7:30 a.m.
Kristina Hanicova (4):
api: add virSecretDefineFlags
secret_conf: add validation against schema in define
secret_driver: allow VIR_SECRET_DEFINE_VALIDATE flag
virsh: add support for '--validate' option in define secret
docs/manpages/virsh.rst | 4 +++-
include/libvirt/libvirt-secret.h | 5 +++++
src/conf/secret_conf.c | 13 ++++++++-----
src/conf/secret_conf.h | 2 +-
src/libvirt-secret.c | 2 +-
src/secret/secret_driver.c | 4 ++--
tools/virsh-secret.c | 10 +++++++++-
7 files changed, 29 insertions(+), 11 deletions(-)
--
2.31.1
7:30 a.m.
New subject: [PATCH 1/4] api: add virSecretDefineFlags
Signed-off-by: Kristina Hanicova <khanicov(a)redhat.com>
---
include/libvirt/libvirt-secret.h | 5 +++++
src/libvirt-secret.c | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/include/libvirt/libvirt-secret.h b/include/libvirt/libvirt-secret.h
index e5aaac9450..b8e53674d8 100644
--- a/include/libvirt/libvirt-secret.h
+++ b/include/libvirt/libvirt-secret.h
@@ -88,6 +88,11 @@ virSecretPtr virSecretLookupByUUIDString(virConnectPtr
conn,
virSecretPtr virSecretLookupByUsage(virConnectPtr conn,
int usageType,
const char *usageID);
+
+typedef enum {
+ VIR_SECRET_DEFINE_VALIDATE = 1 << 0, /* Validate the XML document against
schema */
+} virSecretDefineFlags;
+
virSecretPtr virSecretDefineXML (virConnectPtr conn,
const char *xml,
unsigned int flags);
diff --git a/src/libvirt-secret.c b/src/libvirt-secret.c
index a427805c7a..d3626ed561 100644
--- a/src/libvirt-secret.c
+++ b/src/libvirt-secret.c
@@ -316,7 +316,7 @@ virSecretLookupByUsage(virConnectPtr conn,
* virSecretDefineXML:
* @conn: virConnect connection
* @xml: XML describing the secret.
- * @flags: extra flags; not used yet, so callers should always pass 0
+ * @flags: bitwise-OR of virSecretDefineFlags
*
* If XML specifies a UUID, locates the specified secret and replaces all
* attributes of the secret specified by UUID by attributes specified in xml
--
2.31.1
7:30 a.m.
New subject: [PATCH 2/4] secret_conf: add validation against schema in define
We need to validate the XML against schema if option '--validate'
was passed to the virsh command. This patch also includes
propagation of flags into the virSecretDefParse() function.
Signed-off-by: Kristina Hanicova <khanicov(a)redhat.com>
---
src/conf/secret_conf.c | 13 ++++++++-----
src/conf/secret_conf.h | 2 +-
src/secret/secret_driver.c | 2 +-
3 files changed, 10 insertions(+), 7 deletions(-)
diff --git a/src/conf/secret_conf.c b/src/conf/secret_conf.c
index ef6a4b606e..1dee90eba1 100644
--- a/src/conf/secret_conf.c
+++ b/src/conf/secret_conf.c
@@ -191,12 +191,14 @@ secretXMLParseNode(xmlDocPtr xml, xmlNodePtr root)
static virSecretDef *
virSecretDefParse(const char *xmlStr,
- const char *filename)
+ const char *filename,
+ unsigned int flags)
{
g_autoptr(xmlDoc) xml = NULL;
virSecretDef *ret = NULL;
- if ((xml = virXMLParse(filename, xmlStr, _("(definition_of_secret)"), NULL,
false))) {
+ if ((xml = virXMLParse(filename, xmlStr, _("(definition_of_secret)"),
"secret.rng",
+ flags & VIR_SECRET_DEFINE_VALIDATE))) {
ret = secretXMLParseNode(xml, xmlDocGetRootElement(xml));
}
@@ -204,15 +206,16 @@ virSecretDefParse(const char *xmlStr,
}
virSecretDef *
-virSecretDefParseString(const char *xmlStr)
+virSecretDefParseString(const char *xmlStr,
+ unsigned int flags)
{
- return virSecretDefParse(xmlStr, NULL);
+ return virSecretDefParse(xmlStr, NULL, flags);
}
virSecretDef *
virSecretDefParseFile(const char *filename)
{
- return virSecretDefParse(NULL, filename);
+ return virSecretDefParse(NULL, filename, 0);
}
static int
diff --git a/src/conf/secret_conf.h b/src/conf/secret_conf.h
index 373c96b729..36d50407fd 100644
--- a/src/conf/secret_conf.h
+++ b/src/conf/secret_conf.h
@@ -35,7 +35,7 @@ struct _virSecretDef {
void virSecretDefFree(virSecretDef *def);
G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSecretDef, virSecretDefFree);
-virSecretDef *virSecretDefParseString(const char *xml);
+virSecretDef *virSecretDefParseString(const char *xml, unsigned int flags);
virSecretDef *virSecretDefParseFile(const char *filename);
char *virSecretDefFormat(const virSecretDef *def);
diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c
index d2175de8ed..6b3f0711aa 100644
--- a/src/secret/secret_driver.c
+++ b/src/secret/secret_driver.c
@@ -222,7 +222,7 @@ secretDefineXML(virConnectPtr conn,
virCheckFlags(0, NULL);
- if (!(def = virSecretDefParseString(xml)))
+ if (!(def = virSecretDefParseString(xml, 0)))
return NULL;
if (virSecretDefineXMLEnsureACL(conn, def) < 0)
--
2.31.1
7:30 a.m.
New subject: [PATCH 3/4] secret_driver: allow VIR_SECRET_DEFINE_VALIDATE flag
Signed-off-by: Kristina Hanicova <khanicov(a)redhat.com>
---
src/secret/secret_driver.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c
index 6b3f0711aa..43aeae9568 100644
--- a/src/secret/secret_driver.c
+++ b/src/secret/secret_driver.c
@@ -220,9 +220,9 @@ secretDefineXML(virConnectPtr conn,
virSecretDef *def;
virObjectEvent *event = NULL;
- virCheckFlags(0, NULL);
+ virCheckFlags(VIR_SECRET_DEFINE_VALIDATE, NULL);
- if (!(def = virSecretDefParseString(xml, 0)))
+ if (!(def = virSecretDefParseString(xml, flags)))
return NULL;
if (virSecretDefineXMLEnsureACL(conn, def) < 0)
--
2.31.1
7:30 a.m.
New subject: [PATCH 4/4] virsh: add support for '--validate' option in define secret
Signed-off-by: Kristina Hanicova <khanicov(a)redhat.com>
---
docs/manpages/virsh.rst | 4 +++-
tools/virsh-secret.c | 10 +++++++++-
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index 3eb310d02e..de6d6ee1c2 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -6697,13 +6697,15 @@ secret-define
::
- secret-define file
+ secret-define file [--validate]
Create a secret with the properties specified in *file*, with no associated
secret value. If *file* does not specify a UUID, choose one automatically.
If *file* specifies a UUID of an existing secret, replace its properties by
properties defined in *file*, without affecting the secret value.
+Optionally, the format of the input XML file can be validated against an
+internal RNG schema with *--validate*.
secret-dumpxml
--------------
diff --git a/tools/virsh-secret.c b/tools/virsh-secret.c
index dde0d26398..173a77fd90 100644
--- a/tools/virsh-secret.c
+++ b/tools/virsh-secret.c
@@ -73,6 +73,10 @@ static const vshCmdInfo info_secret_define[] = {
static const vshCmdOptDef opts_secret_define[] = {
VIRSH_COMMON_OPT_FILE(N_("file containing secret attributes in XML")),
+ {.name = "validate",
+ .type = VSH_OT_BOOL,
+ .help = N_("validate the XML against the schema")
+ },
{.name = NULL}
};
@@ -84,15 +88,19 @@ cmdSecretDefine(vshControl *ctl, const vshCmd *cmd)
virSecretPtr res;
char uuid[VIR_UUID_STRING_BUFLEN];
bool ret = false;
+ unsigned int flags = 0;
virshControl *priv = ctl->privData;
if (vshCommandOptStringReq(ctl, cmd, "file", &from) < 0)
return false;
+ if (vshCommandOptBool(cmd, "validate"))
+ flags |= VIR_SECRET_DEFINE_VALIDATE;
+
if (virFileReadAll(from, VSH_MAX_XML_FILE, &buffer) < 0)
return false;
- if (!(res = virSecretDefineXML(priv->conn, buffer, 0))) {
+ if (!(res = virSecretDefineXML(priv->conn, buffer, flags))) {
vshError(ctl, _("Failed to set attributes from %s"), from);
goto cleanup;
}
--
2.31.1
8:36 a.m.
On a Friday in 2021, Kristina Hanicova wrote:
Kristina Hanicova (4):
api: add virSecretDefineFlags
secret_conf: add validation against schema in define
secret_driver: allow VIR_SECRET_DEFINE_VALIDATE flag
virsh: add support for '--validate' option in define secret
docs/manpages/virsh.rst | 4 +++-
include/libvirt/libvirt-secret.h | 5 +++++
src/conf/secret_conf.c | 13 ++++++++-----
src/conf/secret_conf.h | 2 +-
src/libvirt-secret.c | 2 +-
src/secret/secret_driver.c | 4 ++--
tools/virsh-secret.c | 10 +++++++++-
7 files changed, 29 insertions(+), 11 deletions(-)
Reviewed-by: Ján Tomko <jtomko(a)redhat.com>
Jano
1190
days inactive
1190
days old
5 comments
2 participants
participants (2)
-
Ján Tomko -
Kristina Hanicova