We need to validate the XML against schema if option '--validate' was passed to the virsh command. This patch also includes propagation of flags into the virSecretDefParse() function. Signed-off-by: Kristina Hanicova <khanicov@redhat.com> --- src/conf/secret_conf.c | 13 ++++++++----- src/conf/secret_conf.h | 2 +- src/secret/secret_driver.c | 2 +- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/src/conf/secret_conf.c b/src/conf/secret_conf.c index ef6a4b606e..1dee90eba1 100644 --- a/src/conf/secret_conf.c +++ b/src/conf/secret_conf.c @@ -191,12 +191,14 @@ secretXMLParseNode(xmlDocPtr xml, xmlNodePtr root) static virSecretDef * virSecretDefParse(const char *xmlStr, - const char *filename) + const char *filename, + unsigned int flags) { g_autoptr(xmlDoc) xml = NULL; virSecretDef *ret = NULL; - if ((xml = virXMLParse(filename, xmlStr, _("(definition_of_secret)"), NULL, false))) { + if ((xml = virXMLParse(filename, xmlStr, _("(definition_of_secret)"), "secret.rng", + flags & VIR_SECRET_DEFINE_VALIDATE))) { ret = secretXMLParseNode(xml, xmlDocGetRootElement(xml)); } @@ -204,15 +206,16 @@ virSecretDefParse(const char *xmlStr, } virSecretDef * -virSecretDefParseString(const char *xmlStr) +virSecretDefParseString(const char *xmlStr, + unsigned int flags) { - return virSecretDefParse(xmlStr, NULL); + return virSecretDefParse(xmlStr, NULL, flags); } virSecretDef * virSecretDefParseFile(const char *filename) { - return virSecretDefParse(NULL, filename); + return virSecretDefParse(NULL, filename, 0); } static int diff --git a/src/conf/secret_conf.h b/src/conf/secret_conf.h index 373c96b729..36d50407fd 100644 --- a/src/conf/secret_conf.h +++ b/src/conf/secret_conf.h @@ -35,7 +35,7 @@ struct _virSecretDef { void virSecretDefFree(virSecretDef *def); G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSecretDef, virSecretDefFree); -virSecretDef *virSecretDefParseString(const char *xml); +virSecretDef *virSecretDefParseString(const char *xml, unsigned int flags); virSecretDef *virSecretDefParseFile(const char *filename); char *virSecretDefFormat(const virSecretDef *def); diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c index d2175de8ed..6b3f0711aa 100644 --- a/src/secret/secret_driver.c +++ b/src/secret/secret_driver.c @@ -222,7 +222,7 @@ secretDefineXML(virConnectPtr conn, virCheckFlags(0, NULL); - if (!(def = virSecretDefParseString(xml))) + if (!(def = virSecretDefParseString(xml, 0))) return NULL; if (virSecretDefineXMLEnsureACL(conn, def) < 0) -- 2.31.1

Signed-off-by: Kristina Hanicova <khanicov@redhat.com> --- docs/manpages/virsh.rst | 4 +++- tools/virsh-secret.c | 10 +++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst index 3eb310d02e..de6d6ee1c2 100644 --- a/docs/manpages/virsh.rst +++ b/docs/manpages/virsh.rst @@ -6697,13 +6697,15 @@ secret-define :: - secret-define file + secret-define file [--validate] Create a secret with the properties specified in *file*, with no associated secret value. If *file* does not specify a UUID, choose one automatically. If *file* specifies a UUID of an existing secret, replace its properties by properties defined in *file*, without affecting the secret value. +Optionally, the format of the input XML file can be validated against an +internal RNG schema with *--validate*. secret-dumpxml -------------- diff --git a/tools/virsh-secret.c b/tools/virsh-secret.c index dde0d26398..173a77fd90 100644 --- a/tools/virsh-secret.c +++ b/tools/virsh-secret.c @@ -73,6 +73,10 @@ static const vshCmdInfo info_secret_define[] = { static const vshCmdOptDef opts_secret_define[] = { VIRSH_COMMON_OPT_FILE(N_("file containing secret attributes in XML")), + {.name = "validate", + .type = VSH_OT_BOOL, + .help = N_("validate the XML against the schema") + }, {.name = NULL} }; @@ -84,15 +88,19 @@ cmdSecretDefine(vshControl *ctl, const vshCmd *cmd) virSecretPtr res; char uuid[VIR_UUID_STRING_BUFLEN]; bool ret = false; + unsigned int flags = 0; virshControl *priv = ctl->privData; if (vshCommandOptStringReq(ctl, cmd, "file", &from) < 0) return false; + if (vshCommandOptBool(cmd, "validate")) + flags |= VIR_SECRET_DEFINE_VALIDATE; + if (virFileReadAll(from, VSH_MAX_XML_FILE, &buffer) < 0) return false; - if (!(res = virSecretDefineXML(priv->conn, buffer, 0))) { + if (!(res = virSecretDefineXML(priv->conn, buffer, flags))) { vshError(ctl, _("Failed to set attributes from %s"), from); goto cleanup; } -- 2.31.1