[PATCH 0/4] secret define: add support for validation against schema

Kristina Hanicova (4): api: add virSecretDefineFlags secret_conf: add validation against schema in define secret_driver: allow VIR_SECRET_DEFINE_VALIDATE flag virsh: add support for '--validate' option in define secret docs/manpages/virsh.rst | 4 +++- include/libvirt/libvirt-secret.h | 5 +++++ src/conf/secret_conf.c | 13 ++++++++----- src/conf/secret_conf.h | 2 +- src/libvirt-secret.c | 2 +- src/secret/secret_driver.c | 4 ++-- tools/virsh-secret.c | 10 +++++++++- 7 files changed, 29 insertions(+), 11 deletions(-) -- 2.31.1

Signed-off-by: Kristina Hanicova <khanicov@redhat.com> --- include/libvirt/libvirt-secret.h | 5 +++++ src/libvirt-secret.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/include/libvirt/libvirt-secret.h b/include/libvirt/libvirt-secret.h index e5aaac9450..b8e53674d8 100644 --- a/include/libvirt/libvirt-secret.h +++ b/include/libvirt/libvirt-secret.h @@ -88,6 +88,11 @@ virSecretPtr virSecretLookupByUUIDString(virConnectPtr conn, virSecretPtr virSecretLookupByUsage(virConnectPtr conn, int usageType, const char *usageID); + +typedef enum { + VIR_SECRET_DEFINE_VALIDATE = 1 << 0, /* Validate the XML document against schema */ +} virSecretDefineFlags; + virSecretPtr virSecretDefineXML (virConnectPtr conn, const char *xml, unsigned int flags); diff --git a/src/libvirt-secret.c b/src/libvirt-secret.c index a427805c7a..d3626ed561 100644 --- a/src/libvirt-secret.c +++ b/src/libvirt-secret.c @@ -316,7 +316,7 @@ virSecretLookupByUsage(virConnectPtr conn, * virSecretDefineXML: * @conn: virConnect connection * @xml: XML describing the secret. - * @flags: extra flags; not used yet, so callers should always pass 0 + * @flags: bitwise-OR of virSecretDefineFlags * * If XML specifies a UUID, locates the specified secret and replaces all * attributes of the secret specified by UUID by attributes specified in xml -- 2.31.1

We need to validate the XML against schema if option '--validate' was passed to the virsh command. This patch also includes propagation of flags into the virSecretDefParse() function. Signed-off-by: Kristina Hanicova <khanicov@redhat.com> --- src/conf/secret_conf.c | 13 ++++++++----- src/conf/secret_conf.h | 2 +- src/secret/secret_driver.c | 2 +- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/src/conf/secret_conf.c b/src/conf/secret_conf.c index ef6a4b606e..1dee90eba1 100644 --- a/src/conf/secret_conf.c +++ b/src/conf/secret_conf.c @@ -191,12 +191,14 @@ secretXMLParseNode(xmlDocPtr xml, xmlNodePtr root) static virSecretDef * virSecretDefParse(const char *xmlStr, - const char *filename) + const char *filename, + unsigned int flags) { g_autoptr(xmlDoc) xml = NULL; virSecretDef *ret = NULL; - if ((xml = virXMLParse(filename, xmlStr, _("(definition_of_secret)"), NULL, false))) { + if ((xml = virXMLParse(filename, xmlStr, _("(definition_of_secret)"), "secret.rng", + flags & VIR_SECRET_DEFINE_VALIDATE))) { ret = secretXMLParseNode(xml, xmlDocGetRootElement(xml)); } @@ -204,15 +206,16 @@ virSecretDefParse(const char *xmlStr, } virSecretDef * -virSecretDefParseString(const char *xmlStr) +virSecretDefParseString(const char *xmlStr, + unsigned int flags) { - return virSecretDefParse(xmlStr, NULL); + return virSecretDefParse(xmlStr, NULL, flags); } virSecretDef * virSecretDefParseFile(const char *filename) { - return virSecretDefParse(NULL, filename); + return virSecretDefParse(NULL, filename, 0); } static int diff --git a/src/conf/secret_conf.h b/src/conf/secret_conf.h index 373c96b729..36d50407fd 100644 --- a/src/conf/secret_conf.h +++ b/src/conf/secret_conf.h @@ -35,7 +35,7 @@ struct _virSecretDef { void virSecretDefFree(virSecretDef *def); G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSecretDef, virSecretDefFree); -virSecretDef *virSecretDefParseString(const char *xml); +virSecretDef *virSecretDefParseString(const char *xml, unsigned int flags); virSecretDef *virSecretDefParseFile(const char *filename); char *virSecretDefFormat(const virSecretDef *def); diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c index d2175de8ed..6b3f0711aa 100644 --- a/src/secret/secret_driver.c +++ b/src/secret/secret_driver.c @@ -222,7 +222,7 @@ secretDefineXML(virConnectPtr conn, virCheckFlags(0, NULL); - if (!(def = virSecretDefParseString(xml))) + if (!(def = virSecretDefParseString(xml, 0))) return NULL; if (virSecretDefineXMLEnsureACL(conn, def) < 0) -- 2.31.1

Signed-off-by: Kristina Hanicova <khanicov@redhat.com> --- src/secret/secret_driver.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c index 6b3f0711aa..43aeae9568 100644 --- a/src/secret/secret_driver.c +++ b/src/secret/secret_driver.c @@ -220,9 +220,9 @@ secretDefineXML(virConnectPtr conn, virSecretDef *def; virObjectEvent *event = NULL; - virCheckFlags(0, NULL); + virCheckFlags(VIR_SECRET_DEFINE_VALIDATE, NULL); - if (!(def = virSecretDefParseString(xml, 0))) + if (!(def = virSecretDefParseString(xml, flags))) return NULL; if (virSecretDefineXMLEnsureACL(conn, def) < 0) -- 2.31.1

Signed-off-by: Kristina Hanicova <khanicov@redhat.com> --- docs/manpages/virsh.rst | 4 +++- tools/virsh-secret.c | 10 +++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst index 3eb310d02e..de6d6ee1c2 100644 --- a/docs/manpages/virsh.rst +++ b/docs/manpages/virsh.rst @@ -6697,13 +6697,15 @@ secret-define :: - secret-define file + secret-define file [--validate] Create a secret with the properties specified in *file*, with no associated secret value. If *file* does not specify a UUID, choose one automatically. If *file* specifies a UUID of an existing secret, replace its properties by properties defined in *file*, without affecting the secret value. +Optionally, the format of the input XML file can be validated against an +internal RNG schema with *--validate*. secret-dumpxml -------------- diff --git a/tools/virsh-secret.c b/tools/virsh-secret.c index dde0d26398..173a77fd90 100644 --- a/tools/virsh-secret.c +++ b/tools/virsh-secret.c @@ -73,6 +73,10 @@ static const vshCmdInfo info_secret_define[] = { static const vshCmdOptDef opts_secret_define[] = { VIRSH_COMMON_OPT_FILE(N_("file containing secret attributes in XML")), + {.name = "validate", + .type = VSH_OT_BOOL, + .help = N_("validate the XML against the schema") + }, {.name = NULL} }; @@ -84,15 +88,19 @@ cmdSecretDefine(vshControl *ctl, const vshCmd *cmd) virSecretPtr res; char uuid[VIR_UUID_STRING_BUFLEN]; bool ret = false; + unsigned int flags = 0; virshControl *priv = ctl->privData; if (vshCommandOptStringReq(ctl, cmd, "file", &from) < 0) return false; + if (vshCommandOptBool(cmd, "validate")) + flags |= VIR_SECRET_DEFINE_VALIDATE; + if (virFileReadAll(from, VSH_MAX_XML_FILE, &buffer) < 0) return false; - if (!(res = virSecretDefineXML(priv->conn, buffer, 0))) { + if (!(res = virSecretDefineXML(priv->conn, buffer, flags))) { vshError(ctl, _("Failed to set attributes from %s"), from); goto cleanup; } -- 2.31.1

On a Friday in 2021, Kristina Hanicova wrote:
Kristina Hanicova (4): api: add virSecretDefineFlags secret_conf: add validation against schema in define secret_driver: allow VIR_SECRET_DEFINE_VALIDATE flag virsh: add support for '--validate' option in define secret
docs/manpages/virsh.rst | 4 +++- include/libvirt/libvirt-secret.h | 5 +++++ src/conf/secret_conf.c | 13 ++++++++----- src/conf/secret_conf.h | 2 +- src/libvirt-secret.c | 2 +- src/secret/secret_driver.c | 4 ++-- tools/virsh-secret.c | 10 +++++++++- 7 files changed, 29 insertions(+), 11 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
participants (2)
-
Ján Tomko
-
Kristina Hanicova