External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-22 04:25:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

tests: qemublock: Add test combining authentication and encryption

Browse Source 
iscsi and rbd support authentication of the connection. Combine it with
encryption of qcow2.

The top level disk image would generate the following '-drive' cmdline:

-drive file=rbd:rbdpool/rbdimg:id=testuser-rbd:auth_supported=cephx\;none:
            mon_host=host1.example.com\;host2.example.com,
            file.password-secret=node-a-s-secalias,encrypt.format=luks,
            encrypt.key-secret=node-b-f-encalias,format=qcow2,
            if=none,id=drive-dummy
-device virtio-blk-pci,scsi=off,drive=drive-dummy,id=dummy

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
This commit is contained in:
Peter Krempa 2018-03-19 12:51:20 +01:00
parent 2c71edcf90
commit 18458e8fd1
3 changed files with 92 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
tests/qemublocktest.c
View File

@ -464,6 +464,7 @@ mymain(void)
TEST_DISK_TO_JSON("file-qcow2-backing-chain-noopts");
TEST_DISK_TO_JSON("file-qcow2-backing-chain-unterminated");
TEST_DISK_TO_JSON("file-qcow2-backing-chain-encryption");
TEST_DISK_TO_JSON("network-qcow2-backing-chain-encryption_auth");
cleanup:
virHashFree(diskxmljsondata.schema);

51
tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.json Normal file
View File

@ -0,0 +1,51 @@
{
"node-name": "node-b-f",
"read-only": false,
"driver": "qcow2",
"encrypt": {
"format": "luks",
"key-secret": "node-b-f-encalias"
},
"file": {
"driver": "rbd",
"pool": "rbdpool",
"image": "rbdimg",
"server": [
{
"host": "host1.example.com",
"port": "0"
},
{
"host": "host2.example.com",
"port": "0"
}
],
"user": "testuser-rbd",
"node-name": "node-a-s",
"read-only": false,
"discard": "unmap"
},
"backing": "node-b-f"
}
{
"node-name": "node-b-f",
"read-only": true,
"driver": "qcow2",
"encrypt": {
"format": "aes",
"key-secret": "node-b-f-encalias"
},
"file": {
"driver": "iscsi",
"portal": "example.org:3260",
"target": "iqn.2016-09.com.example:iscsitarget",
"lun": 1,
"transport": "tcp",
"user": "testuser-iscsi",
"password-secret": "node-b-s-secalias",
"node-name": "node-b-s",
"read-only": true,
"discard": "unmap"
},
"backing": null
}

40
tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.xml Normal file
View File

@ -0,0 +1,40 @@
<disk type='network' device='disk'>
<driver name='qemu' type='qcow2'/>
<source protocol='rbd' name='rbdpool/rbdimg'>
<host name='host1.example.com'/>
<host name='host2.example.com'/>
<encryption format='luks'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
<auth username='testuser-rbd'>
<secret type='ceph' usage='testuser-rbd-secret'/>
</auth>
<privateData>
<nodenames>
<nodename type='storage' name='node-a-s'/>
<nodename type='format' name='node-b-f'/>
</nodenames>
</privateData>
</source>
<backingStore type='network' index='1'>
<format type='qcow2'/>
<source protocol='iscsi' name='iqn.2016-09.com.example:iscsitarget/1'>
<host name='example.org'/>
<privateData>
<nodenames>
<nodename type='storage' name='node-b-s'/>
<nodename type='format' name='node-b-f'/>
</nodenames>
</privateData>
<encryption format='qcow'>
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
</encryption>
<auth username='testuser-iscsi'>
<secret type='iscsi' usage='testuser-iscsi-secret'/>
</auth>
</source>
<backingStore/>
</backingStore>
<target dev='vda' bus='virtio'/>
<alias name='virtio-disk0'/>
</disk>