *obj) { qemuDomainChrSourcePrivatePtr priv = obj; - qemuDomainSecretInfoFree(&priv->secinfo); + g_clear_pointer(&priv->secinfo, qemuDomainSecretInfoFree); } @@ -1355,7 +1351,7 @@ qemuDomainGraphicsPrivateDispose(void *obj) qemuDomainGraphicsPrivatePtr priv = obj; VIR_FREE(priv->tlsAlias); - qemuDomainSecretInfoFree(&priv->secinfo); + g_clear_pointer(&priv->secinfo, qemuDomainSecretInfoFree); } @@ -1631,7 +1627,7 @@ qemuDomainSecretInfoNewPlain(virSecretUsageType usageType, return NULL; if (qemuDomainSecretPlainSetup(secinfo, usageType, username, lookupDef) < 0) { - qemuDomainSecretInfoFree(&secinfo); + g_clear_pointer(&secinfo, qemuDomainSecretInfoFree); return NULL; } @@ -1674,7 +1670,7 @@ qemuDomainSecretInfoNew(qemuDomainObjPrivatePtr priv, if (qemuDomainSecretAESSetup(priv, secinfo, srcAlias, usageType, username, lookupDef, isLuks) < 0) { - qemuDomainSecretInfoFree(&secinfo); + g_clear_pointer(&secinfo, qemuDomainSecretInfoFree); return NULL; } @@ -1836,7 +1832,7 @@ qemuDomainSecretHostdevDestroy(virDomainHostdevDefPtr hostdev) if (scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI) { srcPriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(iscsisrc->src); if (srcPriv && srcPriv->secinfo) - qemuDomainSecretInfoFree(&srcPriv->secinfo); + g_clear_pointer(&srcPriv->secinfo, qemuDomainSecretInfoFree); } } } @@ -1880,7 +1876,7 @@ qemuDomainSecretChardevDestroy(virDomainChrSourceDefPtr dev) if (!chrSourcePriv || !chrSourcePriv->secinfo) return; - qemuDomainSecretInfoFree(&chrSourcePriv->secinfo); + g_clear_pointer(&chrSourcePriv->secinfo, qemuDomainSecretInfoFree); } @@ -1935,7 +1931,7 @@ qemuDomainSecretGraphicsDestroy(virDomainGraphicsDefPtr graphics) return; VIR_FREE(gfxPriv->tlsAlias); - qemuDomainSecretInfoFree(&gfxPriv->secinfo); + g_clear_pointer(&gfxPriv->secinfo, qemuDomainSecretInfoFree); } @@ -2283,7 +2279,7 @@ qemuDomainObjPrivateFree(void *data) } VIR_FREE(priv->cleanupCallbacks); - qemuDomainSecretInfoFree(&priv->migSecinfo); + g_clear_pointer(&priv->migSecinfo, qemuDomainSecretInfoFree); qemuDomainMasterKeyFree(priv); virHashFree(priv->blockjobs); diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index 476056c73f..10d6264e46 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -1032,7 +1032,7 @@ void qemuDomainMasterKeyRemove(qemuDomainObjPrivatePtr priv); bool qemuDomainSupportsEncryptedSecret(qemuDomainObjPrivatePtr priv); -void qemuDomainSecretInfoFree(qemuDomainSecretInfoPtr *secinfo) +void qemuDomainSecretInfoFree(qemuDomainSecretInfoPtr secinfo) ATTRIBUTE_NONNULL(1); void qemuDomainSecretInfoDestroy(qemuDomainSecretInfoPtr secinfo); diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_params.c index a92bb2fa2b..a36c6a4aea 100644 --- a/src/qemu/qemu_migration_params.c +++ b/src/qemu/qemu_migration_params.c @@ -1086,7 +1086,7 @@ qemuMigrationParamsResetTLS(virQEMUDriverPtr driver, secAlias = qemuDomainGetSecretAESAlias(QEMU_MIGRATION_TLS_ALIAS_BASE, false); qemuDomainDelTLSObjects(driver, vm, asyncJob, secAlias, tlsAlias); - qemuDomainSecretInfoFree(&QEMU_DOMAIN_PRIVATE(vm)->migSecinfo); + g_clear_pointer(&QEMU_DOMAIN_PRIVATE(vm)->migSecinfo, qemuDomainSecretInfoFree); VIR_FREE(tlsAlias); VIR_FREE(secAlias); -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
Using a doulble pointer prevents the function from being used as the
*double
automatic cleanup function for the given type.
Remove the double pointer use by replacing the calls with g_clear_pointer which ensures that the pointer is cleared.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_domain.c | 30 +++++++++++++----------------- src/qemu/qemu_domain.h | 2 +- src/qemu/qemu_migration_params.c | 2 +- 3 files changed, 15 insertions(+), 19 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
Use g_autofree instead of VIR_FREE and delete the comment mentioning possible failure to allocate memory. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_migration_params.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_params.c index a36c6a4aea..8c552ab9a0 100644 --- a/src/qemu/qemu_migration_params.c +++ b/src/qemu/qemu_migration_params.c @@ -1070,8 +1070,8 @@ qemuMigrationParamsResetTLS(virQEMUDriverPtr driver, qemuMigrationParamsPtr origParams, unsigned long apiFlags) { - char *tlsAlias = NULL; - char *secAlias = NULL; + g_autofree char *tlsAlias = NULL; + g_autofree char *secAlias = NULL; /* There's nothing to do if QEMU does not support TLS migration or we were * not asked to enable it. */ @@ -1079,17 +1079,11 @@ qemuMigrationParamsResetTLS(virQEMUDriverPtr driver, !(apiFlags & VIR_MIGRATE_TLS)) return; - /* NB: If either or both fail to allocate memory we can still proceed - * since the next time we migrate another deletion attempt will be - * made after successfully generating the aliases. */ tlsAlias = qemuAliasTLSObjFromSrcAlias(QEMU_MIGRATION_TLS_ALIAS_BASE); secAlias = qemuDomainGetSecretAESAlias(QEMU_MIGRATION_TLS_ALIAS_BASE, false); qemuDomainDelTLSObjects(driver, vm, asyncJob, secAlias, tlsAlias); g_clear_pointer(&QEMU_DOMAIN_PRIVATE(vm)->migSecinfo, qemuDomainSecretInfoFree); - - VIR_FREE(tlsAlias); - VIR_FREE(secAlias); } -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
Use g_autofree instead of VIR_FREE and delete the comment mentioning possible failure to allocate memory.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_migration_params.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
The comment mentioned that the function resets migration params, but that is not true. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_migration_params.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_params.c index 8c552ab9a0..f9bc43afee 100644 --- a/src/qemu/qemu_migration_params.c +++ b/src/qemu/qemu_migration_params.c @@ -1061,7 +1061,7 @@ qemuMigrationParamsDisableTLS(virDomainObjPtr vm, * @apiFlags: API flags used to start the migration * * Deconstruct all the setup possibly done for TLS - delete the TLS and - * security objects, free the secinfo, and reset the migration params to "". + * security objects. */ static void qemuMigrationParamsResetTLS(virQEMUDriverPtr driver, -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
The comment mentioned that the function resets migration params, but that is not true.
Not true as of commit eb54cb473a8d140e0dd4a7bd42e8bcd72b056368 qemu: Reset all migration parameters Also, you remove "free the secinfo" from the comment, even though it still does free it.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_migration_params.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_params.c index 8c552ab9a0..f9bc43afee 100644 --- a/src/qemu/qemu_migration_params.c +++ b/src/qemu/qemu_migration_params.c @@ -1061,7 +1061,7 @@ qemuMigrationParamsDisableTLS(virDomainObjPtr vm, * @apiFlags: API flags used to start the migration * * Deconstruct all the setup possibly done for TLS - delete the TLS and - * security objects, free the secinfo, and reset the migration params to "". + * security objects. */ static void qemuMigrationParamsResetTLS(virQEMUDriverPtr driver, -- 2.24.1
With the secinfo change mentioned in the commit message: Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
Previously qemuDomainSecretAESSetup was looking up the secret in the secret diver as well as encrypting it for use with qemu. Split out the the lookup into a wrapper for this function so that we can reuse the original internals when we don't need to look up a secret with the secret driver. The new wrapper is called qemuDomainSecretAESSetupFromSecret. This refactor also changes the functions to return qemuDomainSecretInfoPtr directly rather than filling it via an argument. This rendered qemuDomainSecretInfoNew obsolete and thus it was deleted. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_domain.c | 180 ++++++++++++++++++----------------------- src/qemu/qemu_domain.h | 2 + 2 files changed, 81 insertions(+), 101 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index bd32949e9b..52d2dddede 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1513,79 +1513,100 @@ qemuDomainSecretPlainSetup(qemuDomainSecretInfoPtr secinfo, /* qemuDomainSecretAESSetup: * @priv: pointer to domain private object - * @secinfo: Pointer to secret info - * @srcalias: Alias of the disk/hostdev used to generate the secret alias - * @usageType: The virSecretUsageType - * @username: username to use for authentication (may be NULL) - * @seclookupdef: Pointer to seclookupdef data - * @isLuks: True/False for is for luks (alias generation) + * @alias: alias of the secret + * @username: username to use (may be NULL) + * @secret: secret data + * @secretlen: length of @secret * - * Taking a secinfo, fill in the AES specific information using the - * - * Returns 0 on success, -1 on failure with error message + * Encrypts @secret to use with the domain. */ -static int +static qemuDomainSecretInfoPtr qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv, - qemuDomainSecretInfoPtr secinfo, - const char *srcalias, - virSecretUsageType usageType, + const char *alias, const char *username, - virSecretLookupTypeDefPtr seclookupdef, - bool isLuks) + uint8_t *secret, + size_t secretlen) { - g_autoptr(virConnect) conn = virGetConnectSecret(); - int ret = -1; - uint8_t *raw_iv = NULL; + g_autoptr(qemuDomainSecretInfo) secinfo = NULL; + g_autofree uint8_t *raw_iv = NULL; size_t ivlen = QEMU_DOMAIN_AES_IV_LEN; - uint8_t *secret = NULL; - size_t secretlen = 0; - uint8_t *ciphertext = NULL; + g_autofree uint8_t *ciphertext = NULL; size_t ciphertextlen = 0; - if (!conn) - return -1; + if (!qemuDomainSupportsEncryptedSecret(priv)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("encrypted secrets are not supported")); + return NULL; + } + + secinfo = g_new0(qemuDomainSecretInfo, 1); secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_AES; + secinfo->s.aes.alias = g_strdup(alias); secinfo->s.aes.username = g_strdup(username); - if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias, isLuks))) - goto cleanup; - - if (VIR_ALLOC_N(raw_iv, ivlen) < 0) - goto cleanup; + raw_iv = g_new0(uint8_t, ivlen); /* Create a random initialization vector */ if (virRandomBytes(raw_iv, ivlen) < 0) - goto cleanup; + return NULL; /* Encode the IV and save that since qemu will need it */ secinfo->s.aes.iv = g_base64_encode(raw_iv, ivlen); - /* Grab the unencoded secret */ - if (virSecretGetSecretString(conn, seclookupdef, usageType, - &secret, &secretlen) < 0) - goto cleanup; - if (virCryptoEncryptData(VIR_CRYPTO_CIPHER_AES256CBC, priv->masterKey, QEMU_DOMAIN_MASTER_KEY_LEN, raw_iv, ivlen, secret, secretlen, &ciphertext, &ciphertextlen) < 0) - goto cleanup; - - /* Clear out the secret */ - memset(secret, 0, secretlen); + return NULL; /* Now encode the ciphertext and store to be passed to qemu */ - secinfo->s.aes.ciphertext = g_base64_encode(ciphertext, - ciphertextlen); + secinfo->s.aes.ciphertext = g_base64_encode(ciphertext, ciphertextlen); - ret = 0; + return g_steal_pointer(&secinfo); +} + + +/** + * qemuDomainSecretAESSetupFromSecret: + * @priv: pointer to domain private object + * @srcalias: Alias of the disk/hostdev used to generate the secret alias + * @usageType: The virSecretUsageType + * @username: username to use for authentication (may be NULL) + * @seclookupdef: Pointer to seclookupdef data + * @isLuks: True/False for is for luks (alias generation) + * + * Looks up a secret in the secret driver based on @usageType and @seclookupdef + * and builds qemuDomainSecretInfoPtr from it. + */ +static qemuDomainSecretInfoPtr +qemuDomainSecretAESSetupFromSecret(qemuDomainObjPrivatePtr priv, + const char *srcalias, + virSecretUsageType usageType, + const char *username, + virSecretLookupTypeDefPtr seclookupdef, + bool isLuks) +{ + g_autoptr(virConnect) conn = virGetConnectSecret(); + qemuDomainSecretInfoPtr secinfo; + g_autofree char *alias = NULL; + uint8_t *secret = NULL; + size_t secretlen = 0; + + if (!conn) + return NULL; + + if (!(alias = qemuDomainGetSecretAESAlias(srcalias, isLuks))) + return NULL; + + if (virSecretGetSecretString(conn, seclookupdef, usageType, &secret, &secretlen) < 0) + return NULL; + + secinfo = qemuDomainSecretAESSetup(priv, alias, username, secret, secretlen); - cleanup: - VIR_DISPOSE_N(raw_iv, ivlen); VIR_DISPOSE_N(secret, secretlen); - VIR_DISPOSE_N(ciphertext, ciphertextlen); - return ret; + + return secinfo; } @@ -1635,49 +1656,6 @@ qemuDomainSecretInfoNewPlain(virSecretUsageType usageType, } -/* qemuDomainSecretInfoNew: - * @priv: pointer to domain private object - * @srcAlias: Alias base to use for TLS object - * @usageType: Secret usage type - * @username: username - * @looupDef: lookup def describing secret - * @isLuks: boolean for luks lookup - * - * Helper function to create a secinfo to be used for secinfo consumers. This - * sets up encrypted data to be used with qemu's 'secret' object. - * - * Returns @secinfo on success, NULL on failure. Caller is responsible - * to eventually free @secinfo. - */ -static qemuDomainSecretInfoPtr -qemuDomainSecretInfoNew(qemuDomainObjPrivatePtr priv, - const char *srcAlias, - virSecretUsageType usageType, - const char *username, - virSecretLookupTypeDefPtr lookupDef, - bool isLuks) -{ - qemuDomainSecretInfoPtr secinfo = NULL; - - if (!qemuDomainSupportsEncryptedSecret(priv)) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("encrypted secrets are not supported")); - return NULL; - } - - if (VIR_ALLOC(secinfo) < 0) - return NULL; - - if (qemuDomainSecretAESSetup(priv, secinfo, srcAlias, usageType, username, - lookupDef, isLuks) < 0) { - g_clear_pointer(&secinfo, qemuDomainSecretInfoFree); - return NULL; - } - - return secinfo; -} - - /** * qemuDomainSecretInfoTLSNew: * @priv: pointer to domain private object @@ -1704,9 +1682,9 @@ qemuDomainSecretInfoTLSNew(qemuDomainObjPrivatePtr priv, } seclookupdef.type = VIR_SECRET_LOOKUP_TYPE_UUID; - return qemuDomainSecretInfoNew(priv, srcAlias, - VIR_SECRET_USAGE_TYPE_TLS, NULL, - &seclookupdef, false); + return qemuDomainSecretAESSetupFromSecret(priv, srcAlias, + VIR_SECRET_USAGE_TYPE_TLS, + NULL, &seclookupdef, false); } @@ -1796,11 +1774,11 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivatePtr priv, src->auth->username, &src->auth->seclookupdef); } else { - srcPriv->secinfo = qemuDomainSecretInfoNew(priv, authalias, - usageType, - src->auth->username, - &src->auth->seclookupdef, - false); + srcPriv->secinfo = qemuDomainSecretAESSetupFromSecret(priv, authalias, + usageType, + src->auth->username, + &src->auth->seclookupdef, + false); } if (!srcPriv->secinfo) @@ -1808,11 +1786,11 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivatePtr priv, } if (hasEnc) { - if (!(srcPriv->encinfo = - qemuDomainSecretInfoNew(priv, encalias, - VIR_SECRET_USAGE_TYPE_VOLUME, NULL, - &src->encryption->secrets[0]->seclookupdef, - true))) + if (!(srcPriv->encinfo = qemuDomainSecretAESSetupFromSecret(priv, encalias, + VIR_SECRET_USAGE_TYPE_VOLUME, + NULL, + &src->encryption->secrets[0]->seclookupdef, + true))) return -1; } diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index 10d6264e46..202b85e39a 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -1035,6 +1035,8 @@ bool qemuDomainSupportsEncryptedSecret(qemuDomainObjPrivatePtr priv); void qemuDomainSecretInfoFree(qemuDomainSecretInfoPtr secinfo) ATTRIBUTE_NONNULL(1); +G_DEFINE_AUTOPTR_CLEANUP_FUNC(qemuDomainSecretInfo, qemuDomainSecretInfoFree); + void qemuDomainSecretInfoDestroy(qemuDomainSecretInfoPtr secinfo); void qemuDomainSecretDiskDestroy(virDomainDiskDefPtr disk) -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
Previously qemuDomainSecretAESSetup was looking up the secret in the secret diver as well as encrypting it for use with qemu. Split out the the lookup into a wrapper for this function so that we can reuse the original internals when we don't need to look up a secret with the secret driver. The new wrapper is called qemuDomainSecretAESSetupFromSecret.
This refactor also changes the functions to return qemuDomainSecretInfoPtr
also
Please split the split from refactors.
directly rather than filling it via an argument. This rendered qemuDomainSecretInfoNew obsolete and thus it was deleted.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_domain.c | 180 ++++++++++++++++++----------------------- src/qemu/qemu_domain.h | 2 + 2 files changed, 81 insertions(+), 101 deletions(-)
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index 10d6264e46..202b85e39a 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -1035,6 +1035,8 @@ bool qemuDomainSupportsEncryptedSecret(qemuDomainObjPrivatePtr priv); void qemuDomainSecretInfoFree(qemuDomainSecretInfoPtr secinfo) ATTRIBUTE_NONNULL(1);
+G_DEFINE_AUTOPTR_CLEANUP_FUNC(qemuDomainSecretInfo, qemuDomainSecretInfoFree); +
You really should not need to declare a new cleanup function when splitting code. Jano
void qemuDomainSecretInfoDestroy(qemuDomainSecretInfoPtr secinfo);
void qemuDomainSecretDiskDestroy(virDomainDiskDefPtr disk) -- 2.24.1
On 3/9/20 11:22 AM, Peter Krempa wrote:
Previously qemuDomainSecretAESSetup was looking up the secret in the secret diver as well as encrypting it for use with qemu. Split out the
driver
the lookup into a wrapper for this function so that we can reuse the original internals when we don't need to look up a secret with the secret driver. The new wrapper is called qemuDomainSecretAESSetupFromSecret.
This refactor also changes the functions to return qemuDomainSecretInfoPtr directly rather than filling it via an argument. This rendered qemuDomainSecretInfoNew obsolete and thus it was deleted.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> ---
-- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
qemuAliasForSecret is meant as a replacement qemuDomainGetSecretAESAlias with saner API. The sub-type we are creating the alias for is passed in as a string rather than the unflexible 'isLuks' boolean. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_alias.c | 17 +++++++++++++++++ src/qemu/qemu_alias.h | 3 +++ 2 files changed, 20 insertions(+) diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c index 95086fc65a..2e466ff23f 100644 --- a/src/qemu/qemu_alias.c +++ b/src/qemu/qemu_alias.c @@ -793,6 +793,23 @@ qemuDomainGetSecretAESAlias(const char *srcalias, } +/* qemuAliasForSecret: + * @parentalias: alias of the parent object + * @obj: optional sub-object of the parent device the secret is for + * + * Generate alias for a secret object used by @parentalias device or one of + * the dependencies of the device described by @obj. + */ +char * +qemuAliasForSecret(const char *parentalias, + const char *obj) +{ + if (obj) + return g_strdup_printf("%s-%s-secret0", parentalias, obj); + else + return g_strdup_printf("%s-secret0", parentalias); +} + /* qemuAliasTLSObjFromSrcAlias * @srcAlias: Pointer to a source alias string * diff --git a/src/qemu/qemu_alias.h b/src/qemu/qemu_alias.h index ae2fce16bc..645956d024 100644 --- a/src/qemu/qemu_alias.h +++ b/src/qemu/qemu_alias.h @@ -86,6 +86,9 @@ char *qemuDomainGetMasterKeyAlias(void); char *qemuDomainGetSecretAESAlias(const char *srcalias, bool isLuks); +char *qemuAliasForSecret(const char *parentalias, + const char *obj); + char *qemuAliasTLSObjFromSrcAlias(const char *srcAlias) ATTRIBUTE_NONNULL(1); -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
qemuAliasForSecret is meant as a replacement qemuDomainGetSecretAESAlias with saner API. The sub-type we are creating the alias for is passed in as a string rather than the unflexible 'isLuks' boolean.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_alias.c | 17 +++++++++++++++++ src/qemu/qemu_alias.h | 3 +++ 2 files changed, 20 insertions(+)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
The naming of the variables was tied to what they are used for not what the alias represents. Since we'll need to use some of the aliases for another type of secrets fix the name so that it makes sense. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_domain.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 52d2dddede..70b1b5c4f2 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1746,8 +1746,8 @@ qemuDomainDiskHasEncryptionSecret(virStorageSourcePtr src) static int qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivatePtr priv, virStorageSourcePtr src, - const char *authalias, - const char *encalias) + const char *aliasprotocol, + const char *aliasformat) { qemuDomainStorageSourcePrivatePtr srcPriv; bool iscsiHasPS = virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_ISCSI_PASSWORD_SECRET); @@ -1774,7 +1774,7 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivatePtr priv, src->auth->username, &src->auth->seclookupdef); } else { - srcPriv->secinfo = qemuDomainSecretAESSetupFromSecret(priv, authalias, + srcPriv->secinfo = qemuDomainSecretAESSetupFromSecret(priv, aliasprotocol, usageType, src->auth->username, &src->auth->seclookupdef, @@ -1786,7 +1786,7 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivatePtr priv, } if (hasEnc) { - if (!(srcPriv->encinfo = qemuDomainSecretAESSetupFromSecret(priv, encalias, + if (!(srcPriv->encinfo = qemuDomainSecretAESSetupFromSecret(priv, aliasformat, VIR_SECRET_USAGE_TYPE_VOLUME, NULL, &src->encryption->secrets[0]->seclookupdef, -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
The naming of the variables was tied to what they are used for not what the alias represents. Since we'll need to use some of the aliases for another type of secrets fix the name so that it makes sense.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_domain.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
In order to be able to change the function generating the alias and thus also the aliases itself, we must hardcode the old format for the case of upgrading form libvirt which didn't record them in the status XML yet. Note that this code path is tested by 'tests/qemustatusxml2xmldata/disk-secinfo-upgrade-in.xml' Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_domain.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 70b1b5c4f2..72e651ecee 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -8993,16 +8993,14 @@ qemuDomainDeviceDiskDefPostParseRestoreSecAlias(virDomainDiskDefPtr disk, } if (restoreAuthSecret) { - if (!(authalias = qemuDomainGetSecretAESAlias(disk->info.alias, false))) - return -1; + authalias = g_strdup_printf("%s-secret0", disk->info.alias); if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->secinfo, &authalias) < 0) return -1; } if (restoreEncSecret) { - if (!(encalias = qemuDomainGetSecretAESAlias(disk->info.alias, true))) - return -1; + encalias = g_strdup_printf("%s-luks-secret0", disk->info.alias); if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->encinfo, &encalias) < 0) return -1; -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
In order to be able to change the function generating the alias and thus also the aliases itself, we must hardcode the old format for the case of upgrading form libvirt which didn't record them in the status XML yet.
Note that this code path is tested by 'tests/qemustatusxml2xmldata/disk-secinfo-upgrade-in.xml'
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_domain.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
Currently we don't have infrastructure to remember the secret aliases for hostdevs. Since an upcomming patch is going to change aliases for the disks, initialize the iscsi hostdevs separately so that we can keep the alias. At the same time let's use qemuAliasForSecret instead of qemuDomainGetSecretAESAlias when unplugging the iscsi hostdev. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_domain.c | 25 +++++++++++++++++++++++-- src/qemu/qemu_hotplug.c | 2 +- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 72e651ecee..c2218871a7 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1835,8 +1835,29 @@ qemuDomainSecretHostdevPrepare(qemuDomainObjPrivatePtr priv, if (scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI && src->auth) { - if (qemuDomainSecretStorageSourcePrepare(priv, src, - hostdev->info->alias, NULL) < 0) + bool iscsiHasPS = virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_ISCSI_PASSWORD_SECRET); + virSecretUsageType usageType = VIR_SECRET_USAGE_TYPE_ISCSI; + qemuDomainStorageSourcePrivatePtr srcPriv; + + if (!(src->privateData = qemuDomainStorageSourcePrivateNew())) + return -1; + + srcPriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(src); + + if (!qemuDomainSupportsEncryptedSecret(priv) || !iscsiHasPS) { + srcPriv->secinfo = qemuDomainSecretInfoNewPlain(usageType, + src->auth->username, + &src->auth->seclookupdef); + } else { + srcPriv->secinfo = qemuDomainSecretAESSetupFromSecret(priv, + hostdev->info->alias, + usageType, + src->auth->username, + &src->auth->seclookupdef, + false); + } + + if (!srcPriv->secinfo) return -1; } } diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index ca18bb9e5f..e804053933 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -4471,7 +4471,7 @@ qemuDomainRemoveHostDevice(virQEMUDriverPtr driver, if (scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI && virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_ISCSI_PASSWORD_SECRET) && qemuDomainStorageSourceHasAuth(iscsisrc->src)) { - if (!(objAlias = qemuDomainGetSecretAESAlias(hostdev->info->alias, false))) + if (!(objAlias = qemuAliasForSecret(hostdev->info->alias, NULL))) return -1; } -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
Currently we don't have infrastructure to remember the secret aliases for hostdevs. Since an upcomming patch is going to change aliases for
upcoming
the disks, initialize the iscsi hostdevs separately so that we can keep the alias. At the same time let's use qemuAliasForSecret instead of qemuDomainGetSecretAESAlias when unplugging the iscsi hostdev.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_domain.c | 25 +++++++++++++++++++++++-- src/qemu/qemu_hotplug.c | 2 +- 2 files changed, 24 insertions(+), 3 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
Replace qemuDomainGetSecretAESAlias by the new function si that we can reuse qemuDomainSecretAESSetupFromSecret also for setting up other kinds of objects. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_domain.c | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index c2218871a7..c7432b3a98 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1571,34 +1571,32 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv, * qemuDomainSecretAESSetupFromSecret: * @priv: pointer to domain private object * @srcalias: Alias of the disk/hostdev used to generate the secret alias + * @secretuse: specific usage for the secret (may be NULL if main object is using it) * @usageType: The virSecretUsageType * @username: username to use for authentication (may be NULL) * @seclookupdef: Pointer to seclookupdef data - * @isLuks: True/False for is for luks (alias generation) * * Looks up a secret in the secret driver based on @usageType and @seclookupdef - * and builds qemuDomainSecretInfoPtr from it. + * and builds qemuDomainSecretInfoPtr from it. @use describes the usage of the + * secret in case if @srcalias requires more secrets for various usage cases. */ static qemuDomainSecretInfoPtr qemuDomainSecretAESSetupFromSecret(qemuDomainObjPrivatePtr priv, const char *srcalias, + const char *secretuse, virSecretUsageType usageType, const char *username, - virSecretLookupTypeDefPtr seclookupdef, - bool isLuks) + virSecretLookupTypeDefPtr seclookupdef) { g_autoptr(virConnect) conn = virGetConnectSecret(); qemuDomainSecretInfoPtr secinfo; - g_autofree char *alias = NULL; + g_autofree char *alias = qemuAliasForSecret(srcalias, secretuse); uint8_t *secret = NULL; size_t secretlen = 0; if (!conn) return NULL; - if (!(alias = qemuDomainGetSecretAESAlias(srcalias, isLuks))) - return NULL; - if (virSecretGetSecretString(conn, seclookupdef, usageType, &secret, &secretlen) < 0) return NULL; @@ -1682,9 +1680,9 @@ qemuDomainSecretInfoTLSNew(qemuDomainObjPrivatePtr priv, } seclookupdef.type = VIR_SECRET_LOOKUP_TYPE_UUID; - return qemuDomainSecretAESSetupFromSecret(priv, srcAlias, + return qemuDomainSecretAESSetupFromSecret(priv, srcAlias, NULL, VIR_SECRET_USAGE_TYPE_TLS, - NULL, &seclookupdef, false); + NULL, &seclookupdef); } @@ -1775,10 +1773,10 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivatePtr priv, &src->auth->seclookupdef); } else { srcPriv->secinfo = qemuDomainSecretAESSetupFromSecret(priv, aliasprotocol, + NULL, usageType, src->auth->username, - &src->auth->seclookupdef, - false); + &src->auth->seclookupdef); } if (!srcPriv->secinfo) @@ -1787,10 +1785,10 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivatePtr priv, if (hasEnc) { if (!(srcPriv->encinfo = qemuDomainSecretAESSetupFromSecret(priv, aliasformat, + "luks", VIR_SECRET_USAGE_TYPE_VOLUME, NULL, - &src->encryption->secrets[0]->seclookupdef, - true))) + &src->encryption->secrets[0]->seclookupdef))) return -1; } @@ -1851,10 +1849,10 @@ qemuDomainSecretHostdevPrepare(qemuDomainObjPrivatePtr priv, } else { srcPriv->secinfo = qemuDomainSecretAESSetupFromSecret(priv, hostdev->info->alias, + NULL, usageType, src->auth->username, - &src->auth->seclookupdef, - false); + &src->auth->seclookupdef); } if (!srcPriv->secinfo) -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
Replace qemuDomainGetSecretAESAlias by the new function si that we can
s/si/so/
reuse qemuDomainSecretAESSetupFromSecret also for setting up other kinds of objects.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_domain.c | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
Originally there was only the secret for authentication so we didn't use any suffix to tell it apart. With the introduction of encryption we added a 'luks' suffix for the encryption secrets. Since encryption is really generic and authentication is not the only secret modify the aliases for the secrets to better describe what they are used for. This is possible as we store the disk secrets in the status XML thus only new machines will use the new secrets. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_domain.c | 4 +-- ...-backing-chains-noindex.x86_64-2.12.0.args | 4 +-- ...-backing-chains-noindex.x86_64-latest.args | 6 ++-- ...sk-hostdev-scsi-virtio-iscsi-auth-AES.args | 6 ++-- .../disk-network-iscsi.x86_64-2.12.0.args | 12 +++---- .../disk-network-iscsi.x86_64-latest.args | 8 ++--- .../disk-network-rbd.x86_64-2.12.0.args | 4 +-- .../disk-network-rbd.x86_64-latest.args | 4 +-- ...isk-network-source-auth.x86_64-2.12.0.args | 10 +++--- ...isk-network-source-auth.x86_64-latest.args | 8 ++--- .../disk-nvme.x86_64-latest.args | 4 +-- .../encrypted-disk-usage.args | 4 +-- tests/qemuxml2argvdata/encrypted-disk.args | 4 +-- .../luks-disks-source-qcow2.args | 24 +++++++------- ...luks-disks-source-qcow2.x86_64-latest.args | 32 +++++++++---------- tests/qemuxml2argvdata/luks-disks-source.args | 26 ++++++++------- tests/qemuxml2argvdata/luks-disks.args | 10 +++--- tests/qemuxml2argvdata/user-aliases.args | 4 +-- 18 files changed, 90 insertions(+), 84 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index c7432b3a98..1d551f248f 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1773,7 +1773,7 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivatePtr priv, &src->auth->seclookupdef); } else { srcPriv->secinfo = qemuDomainSecretAESSetupFromSecret(priv, aliasprotocol, - NULL, + "auth", usageType, src->auth->username, &src->auth->seclookupdef); @@ -1785,7 +1785,7 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivatePtr priv, if (hasEnc) { if (!(srcPriv->encinfo = qemuDomainSecretAESSetupFromSecret(priv, aliasformat, - "luks", + "encryption", VIR_SECRET_USAGE_TYPE_VOLUME, NULL, &src->encryption->secrets[0]->seclookupdef))) diff --git a/tests/qemuxml2argvdata/disk-backing-chains-noindex.x86_64-2.12.0.args b/tests/qemuxml2argvdata/disk-backing-chains-noindex.x86_64-2.12.0.args index a8675debd5..47691339d6 100644 --- a/tests/qemuxml2argvdata/disk-backing-chains-noindex.x86_64-2.12.0.args +++ b/tests/qemuxml2argvdata/disk-backing-chains-noindex.x86_64-2.12.0.args @@ -39,12 +39,12 @@ id=virtio-disk1 \ if=none,id=drive-virtio-disk2 \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=drive-virtio-disk2,\ id=virtio-disk2 \ --object secret,id=virtio-disk3-secret0,\ +-object secret,id=virtio-disk3-auth-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -drive 'file=rbd:pool/image:id=myname:auth_supported=cephx\;none:\ mon_host=mon1.example.org\:6321\;mon2.example.org\:6322\;mon3.example.org\:\ -6322,file.password-secret=virtio-disk3-secret0,format=qcow2,if=none,\ +6322,file.password-secret=virtio-disk3-auth-secret0,format=qcow2,if=none,\ id=drive-virtio-disk3' \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk3,\ id=virtio-disk3 \ diff --git a/tests/qemuxml2argvdata/disk-backing-chains-noindex.x86_64-latest.args b/tests/qemuxml2argvdata/disk-backing-chains-noindex.x86_64-latest.args index b1a1f8a6bc..6c19da970f 100644 --- a/tests/qemuxml2argvdata/disk-backing-chains-noindex.x86_64-latest.args +++ b/tests/qemuxml2argvdata/disk-backing-chains-noindex.x86_64-latest.args @@ -81,15 +81,15 @@ id=virtio-disk2 \ "node-name":"libvirt-15-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-15-format","read-only":true,"driver":"qcow2",\ "file":"libvirt-15-storage","backing":null}' \ --object secret,id=libvirt-14-storage-secret0,\ +-object secret,id=libvirt-14-storage-auth-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -blockdev '{"driver":"rbd","pool":"pool","image":"image",\ "server":[{"host":"mon1.example.org","port":"6321"},{"host":"mon2.example.org",\ "port":"6322"},{"host":"mon3.example.org","port":"6322"}],"user":"myname",\ "auth-client-required":["cephx","none"],\ -"key-secret":"libvirt-14-storage-secret0","node-name":"libvirt-14-storage",\ -"auto-read-only":true,"discard":"unmap"}' \ +"key-secret":"libvirt-14-storage-auth-secret0",\ +"node-name":"libvirt-14-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-14-format","read-only":false,"driver":"qcow2",\ "file":"libvirt-14-storage","backing":"libvirt-15-format"}' \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=libvirt-14-format,\ diff --git a/tests/qemuxml2argvdata/disk-hostdev-scsi-virtio-iscsi-auth-AES.args b/tests/qemuxml2argvdata/disk-hostdev-scsi-virtio-iscsi-auth-AES.args index aece52dad2..47b014aacc 100644 --- a/tests/qemuxml2argvdata/disk-hostdev-scsi-virtio-iscsi-auth-AES.args +++ b/tests/qemuxml2argvdata/disk-hostdev-scsi-virtio-iscsi-auth-AES.args @@ -28,13 +28,13 @@ server,nowait \ -no-acpi \ -device virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x3 \ -usb \ --object secret,id=virtio-disk0-secret0,\ +-object secret,id=virtio-disk0-auth-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -drive file.driver=iscsi,file.portal=example.org:6000,\ file.target=iqn.1992-01.com.example:storage,file.lun=1,file.transport=tcp,\ -file.user=myname,file.password-secret=virtio-disk0-secret0,format=raw,if=none,\ -id=drive-virtio-disk0 \ +file.user=myname,file.password-secret=virtio-disk0-auth-secret0,format=raw,\ +if=none,id=drive-virtio-disk0 \ -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\ id=virtio-disk0,bootindex=1 \ -object secret,id=hostdev0-secret0,\ diff --git a/tests/qemuxml2argvdata/disk-network-iscsi.x86_64-2.12.0.args b/tests/qemuxml2argvdata/disk-network-iscsi.x86_64-2.12.0.args index 55347521da..930d8d5db2 100644 --- a/tests/qemuxml2argvdata/disk-network-iscsi.x86_64-2.12.0.args +++ b/tests/qemuxml2argvdata/disk-network-iscsi.x86_64-2.12.0.args @@ -38,22 +38,22 @@ file.target=iqn.1992-01.com.example,file.lun=1,file.transport=tcp,format=raw,\ if=none,id=drive-virtio-disk1 \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=drive-virtio-disk1,\ id=virtio-disk1 \ --object secret,id=virtio-disk2-secret0,\ +-object secret,id=virtio-disk2-auth-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -drive file.driver=iscsi,file.portal=example.org:6000,\ file.target=iqn.1992-01.com.example:storage,file.lun=1,file.transport=tcp,\ -file.user=myname,file.password-secret=virtio-disk2-secret0,format=raw,if=none,\ -id=drive-virtio-disk2 \ +file.user=myname,file.password-secret=virtio-disk2-auth-secret0,format=raw,\ +if=none,id=drive-virtio-disk2 \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk2,\ id=virtio-disk2 \ --object secret,id=virtio-disk3-secret0,\ +-object secret,id=virtio-disk3-auth-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -drive file.driver=iscsi,file.portal=example.org:6000,\ file.target=iqn.1992-01.com.example:storage,file.lun=2,file.transport=tcp,\ -file.user=myname,file.password-secret=virtio-disk3-secret0,format=raw,if=none,\ -id=drive-virtio-disk3 \ +file.user=myname,file.password-secret=virtio-disk3-auth-secret0,format=raw,\ +if=none,id=drive-virtio-disk3 \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x6,drive=drive-virtio-disk3,\ id=virtio-disk3 \ -drive file.driver=iscsi,file.portal=example.org:3260,\ diff --git a/tests/qemuxml2argvdata/disk-network-iscsi.x86_64-latest.args b/tests/qemuxml2argvdata/disk-network-iscsi.x86_64-latest.args index 0df7819237..3f61f6dc2c 100644 --- a/tests/qemuxml2argvdata/disk-network-iscsi.x86_64-latest.args +++ b/tests/qemuxml2argvdata/disk-network-iscsi.x86_64-latest.args @@ -43,23 +43,23 @@ id=virtio-disk0,bootindex=1 \ "file":"libvirt-4-storage"}' \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=libvirt-4-format,\ id=virtio-disk1 \ --object secret,id=libvirt-3-storage-secret0,\ +-object secret,id=libvirt-3-storage-auth-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -blockdev '{"driver":"iscsi","portal":"example.org:6000",\ "target":"iqn.1992-01.com.example:storage","lun":1,"transport":"tcp",\ -"user":"myname","password-secret":"libvirt-3-storage-secret0",\ +"user":"myname","password-secret":"libvirt-3-storage-auth-secret0",\ "node-name":"libvirt-3-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-3-format","read-only":false,"driver":"raw",\ "file":"libvirt-3-storage"}' \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=libvirt-3-format,\ id=virtio-disk2 \ --object secret,id=libvirt-2-storage-secret0,\ +-object secret,id=libvirt-2-storage-auth-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -blockdev '{"driver":"iscsi","portal":"example.org:6000",\ "target":"iqn.1992-01.com.example:storage","lun":2,"transport":"tcp",\ -"user":"myname","password-secret":"libvirt-2-storage-secret0",\ +"user":"myname","password-secret":"libvirt-2-storage-auth-secret0",\ "node-name":"libvirt-2-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-2-format","read-only":false,"driver":"raw",\ "file":"libvirt-2-storage"}' \ diff --git a/tests/qemuxml2argvdata/disk-network-rbd.x86_64-2.12.0.args b/tests/qemuxml2argvdata/disk-network-rbd.x86_64-2.12.0.args index 18cb534552..21d1c2deba 100644 --- a/tests/qemuxml2argvdata/disk-network-rbd.x86_64-2.12.0.args +++ b/tests/qemuxml2argvdata/disk-network-rbd.x86_64-2.12.0.args @@ -45,12 +45,12 @@ id=virtio-disk2 \ format=raw,if=none,id=drive-virtio-disk3 \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk3,\ id=virtio-disk3 \ --object secret,id=virtio-disk4-secret0,\ +-object secret,id=virtio-disk4-auth-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -drive 'file=rbd:pool/image:id=myname:auth_supported=cephx\;none:\ mon_host=mon1.example.org\:6321\;mon2.example.org\:6322\;mon3.example.org\:\ -6322,file.password-secret=virtio-disk4-secret0,format=raw,if=none,\ +6322,file.password-secret=virtio-disk4-auth-secret0,format=raw,if=none,\ id=drive-virtio-disk4' \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x6,drive=drive-virtio-disk4,\ id=virtio-disk4 \ diff --git a/tests/qemuxml2argvdata/disk-network-rbd.x86_64-latest.args b/tests/qemuxml2argvdata/disk-network-rbd.x86_64-latest.args index ea4cb6ff06..fb8fc988e8 100644 --- a/tests/qemuxml2argvdata/disk-network-rbd.x86_64-latest.args +++ b/tests/qemuxml2argvdata/disk-network-rbd.x86_64-latest.args @@ -57,14 +57,14 @@ id=virtio-disk2 \ "file":"libvirt-3-storage"}' \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=libvirt-3-format,\ id=virtio-disk3 \ --object secret,id=libvirt-2-storage-secret0,\ +-object secret,id=libvirt-2-storage-auth-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -blockdev '{"driver":"rbd","pool":"pool","image":"image",\ "server":[{"host":"mon1.example.org","port":"6321"},{"host":"mon2.example.org",\ "port":"6322"},{"host":"mon3.example.org","port":"6322"}],"user":"myname",\ "auth-client-required":["cephx","none"],\ -"key-secret":"libvirt-2-storage-secret0","node-name":"libvirt-2-storage",\ +"key-secret":"libvirt-2-storage-auth-secret0","node-name":"libvirt-2-storage",\ "auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-2-format","read-only":false,"driver":"raw",\ "file":"libvirt-2-storage"}' \ diff --git a/tests/qemuxml2argvdata/disk-network-source-auth.x86_64-2.12.0.args b/tests/qemuxml2argvdata/disk-network-source-auth.x86_64-2.12.0.args index f34c6b678d..279d5c73ec 100644 --- a/tests/qemuxml2argvdata/disk-network-source-auth.x86_64-2.12.0.args +++ b/tests/qemuxml2argvdata/disk-network-source-auth.x86_64-2.12.0.args @@ -27,21 +27,21 @@ file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ -no-acpi \ -boot strict=on \ -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \ --object secret,id=virtio-disk0-secret0,\ +-object secret,id=virtio-disk0-auth-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -drive file.driver=iscsi,file.portal=example.org:6000,\ file.target=iqn.1992-01.com.example:storage,file.lun=1,file.transport=tcp,\ -file.user=myname,file.password-secret=virtio-disk0-secret0,format=raw,if=none,\ -id=drive-virtio-disk0 \ +file.user=myname,file.password-secret=virtio-disk0-auth-secret0,format=raw,\ +if=none,id=drive-virtio-disk0 \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x2,drive=drive-virtio-disk0,\ id=virtio-disk0,bootindex=1 \ --object secret,id=virtio-disk1-secret0,\ +-object secret,id=virtio-disk1-auth-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -drive 'file=rbd:pool/image:id=myname:auth_supported=cephx\;none:\ mon_host=mon1.example.org\:6321\;mon2.example.org\:6322\;mon3.example.org\:\ -6322,file.password-secret=virtio-disk1-secret0,format=raw,if=none,\ +6322,file.password-secret=virtio-disk1-auth-secret0,format=raw,if=none,\ id=drive-virtio-disk1' \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x3,drive=drive-virtio-disk1,\ id=virtio-disk1 \ diff --git a/tests/qemuxml2argvdata/disk-network-source-auth.x86_64-latest.args b/tests/qemuxml2argvdata/disk-network-source-auth.x86_64-latest.args index 44b8ec87df..7a504d49be 100644 --- a/tests/qemuxml2argvdata/disk-network-source-auth.x86_64-latest.args +++ b/tests/qemuxml2argvdata/disk-network-source-auth.x86_64-latest.args @@ -28,25 +28,25 @@ file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ -no-acpi \ -boot strict=on \ -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \ --object secret,id=libvirt-2-storage-secret0,\ +-object secret,id=libvirt-2-storage-auth-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -blockdev '{"driver":"iscsi","portal":"example.org:6000",\ "target":"iqn.1992-01.com.example:storage","lun":1,"transport":"tcp",\ -"user":"myname","password-secret":"libvirt-2-storage-secret0",\ +"user":"myname","password-secret":"libvirt-2-storage-auth-secret0",\ "node-name":"libvirt-2-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-2-format","read-only":false,"driver":"raw",\ "file":"libvirt-2-storage"}' \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x2,drive=libvirt-2-format,\ id=virtio-disk0,bootindex=1 \ --object secret,id=libvirt-1-storage-secret0,\ +-object secret,id=libvirt-1-storage-auth-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -blockdev '{"driver":"rbd","pool":"pool","image":"image",\ "server":[{"host":"mon1.example.org","port":"6321"},{"host":"mon2.example.org",\ "port":"6322"},{"host":"mon3.example.org","port":"6322"}],"user":"myname",\ "auth-client-required":["cephx","none"],\ -"key-secret":"libvirt-1-storage-secret0","node-name":"libvirt-1-storage",\ +"key-secret":"libvirt-1-storage-auth-secret0","node-name":"libvirt-1-storage",\ "auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw",\ "file":"libvirt-1-storage"}' \ diff --git a/tests/qemuxml2argvdata/disk-nvme.x86_64-latest.args b/tests/qemuxml2argvdata/disk-nvme.x86_64-latest.args index 2962f496c4..5334882c0b 100644 --- a/tests/qemuxml2argvdata/disk-nvme.x86_64-latest.args +++ b/tests/qemuxml2argvdata/disk-nvme.x86_64-latest.args @@ -47,7 +47,7 @@ id=virtio-disk1 \ "file":"libvirt-2-storage"}' \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x6,drive=libvirt-2-format,\ id=virtio-disk2 \ --object secret,id=libvirt-1-format-luks-secret0,\ +-object secret,id=libvirt-1-format-encryption-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -blockdev '{"driver":"nvme","device":"0001:02:00.0","namespace":2,\ @@ -55,7 +55,7 @@ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ "auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-1-format","read-only":false,\ "cache":{"direct":true,"no-flush":false},"driver":"qcow2",\ -"encrypt":{"format":"luks","key-secret":"libvirt-1-format-luks-secret0"},\ +"encrypt":{"format":"luks","key-secret":"libvirt-1-format-encryption-secret0"},\ "file":"libvirt-1-storage"}' \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x7,drive=libvirt-1-format,\ id=virtio-disk3,write-cache=on \ diff --git a/tests/qemuxml2argvdata/encrypted-disk-usage.args b/tests/qemuxml2argvdata/encrypted-disk-usage.args index 4522d2cb84..8641701293 100644 --- a/tests/qemuxml2argvdata/encrypted-disk-usage.args +++ b/tests/qemuxml2argvdata/encrypted-disk-usage.args @@ -27,11 +27,11 @@ path=/tmp/lib/domain--1-encryptdisk/monitor.sock,server,nowait \ -no-shutdown \ -no-acpi \ -usb \ --object secret,id=virtio-disk0-luks-secret0,\ +-object secret,id=virtio-disk0-encryption-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -drive file=/storage/guest_disks/encryptdisk,encrypt.format=luks,\ -encrypt.key-secret=virtio-disk0-luks-secret0,format=qcow2,if=none,\ +encrypt.key-secret=virtio-disk0-encryption-secret0,format=qcow2,if=none,\ id=drive-virtio-disk0 \ -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\ id=virtio-disk0,bootindex=1 \ diff --git a/tests/qemuxml2argvdata/encrypted-disk.args b/tests/qemuxml2argvdata/encrypted-disk.args index 4522d2cb84..8641701293 100644 --- a/tests/qemuxml2argvdata/encrypted-disk.args +++ b/tests/qemuxml2argvdata/encrypted-disk.args @@ -27,11 +27,11 @@ path=/tmp/lib/domain--1-encryptdisk/monitor.sock,server,nowait \ -no-shutdown \ -no-acpi \ -usb \ --object secret,id=virtio-disk0-luks-secret0,\ +-object secret,id=virtio-disk0-encryption-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -drive file=/storage/guest_disks/encryptdisk,encrypt.format=luks,\ -encrypt.key-secret=virtio-disk0-luks-secret0,format=qcow2,if=none,\ +encrypt.key-secret=virtio-disk0-encryption-secret0,format=qcow2,if=none,\ id=drive-virtio-disk0 \ -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\ id=virtio-disk0,bootindex=1 \ diff --git a/tests/qemuxml2argvdata/luks-disks-source-qcow2.args b/tests/qemuxml2argvdata/luks-disks-source-qcow2.args index ab1c864cf6..e7a29b2e03 100644 --- a/tests/qemuxml2argvdata/luks-disks-source-qcow2.args +++ b/tests/qemuxml2argvdata/luks-disks-source-qcow2.args @@ -27,53 +27,53 @@ path=/tmp/lib/domain--1-encryptdisk/monitor.sock,server,nowait \ -no-shutdown \ -no-acpi \ -usb \ --object secret,id=virtio-disk0-luks-secret0,\ +-object secret,id=virtio-disk0-encryption-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -drive file=/storage/guest_disks/encryptdisk,encrypt.format=luks,\ -encrypt.key-secret=virtio-disk0-luks-secret0,format=qcow2,if=none,\ +encrypt.key-secret=virtio-disk0-encryption-secret0,format=qcow2,if=none,\ id=drive-virtio-disk0 \ -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\ id=virtio-disk0,bootindex=1 \ --object secret,id=virtio-disk1-luks-secret0,\ +-object secret,id=virtio-disk1-encryption-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -drive file=/storage/guest_disks/encryptdisk2,encrypt.format=luks,\ -encrypt.key-secret=virtio-disk1-luks-secret0,format=qcow2,if=none,\ +encrypt.key-secret=virtio-disk1-encryption-secret0,format=qcow2,if=none,\ id=drive-virtio-disk1 \ -device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk1,\ id=virtio-disk1 \ --object secret,id=virtio-disk2-luks-secret0,\ +-object secret,id=virtio-disk2-encryption-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -drive file=iscsi://myname:AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A@example.org:\ 6000/iqn.1992-01.com.example%3Astorage/1,encrypt.format=luks,\ -encrypt.key-secret=virtio-disk2-luks-secret0,format=qcow2,if=none,\ +encrypt.key-secret=virtio-disk2-encryption-secret0,format=qcow2,if=none,\ id=drive-virtio-disk2 \ -device virtio-blk-pci,bus=pci.0,addr=0x6,drive=drive-virtio-disk2,\ id=virtio-disk2 \ --object secret,id=virtio-disk3-luks-secret0,\ +-object secret,id=virtio-disk3-encryption-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -drive file=iscsi://iscsi.example.com:3260/demo-target/3,encrypt.format=luks,\ -encrypt.key-secret=virtio-disk3-luks-secret0,format=qcow2,if=none,\ +encrypt.key-secret=virtio-disk3-encryption-secret0,format=qcow2,if=none,\ id=drive-virtio-disk3 \ -device virtio-blk-pci,bus=pci.0,addr=0x7,drive=drive-virtio-disk3,\ id=virtio-disk3 \ --object secret,id=virtio-disk4-luks-secret0,\ +-object secret,id=virtio-disk4-encryption-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -drive 'file=rbd:pool/image:auth_supported=none:mon_host=mon1.example.org\:\ 6321\;mon2.example.org\:6322\;mon3.example.org\:6322,encrypt.format=luks,\ -encrypt.key-secret=virtio-disk4-luks-secret0,format=qcow2,if=none,\ +encrypt.key-secret=virtio-disk4-encryption-secret0,format=qcow2,if=none,\ id=drive-virtio-disk4' \ -device virtio-blk-pci,bus=pci.0,addr=0x8,drive=drive-virtio-disk4,\ id=virtio-disk4 \ --object secret,id=virtio-disk5-luks-secret0,\ +-object secret,id=virtio-disk5-encryption-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -drive file=/storage/guest_disks/encryptdisk5,encrypt.format=luks,\ -encrypt.key-secret=virtio-disk5-luks-secret0,format=qcow2,if=none,\ +encrypt.key-secret=virtio-disk5-encryption-secret0,format=qcow2,if=none,\ id=drive-virtio-disk5 \ -device virtio-blk-pci,bus=pci.0,addr=0x9,drive=drive-virtio-disk5,\ id=virtio-disk5 \ diff --git a/tests/qemuxml2argvdata/luks-disks-source-qcow2.x86_64-latest.args b/tests/qemuxml2argvdata/luks-disks-source-qcow2.x86_64-latest.args index 021bcb6961..44e4c5698d 100644 --- a/tests/qemuxml2argvdata/luks-disks-source-qcow2.x86_64-latest.args +++ b/tests/qemuxml2argvdata/luks-disks-source-qcow2.x86_64-latest.args @@ -28,53 +28,53 @@ file=/tmp/lib/domain--1-encryptdisk/master-key.aes \ -no-acpi \ -boot strict=on \ -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \ --object secret,id=libvirt-7-format-luks-secret0,\ +-object secret,id=libvirt-7-format-encryption-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -blockdev '{"driver":"file","filename":"/storage/guest_disks/encryptdisk",\ "node-name":"libvirt-7-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-7-format","read-only":false,"driver":"qcow2",\ -"encrypt":{"format":"luks","key-secret":"libvirt-7-format-luks-secret0"},\ +"encrypt":{"format":"luks","key-secret":"libvirt-7-format-encryption-secret0"},\ "file":"libvirt-7-storage"}' \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=libvirt-7-format,\ id=virtio-disk0,bootindex=1 \ --object secret,id=libvirt-6-format-luks-secret0,\ +-object secret,id=libvirt-6-format-encryption-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -blockdev '{"driver":"file","filename":"/storage/guest_disks/encryptdisk2",\ "node-name":"libvirt-6-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-6-format","read-only":false,"driver":"qcow2",\ -"encrypt":{"format":"luks","key-secret":"libvirt-6-format-luks-secret0"},\ +"encrypt":{"format":"luks","key-secret":"libvirt-6-format-encryption-secret0"},\ "file":"libvirt-6-storage"}' \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=libvirt-6-format,\ id=virtio-disk1 \ --object secret,id=libvirt-5-storage-secret0,\ +-object secret,id=libvirt-5-storage-auth-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ --object secret,id=libvirt-5-format-luks-secret0,\ +-object secret,id=libvirt-5-format-encryption-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -blockdev '{"driver":"iscsi","portal":"example.org:6000",\ "target":"iqn.1992-01.com.example:storage","lun":1,"transport":"tcp",\ -"user":"myname","password-secret":"libvirt-5-storage-secret0",\ +"user":"myname","password-secret":"libvirt-5-storage-auth-secret0",\ "node-name":"libvirt-5-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-5-format","read-only":false,"driver":"qcow2",\ -"encrypt":{"format":"luks","key-secret":"libvirt-5-format-luks-secret0"},\ +"encrypt":{"format":"luks","key-secret":"libvirt-5-format-encryption-secret0"},\ "file":"libvirt-5-storage"}' \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x2,drive=libvirt-5-format,\ id=virtio-disk2 \ --object secret,id=libvirt-4-format-luks-secret0,\ +-object secret,id=libvirt-4-format-encryption-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -blockdev '{"driver":"iscsi","portal":"iscsi.example.com:3260",\ "target":"demo-target","lun":3,"transport":"tcp",\ "node-name":"libvirt-4-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-4-format","read-only":false,"driver":"qcow2",\ -"encrypt":{"format":"luks","key-secret":"libvirt-4-format-luks-secret0"},\ +"encrypt":{"format":"luks","key-secret":"libvirt-4-format-encryption-secret0"},\ "file":"libvirt-4-storage"}' \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x6,drive=libvirt-4-format,\ id=virtio-disk3 \ --object secret,id=libvirt-3-format-luks-secret0,\ +-object secret,id=libvirt-3-format-encryption-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -blockdev '{"driver":"rbd","pool":"pool","image":"image",\ @@ -82,25 +82,25 @@ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ "port":"6322"},{"host":"mon3.example.org","port":"6322"}],\ "node-name":"libvirt-3-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-3-format","read-only":false,"driver":"qcow2",\ -"encrypt":{"format":"luks","key-secret":"libvirt-3-format-luks-secret0"},\ +"encrypt":{"format":"luks","key-secret":"libvirt-3-format-encryption-secret0"},\ "file":"libvirt-3-storage"}' \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x7,drive=libvirt-3-format,\ id=virtio-disk4 \ --object secret,id=libvirt-2-format-luks-secret0,\ +-object secret,id=libvirt-2-format-encryption-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -blockdev '{"driver":"file","filename":"/storage/guest_disks/base.qcow2",\ "node-name":"libvirt-2-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-2-format","read-only":true,"driver":"qcow2",\ -"encrypt":{"format":"luks","key-secret":"libvirt-2-format-luks-secret0"},\ +"encrypt":{"format":"luks","key-secret":"libvirt-2-format-encryption-secret0"},\ "file":"libvirt-2-storage","backing":null}' \ --object secret,id=libvirt-1-format-luks-secret0,\ +-object secret,id=libvirt-1-format-encryption-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -blockdev '{"driver":"file","filename":"/storage/guest_disks/encryptdisk5",\ "node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"qcow2",\ -"encrypt":{"format":"luks","key-secret":"libvirt-1-format-luks-secret0"},\ +"encrypt":{"format":"luks","key-secret":"libvirt-1-format-encryption-secret0"},\ "file":"libvirt-1-storage","backing":"libvirt-2-format"}' \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x8,drive=libvirt-1-format,\ id=virtio-disk5 \ diff --git a/tests/qemuxml2argvdata/luks-disks-source.args b/tests/qemuxml2argvdata/luks-disks-source.args index 4566f84ff1..e2bd559212 100644 --- a/tests/qemuxml2argvdata/luks-disks-source.args +++ b/tests/qemuxml2argvdata/luks-disks-source.args @@ -27,41 +27,45 @@ path=/tmp/lib/domain--1-encryptdisk/monitor.sock,server,nowait \ -no-shutdown \ -no-acpi \ -usb \ --object secret,id=virtio-disk0-luks-secret0,\ +-object secret,id=virtio-disk0-encryption-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -drive file=/storage/guest_disks/encryptdisk,\ -key-secret=virtio-disk0-luks-secret0,format=luks,if=none,id=drive-virtio-disk0 \ +key-secret=virtio-disk0-encryption-secret0,format=luks,if=none,\ +id=drive-virtio-disk0 \ -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\ id=virtio-disk0,bootindex=1 \ --object secret,id=virtio-disk1-luks-secret0,\ +-object secret,id=virtio-disk1-encryption-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -drive file=/storage/guest_disks/encryptdisk2,\ -key-secret=virtio-disk1-luks-secret0,format=luks,if=none,id=drive-virtio-disk1 \ +key-secret=virtio-disk1-encryption-secret0,format=luks,if=none,\ +id=drive-virtio-disk1 \ -device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk1,\ id=virtio-disk1 \ --object secret,id=virtio-disk2-luks-secret0,\ +-object secret,id=virtio-disk2-encryption-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -drive file=iscsi://myname:AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A@example.org:\ -6000/iqn.1992-01.com.example%3Astorage/1,key-secret=virtio-disk2-luks-secret0,\ -format=luks,if=none,id=drive-virtio-disk2 \ +6000/iqn.1992-01.com.example%3Astorage/1,\ +key-secret=virtio-disk2-encryption-secret0,format=luks,if=none,\ +id=drive-virtio-disk2 \ -device virtio-blk-pci,bus=pci.0,addr=0x6,drive=drive-virtio-disk2,\ id=virtio-disk2 \ --object secret,id=virtio-disk3-luks-secret0,\ +-object secret,id=virtio-disk3-encryption-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -drive file=iscsi://iscsi.example.com:3260/demo-target/3,\ -key-secret=virtio-disk3-luks-secret0,format=luks,if=none,id=drive-virtio-disk3 \ +key-secret=virtio-disk3-encryption-secret0,format=luks,if=none,\ +id=drive-virtio-disk3 \ -device virtio-blk-pci,bus=pci.0,addr=0x7,drive=drive-virtio-disk3,\ id=virtio-disk3 \ --object secret,id=virtio-disk4-luks-secret0,\ +-object secret,id=virtio-disk4-encryption-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -drive 'file=rbd:pool/image:auth_supported=none:mon_host=mon1.example.org\:\ 6321\;mon2.example.org\:6322\;mon3.example.org\:6322,\ -key-secret=virtio-disk4-luks-secret0,format=luks,if=none,\ +key-secret=virtio-disk4-encryption-secret0,format=luks,if=none,\ id=drive-virtio-disk4' \ -device virtio-blk-pci,bus=pci.0,addr=0x8,drive=drive-virtio-disk4,\ id=virtio-disk4 \ diff --git a/tests/qemuxml2argvdata/luks-disks.args b/tests/qemuxml2argvdata/luks-disks.args index db1ae45b60..47626966f2 100644 --- a/tests/qemuxml2argvdata/luks-disks.args +++ b/tests/qemuxml2argvdata/luks-disks.args @@ -27,18 +27,20 @@ path=/tmp/lib/domain--1-encryptdisk/monitor.sock,server,nowait \ -no-shutdown \ -no-acpi \ -usb \ --object secret,id=virtio-disk0-luks-secret0,\ +-object secret,id=virtio-disk0-encryption-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -drive file=/storage/guest_disks/encryptdisk,\ -key-secret=virtio-disk0-luks-secret0,format=luks,if=none,id=drive-virtio-disk0 \ +key-secret=virtio-disk0-encryption-secret0,format=luks,if=none,\ +id=drive-virtio-disk0 \ -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\ id=virtio-disk0,bootindex=1 \ --object secret,id=virtio-disk1-luks-secret0,\ +-object secret,id=virtio-disk1-encryption-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -drive file=/storage/guest_disks/encryptdisk2,\ -key-secret=virtio-disk1-luks-secret0,format=luks,if=none,id=drive-virtio-disk1 \ +key-secret=virtio-disk1-encryption-secret0,format=luks,if=none,\ +id=drive-virtio-disk1 \ -device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk1,\ id=virtio-disk1 \ -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3 diff --git a/tests/qemuxml2argvdata/user-aliases.args b/tests/qemuxml2argvdata/user-aliases.args index 54463386cd..88e540bc3c 100644 --- a/tests/qemuxml2argvdata/user-aliases.args +++ b/tests/qemuxml2argvdata/user-aliases.args @@ -48,11 +48,11 @@ id=drive-ua-myDisk1,cache=none \ id=drive-ua-myDisk2 \ -device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-ua-myDisk2,id=ua-myDisk2,\ bootindex=1 \ --object secret,id=ua-myEncryptedDisk1-luks-secret0,\ +-object secret,id=ua-myEncryptedDisk1-encryption-secret0,\ data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -drive file=/var/lib/libvirt/images/OtherDemo.img,encrypt.format=luks,\ -encrypt.key-secret=ua-myEncryptedDisk1-luks-secret0,format=qcow2,if=none,\ +encrypt.key-secret=ua-myEncryptedDisk1-encryption-secret0,format=qcow2,if=none,\ id=drive-ua-myEncryptedDisk1 \ -device virtio-blk-pci,bus=pci.0,addr=0x7,drive=drive-ua-myEncryptedDisk1,\ id=ua-myEncryptedDisk1 \ -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
Originally there was only the secret for authentication so we didn't use any suffix to tell it apart. With the introduction of encryption we added a 'luks' suffix for the encryption secrets. Since encryption is really generic and authentication is not the only secret modify the aliases for the secrets to better describe what they are used for.
This is possible as we store the disk secrets in the status XML thus only new machines will use the new secrets.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_domain.c | 4 +-- ...-backing-chains-noindex.x86_64-2.12.0.args | 4 +-- ...-backing-chains-noindex.x86_64-latest.args | 6 ++-- ...sk-hostdev-scsi-virtio-iscsi-auth-AES.args | 6 ++-- .../disk-network-iscsi.x86_64-2.12.0.args | 12 +++---- .../disk-network-iscsi.x86_64-latest.args | 8 ++--- .../disk-network-rbd.x86_64-2.12.0.args | 4 +-- .../disk-network-rbd.x86_64-latest.args | 4 +-- ...isk-network-source-auth.x86_64-2.12.0.args | 10 +++--- ...isk-network-source-auth.x86_64-latest.args | 8 ++--- .../disk-nvme.x86_64-latest.args | 4 +-- .../encrypted-disk-usage.args | 4 +-- tests/qemuxml2argvdata/encrypted-disk.args | 4 +-- .../luks-disks-source-qcow2.args | 24 +++++++------- ...luks-disks-source-qcow2.x86_64-latest.args | 32 +++++++++---------- tests/qemuxml2argvdata/luks-disks-source.args | 26 ++++++++------- tests/qemuxml2argvdata/luks-disks.args | 10 +++--- tests/qemuxml2argvdata/user-aliases.args | 4 +-- 18 files changed, 90 insertions(+), 84 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
There are two last callers of this function. Replace them by qemuAliasForSecret and delete qemuDomainGetSecretAESAlias. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_alias.c | 29 ----------------------------- src/qemu/qemu_alias.h | 3 --- src/qemu/qemu_hotplug.c | 2 +- src/qemu/qemu_migration_params.c | 2 +- 4 files changed, 2 insertions(+), 34 deletions(-) diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c index 2e466ff23f..b450bf0866 100644 --- a/src/qemu/qemu_alias.c +++ b/src/qemu/qemu_alias.c @@ -764,35 +764,6 @@ qemuDomainGetMasterKeyAlias(void) } -/* qemuDomainGetSecretAESAlias: - * @srcalias: Source alias used to generate the secret alias - * @isLuks: True when we are generating a secret for LUKS encrypt/decrypt - * - * Generate and return an alias for the encrypted secret - * - * Returns NULL or a string containing the alias - */ -char * -qemuDomainGetSecretAESAlias(const char *srcalias, - bool isLuks) -{ - char *alias; - - if (!srcalias) { - virReportError(VIR_ERR_INVALID_ARG, "%s", - _("encrypted secret alias requires valid source alias")); - return NULL; - } - - if (isLuks) - alias = g_strdup_printf("%s-luks-secret0", srcalias); - else - alias = g_strdup_printf("%s-secret0", srcalias); - - return alias; -} - - /* qemuAliasForSecret: * @parentalias: alias of the parent object * @obj: optional sub-object of the parent device the secret is for diff --git a/src/qemu/qemu_alias.h b/src/qemu/qemu_alias.h index 645956d024..490aa568a9 100644 --- a/src/qemu/qemu_alias.h +++ b/src/qemu/qemu_alias.h @@ -83,9 +83,6 @@ char *qemuAliasFromHostdev(const virDomainHostdevDef *hostdev); char *qemuDomainGetMasterKeyAlias(void); -char *qemuDomainGetSecretAESAlias(const char *srcalias, - bool isLuks); - char *qemuAliasForSecret(const char *parentalias, const char *obj); diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index e804053933..47069be900 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -1842,7 +1842,7 @@ qemuDomainDelChardevTLSObjects(virQEMUDriverPtr driver, * secret UUID and we have a serial TCP chardev, then formulate a * secAlias which we'll attempt to destroy. */ if (cfg->chardevTLSx509secretUUID && - !(secAlias = qemuDomainGetSecretAESAlias(inAlias, false))) + !(secAlias = qemuAliasForSecret(inAlias, NULL))) return -1; qemuDomainObjEnterMonitor(driver, vm); diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_params.c index f9bc43afee..6a2033b484 100644 --- a/src/qemu/qemu_migration_params.c +++ b/src/qemu/qemu_migration_params.c @@ -1080,7 +1080,7 @@ qemuMigrationParamsResetTLS(virQEMUDriverPtr driver, return; tlsAlias = qemuAliasTLSObjFromSrcAlias(QEMU_MIGRATION_TLS_ALIAS_BASE); - secAlias = qemuDomainGetSecretAESAlias(QEMU_MIGRATION_TLS_ALIAS_BASE, false); + secAlias = qemuAliasForSecret(QEMU_MIGRATION_TLS_ALIAS_BASE, NULL); qemuDomainDelTLSObjects(driver, vm, asyncJob, secAlias, tlsAlias); g_clear_pointer(&QEMU_DOMAIN_PRIVATE(vm)->migSecinfo, qemuDomainSecretInfoFree); -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
There are two last callers of this function. Replace them by qemuAliasForSecret and delete qemuDomainGetSecretAESAlias.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_alias.c | 29 ----------------------------- src/qemu/qemu_alias.h | 3 --- src/qemu/qemu_hotplug.c | 2 +- src/qemu/qemu_migration_params.c | 2 +- 4 files changed, 2 insertions(+), 34 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
To allow turning of verification of SSL cerificates add a new element <ssl> to the disk source XML which will allow configuring the validation process using the 'verify' attribute. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- docs/formatdomain.html.in | 9 ++++ docs/schemas/domaincommon.rng | 51 ++++++++++++++++++- src/conf/domain_conf.c | 18 +++++++ src/util/virstoragefile.c | 1 + src/util/virstoragefile.h | 1 + .../disk-network-http.xml | 9 ++++ 6 files changed, 87 insertions(+), 2 deletions(-) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 7e7771725c..8f503f6967 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -2857,6 +2857,7 @@ <driver name='qemu' type='raw'/> <source protocol="https" name="url_path"> <host name="hostname" port="443"/> + <ssl verify="no"/> </source> <target dev='hdf' bus='ide' tray='open'/> <readonly/> @@ -3383,6 +3384,14 @@ The <code>offset</code> and <code>size</code> values are in bytes. <span class="since">Since 6.1.0</span> </dd> + <dt><code>ssl</code></dt> + <dd> + For <code>https</code> and <code>ftps</code> accessed storage it's + possible to tweak the SSL transport parameters with this element. + The <code>verify</code> attribute allows to turn on or of SSL + certificate validation. Supported values are <code>yes</code> and + <code>no</code>. <span class="since">Since 6.1.0</span> + </dd> </dl> <p> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 529a98fc05..d179a25ee6 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -1808,12 +1808,39 @@ </element> </define> + <define name="diskSourceNetworkProtocolSSLVerify"> + <element name="ssl"> + <attribute name="verify"> + <ref name="virYesNo"/> + </attribute> + <empty/> + </element> + </define> + + <define name="diskSourceNetworkProtocolHTTPS"> + <element name="source"> + <attribute name="protocol"> + <choice> + <value>https</value> + </choice> + </attribute> + <attribute name="name"/> + <ref name="diskSourceCommon"/> + <ref name="diskSourceNetworkHost"/> + <optional> + <ref name="encryption"/> + </optional> + <optional> + <ref name="diskSourceNetworkProtocolSSLVerify"/> + </optional> + </element> + </define> + <define name="diskSourceNetworkProtocolHTTP"> <element name="source"> <attribute name="protocol"> <choice> <value>http</value> - <value>https</value> </choice> </attribute> <attribute name="name"/> @@ -1825,13 +1852,31 @@ </element> </define> + <define name="diskSourceNetworkProtocolFTPS"> + <element name="source"> + <attribute name="protocol"> + <choice> + <value>ftps</value> + </choice> + </attribute> + <attribute name="name"/> + <ref name="diskSourceCommon"/> + <ref name="diskSourceNetworkHost"/> + <optional> + <ref name="encryption"/> + </optional> + <optional> + <ref name="diskSourceNetworkProtocolSSLVerify"/> + </optional> + </element> + </define> + <define name="diskSourceNetworkProtocolSimple"> <element name="source"> <attribute name="protocol"> <choice> <value>sheepdog</value> <value>ftp</value> - <value>ftps</value> <value>tftp</value> </choice> </attribute> @@ -1909,6 +1954,8 @@ <ref name="diskSourceNetworkProtocolRBD"/> <ref name="diskSourceNetworkProtocolISCSI"/> <ref name="diskSourceNetworkProtocolHTTP"/> + <ref name="diskSourceNetworkProtocolHTTPS"/> + <ref name="diskSourceNetworkProtocolFTPS"/> <ref name="diskSourceNetworkProtocolSimple"/> <ref name="diskSourceNetworkProtocolVxHS"/> </choice> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index d8471acd2d..dd3a3a1439 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -9350,6 +9350,7 @@ virDomainDiskSourceNetworkParse(xmlNodePtr node, g_autofree char *protocol = NULL; g_autofree char *haveTLS = NULL; g_autofree char *tlsCfg = NULL; + g_autofree char *sslverifystr = NULL; if (!(protocol = virXMLPropString(node, "protocol"))) { virReportError(VIR_ERR_XML_ERROR, "%s", @@ -9422,6 +9423,19 @@ virDomainDiskSourceNetworkParse(xmlNodePtr node, virStorageSourceInitiatorParseXML(ctxt, &src->initiator); + if ((src->protocol == VIR_STORAGE_NET_PROTOCOL_HTTPS || + src->protocol == VIR_STORAGE_NET_PROTOCOL_FTPS) && + (sslverifystr = virXPathString("string(./ssl/@verify)", ctxt))) { + int verify; + if ((verify = virTristateBoolTypeFromString(sslverifystr)) < 0) { + virReportError(VIR_ERR_XML_ERROR, + _("invalid ssl verify mode '%s'"), sslverifystr); + return -1; + } + + src->sslverify = verify; + } + return 0; } @@ -24531,6 +24545,10 @@ virDomainDiskSourceFormatNetwork(virBufferPtr attrBuf, virStorageSourceInitiatorFormatXML(&src->initiator, childBuf); + if (src->sslverify != VIR_TRISTATE_BOOL_ABSENT) + virBufferAsprintf(childBuf, "<ssl verify='%s'/>\n", + virTristateBoolTypeToString(src->sslverify)); + return 0; } diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c index b133cf17f1..ca91fc65ba 100644 --- a/src/util/virstoragefile.c +++ b/src/util/virstoragefile.c @@ -2270,6 +2270,7 @@ virStorageSourceCopy(const virStorageSource *src, def->cachemode = src->cachemode; def->discard = src->discard; def->detect_zeroes = src->detect_zeroes; + def->sslverify = src->sslverify; /* storage driver metadata are not copied */ def->drv = NULL; diff --git a/src/util/virstoragefile.h b/src/util/virstoragefile.h index 9af7b4f226..49718b51d8 100644 --- a/src/util/virstoragefile.h +++ b/src/util/virstoragefile.h @@ -281,6 +281,7 @@ struct _virStorageSource { virStorageEncryptionPtr encryption; bool encryptionInherited; virStoragePRDefPtr pr; + virTristateBool sslverify; virStorageSourceNVMeDefPtr nvme; /* type == VIR_STORAGE_TYPE_NVME */ diff --git a/tests/genericxml2xmlindata/disk-network-http.xml b/tests/genericxml2xmlindata/disk-network-http.xml index fde1222fd0..bdcc1977f2 100644 --- a/tests/genericxml2xmlindata/disk-network-http.xml +++ b/tests/genericxml2xmlindata/disk-network-http.xml @@ -25,6 +25,7 @@ <driver name='qemu' type='raw'/> <source protocol='https' name='test2.img'> <host name='example.org' port='443'/> + <ssl verify='no'/> </source> <target dev='vdb' bus='virtio'/> </disk> @@ -35,6 +36,14 @@ </source> <target dev='vdc' bus='virtio'/> </disk> + <disk type='network' device='disk'> + <driver name='qemu' type='raw'/> + <source protocol='https' name='test4.img'> + <host name='example.org' port='1234'/> + <ssl verify='yes'/> + </source> + <target dev='vdd' bus='virtio'/> + </disk> <controller type='usb' index='0'/> <controller type='pci' index='0' model='pci-root'/> <input type='mouse' bus='ps2'/> -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
To allow turning of verification of SSL cerificates add a new element
turning off
<ssl> to the disk source XML which will allow configuring the validation process using the 'verify' attribute.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- docs/formatdomain.html.in | 9 ++++ docs/schemas/domaincommon.rng | 51 ++++++++++++++++++- src/conf/domain_conf.c | 18 +++++++ src/util/virstoragefile.c | 1 + src/util/virstoragefile.h | 1 + .../disk-network-http.xml | 9 ++++ 6 files changed, 87 insertions(+), 2 deletions(-)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 7e7771725c..8f503f6967 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -2857,6 +2857,7 @@ <driver name='qemu' type='raw'/> <source protocol="https" name="url_path"> <host name="hostname" port="443"/> + <ssl verify="no"/> </source> <target dev='hdf' bus='ide' tray='open'/> <readonly/> @@ -3383,6 +3384,14 @@ The <code>offset</code> and <code>size</code> values are in bytes. <span class="since">Since 6.1.0</span> </dd> + <dt><code>ssl</code></dt> + <dd> + For <code>https</code> and <code>ftps</code> accessed storage it's + possible to tweak the SSL transport parameters with this element. + The <code>verify</code> attribute allows to turn on or of SSL
or off
+ certificate validation. Supported values are <code>yes</code> and + <code>no</code>. <span class="since">Since 6.1.0</span>
6.2.0
+ </dd> </dl>
<p> @@ -24531,6 +24545,10 @@ virDomainDiskSourceFormatNetwork(virBufferPtr attrBuf,
virStorageSourceInitiatorFormatXML(&src->initiator, childBuf);
+ if (src->sslverify != VIR_TRISTATE_BOOL_ABSENT) + virBufferAsprintf(childBuf, "<ssl verify='%s'/>\n", + virTristateBoolTypeToString(src->sslverify)); +
Multi-line body without braces.
return 0; }
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
Add possibility to specify one or more cookies for http based disks. This patch adds the config parser, storage and validation of the cookies. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- docs/formatdomain.html.in | 10 ++ docs/schemas/domaincommon.rng | 24 ++++ src/conf/domain_conf.c | 82 +++++++++++++ src/libvirt_private.syms | 1 + src/util/virstoragefile.c | 115 ++++++++++++++++++ src/util/virstoragefile.h | 15 +++ .../disk-network-http.xml | 8 ++ 7 files changed, 255 insertions(+) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 8f503f6967..dfea614907 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -2849,6 +2849,9 @@ <driver name='qemu' type='raw'/> <source protocol="http" name="url_path"> <host name="hostname" port="80"/> + <cookies> + <cookie name="test">somevalue</cookie> + </cookies> </source> <target dev='hde' bus='ide' tray='open'/> <readonly/> @@ -3392,6 +3395,13 @@ certificate validation. Supported values are <code>yes</code> and <code>no</code>. <span class="since">Since 6.1.0</span> </dd> + <dt><code>cookies</code></dt> + <dd> + For <code>http</code> and <code>https</code> accessed storage it's + possible to pass one or more cookies. The cookie name and value + must conform to the HTTP specification. + <span class="since">Since 6.2.0</span> + </dd> </dl> <p> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index d179a25ee6..85d6484dbd 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -1817,6 +1817,24 @@ </element> </define> + <define name="diskSourceNetworkProtocolHTTPCookies"> + <element name="cookies"> + <oneOrMore> + <element name="cookie"> + <attribute name="name"> + <data type="string"> + <param name="pattern">[!#$%&'*+\-.0-9A-Z\^_`a-z|~]+</param> + </data> + </attribute> + <data type="string"> + <param name="pattern">[!#$%&'()*+\-./0-9:>=<?@A-Z\^_`\[\]a-z|~]+</param> + </data> + </element> + </oneOrMore> + <empty/> + </element> + </define> + <define name="diskSourceNetworkProtocolHTTPS"> <element name="source"> <attribute name="protocol"> @@ -1833,6 +1851,9 @@ <optional> <ref name="diskSourceNetworkProtocolSSLVerify"/> </optional> + <optional> + <ref name="diskSourceNetworkProtocolHTTPCookies"/> + </optional> </element> </define> @@ -1849,6 +1870,9 @@ <optional> <ref name="encryption"/> </optional> + <optional> + <ref name="diskSourceNetworkProtocolHTTPCookies"/> + </optional> </element> </define> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index dd3a3a1439..dc7a47dd21 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -9340,6 +9340,62 @@ virDomainDiskSourcePoolDefParse(xmlNodePtr node, } +static virStorageNetCookieDefPtr +virDomainStorageCookieParse(xmlNodePtr node, + xmlXPathContextPtr ctxt) +{ + VIR_XPATH_NODE_AUTORESTORE(ctxt); + g_autoptr(virStorageNetCookieDef) cookie = NULL; + + ctxt->node = node; + + cookie = g_new0(virStorageNetCookieDef, 1); + + if (!(cookie->name = virXPathString("string(./@name)", ctxt))) { + virReportError(VIR_ERR_XML_ERROR, "%s", _("missing cookie name")); + return NULL; + } + + if (!(cookie->value = virXPathString("string(.)", ctxt))) { + virReportError(VIR_ERR_XML_ERROR, _("missing value for cookie '%s'"), + cookie->name); + return NULL; + } + + return g_steal_pointer(&cookie); +} + + +static int +virDomainStorageCookiesParse(xmlNodePtr node, + xmlXPathContextPtr ctxt, + virStorageSourcePtr src) +{ + VIR_XPATH_NODE_AUTORESTORE(ctxt); + g_autofree xmlNodePtr *nodes = NULL; + ssize_t nnodes; + size_t i; + + ctxt->node = node; + + if ((nnodes = virXPathNodeSet("./cookie", ctxt, &nodes)) < 0) + return -1; + + src->cookies = g_new0(virStorageNetCookieDefPtr, nnodes); + src->ncookies = nnodes; + + for (i = 0; i < nnodes; i++) { + if (!(src->cookies[i] = virDomainStorageCookieParse(nodes[i], ctxt))) + return -1; + } + + if (virStorageSourceNetCookiesValidate(src) < 0) + return -1; + + return 0; +} + + static int virDomainDiskSourceNetworkParse(xmlNodePtr node, xmlXPathContextPtr ctxt, @@ -9351,6 +9407,7 @@ virDomainDiskSourceNetworkParse(xmlNodePtr node, g_autofree char *haveTLS = NULL; g_autofree char *tlsCfg = NULL; g_autofree char *sslverifystr = NULL; + xmlNodePtr tmpnode; if (!(protocol = virXMLPropString(node, "protocol"))) { virReportError(VIR_ERR_XML_ERROR, "%s", @@ -9436,6 +9493,13 @@ virDomainDiskSourceNetworkParse(xmlNodePtr node, src->sslverify = verify; } + if ((src->protocol == VIR_STORAGE_NET_PROTOCOL_HTTP || + src->protocol == VIR_STORAGE_NET_PROTOCOL_HTTPS) && + (tmpnode = virXPathNode("./cookies", ctxt))) { + if (virDomainStorageCookiesParse(tmpnode, ctxt, src) < 0) + return -1; + } + return 0; } @@ -24500,6 +24564,22 @@ virDomainSourceDefFormatSeclabel(virBufferPtr buf, } +static void +virDomainDiskSourceFormatNetworkCookies(virBufferPtr buf, + virStorageSourcePtr src) +{ + g_auto(virBuffer) childBuf = VIR_BUFFER_INIT_CHILD(buf); + size_t i; + + for (i = 0; i < src->ncookies; i++) { + virBufferEscapeString(&childBuf, "<cookie name='%s'>", src->cookies[i]->name); + virBufferEscapeString(&childBuf, "%s</cookie>\n", src->cookies[i]->value); + } + + virXMLFormatElement(buf, "cookies", NULL, &childBuf); +} + + static int virDomainDiskSourceFormatNetwork(virBufferPtr attrBuf, virBufferPtr childBuf, @@ -24549,6 +24629,8 @@ virDomainDiskSourceFormatNetwork(virBufferPtr attrBuf, virBufferAsprintf(childBuf, "<ssl verify='%s'/>\n", virTristateBoolTypeToString(src->sslverify)); + virDomainDiskSourceFormatNetworkCookies(childBuf, src); + return 0; } diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 511fb88872..73db753652 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -3143,6 +3143,7 @@ virStorageSourceIsEmpty; virStorageSourceIsLocalStorage; virStorageSourceIsRelative; virStorageSourceIsSameLocation; +virStorageSourceNetCookiesValidate; virStorageSourceNetworkAssignDefaultPorts; virStorageSourceNew; virStorageSourceNewFromBacking; diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c index ca91fc65ba..fb5fff5c5f 100644 --- a/src/util/virstoragefile.c +++ b/src/util/virstoragefile.c @@ -2157,6 +2157,118 @@ virStorageSourceSeclabelsCopy(virStorageSourcePtr to, } +void +virStorageNetCookieDefFree(virStorageNetCookieDefPtr def) +{ + if (!def) + return; + + g_free(def->name); + g_free(def->value); + + g_free(def); +} + + +static void +virStorageSourceCookiesClear(virStorageSourcePtr src) +{ + size_t i; + + if (!src || !src->cookies) + return; + + for (i = 0; i < src->ncookies; i++) + virStorageNetCookieDefFree(src->cookies[i]); + + g_clear_pointer(&src->cookies, g_free); + src->ncookies = 0; +} + + +static void +virStorageSourceNetCookiesCopy(virStorageSourcePtr to, + const virStorageSource *from) +{ + size_t i; + + if (from->ncookies == 0) + return; + + to->cookies = g_new0(virStorageNetCookieDefPtr, from->ncookies); + to->ncookies = from->ncookies; + + for (i = 0; i < from->ncookies; i++) { + to->cookies[i]->name = g_strdup(from->cookies[i]->name); + to->cookies[i]->value = g_strdup(from->cookies[i]->value); + } +} + + +/* see https://tools.ietf.org/html/rfc6265#section-4.1.1 */ +static const char virStorageSourceCookieValueInvalidChars[] = + "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F" + " \",;\\"; + +/* in addition cookie name can't contain these */ +static const char virStorageSourceCookieNameInvalidChars[] = + "()<>@:/[]?={}"; + +static int +virStorageSourceNetCookieValidate(virStorageNetCookieDefPtr def) +{ + /* name must have at least 1 character */ + if (*(def->name) == '\0') { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("cookie name must not be empty")); + return -1; + } + + /* check invalid characters in name */ + if (virStringHasChars(def->name, virStorageSourceCookieValueInvalidChars) || + virStringHasChars(def->name, virStorageSourceCookieNameInvalidChars)) { + virReportError(VIR_ERR_XML_ERROR, + _("cookie name '%s' contains invalid characters"), + def->name); + return -1; + } + + /* check invalid characters in value */ + if (virStringHasChars(def->value, virStorageSourceCookieValueInvalidChars)) { + virReportError(VIR_ERR_XML_ERROR, + _("value of cookie '%s' contains invalid characters"), + def->name); + return -1; + } + + return 0; +} + + +int +virStorageSourceNetCookiesValidate(virStorageSourcePtr src) +{ + size_t i; + size_t j; + + for (i = 0; i < src->ncookies; i++) { + if (virStorageSourceNetCookieValidate(src->cookies[i]) < 0) + return -1; + + for (j = i + 1; j < src->ncookies; j++) { + if (STREQ(src->cookies[i]->name, src->cookies[j]->name)) { + virReportError(VIR_ERR_XML_ERROR, _("duplicate cookie '%s'"), + src->cookies[i]->name); + return -1; + } + } + } + + return 0; +} + + static virStorageTimestampsPtr virStorageTimestampsCopy(const virStorageTimestamps *src) { @@ -2299,6 +2411,8 @@ virStorageSourceCopy(const virStorageSource *src, def->nhosts = src->nhosts; } + virStorageSourceNetCookiesCopy(def, src); + if (src->srcpool && !(def->srcpool = virStorageSourcePoolDefCopy(src->srcpool))) return NULL; @@ -2560,6 +2674,7 @@ virStorageSourceClear(virStorageSourcePtr def) VIR_FREE(def->volume); VIR_FREE(def->snapshot); VIR_FREE(def->configFile); + virStorageSourceCookiesClear(def); virStorageSourcePoolDefFree(def->srcpool); virBitmapFree(def->features); VIR_FREE(def->compat); diff --git a/src/util/virstoragefile.h b/src/util/virstoragefile.h index 49718b51d8..95d9501dd8 100644 --- a/src/util/virstoragefile.h +++ b/src/util/virstoragefile.h @@ -161,6 +161,17 @@ struct _virStorageNetHostDef { char *socket; /* path to unix socket */ }; +typedef struct _virStorageNetCookieDef virStorageNetCookieDef; +typedef virStorageNetCookieDef *virStorageNetCookieDefPtr; +struct _virStorageNetCookieDef { + char *name; + char *value; +}; + +void virStorageNetCookieDefFree(virStorageNetCookieDefPtr def); + +G_DEFINE_AUTOPTR_CLEANUP_FUNC(virStorageNetCookieDef, virStorageNetCookieDefFree); + /* Information for a storage volume from a virStoragePool */ /* @@ -275,6 +286,8 @@ struct _virStorageSource { the source definition */ size_t nhosts; virStorageNetHostDefPtr hosts; + size_t ncookies; + virStorageNetCookieDefPtr *cookies; virStorageSourcePoolDefPtr srcpool; virStorageAuthDefPtr auth; bool authInherited; @@ -476,6 +489,8 @@ int virStorageSourceUpdateCapacity(virStorageSourcePtr src, int virStorageSourceNewFromBacking(virStorageSourcePtr parent, virStorageSourcePtr *backing); +int virStorageSourceNetCookiesValidate(virStorageSourcePtr src); + virStorageSourcePtr virStorageSourceCopy(const virStorageSource *src, bool backingChain) ATTRIBUTE_NONNULL(1); diff --git a/tests/genericxml2xmlindata/disk-network-http.xml b/tests/genericxml2xmlindata/disk-network-http.xml index bdcc1977f2..bafb77c8ec 100644 --- a/tests/genericxml2xmlindata/disk-network-http.xml +++ b/tests/genericxml2xmlindata/disk-network-http.xml @@ -33,6 +33,10 @@ <driver name='qemu' type='raw'/> <source protocol='http' name='test3.img'> <host name='example.org' port='1234'/> + <cookies> + <cookie name='test'>testcookievalue</cookie> + <cookie name='test2'>blurb</cookie> + </cookies> </source> <target dev='vdc' bus='virtio'/> </disk> @@ -41,6 +45,10 @@ <source protocol='https' name='test4.img'> <host name='example.org' port='1234'/> <ssl verify='yes'/> + <cookies> + <cookie name='test'>testcookievalue</cookie> + <cookie name='test2'>blurb</cookie> + </cookies> </source> <target dev='vdd' bus='virtio'/> </disk> -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
Add possibility to specify one or more cookies for http based disks. This patch adds the config parser, storage and validation of the cookies.
Cookies are delicious delicacies.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- docs/formatdomain.html.in | 10 ++ docs/schemas/domaincommon.rng | 24 ++++ src/conf/domain_conf.c | 82 +++++++++++++ src/libvirt_private.syms | 1 + src/util/virstoragefile.c | 115 ++++++++++++++++++ src/util/virstoragefile.h | 15 +++ .../disk-network-http.xml | 8 ++ 7 files changed, 255 insertions(+)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index dd3a3a1439..dc7a47dd21 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -9340,6 +9340,62 @@ virDomainDiskSourcePoolDefParse(xmlNodePtr node, }
+static virStorageNetCookieDefPtr
You have Net in the type name
+virDomainStorageCookieParse(xmlNodePtr node,
no Net in this function name
+ xmlXPathContextPtr ctxt) +{ + VIR_XPATH_NODE_AUTORESTORE(ctxt); + g_autoptr(virStorageNetCookieDef) cookie = NULL; + + ctxt->node = node; + + cookie = g_new0(virStorageNetCookieDef, 1); + + if (!(cookie->name = virXPathString("string(./@name)", ctxt))) { + virReportError(VIR_ERR_XML_ERROR, "%s", _("missing cookie name")); + return NULL; + } + + if (!(cookie->value = virXPathString("string(.)", ctxt))) { + virReportError(VIR_ERR_XML_ERROR, _("missing value for cookie '%s'"), + cookie->name); + return NULL; + } + + return g_steal_pointer(&cookie); +} + + +static int +virDomainStorageCookiesParse(xmlNodePtr node,
no Net here either
+ xmlXPathContextPtr ctxt, + virStorageSourcePtr src) +{ + VIR_XPATH_NODE_AUTORESTORE(ctxt); + g_autofree xmlNodePtr *nodes = NULL; + ssize_t nnodes; + size_t i; + + ctxt->node = node; + + if ((nnodes = virXPathNodeSet("./cookie", ctxt, &nodes)) < 0) + return -1; + + src->cookies = g_new0(virStorageNetCookieDefPtr, nnodes); + src->ncookies = nnodes; + + for (i = 0; i < nnodes; i++) { + if (!(src->cookies[i] = virDomainStorageCookieParse(nodes[i], ctxt))) + return -1; + } + + if (virStorageSourceNetCookiesValidate(src) < 0) + return -1; + + return 0; +} + + static int virDomainDiskSourceNetworkParse(xmlNodePtr node, xmlXPathContextPtr ctxt, @@ -24500,6 +24564,22 @@ virDomainSourceDefFormatSeclabel(virBufferPtr buf, }
+static void +virDomainDiskSourceFormatNetworkCookies(virBufferPtr buf,
Network here for a change
+ virStorageSourcePtr src) +{ + g_auto(virBuffer) childBuf = VIR_BUFFER_INIT_CHILD(buf); + size_t i; + + for (i = 0; i < src->ncookies; i++) { + virBufferEscapeString(&childBuf, "<cookie name='%s'>", src->cookies[i]->name); + virBufferEscapeString(&childBuf, "%s</cookie>\n", src->cookies[i]->value); + } + + virXMLFormatElement(buf, "cookies", NULL, &childBuf); +} + + static int virDomainDiskSourceFormatNetwork(virBufferPtr attrBuf, virBufferPtr childBuf, @@ -24549,6 +24629,8 @@ virDomainDiskSourceFormatNetwork(virBufferPtr attrBuf, virBufferAsprintf(childBuf, "<ssl verify='%s'/>\n", virTristateBoolTypeToString(src->sslverify));
+ virDomainDiskSourceFormatNetworkCookies(childBuf, src); + return 0; }
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 511fb88872..73db753652 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -3143,6 +3143,7 @@ virStorageSourceIsEmpty; virStorageSourceIsLocalStorage; virStorageSourceIsRelative; virStorageSourceIsSameLocation; +virStorageSourceNetCookiesValidate; virStorageSourceNetworkAssignDefaultPorts; virStorageSourceNew; virStorageSourceNewFromBacking; diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c index ca91fc65ba..fb5fff5c5f 100644 --- a/src/util/virstoragefile.c +++ b/src/util/virstoragefile.c @@ -2157,6 +2157,118 @@ virStorageSourceSeclabelsCopy(virStorageSourcePtr to, }
+void +virStorageNetCookieDefFree(virStorageNetCookieDefPtr def) +{ + if (!def) + return; + + g_free(def->name); + g_free(def->value); + + g_free(def); +} + + +static void +virStorageSourceCookiesClear(virStorageSourcePtr src)
no Net here
+{ + size_t i; + + if (!src || !src->cookies) + return; + + for (i = 0; i < src->ncookies; i++) + virStorageNetCookieDefFree(src->cookies[i]); + + g_clear_pointer(&src->cookies, g_free); + src->ncookies = 0; +} + + +static void +virStorageSourceNetCookiesCopy(virStorageSourcePtr to, + const virStorageSource *from) +{ + size_t i; + + if (from->ncookies == 0) + return; + + to->cookies = g_new0(virStorageNetCookieDefPtr, from->ncookies); + to->ncookies = from->ncookies; + + for (i = 0; i < from->ncookies; i++) { + to->cookies[i]->name = g_strdup(from->cookies[i]->name); + to->cookies[i]->value = g_strdup(from->cookies[i]->value); + } +} + +
Consider using 'Net' at least for those identifiers that do not have 'Network' in them. Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
Some disk backends support configuring the readahead buffer or timeout for requests. Add the knobs to the XML. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- docs/formatdomain.html.in | 16 +++++++++++++ docs/schemas/domaincommon.rng | 23 +++++++++++++++++++ src/conf/domain_conf.c | 19 +++++++++++++++ src/util/virstoragefile.c | 2 ++ src/util/virstoragefile.h | 3 +++ .../disk-network-http.xml | 2 ++ 6 files changed, 65 insertions(+) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index dfea614907..79cf82522f 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -2852,6 +2852,8 @@ <cookies> <cookie name="test">somevalue</cookie> </cookies> + <readahead size='65536'/> + <timeout seconds='6'/> </source> <target dev='hde' bus='ide' tray='open'/> <readonly/> @@ -3402,6 +3404,20 @@ must conform to the HTTP specification. <span class="since">Since 6.2.0</span> </dd> + <dt><code>readahead</code></dt> + <dd> + Specifies the size of the readahead buffer for protocols + which support it. (all 'curl' based drivers in qemu). The size + is in bytes. Note that '0' is considered as if the value is not + provided. + <span class="since">Since 6.2.0</span> + </dd> + <dt><code>timeout</code></dt> + <dd> + Specifies the connection timeout for protocols which support it. + Note that '0' is considered as if the value is not provided. + <span class="since">Since 6.2.0</span> + </dd> </dl> <p> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 85d6484dbd..6805420451 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -1808,6 +1808,25 @@ </element> </define> + <define name="diskSourceNetworkProtocolPropsCommon"> + <optional> + <element name="readahead"> + <attribute name="size"> + <ref name="positiveInteger"/> + </attribute> + <empty/> + </element> + </optional> + <optional> + <element name="timeout"> + <attribute name="seconds"> + <ref name="positiveInteger"/> + </attribute> + <empty/> + </element> + </optional> + </define> + <define name="diskSourceNetworkProtocolSSLVerify"> <element name="ssl"> <attribute name="verify"> @@ -1854,6 +1873,7 @@ <optional> <ref name="diskSourceNetworkProtocolHTTPCookies"/> </optional> + <ref name="diskSourceNetworkProtocolPropsCommon"/> </element> </define> @@ -1873,6 +1893,7 @@ <optional> <ref name="diskSourceNetworkProtocolHTTPCookies"/> </optional> + <ref name="diskSourceNetworkProtocolPropsCommon"/> </element> </define> @@ -1892,6 +1913,7 @@ <optional> <ref name="diskSourceNetworkProtocolSSLVerify"/> </optional> + <ref name="diskSourceNetworkProtocolPropsCommon"/> </element> </define> @@ -1910,6 +1932,7 @@ <optional> <ref name="encryption"/> </optional> + <ref name="diskSourceNetworkProtocolPropsCommon"/> </element> </define> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index dc7a47dd21..81352c7b5d 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -9500,6 +9500,19 @@ virDomainDiskSourceNetworkParse(xmlNodePtr node, return -1; } + if (src->protocol == VIR_STORAGE_NET_PROTOCOL_HTTP || + src->protocol == VIR_STORAGE_NET_PROTOCOL_HTTPS || + src->protocol == VIR_STORAGE_NET_PROTOCOL_FTP || + src->protocol == VIR_STORAGE_NET_PROTOCOL_FTPS) { + + if (virXPathULongLong("string(./readahead/@size)", ctxt, &src->readahead) == -2 || + virXPathULongLong("string(./timeout/@seconds)", ctxt, &src->timeout) == -2) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("invalid readahead size or timeout")); + return -1; + } + } + return 0; } @@ -24631,6 +24644,12 @@ virDomainDiskSourceFormatNetwork(virBufferPtr attrBuf, virDomainDiskSourceFormatNetworkCookies(childBuf, src); + if (src->readahead) + virBufferAsprintf(childBuf, "<readahead size='%llu'/>\n", src->readahead); + + if (src->timeout) + virBufferAsprintf(childBuf, "<timeout seconds='%llu'/>\n", src->timeout); + return 0; } diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c index fb5fff5c5f..9e740419eb 100644 --- a/src/util/virstoragefile.c +++ b/src/util/virstoragefile.c @@ -2383,6 +2383,8 @@ virStorageSourceCopy(const virStorageSource *src, def->discard = src->discard; def->detect_zeroes = src->detect_zeroes; def->sslverify = src->sslverify; + def->readahead = src->readahead; + def->timeout = src->timeout; /* storage driver metadata are not copied */ def->drv = NULL; diff --git a/src/util/virstoragefile.h b/src/util/virstoragefile.h index 95d9501dd8..dd2186c4ff 100644 --- a/src/util/virstoragefile.h +++ b/src/util/virstoragefile.h @@ -295,6 +295,9 @@ struct _virStorageSource { bool encryptionInherited; virStoragePRDefPtr pr; virTristateBool sslverify; + /* both values below have 0 as default value */ + unsigned long long readahead; /* size of the readahead buffer in bytes */ + unsigned long long timeout; /* connection timeout in seconds */ virStorageSourceNVMeDefPtr nvme; /* type == VIR_STORAGE_TYPE_NVME */ diff --git a/tests/genericxml2xmlindata/disk-network-http.xml b/tests/genericxml2xmlindata/disk-network-http.xml index bafb77c8ec..a8430b8365 100644 --- a/tests/genericxml2xmlindata/disk-network-http.xml +++ b/tests/genericxml2xmlindata/disk-network-http.xml @@ -49,6 +49,8 @@ <cookie name='test'>testcookievalue</cookie> <cookie name='test2'>blurb</cookie> </cookies> + <readahead size='65536'/> + <timeout seconds='10'/> </source> <target dev='vdd' bus='virtio'/> </disk> -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
Some disk backends support configuring the readahead buffer or timeout for requests. Add the knobs to the XML.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- docs/formatdomain.html.in | 16 +++++++++++++ docs/schemas/domaincommon.rng | 23 +++++++++++++++++++ src/conf/domain_conf.c | 19 +++++++++++++++ src/util/virstoragefile.c | 2 ++ src/util/virstoragefile.h | 3 +++ .../disk-network-http.xml | 2 ++ 6 files changed, 65 insertions(+)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
Ensure that the new fields are allowed only when -blockdev is used or when they are in the detected part of the backing chain where qemu will handle them internally. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_domain.c | 55 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 1d551f248f..e7aaded4d5 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -6881,6 +6881,61 @@ qemuDomainValidateStorageSource(virStorageSourcePtr src, } } + if (src->sslverify != VIR_TRISTATE_BOOL_ABSENT) { + if (actualType != VIR_STORAGE_TYPE_NETWORK || + (src->protocol != VIR_STORAGE_NET_PROTOCOL_HTTPS && + src->protocol != VIR_STORAGE_NET_PROTOCOL_FTPS)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("ssl verification is supported only with HTTPS/FTPS protocol")); + return -1; + } + + if (!src->detected && + !virQEMUCapsGet(qemuCaps, QEMU_CAPS_BLOCKDEV)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("ssl verification setting is not supported by this QEMU binary")); + return -1; + } + } + + if (src->ncookies > 0) { + if (actualType != VIR_STORAGE_TYPE_NETWORK || + (src->protocol != VIR_STORAGE_NET_PROTOCOL_HTTPS && + src->protocol != VIR_STORAGE_NET_PROTOCOL_HTTP)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("http cookies are supported only with HTTP(S) protocol")); + return -1; + } + + if (!src->detected && + !virQEMUCapsGet(qemuCaps, QEMU_CAPS_BLOCKDEV)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("http cookies are not supported by this QEMU binary")); + return -1; + } + + if (virStorageSourceNetCookiesValidate(src) < 0) + return -1; + } + + if (src->readahead > 0) { + if (!src->detected && + !virQEMUCapsGet(qemuCaps, QEMU_CAPS_BLOCKDEV)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("readahead setting is not supported by this QEMU binary")); + return -1; + } + } + + if (src->timeout > 0) { + if (!src->detected && + !virQEMUCapsGet(qemuCaps, QEMU_CAPS_BLOCKDEV)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("timeout setting is not supported by this QEMU binary")); + return -1; + } + } + return 0; } -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
Ensure that the new fields are allowed only when -blockdev is used or when they are in the detected part of the backing chain where qemu will handle them internally.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_domain.c | 55 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 1d551f248f..e7aaded4d5 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c + + if (src->readahead > 0) { + if (!src->detected &&
Is this supported for non-network sources?
+ !virQEMUCapsGet(qemuCaps, QEMU_CAPS_BLOCKDEV)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("readahead setting is not supported by this QEMU binary"));
Either way - readahead in QEMU's curl backend seems to be there for a long time now. "supported with this QEMU binary" would be more accurate phrasing
+ return -1; + }
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
Upcoming patches will implement the support for sslverify, cookies, readahead, and timeout properties. Add a test file which will collect the cases. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- .../disk-network-http.x86_64-latest.args | 57 +++++++++++++++++++ tests/qemuxml2argvdata/disk-network-http.xml | 50 ++++++++++++++++ tests/qemuxml2argvtest.c | 1 + 3 files changed, 108 insertions(+) create mode 100644 tests/qemuxml2argvdata/disk-network-http.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/disk-network-http.xml diff --git a/tests/qemuxml2argvdata/disk-network-http.x86_64-latest.args b/tests/qemuxml2argvdata/disk-network-http.x86_64-latest.args new file mode 100644 index 0000000000..61daecf6f1 --- /dev/null +++ b/tests/qemuxml2argvdata/disk-network-http.x86_64-latest.args @@ -0,0 +1,57 @@ +LC_ALL=C \ +PATH=/bin \ +HOME=/tmp/lib/domain--1-QEMUGuest1 \ +USER=test \ +LOGNAME=test \ +XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \ +XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \ +XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \ +QEMU_AUDIO_DRV=none \ +/usr/bin/qemu-system-x86_64 \ +-name guest=QEMUGuest1,debug-threads=on \ +-S \ +-object secret,id=masterKey0,format=raw,\ +file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ +-machine pc,accel=kvm,usb=off,dump-guest-core=off \ +-cpu qemu64 \ +-m 214 \ +-overcommit mem-lock=off \ +-smp 1,sockets=1,cores=1,threads=1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=charmonitor,fd=1729,server,nowait \ +-mon chardev=charmonitor,id=monitor,mode=control \ +-rtc base=utc \ +-no-shutdown \ +-no-acpi \ +-boot strict=on \ +-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \ +-blockdev '{"driver":"http","url":"http://example.org:80/test.img",\ +"node-name":"libvirt-4-storage","auto-read-only":true,"discard":"unmap"}' \ +-blockdev '{"node-name":"libvirt-4-format","read-only":false,"driver":"raw",\ +"file":"libvirt-4-storage"}' \ +-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x2,drive=libvirt-4-format,\ +id=virtio-disk0,bootindex=1 \ +-blockdev '{"driver":"https","url":"https://example.org:443/test2.img",\ +"node-name":"libvirt-3-storage","auto-read-only":true,"discard":"unmap"}' \ +-blockdev '{"node-name":"libvirt-3-format","read-only":false,"driver":"raw",\ +"file":"libvirt-3-storage"}' \ +-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x3,drive=libvirt-3-format,\ +id=virtio-disk1 \ +-blockdev '{"driver":"http","url":"http://example.org:1234/test3.img",\ +"node-name":"libvirt-2-storage","auto-read-only":true,"discard":"unmap"}' \ +-blockdev '{"node-name":"libvirt-2-format","read-only":false,"driver":"raw",\ +"file":"libvirt-2-storage"}' \ +-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=libvirt-2-format,\ +id=virtio-disk2 \ +-blockdev '{"driver":"https","url":"https://example.org:1234/test4.img",\ +"node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \ +-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw",\ +"file":"libvirt-1-storage"}' \ +-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=libvirt-1-format,\ +id=virtio-disk3 \ +-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\ +resourcecontrol=deny \ +-msg timestamp=on diff --git a/tests/qemuxml2argvdata/disk-network-http.xml b/tests/qemuxml2argvdata/disk-network-http.xml new file mode 100644 index 0000000000..83a9865c83 --- /dev/null +++ b/tests/qemuxml2argvdata/disk-network-http.xml @@ -0,0 +1,50 @@ +<domain type='kvm'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219136</memory> + <currentMemory unit='KiB'>219136</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='x86_64' machine='pc'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <disk type='network' device='disk'> + <driver name='qemu' type='raw'/> + <source protocol='http' name='test.img'> + <host name='example.org'/> + </source> + <target dev='vda' bus='virtio'/> + </disk> + <disk type='network' device='disk'> + <driver name='qemu' type='raw'/> + <source protocol='https' name='test2.img'> + <host name='example.org'/> + </source> + <target dev='vdb' bus='virtio'/> + </disk> + <disk type='network' device='disk'> + <driver name='qemu' type='raw'/> + <source protocol='http' name='test3.img'> + <host name='example.org' port='1234'/> + </source> + <target dev='vdc' bus='virtio'/> + </disk> + <disk type='network' device='disk'> + <driver name='qemu' type='raw'/> + <source protocol='https' name='test4.img'> + <host name='example.org' port='1234'/> + </source> + <target dev='vdd' bus='virtio'/> + </disk> + <controller type='usb' index='0'/> + <controller type='pci' index='0' model='pci-root'/> + <input type='mouse' bus='ps2'/> + <input type='keyboard' bus='ps2'/> + <memballoon model='none'/> + </devices> +</domain> diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 35d413d40b..e81d1d7fa1 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -1092,6 +1092,7 @@ mymain(void) QEMU_CAPS_OBJECT_TLS_CREDS_X509, QEMU_CAPS_NBD_TLS); DO_TEST_CAPS_VER("disk-network-tlsx509", "2.12.0"); DO_TEST_CAPS_LATEST("disk-network-tlsx509"); + DO_TEST_CAPS_LATEST("disk-network-http"); driver.config->vxhsTLS = 0; VIR_FREE(driver.config->vxhsTLSx509certdir); DO_TEST("disk-no-boot", NONE); -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
Upcoming patches will implement the support for sslverify, cookies, readahead, and timeout properties. Add a test file which will collect the cases.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- .../disk-network-http.x86_64-latest.args | 57 +++++++++++++++++++ tests/qemuxml2argvdata/disk-network-http.xml | 50 ++++++++++++++++ tests/qemuxml2argvtest.c | 1 + 3 files changed, 108 insertions(+) create mode 100644 tests/qemuxml2argvdata/disk-network-http.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/disk-network-http.xml
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
Allow disabling of SSL certificate validation for HTTPS and FTPS drives in qemu. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_block.c | 1 + tests/qemuxml2argvdata/disk-network-http.x86_64-latest.args | 3 ++- tests/qemuxml2argvdata/disk-network-http.xml | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index 0357815b07..6bfd46a489 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -713,6 +713,7 @@ qemuBlockStorageSourceGetCURLProps(virStorageSourcePtr src, "s:url", uristr, "S:username", username, "S:password-secret", passwordalias, + "T:sslverify", src->sslverify, NULL)); return ret; diff --git a/tests/qemuxml2argvdata/disk-network-http.x86_64-latest.args b/tests/qemuxml2argvdata/disk-network-http.x86_64-latest.args index 61daecf6f1..a700c26bf6 100644 --- a/tests/qemuxml2argvdata/disk-network-http.x86_64-latest.args +++ b/tests/qemuxml2argvdata/disk-network-http.x86_64-latest.args @@ -47,7 +47,8 @@ id=virtio-disk1 \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=libvirt-2-format,\ id=virtio-disk2 \ -blockdev '{"driver":"https","url":"https://example.org:1234/test4.img",\ -"node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \ +"sslverify":false,"node-name":"libvirt-1-storage","auto-read-only":true,\ +"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw",\ "file":"libvirt-1-storage"}' \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=libvirt-1-format,\ diff --git a/tests/qemuxml2argvdata/disk-network-http.xml b/tests/qemuxml2argvdata/disk-network-http.xml index 83a9865c83..8c475aec1d 100644 --- a/tests/qemuxml2argvdata/disk-network-http.xml +++ b/tests/qemuxml2argvdata/disk-network-http.xml @@ -38,6 +38,7 @@ <driver name='qemu' type='raw'/> <source protocol='https' name='test4.img'> <host name='example.org' port='1234'/> + <ssl verify='no'/> </source> <target dev='vdd' bus='virtio'/> </disk> -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
Allow disabling of SSL certificate validation for HTTPS and FTPS drives in qemu.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_block.c | 1 + tests/qemuxml2argvdata/disk-network-http.x86_64-latest.args | 3 ++- tests/qemuxml2argvdata/disk-network-http.xml | 1 + 3 files changed, 4 insertions(+), 1 deletion(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
The http cookies can have potentially sensitive values and thus should not be leaked into the command line. This means that we'll need to instantiate a 'secret' object in qemu to pass the value encrypted. This patch adds infrastructure for storing of the alias in the status XML.t Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_domain.c | 8 +++++++- src/qemu/qemu_domain.h | 3 +++ tests/qemustatusxml2xmldata/modern-in.xml | 1 + 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index e7aaded4d5..b36ff434f3 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -2314,6 +2314,7 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt, qemuDomainStorageSourcePrivatePtr priv; g_autofree char *authalias = NULL; g_autofree char *encalias = NULL; + g_autofree char *httpcookiealias = NULL; src->nodestorage = virXPathString("string(./nodenames/nodename[@type='storage']/@name)", ctxt); src->nodeformat = virXPathString("string(./nodenames/nodename[@type='format']/@name)", ctxt); @@ -2327,8 +2328,9 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt, authalias = virXPathString("string(./objects/secret[@type='auth']/@alias)", ctxt); encalias = virXPathString("string(./objects/secret[@type='encryption']/@alias)", ctxt); + httpcookiealias = virXPathString("string(./objects/secret[@type='httpcookie']/@alias)", ctxt); - if (authalias || encalias) { + if (authalias || encalias || httpcookiealias) { if (!src->privateData && !(src->privateData = qemuDomainStorageSourcePrivateNew())) return -1; @@ -2340,6 +2342,9 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt, if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->encinfo, &encalias) < 0) return -1; + + if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->httpcookie, &httpcookiealias) < 0) + return -1; } if (virStorageSourcePrivateDataParseRelPath(ctxt, src) < 0) @@ -2390,6 +2395,7 @@ qemuStorageSourcePrivateDataFormat(virStorageSourcePtr src, if (srcPriv) { qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->secinfo, "auth"); qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->encinfo, "encryption"); + qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->httpcookie, "httpcookie"); } if (src->tlsAlias) diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index 202b85e39a..4e59f316fa 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -460,6 +460,9 @@ struct _qemuDomainStorageSourcePrivate { /* data required for decryption of encrypted storage source */ qemuDomainSecretInfoPtr encinfo; + + /* secure passthrough of the http cookie */ + qemuDomainSecretInfoPtr httpcookie; }; virObjectPtr qemuDomainStorageSourcePrivateNew(void); diff --git a/tests/qemustatusxml2xmldata/modern-in.xml b/tests/qemustatusxml2xmldata/modern-in.xml index c8d21ceada..cb56cdcef9 100644 --- a/tests/qemustatusxml2xmldata/modern-in.xml +++ b/tests/qemustatusxml2xmldata/modern-in.xml @@ -332,6 +332,7 @@ <objects> <secret type='auth' alias='test-auth-alias'/> <secret type='encryption' alias='test-encryption-alias'/> + <secret type='httpcookie' alias='http-cookie-alias'/> <TLSx509 alias='transport-alias'/> </objects> </privateData> -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
The http cookies can have potentially sensitive values and thus should not be leaked into the command line. This means that we'll need to instantiate a 'secret' object in qemu to pass the value encrypted.
This patch adds infrastructure for storing of the alias in the status XML.t
t
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_domain.c | 8 +++++++- src/qemu/qemu_domain.h | 3 +++ tests/qemustatusxml2xmldata/modern-in.xml | 1 + 3 files changed, 11 insertions(+), 1 deletion(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
QEMU's curl driver requires the cookes concatenated and allows them passed in via a secret. Prepare the value for the secret and encrypt it. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_domain.c | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index b36ff434f3..5c8fc83417 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1727,6 +1727,30 @@ qemuDomainDiskHasEncryptionSecret(virStorageSourcePtr src) } +static qemuDomainSecretInfoPtr +qemuDomainSecretStorageSourcePrepareCookies(qemuDomainObjPrivatePtr priv, + virStorageSourcePtr src, + const char *aliasprotocol) +{ + g_autofree char *secretalias = qemuAliasForSecret(aliasprotocol, "httpcookie"); + g_autofree char *cookies = NULL; + g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER; + size_t i; + + for (i = 0; i < src->ncookies; i++) { + virStorageNetCookieDefPtr cookie = src->cookies[i]; + + virBufferAsprintf(&buf, "%s=%s; ", cookie->name, cookie->value); + } + + virBufferTrim(&buf, "; "); + cookies = virBufferContentAndReset(&buf); + + return qemuDomainSecretAESSetup(priv, secretalias, NULL, + (uint8_t *) cookies, strlen(cookies)); +} + + /** * qemuDomainSecretStorageSourcePrepare: * @priv: domain private object @@ -1752,7 +1776,7 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivatePtr priv, bool hasAuth = qemuDomainStorageSourceHasAuth(src); bool hasEnc = qemuDomainDiskHasEncryptionSecret(src); - if (!hasAuth && !hasEnc) + if (!hasAuth && !hasEnc && src->ncookies == 0) return 0; if (!(src->privateData = qemuDomainStorageSourcePrivateNew())) @@ -1792,6 +1816,13 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivatePtr priv, return -1; } + if (src->ncookies && + virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_BLOCKDEV) && + !(srcPriv->httpcookie = qemuDomainSecretStorageSourcePrepareCookies(priv, + src, + aliasprotocol))) + return -1; + return 0; } -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
QEMU's curl driver requires the cookes concatenated and allows them
cookies allows them to be
passed in via a secret. Prepare the value for the secret and encrypt it.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_domain.c | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
Implement both commandline support and hotplug by adding the http cookie handling to 'qemuBlockStorageSourceAttachData' handling functions for it. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_block.c | 13 +++++++++++++ src/qemu/qemu_block.h | 3 +++ src/qemu/qemu_command.c | 5 +++++ 3 files changed, 21 insertions(+) diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index 6bfd46a489..aba0f31f94 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -1499,11 +1499,13 @@ qemuBlockStorageSourceAttachDataFree(qemuBlockStorageSourceAttachDataPtr data) virJSONValueFree(data->formatProps); virJSONValueFree(data->prmgrProps); virJSONValueFree(data->authsecretProps); + virJSONValueFree(data->httpcookiesecretProps); virJSONValueFree(data->encryptsecretProps); virJSONValueFree(data->tlsProps); VIR_FREE(data->tlsAlias); VIR_FREE(data->authsecretAlias); VIR_FREE(data->encryptsecretAlias); + VIR_FREE(data->httpcookiesecretAlias); VIR_FREE(data->driveCmd); VIR_FREE(data->driveAlias); VIR_FREE(data); @@ -1570,6 +1572,11 @@ qemuBlockStorageSourceAttachApplyStorageDeps(qemuMonitorPtr mon, &data->authsecretAlias) < 0) return -1; + if (data->httpcookiesecretProps && + qemuMonitorAddObject(mon, &data->httpcookiesecretProps, + &data->httpcookiesecretAlias) < 0) + return -1; + if (data->tlsProps && qemuMonitorAddObject(mon, &data->tlsProps, &data->tlsAlias) < 0) return -1; @@ -1713,6 +1720,9 @@ qemuBlockStorageSourceAttachRollback(qemuMonitorPtr mon, if (data->encryptsecretAlias) ignore_value(qemuMonitorDelObject(mon, data->encryptsecretAlias)); + if (data->httpcookiesecretAlias) + ignore_value(qemuMonitorDelObject(mon, data->httpcookiesecretAlias)); + if (data->tlsAlias) ignore_value(qemuMonitorDelObject(mon, data->tlsAlias)); @@ -1768,6 +1778,9 @@ qemuBlockStorageSourceDetachPrepare(virStorageSourcePtr src, if (srcpriv->encinfo && srcpriv->encinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES) data->encryptsecretAlias = g_strdup(srcpriv->encinfo->s.aes.alias); + + if (srcpriv->httpcookie) + data->httpcookiesecretAlias = g_strdup(srcpriv->httpcookie->s.aes.alias); } return g_steal_pointer(&data); diff --git a/src/qemu/qemu_block.h b/src/qemu/qemu_block.h index eab0128d5d..197f5dae97 100644 --- a/src/qemu/qemu_block.h +++ b/src/qemu/qemu_block.h @@ -100,6 +100,9 @@ struct qemuBlockStorageSourceAttachData { virJSONValuePtr encryptsecretProps; char *encryptsecretAlias; + virJSONValuePtr httpcookiesecretProps; + char *httpcookiesecretAlias; + virJSONValuePtr tlsProps; char *tlsAlias; }; diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 9e0334a3e7..9790c92cf8 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -2398,6 +2398,7 @@ qemuBuildBlockStorageSourceAttachDataCommandline(virCommandPtr cmd, if (qemuBuildObjectCommandline(cmd, data->prmgrProps) < 0 || qemuBuildObjectCommandline(cmd, data->authsecretProps) < 0 || qemuBuildObjectCommandline(cmd, data->encryptsecretProps) < 0 || + qemuBuildObjectCommandline(cmd, data->httpcookiesecretProps) < 0 || qemuBuildObjectCommandline(cmd, data->tlsProps) < 0) return -1; @@ -10333,6 +10334,10 @@ qemuBuildStorageSourceAttachPrepareCommon(virStorageSourcePtr src, if (srcpriv->encinfo && qemuBuildSecretInfoProps(srcpriv->encinfo, &data->encryptsecretProps) < 0) return -1; + + if (srcpriv->httpcookie && + qemuBuildSecretInfoProps(srcpriv->httpcookie, &data->httpcookiesecretProps) < 0) + return -1; } if (src->haveTLS == VIR_TRISTATE_BOOL_YES && -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
Implement both commandline support and hotplug by adding the http cookie handling to 'qemuBlockStorageSourceAttachData' handling functions for it.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_block.c | 13 +++++++++++++ src/qemu/qemu_block.h | 3 +++ src/qemu/qemu_command.c | 5 +++++ 3 files changed, 21 insertions(+)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
Pass the alias of the secret object holding the cookie data as 'cookie-secret' to qemu. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_block.c | 14 +++++++++++--- .../disk-network-http.x86_64-latest.args | 11 +++++++++-- tests/qemuxml2argvdata/disk-network-http.xml | 8 ++++++++ 3 files changed, 28 insertions(+), 5 deletions(-) diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index aba0f31f94..119b34f869 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -680,6 +680,7 @@ qemuBlockStorageSourceGetCURLProps(virStorageSourcePtr src, { qemuDomainStorageSourcePrivatePtr srcPriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(src); const char *passwordalias = NULL; + const char *cookiealias = NULL; const char *username = NULL; virJSONValuePtr ret = NULL; g_autoptr(virURI) uri = NULL; @@ -704,9 +705,15 @@ qemuBlockStorageSourceGetCURLProps(virStorageSourcePtr src, if (!(uristr = virURIFormat(uri))) return NULL; - if (!onlytarget && src->auth) { - username = src->auth->username; - passwordalias = srcPriv->secinfo->s.aes.alias; + if (!onlytarget) { + if (src->auth) { + username = src->auth->username; + passwordalias = srcPriv->secinfo->s.aes.alias; + } + + if (srcPriv && + srcPriv->httpcookie) + cookiealias = srcPriv->httpcookie->s.aes.alias; } ignore_value(virJSONValueObjectCreate(&ret, @@ -714,6 +721,7 @@ qemuBlockStorageSourceGetCURLProps(virStorageSourcePtr src, "S:username", username, "S:password-secret", passwordalias, "T:sslverify", src->sslverify, + "S:cookie-secret", cookiealias, NULL)); return ret; diff --git a/tests/qemuxml2argvdata/disk-network-http.x86_64-latest.args b/tests/qemuxml2argvdata/disk-network-http.x86_64-latest.args index a700c26bf6..5798235b55 100644 --- a/tests/qemuxml2argvdata/disk-network-http.x86_64-latest.args +++ b/tests/qemuxml2argvdata/disk-network-http.x86_64-latest.args @@ -40,15 +40,22 @@ id=virtio-disk0,bootindex=1 \ "file":"libvirt-3-storage"}' \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x3,drive=libvirt-3-format,\ id=virtio-disk1 \ +-object secret,id=libvirt-2-storage-httpcookie-secret0,\ +data=DrPR9NA6GKJb7qi1KbjHad3f3UIGTTDmAmOZHHv1F5w5T8rhnk3f+uSKStHe0J2O,\ +keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -blockdev '{"driver":"http","url":"http://example.org:1234/test3.img",\ +"cookie-secret":"libvirt-2-storage-httpcookie-secret0",\ "node-name":"libvirt-2-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-2-format","read-only":false,"driver":"raw",\ "file":"libvirt-2-storage"}' \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=libvirt-2-format,\ id=virtio-disk2 \ +-object secret,id=libvirt-1-storage-httpcookie-secret0,\ +data=DrPR9NA6GKJb7qi1KbjHad3f3UIGTTDmAmOZHHv1F5w5T8rhnk3f+uSKStHe0J2O,\ +keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ -blockdev '{"driver":"https","url":"https://example.org:1234/test4.img",\ -"sslverify":false,"node-name":"libvirt-1-storage","auto-read-only":true,\ -"discard":"unmap"}' \ +"sslverify":false,"cookie-secret":"libvirt-1-storage-httpcookie-secret0",\ +"node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw",\ "file":"libvirt-1-storage"}' \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=libvirt-1-format,\ diff --git a/tests/qemuxml2argvdata/disk-network-http.xml b/tests/qemuxml2argvdata/disk-network-http.xml index 8c475aec1d..6acf75cf65 100644 --- a/tests/qemuxml2argvdata/disk-network-http.xml +++ b/tests/qemuxml2argvdata/disk-network-http.xml @@ -31,6 +31,10 @@ <driver name='qemu' type='raw'/> <source protocol='http' name='test3.img'> <host name='example.org' port='1234'/> + <cookies> + <cookie name='test'>testcookievalue</cookie> + <cookie name='test2'>blurb</cookie> + </cookies> </source> <target dev='vdc' bus='virtio'/> </disk> @@ -39,6 +43,10 @@ <source protocol='https' name='test4.img'> <host name='example.org' port='1234'/> <ssl verify='no'/> + <cookies> + <cookie name='test'>testcookievalue</cookie> + <cookie name='test2'>blurb</cookie> + </cookies> </source> <target dev='vdd' bus='virtio'/> </disk> -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
Pass the alias of the secret object holding the cookie data as 'cookie-secret' to qemu.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_block.c | 14 +++++++++++--- .../disk-network-http.x86_64-latest.args | 11 +++++++++-- tests/qemuxml2argvdata/disk-network-http.xml | 8 ++++++++ 3 files changed, 28 insertions(+), 5 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
Pass in the correct fields. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_block.c | 2 ++ tests/qemuxml2argvdata/disk-network-http.x86_64-latest.args | 6 ++++-- tests/qemuxml2argvdata/disk-network-http.xml | 2 ++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index 119b34f869..f64bd8254b 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -722,6 +722,8 @@ qemuBlockStorageSourceGetCURLProps(virStorageSourcePtr src, "S:password-secret", passwordalias, "T:sslverify", src->sslverify, "S:cookie-secret", cookiealias, + "P:timeout", src->timeout, + "P:readahead", src->readahead, NULL)); return ret; diff --git a/tests/qemuxml2argvdata/disk-network-http.x86_64-latest.args b/tests/qemuxml2argvdata/disk-network-http.x86_64-latest.args index 5798235b55..e14498f778 100644 --- a/tests/qemuxml2argvdata/disk-network-http.x86_64-latest.args +++ b/tests/qemuxml2argvdata/disk-network-http.x86_64-latest.args @@ -29,13 +29,15 @@ file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ -boot strict=on \ -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \ -blockdev '{"driver":"http","url":"http://example.org:80/test.img",\ -"node-name":"libvirt-4-storage","auto-read-only":true,"discard":"unmap"}' \ +"timeout":1234,"node-name":"libvirt-4-storage","auto-read-only":true,\ +"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-4-format","read-only":false,"driver":"raw",\ "file":"libvirt-4-storage"}' \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x2,drive=libvirt-4-format,\ id=virtio-disk0,bootindex=1 \ -blockdev '{"driver":"https","url":"https://example.org:443/test2.img",\ -"node-name":"libvirt-3-storage","auto-read-only":true,"discard":"unmap"}' \ +"readahead":1024,"node-name":"libvirt-3-storage","auto-read-only":true,\ +"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-3-format","read-only":false,"driver":"raw",\ "file":"libvirt-3-storage"}' \ -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x3,drive=libvirt-3-format,\ diff --git a/tests/qemuxml2argvdata/disk-network-http.xml b/tests/qemuxml2argvdata/disk-network-http.xml index 6acf75cf65..20024c732e 100644 --- a/tests/qemuxml2argvdata/disk-network-http.xml +++ b/tests/qemuxml2argvdata/disk-network-http.xml @@ -17,6 +17,7 @@ <driver name='qemu' type='raw'/> <source protocol='http' name='test.img'> <host name='example.org'/> + <timeout seconds='1234'/> </source> <target dev='vda' bus='virtio'/> </disk> @@ -24,6 +25,7 @@ <driver name='qemu' type='raw'/> <source protocol='https' name='test2.img'> <host name='example.org'/> + <readahead size='1024'/> </source> <target dev='vdb' bus='virtio'/> </disk> -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
Pass in the correct fields.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_block.c | 2 ++ tests/qemuxml2argvdata/disk-network-http.x86_64-latest.args | 6 ++++-- tests/qemuxml2argvdata/disk-network-http.xml | 2 ++ 3 files changed, 8 insertions(+), 2 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
Add support for parsing the recently added fields from backing file pseudo-protocol strings. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/util/virstoragefile.c | 91 ++++++++++++++++++++++++++++++++++++++- tests/qemublocktest.c | 6 +++ tests/virstoragetest.c | 15 +++++++ 3 files changed, 111 insertions(+), 1 deletion(-) diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c index 9e740419eb..efc4c60681 100644 --- a/src/util/virstoragefile.c +++ b/src/util/virstoragefile.c @@ -3210,10 +3210,61 @@ virStorageSourceParseBackingJSONUriStr(virStorageSourcePtr src, } +static int +virStorageSourceParseBackingJSONUriCookies(virStorageSourcePtr src, + virJSONValuePtr json, + const char *jsonstr) +{ + const char *cookiestr; + VIR_AUTOSTRINGLIST cookies = NULL; + size_t ncookies = 0; + size_t i; + + if (!virJSONValueObjectHasKey(json, "cookie")) + return 0; + + if (!(cookiestr = virJSONValueObjectGetString(json, "cookie"))) { + virReportError(VIR_ERR_INVALID_ARG, + _("wrong format of 'cookie' field in backing store definition '%s'"), + jsonstr); + return -1; + } + + if (!(cookies = virStringSplitCount(cookiestr, ";", 0, &ncookies))) + return -1; + + src->cookies = g_new0(virStorageNetCookieDefPtr, ncookies); + src->ncookies = ncookies; + + for (i = 0; i < ncookies; i++) { + char *cookiename = cookies[i]; + char *cookievalue; + + virSkipSpaces((const char **) &cookiename); + + if (!(cookievalue = strchr(cookiename, '='))) { + virReportError(VIR_ERR_INVALID_ARG, + _("malformed http cookie '%s' in backing store definition '%s'"), + cookies[i], jsonstr); + return -1; + } + + *cookievalue = '\0'; + cookievalue++; + + src->cookies[i] = g_new0(virStorageNetCookieDef, 1); + src->cookies[i]->name = g_strdup(cookiename); + src->cookies[i]->value = g_strdup(cookievalue); + } + + return 0; +} + + static int virStorageSourceParseBackingJSONUri(virStorageSourcePtr src, virJSONValuePtr json, - const char *jsonstr G_GNUC_UNUSED, + const char *jsonstr, int protocol) { const char *uri; @@ -3224,6 +3275,44 @@ virStorageSourceParseBackingJSONUri(virStorageSourcePtr src, return -1; } + if (protocol == VIR_STORAGE_NET_PROTOCOL_HTTPS || + protocol == VIR_STORAGE_NET_PROTOCOL_FTPS) { + if (virJSONValueObjectHasKey(json, "sslverify")) { + bool tmp; + + if (virJSONValueObjectGetBoolean(json, "sslverify", &tmp) < 0) { + virReportError(VIR_ERR_INVALID_ARG, + _("malformed 'sslverify' field in backing store definition '%s'"), + jsonstr); + return -1; + } + + src->sslverify = virTristateBoolFromBool(tmp); + } + } + + if (protocol == VIR_STORAGE_NET_PROTOCOL_HTTPS || + protocol == VIR_STORAGE_NET_PROTOCOL_HTTP) { + if (virStorageSourceParseBackingJSONUriCookies(src, json, jsonstr) < 0) + return -1; + } + + if (virJSONValueObjectHasKey(json, "readahead") && + virJSONValueObjectGetNumberUlong(json, "readahead", &src->readahead) < 0) { + virReportError(VIR_ERR_INVALID_ARG, + _("malformed 'readahead' field in backing store definition '%s'"), + jsonstr); + return -1; + } + + if (virJSONValueObjectHasKey(json, "timeout") && + virJSONValueObjectGetNumberUlong(json, "timeout", &src->timeout) < 0) { + virReportError(VIR_ERR_INVALID_ARG, + _("malformed 'timeout' field in backing store definition '%s'"), + jsonstr); + return -1; + } + return virStorageSourceParseBackingJSONUriStr(src, uri, protocol); } diff --git a/tests/qemublocktest.c b/tests/qemublocktest.c index 7b7948d4c6..96a3c7fc41 100644 --- a/tests/qemublocktest.c +++ b/tests/qemublocktest.c @@ -917,6 +917,12 @@ mymain(void) TEST_JSON_FORMAT_NET("<source protocol='https' name='file'>\n" " <host name='example.com' port='432'/>\n" "</source>\n"); + TEST_JSON_FORMAT_NET("<source protocol='https' name='file'>\n" + " <host name='example.com' port='432'/>\n" + " <ssl verify='no'/>\n" + " <readahead size='1024'/>\n" + " <timeout seconds='1337'/>\n" + "</source>\n"); TEST_JSON_FORMAT_NET("<source protocol='gluster' name='vol/file'>\n" " <host name='example.com' port='24007'/>\n" "</source>\n"); diff --git a/tests/virstoragetest.c b/tests/virstoragetest.c index 97c22d42af..b49dfd2598 100644 --- a/tests/virstoragetest.c +++ b/tests/virstoragetest.c @@ -1607,6 +1607,21 @@ mymain(void) " </slices>\n" "</source>\n", 0); + TEST_BACKING_PARSE_FULL("json:{ \"file.cookie\": \"vmware_soap_session=\\\"0c8db85112873a79b7ef74f294cb70ef7f\\\"\"," + "\"file.sslverify\": false," + "\"file.driver\": \"https\"," + "\"file.url\": \"https://host/folder/esx6.5-rhel7.7-x86%5f64/esx6.5-rhel7.7-x86%5f64-flat.vmdk?dcPath=data&dsName=esx6.5-matrix\"," + "\"file.timeout\": 2000" + "}", + "<source protocol='https' name='folder/esx6.5-rhel7.7-x86_64/esx6.5-rhel7.7-x86_64-flat.vmdk'>\n" + " <host name='host' port='443'/>\n" + " <ssl verify='no'/>\n" + " <cookies>\n" + " <cookie name='vmware_soap_session'>"0c8db85112873a79b7ef74f294cb70ef7f"</cookie>\n" + " </cookies>\n" + " <timeout seconds='2000'/>\n" + "</source>\n", 0); + #endif /* WITH_YAJL */ cleanup: -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
Add support for parsing the recently added fields from backing file pseudo-protocol strings.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/util/virstoragefile.c | 91 ++++++++++++++++++++++++++++++++++++++- tests/qemublocktest.c | 6 +++ tests/virstoragetest.c | 15 +++++++ 3 files changed, 111 insertions(+), 1 deletion(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
libguestfs abuses a quirk of qemu's parser to accept also other variants of the 'sslverify' field which would be valid on the command line but are not documented in the QMP schema. If we encounter the 'off' string instead of an boolean handle it rather than erroring out to continue support of pre-blockdev configurations. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/util/virstoragefile.c | 21 ++++++++++++++------- tests/virstoragetest.c | 15 +++++++++++++++ 2 files changed, 29 insertions(+), 7 deletions(-) diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c index efc4c60681..a85b95fd09 100644 --- a/src/util/virstoragefile.c +++ b/src/util/virstoragefile.c @@ -3278,16 +3278,23 @@ virStorageSourceParseBackingJSONUri(virStorageSourcePtr src, if (protocol == VIR_STORAGE_NET_PROTOCOL_HTTPS || protocol == VIR_STORAGE_NET_PROTOCOL_FTPS) { if (virJSONValueObjectHasKey(json, "sslverify")) { + const char *tmpstr; bool tmp; - if (virJSONValueObjectGetBoolean(json, "sslverify", &tmp) < 0) { - virReportError(VIR_ERR_INVALID_ARG, - _("malformed 'sslverify' field in backing store definition '%s'"), - jsonstr); - return -1; - } + /* libguestfs still uses undocumented legacy value of 'off' */ + if ((tmpstr = virJSONValueObjectGetString(json, "sslverify")) && + STREQ(tmpstr, "off")) { + src->sslverify = VIR_TRISTATE_BOOL_NO; + } else { + if (virJSONValueObjectGetBoolean(json, "sslverify", &tmp) < 0) { + virReportError(VIR_ERR_INVALID_ARG, + _("malformed 'sslverify' field in backing store definition '%s'"), + jsonstr); + return -1; + } - src->sslverify = virTristateBoolFromBool(tmp); + src->sslverify = virTristateBoolFromBool(tmp); + } } } diff --git a/tests/virstoragetest.c b/tests/virstoragetest.c index b49dfd2598..c59511114d 100644 --- a/tests/virstoragetest.c +++ b/tests/virstoragetest.c @@ -1622,6 +1622,21 @@ mymain(void) " <timeout seconds='2000'/>\n" "</source>\n", 0); + TEST_BACKING_PARSE_FULL("json:{ \"file.cookie\": \"vmware_soap_session=\\\"0c8db85112873a79b7ef74f294cb70ef7f\\\"\"," + "\"file.sslverify\": \"off\"," + "\"file.driver\": \"https\"," + "\"file.url\": \"https://host/folder/esx6.5-rhel7.7-x86%5f64/esx6.5-rhel7.7-x86%5f64-flat.vmdk?dcPath=data&dsName=esx6.5-matrix\"," + "\"file.timeout\": 2000" + "}", + "<source protocol='https' name='folder/esx6.5-rhel7.7-x86_64/esx6.5-rhel7.7-x86_64-flat.vmdk'>\n" + " <host name='host' port='443'/>\n" + " <ssl verify='no'/>\n" + " <cookies>\n" + " <cookie name='vmware_soap_session'>"0c8db85112873a79b7ef74f294cb70ef7f"</cookie>\n" + " </cookies>\n" + " <timeout seconds='2000'/>\n" + "</source>\n", 0); + #endif /* WITH_YAJL */ cleanup: -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
libguestfs abuses a quirk of qemu's parser to accept also other variants of the 'sslverify' field which would be valid on the command line but are not documented in the QMP schema.
If we encounter the 'off' string instead of an boolean handle it rather than erroring out to continue support of pre-blockdev configurations.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/util/virstoragefile.c | 21 ++++++++++++++------- tests/virstoragetest.c | 15 +++++++++++++++ 2 files changed, 29 insertions(+), 7 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
Multiple tests require the schema. Extract the loading into a separate variable to avoid issues with ownership of the pointer. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- tests/qemublocktest.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/tests/qemublocktest.c b/tests/qemublocktest.c index 96a3c7fc41..735ba5cdde 100644 --- a/tests/qemublocktest.c +++ b/tests/qemublocktest.c @@ -867,6 +867,7 @@ mymain(void) struct testQemuBlockBitmapBlockcopyData blockbitmapblockcopydata; char *capslatest_x86_64 = NULL; virQEMUCapsPtr caps_x86_64 = NULL; + g_autoptr(virHashTable) qmp_schema_x86_64 = NULL; g_autoptr(virStorageSource) bitmapSourceChain = NULL; if (qemuTestDriverInit(&driver) < 0) @@ -889,6 +890,11 @@ mymain(void) diskxmljsondata.qemuCaps = caps_x86_64; imagecreatedata.qemuCaps = caps_x86_64; + if (!(qmp_schema_x86_64 = testQEMUSchemaLoad("x86_64"))) { + ret = -1; + goto cleanup; + } + virTestCounterReset("qemu storage source xml->json->xml "); #define TEST_JSON_FORMAT(tpe, xmlstr) \ @@ -987,10 +993,7 @@ mymain(void) #define TEST_DISK_TO_JSON(nme) TEST_DISK_TO_JSON_FULL(nme, false) - if (!(diskxmljsondata.schema = testQEMUSchemaLoad("x86_64"))) { - ret = -1; - goto cleanup; - } + diskxmljsondata.schema = qmp_schema_x86_64; if (virQEMUQAPISchemaPathGet("blockdev-add/arg-type", diskxmljsondata.schema, @@ -1049,7 +1052,9 @@ mymain(void) &imagecreatedata) < 0) \ ret = -1; \ } while (0) - imagecreatedata.schema = diskxmljsondata.schema; + + imagecreatedata.schema = qmp_schema_x86_64; + if (virQEMUQAPISchemaPathGet("blockdev-create/arg-type/options", imagecreatedata.schema, &imagecreatedata.schemaroot) < 0 || @@ -1202,7 +1207,6 @@ mymain(void) TEST_BITMAP_BLOCKCOPY("snapshots-deep", false, "snapshots"); cleanup: - virHashFree(diskxmljsondata.schema); qemuTestDriverFree(&driver); VIR_FREE(capslatest_x86_64); virObjectUnref(caps_x86_64); -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
Multiple tests require the schema. Extract the loading into a separate variable to avoid issues with ownership of the pointer.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- tests/qemublocktest.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
Move lookup of the schema root earlier so that multiple functions can use it for validation. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- tests/qemublocktest.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/tests/qemublocktest.c b/tests/qemublocktest.c index 735ba5cdde..f803c9c6b3 100644 --- a/tests/qemublocktest.c +++ b/tests/qemublocktest.c @@ -868,6 +868,7 @@ mymain(void) char *capslatest_x86_64 = NULL; virQEMUCapsPtr caps_x86_64 = NULL; g_autoptr(virHashTable) qmp_schema_x86_64 = NULL; + virJSONValuePtr qmp_schemaroot_x86_64_blockdev_add = NULL; g_autoptr(virStorageSource) bitmapSourceChain = NULL; if (qemuTestDriverInit(&driver) < 0) @@ -895,6 +896,15 @@ mymain(void) goto cleanup; } + if (virQEMUQAPISchemaPathGet("blockdev-add/arg-type", + qmp_schema_x86_64, + &qmp_schemaroot_x86_64_blockdev_add) < 0 || + !qmp_schemaroot_x86_64_blockdev_add) { + VIR_TEST_VERBOSE("failed to find schema entry for blockdev-add"); + ret = -1; + goto cleanup; + } + virTestCounterReset("qemu storage source xml->json->xml "); #define TEST_JSON_FORMAT(tpe, xmlstr) \ @@ -994,15 +1004,7 @@ mymain(void) #define TEST_DISK_TO_JSON(nme) TEST_DISK_TO_JSON_FULL(nme, false) diskxmljsondata.schema = qmp_schema_x86_64; - - if (virQEMUQAPISchemaPathGet("blockdev-add/arg-type", - diskxmljsondata.schema, - &diskxmljsondata.schemaroot) < 0 || - !diskxmljsondata.schemaroot) { - VIR_TEST_VERBOSE("failed to find schema entry for blockdev-add"); - ret = -1; - goto cleanup; - } + diskxmljsondata.schemaroot = qmp_schemaroot_x86_64_blockdev_add; TEST_DISK_TO_JSON_FULL("nodename-long-format", true); TEST_DISK_TO_JSON_FULL("nodename-long-protocol", true); -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
Move lookup of the schema root earlier so that multiple functions can use it for validation.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- tests/qemublocktest.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
The test was invoking the JSON formatter with the 'legacy' flag thus formatting bunch of obsolete JSON blockdev definitions. We also should test the modern ones. Add a boolean and re-run all the tests in both cases. Additionally for any modern invocation we should also validate that the output conforms to the QAPI schema. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- tests/qemublocktest.c | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/tests/qemublocktest.c b/tests/qemublocktest.c index f803c9c6b3..77484cc8e7 100644 --- a/tests/qemublocktest.c +++ b/tests/qemublocktest.c @@ -41,6 +41,9 @@ VIR_LOG_INIT("tests.storagetest"); struct testBackingXMLjsonXMLdata { int type; const char *xml; + bool legacy; + virHashTablePtr schema; + virJSONValuePtr schemaroot; }; static int @@ -57,6 +60,7 @@ testBackingXMLjsonXML(const void *args) g_autofree char *actualxml = NULL; g_autoptr(virStorageSource) xmlsrc = NULL; g_autoptr(virStorageSource) jsonsrc = NULL; + g_auto(virBuffer) debug = VIR_BUFFER_INITIALIZER; if (!(xmlsrc = virStorageSourceNew())) return -1; @@ -71,12 +75,27 @@ testBackingXMLjsonXML(const void *args) return -1; } - if (!(backendprops = qemuBlockStorageSourceGetBackendProps(xmlsrc, true, false, + if (!(backendprops = qemuBlockStorageSourceGetBackendProps(xmlsrc, + data->legacy, + false, false))) { fprintf(stderr, "failed to format disk source json\n"); return -1; } + if (!data->legacy) { + if (testQEMUSchemaValidate(backendprops, data->schemaroot, + data->schema, &debug) < 0) { + g_autofree char *debugmsg = virBufferContentAndReset(&debug); + g_autofree char *debugprops = virJSONValueToString(backendprops, true); + + VIR_TEST_VERBOSE("json does not conform to QAPI schema"); + VIR_TEST_DEBUG("json:\n%s\ndoes not match schema. Debug output:\n %s", + debugprops, NULLSTR(debugmsg)); + return -1; + } + } + if (virJSONValueObjectCreate(&wrapper, "a:file", &backendprops, NULL) < 0) return -1; @@ -911,6 +930,10 @@ mymain(void) do { \ xmljsonxmldata.type = tpe; \ xmljsonxmldata.xml = xmlstr; \ + xmljsonxmldata.legacy = true; \ + if (virTestRun(virTestCounterNext(), testBackingXMLjsonXML, \ + &xmljsonxmldata) < 0) \ + xmljsonxmldata.legacy = false; \ if (virTestRun(virTestCounterNext(), testBackingXMLjsonXML, \ &xmljsonxmldata) < 0) \ ret = -1; \ @@ -919,6 +942,9 @@ mymain(void) #define TEST_JSON_FORMAT_NET(xmlstr) \ TEST_JSON_FORMAT(VIR_STORAGE_TYPE_NETWORK, xmlstr) + xmljsonxmldata.schema = qmp_schema_x86_64; + xmljsonxmldata.schemaroot = qmp_schemaroot_x86_64_blockdev_add; + TEST_JSON_FORMAT(VIR_STORAGE_TYPE_FILE, "<source file='/path/to/file'/>\n"); /* type VIR_STORAGE_TYPE_BLOCK is not tested since it parses back to 'file' */ -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
The test was invoking the JSON formatter with the 'legacy' flag thus formatting bunch of obsolete JSON blockdev definitions. We also should test the modern ones. Add a boolean and re-run all the tests in both cases.
Additionally for any modern invocation we should also validate that the output conforms to the QAPI schema.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- tests/qemublocktest.c | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
Add testing of the interpretation of the JSON pseudo-protocol backing store into JSON structs for blockdev. This will be used to test JSON pseudo-URIs used by libguestfs while actually also validating the output against the QMP schema. Since libguestfs uses obsolete/undocumented values the outputs will differ and a benefit is that modern output is used now. The example test case covers the fields and values used by libguestfs when using the https driver. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- tests/qemublocktest.c | 65 +++++++++++++++++++ .../jsontojson/curl-libguestfs-in.json | 1 + .../jsontojson/curl-libguestfs-out.json | 9 +++ 3 files changed, 75 insertions(+) create mode 100644 tests/qemublocktestdata/jsontojson/curl-libguestfs-in.json create mode 100644 tests/qemublocktestdata/jsontojson/curl-libguestfs-out.json diff --git a/tests/qemublocktest.c b/tests/qemublocktest.c index 77484cc8e7..ec32d28188 100644 --- a/tests/qemublocktest.c +++ b/tests/qemublocktest.c @@ -128,6 +128,57 @@ testBackingXMLjsonXML(const void *args) return 0; } +static const char *testJSONtoJSONPath = abs_srcdir "/qemublocktestdata/jsontojson/"; + +struct testJSONtoJSONData { + const char *name; + virHashTablePtr schema; + virJSONValuePtr schemaroot; +}; + +static int +testJSONtoJSON(const void *args) +{ + const struct testJSONtoJSONData *data = args; + g_auto(virBuffer) debug = VIR_BUFFER_INITIALIZER; + g_autoptr(virJSONValue) jsonsrcout = NULL; + g_autoptr(virStorageSource) src = NULL; + g_autofree char *actual = NULL; + g_autofree char *in = NULL; + g_autofree char *infile = g_strdup_printf("%s%s-in.json", testJSONtoJSONPath, + data->name); + g_autofree char *outfile = g_strdup_printf("%s%s-out.json", testJSONtoJSONPath, + data->name); + + if (virTestLoadFile(infile, &in) < 0) + return -1; + + if (virStorageSourceNewFromBackingAbsolute(in, &src) < 0) { + fprintf(stderr, "failed to parse disk json\n"); + return -1; + } + + if (!(jsonsrcout = qemuBlockStorageSourceGetBackendProps(src, false, false, true))) { + fprintf(stderr, "failed to format disk source json\n"); + return -1; + } + + if (!(actual = virJSONValueToString(jsonsrcout, true))) + return -1; + + if (testQEMUSchemaValidate(jsonsrcout, data->schemaroot, + data->schema, &debug) < 0) { + g_autofree char *debugmsg = virBufferContentAndReset(&debug); + + VIR_TEST_VERBOSE("json does not conform to QAPI schema"); + VIR_TEST_DEBUG("json:\n%s\ndoes not match schema. Debug output:\n %s", + actual, NULLSTR(debugmsg)); + return -1; + } + + return virTestCompareToFile(actual, outfile); +} + struct testQemuDiskXMLToJSONData { virQEMUDriverPtr driver; @@ -879,6 +930,7 @@ mymain(void) virQEMUDriver driver; struct testBackingXMLjsonXMLdata xmljsonxmldata; struct testQemuDiskXMLToJSONData diskxmljsondata; + struct testJSONtoJSONData jsontojsondata; struct testQemuImageCreateData imagecreatedata; struct testQemuBackupIncrementalBitmapCalculateData backupbitmapcalcdata; struct testQemuCheckpointDeleteMergeData checkpointdeletedata; @@ -1072,6 +1124,19 @@ mymain(void) TEST_DISK_TO_JSON("block-raw-noopts"); TEST_DISK_TO_JSON("block-raw-reservations"); +#define TEST_JSON_TO_JSON(nme) \ + do { \ + jsontojsondata.name = nme; \ + if (virTestRun("JSON to JSON " nme, testJSONtoJSON, \ + &jsontojsondata) < 0) \ + ret = -1; \ + } while (0) + + jsontojsondata.schema = qmp_schema_x86_64; + jsontojsondata.schemaroot = qmp_schemaroot_x86_64_blockdev_add; + + TEST_JSON_TO_JSON("curl-libguestfs"); + #define TEST_IMAGE_CREATE(testname, testbacking) \ do { \ imagecreatedata.name = testname; \ diff --git a/tests/qemublocktestdata/jsontojson/curl-libguestfs-in.json b/tests/qemublocktestdata/jsontojson/curl-libguestfs-in.json new file mode 100644 index 0000000000..0b92dabc6d --- /dev/null +++ b/tests/qemublocktestdata/jsontojson/curl-libguestfs-in.json @@ -0,0 +1 @@ +json:{"file.driver":"https","file.url":"https://test.host/whatever.img","file.timeout":2000,"file.readahead":65536,"file.sslverify":"off","file.cookie":"some_cookie=\"some_value_or_whatever\""} diff --git a/tests/qemublocktestdata/jsontojson/curl-libguestfs-out.json b/tests/qemublocktestdata/jsontojson/curl-libguestfs-out.json new file mode 100644 index 0000000000..e130c7bd3c --- /dev/null +++ b/tests/qemublocktestdata/jsontojson/curl-libguestfs-out.json @@ -0,0 +1,9 @@ +{ + "driver": "https", + "url": "https://test.host:443/whatever.img", + "sslverify": false, + "timeout": 2000, + "readahead": 65536, + "auto-read-only": true, + "discard": "unmap" +} -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
Add testing of the interpretation of the JSON pseudo-protocol backing store into JSON structs for blockdev. This will be used to test JSON pseudo-URIs used by libguestfs while actually also validating the output against the QMP schema. Since libguestfs uses obsolete/undocumented values the outputs will differ and a benefit is that modern output is used now.
The example test case covers the fields and values used by libguestfs when using the https driver.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- tests/qemublocktest.c | 65 +++++++++++++++++++ .../jsontojson/curl-libguestfs-in.json | 1 + .../jsontojson/curl-libguestfs-out.json | 9 +++ 3 files changed, 75 insertions(+) create mode 100644 tests/qemublocktestdata/jsontojson/curl-libguestfs-in.json create mode 100644 tests/qemublocktestdata/jsontojson/curl-libguestfs-out.json
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
We currently don't model the 'ssh' protocol properties properly and since it seems impossible for now (agent path passed via environment variable). To allow libguestfs to work as it used in pre-blockdev era we must carry the properties over to the command line. For this instance we just store it internally and format it back. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_block.c | 10 ++++++++++ src/util/virstoragefile.c | 13 +++++++++++++ src/util/virstoragefile.h | 5 +++++ tests/qemublocktest.c | 1 + .../jsontojson/ssh-passthrough-libguestfs-in.json | 1 + .../jsontojson/ssh-passthrough-libguestfs-out.json | 14 ++++++++++++++ 6 files changed, 44 insertions(+) create mode 100644 tests/qemublocktestdata/jsontojson/ssh-passthrough-libguestfs-in.json create mode 100644 tests/qemublocktestdata/jsontojson/ssh-passthrough-libguestfs-out.json diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index f64bd8254b..5ddf7f1f7c 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -911,6 +911,7 @@ qemuBlockStorageSourceGetSshProps(virStorageSourcePtr src) g_autoptr(virJSONValue) serverprops = NULL; virJSONValuePtr ret = NULL; const char *username = NULL; + g_autoptr(virJSONValue) host_key_check = NULL; if (src->nhosts != 1) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -924,11 +925,20 @@ qemuBlockStorageSourceGetSshProps(virStorageSourcePtr src) if (src->auth) username = src->auth->username; + else if (src->ssh_user) + username = src->ssh_user; + + if (src->ssh_host_key_check_disabled && + virJSONValueObjectCreate(&host_key_check, + "s:mode", "none", + NULL) < 0) + return NULL; if (virJSONValueObjectCreate(&ret, "s:path", src->path, "a:server", &serverprops, "S:user", username, + "A:host-key-check", &host_key_check, NULL) < 0) return NULL; diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c index a85b95fd09..e4235316d8 100644 --- a/src/util/virstoragefile.c +++ b/src/util/virstoragefile.c @@ -2464,6 +2464,10 @@ virStorageSourceCopy(const virStorageSource *src, return NULL; } + /* ssh config passthrough for libguestfs */ + def->ssh_host_key_check_disabled = src->ssh_host_key_check_disabled; + def->ssh_user = g_strdup(src->ssh_user); + return g_steal_pointer(&def); } @@ -2705,6 +2709,8 @@ virStorageSourceClear(virStorageSourcePtr def) VIR_FREE(def->tlsAlias); VIR_FREE(def->tlsCertdir); + VIR_FREE(def->ssh_user); + virStorageSourceInitiatorClear(&def->initiator); /* clear everything except the class header as the object APIs @@ -3635,6 +3641,8 @@ virStorageSourceParseBackingJSONSSH(virStorageSourcePtr src, const char *path = virJSONValueObjectGetString(json, "path"); const char *host = virJSONValueObjectGetString(json, "host"); const char *port = virJSONValueObjectGetString(json, "port"); + const char *user = virJSONValueObjectGetString(json, "user"); + const char *host_key_check = virJSONValueObjectGetString(json, "host_key_check"); virJSONValuePtr server = virJSONValueObjectGetObject(json, "server"); if (!(host || server) || !path) { @@ -3665,6 +3673,11 @@ virStorageSourceParseBackingJSONSSH(virStorageSourcePtr src, return -1; } + /* these two are parsed just to be passed back as we don't model them yet */ + src->ssh_user = g_strdup(user); + if (STREQ_NULLABLE(host_key_check, "no")) + src->ssh_host_key_check_disabled = true; + return 0; } diff --git a/src/util/virstoragefile.h b/src/util/virstoragefile.h index dd2186c4ff..f2a73feb6a 100644 --- a/src/util/virstoragefile.h +++ b/src/util/virstoragefile.h @@ -384,6 +384,11 @@ struct _virStorageSource { as a source for floppy drive */ bool hostcdrom; /* backing device is a cdrom */ + + /* passthrough variables for the ssh driver which we don't handle properly */ + /* these must not be used apart from formatting the output JSON in the qemu driver */ + char *ssh_user; + bool ssh_host_key_check_disabled; }; G_DEFINE_AUTOPTR_CLEANUP_FUNC(virStorageSource, virObjectUnref); diff --git a/tests/qemublocktest.c b/tests/qemublocktest.c index ec32d28188..7a2204787e 100644 --- a/tests/qemublocktest.c +++ b/tests/qemublocktest.c @@ -1136,6 +1136,7 @@ mymain(void) jsontojsondata.schemaroot = qmp_schemaroot_x86_64_blockdev_add; TEST_JSON_TO_JSON("curl-libguestfs"); + TEST_JSON_TO_JSON("ssh-passthrough-libguestfs"); #define TEST_IMAGE_CREATE(testname, testbacking) \ do { \ diff --git a/tests/qemublocktestdata/jsontojson/ssh-passthrough-libguestfs-in.json b/tests/qemublocktestdata/jsontojson/ssh-passthrough-libguestfs-in.json new file mode 100644 index 0000000000..da8fedef07 --- /dev/null +++ b/tests/qemublocktestdata/jsontojson/ssh-passthrough-libguestfs-in.json @@ -0,0 +1 @@ +json:{"file.driver":"ssh","file.user":"testuser","file.host":"random.host","file.port":1234,"file.path":"somewhere/something","file.host_key_check":"no"} diff --git a/tests/qemublocktestdata/jsontojson/ssh-passthrough-libguestfs-out.json b/tests/qemublocktestdata/jsontojson/ssh-passthrough-libguestfs-out.json new file mode 100644 index 0000000000..1f6032deb4 --- /dev/null +++ b/tests/qemublocktestdata/jsontojson/ssh-passthrough-libguestfs-out.json @@ -0,0 +1,14 @@ +{ + "driver": "ssh", + "path": "somewhere/something", + "server": { + "host": "random.host", + "port": "22" + }, + "user": "testuser", + "host-key-check": { + "mode": "none" + }, + "auto-read-only": true, + "discard": "unmap" +} -- 2.24.1
On a Monday in 2020, Peter Krempa wrote:
We currently don't model the 'ssh' protocol properties properly and since it seems impossible for now (agent path passed via environment variable). To allow libguestfs to work as it used in pre-blockdev era we must carry the properties over to the command line. For this instance we just store it internally and format it back.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_block.c | 10 ++++++++++ src/util/virstoragefile.c | 13 +++++++++++++ src/util/virstoragefile.h | 5 +++++ tests/qemublocktest.c | 1 + .../jsontojson/ssh-passthrough-libguestfs-in.json | 1 + .../jsontojson/ssh-passthrough-libguestfs-out.json | 14 ++++++++++++++ 6 files changed, 44 insertions(+) create mode 100644 tests/qemublocktestdata/jsontojson/ssh-passthrough-libguestfs-in.json create mode 100644 tests/qemublocktestdata/jsontojson/ssh-passthrough-libguestfs-out.json
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
participants (3)
-
Eric Blake -
Ján Tomko -
Peter Krempa