mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-24 14:45:24 +00:00
qemu: domain: Add helper to check if encrypted secrets can be used with a VM
This helper checks that the vm has the master key setup and libvirt supports the given encryption algorithm. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
parent
538703ba6f
commit
2d309f961e
@ -1292,6 +1292,22 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* qemuDomainSupportsEncryptedSecret:
|
||||
* @priv: qemu domain private data
|
||||
*
|
||||
* Returns true if libvirt can use encrypted 'secret' objects with VM which
|
||||
* @priv belongs to.
|
||||
*/
|
||||
bool
|
||||
qemuDomainSupportsEncryptedSecret(qemuDomainObjPrivatePtr priv)
|
||||
{
|
||||
return virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC) &&
|
||||
virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) &&
|
||||
priv->masterKey;
|
||||
}
|
||||
|
||||
|
||||
/* qemuDomainSecretSetup:
|
||||
* @priv: pointer to domain private object
|
||||
* @secinfo: Pointer to secret info
|
||||
@ -1320,8 +1336,7 @@ qemuDomainSecretSetup(qemuDomainObjPrivatePtr priv,
|
||||
bool iscsiHasPS = virQEMUCapsGet(priv->qemuCaps,
|
||||
QEMU_CAPS_ISCSI_PASSWORD_SECRET);
|
||||
|
||||
if (virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC) &&
|
||||
virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) &&
|
||||
if (qemuDomainSupportsEncryptedSecret(priv) &&
|
||||
(usageType == VIR_SECRET_USAGE_TYPE_CEPH ||
|
||||
(usageType == VIR_SECRET_USAGE_TYPE_ISCSI && iscsiHasPS) ||
|
||||
usageType == VIR_SECRET_USAGE_TYPE_VOLUME ||
|
||||
|
@ -831,6 +831,8 @@ int qemuDomainMasterKeyCreate(virDomainObjPtr vm);
|
||||
|
||||
void qemuDomainMasterKeyRemove(qemuDomainObjPrivatePtr priv);
|
||||
|
||||
bool qemuDomainSupportsEncryptedSecret(qemuDomainObjPrivatePtr priv);
|
||||
|
||||
void qemuDomainSecretInfoFree(qemuDomainSecretInfoPtr *secinfo)
|
||||
ATTRIBUTE_NONNULL(1);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user