External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-03 11:35:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Secret manipulation public API

Browse Source 
This patch adds a "secret" as a separately managed object, using a
special-purpose API to transfer the secret values between nodes and
libvirt users.

* docs/schemas/secret.rng, docs/schemas/Makefilem.am: Add new
  schema for virSecret objects
* docs/*html: Re-generated
* docs/formatsecret.html.in, docs/sitemap.html.in: Add page
  describing the virSecret XML schema
* include/libvirt/libvirt.h.in: Define the new virSecret public
  API
* src/libvirt_public.syms: Export symbols for new public APIs
* mingw32-libvirt.spec.in, libvirt.spec.in: Add secret.rng to
  files list
This commit is contained in:
Miloslav Trmač 2009-07-28 02:39:48 +02:00 committed by Daniel P. Berrange
parent 3697a0cef6
commit 6acc17af8c
17 changed files with 392 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/format.html
View File

@ -70,6 +70,10 @@
<div>
<a title="The host device XML format" class="inactive" href="formatnode.html">Node Devices</a>
</div>
</li><li>
<div>
<a title="The secret XML format" class="inactive" href="formatsecret.html">Secrets</a>
</div>
</li></ul>
</div>
</li><li>

4
docs/formatcaps.html
View File

@ -70,6 +70,10 @@
<div>
<a title="The host device XML format" class="inactive" href="formatnode.html">Node Devices</a>
</div>
</li><li>
<div>
<a title="The secret XML format" class="inactive" href="formatsecret.html">Secrets</a>
</div>
</li></ul>
</div>
</li><li>

4
docs/formatdomain.html
View File

@ -70,6 +70,10 @@
<div>
<a title="The host device XML format" class="inactive" href="formatnode.html">Node Devices</a>
</div>
</li><li>
<div>
<a title="The secret XML format" class="inactive" href="formatsecret.html">Secrets</a>
</div>
</li></ul>
</div>
</li><li>

4
docs/formatnetwork.html
View File

@ -70,6 +70,10 @@
<div>
<a title="The host device XML format" class="inactive" href="formatnode.html">Node Devices</a>
</div>
</li><li>
<div>
<a title="The secret XML format" class="inactive" href="formatsecret.html">Secrets</a>
</div>
</li></ul>
</div>
</li><li>

4
docs/formatnode.html
View File

@ -70,6 +70,10 @@
<div>
<span class="active">Node Devices</span>
</div>
</li><li>
<div>
<a title="The secret XML format" class="inactive" href="formatsecret.html">Secrets</a>
</div>
</li></ul>
</div>
</li><li>

170
docs/formatsecret.html Normal file
View File

@ -0,0 +1,170 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!--
This file is autogenerated from formatsecret.html.in
Do not edit this file. Changes will be lost.
-->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<link rel="stylesheet" type="text/css" href="main.css" />
<link rel="SHORTCUT ICON" href="32favicon.png" />
<title>libvirt: Secret XML format</title>
<meta name="description" content="libvirt, virtualization, virtualization API" />
</head>
<body>
<div id="header">
<div id="headerLogo"></div>
<div id="headerSearch">
<form action="search.php" enctype="application/x-www-form-urlencoded" method="get"><div>
<input id="query" name="query" type="text" size="12" value="" />
<input id="submit" name="submit" type="submit" value="Search" />
</div></form>
</div>
</div>
<div id="body">
<div id="menu">
<ul class="l0"><li>
<div>
<a title="Front page of the libvirt website" class="inactive" href="index.html">Home</a>
</div>
</li><li>
<div>
<a title="Details of new features and bugs fixed in each release" class="inactive" href="news.html">News</a>
</div>
</li><li>
<div>
<a title="Get the latest source releases, binary builds and get access to the source repository" class="inactive" href="downloads.html">Downloads</a>
</div>
</li><li>
<div>
<a title="Information for users, administrators and developers" class="active" href="docs.html">Documentation</a>
<ul class="l1"><li>
<div>
<a title="Information about deploying and using libvirt" class="inactive" href="deployment.html">Deployment</a>
</div>
</li><li>
<div>
<a title="Overview of the logical subsystems in the libvirt API" class="inactive" href="intro.html">Architecture</a>
</div>
</li><li>
<div>
<a title="Description of the XML formats used in libvirt" class="active" href="format.html">XML format</a>
<ul class="l2"><li>
<div>
<a title="The domain XML format" class="inactive" href="formatdomain.html">Domains</a>
</div>
</li><li>
<div>
<a title="The virtual network XML format" class="inactive" href="formatnetwork.html">Networks</a>
</div>
</li><li>
<div>
<a title="The storage pool and volume XML format" class="inactive" href="formatstorage.html">Storage</a>
</div>
</li><li>
<div>
<a title="The driver capabilities XML format" class="inactive" href="formatcaps.html">Capabilities</a>
</div>
</li><li>
<div>
<a title="The host device XML format" class="inactive" href="formatnode.html">Node Devices</a>
</div>
</li><li>
<div>
<span class="active">Secrets</span>
</div>
</li></ul>
</div>
</li><li>
<div>
<a title="Hypervisor specific driver information" class="inactive" href="drivers.html">Drivers</a>
</div>
</li><li>
<div>
<a title="Reference manual for the C public API" class="inactive" href="html/index.html">API reference</a>
</div>
</li><li>
<div>
<a title="Bindings of the libvirt API for other languages" class="inactive" href="bindings.html">Language bindings</a>
</div>
</li><li>
<div>
<a title="Working on the internals of libvirt API, driver and daemon code" class="inactive" href="internals.html">Internals</a>
</div>
</li></ul>
</div>
</li><li>
<div>
<a title="User contributed content" class="inactive" href="http://wiki.libvirt.org">Wiki</a>
</div>
</li><li>
<div>
<a title="Frequently asked questions" class="inactive" href="FAQ.html">FAQ</a>
</div>
</li><li>
<div>
<a title="How and where to report bugs and request features" class="inactive" href="bugs.html">Bug reports</a>
</div>
</li><li>
<div>
<a title="How to contact the developers via email and IRC" class="inactive" href="contact.html">Contact</a>
</div>
</li><li>
<div>
<a title="Miscellaneous links of interest related to libvirt" class="inactive" href="relatedlinks.html">Related Links</a>
</div>
</li><li>
<div>
<a title="Overview of all content on the website" class="inactive" href="sitemap.html">Sitemap</a>
</div>
</li></ul>
</div>
<div id="content">
<h1>Secret XML format</h1>
<ul><li>
<a href="#SecretAttributes">Secret XML</a>
</li><li>
<a href="#example">Example</a>
</li></ul>
<h2>
<a name="SecretAttributes" id="SecretAttributes">Secret XML</a>
</h2>
<p>
Secrets stored by libvirt may have attributes associated with them, using
the <code>secret</code> element. The <code>secret</code> element has two
optional attributes, each with values '<code>yes</code>' and
'<code>no</code>', and defaulting to '<code>no</code>':
</p>
<dl><dt><code>ephemeral</code></dt><dd>This secret must only be kept in memory, never stored persistently.
</dd><dt><code>private</code></dt><dd>The value of the secret must not be revealed to any caller of libvirt,
nor to any other node.
</dd></dl>
<p>
The top-level <code>secret</code> element may contain the following
elements:
</p>
<dl><dt><code>uuid</code></dt><dd>
An unique identifier for this secret (not necessarily in the UUID
format). If omitted when defining a new secret, a random UUID is
generated.
</dd><dt><code>volume</code></dt><dd>Key of a volume this secret is associated with. It is safe to delete
the secret after the volume is deleted.
</dd><dt><code>description</code></dt><dd>A human-readable description of the purpose of the secret.
</dd></dl>
<h2>
<a name="example" id="example">Example</a>
</h2>
<pre>
&lt;secret ephemeral='no' private='yes'&gt;
&lt;volume&gt;/var/lib/libvirt/images/mail.img&lt;/volume&gt;
&lt;description&gt;LUKS passphrase for the main hard drive of our mail server&lt;/description&gt;
&lt;/secret&gt;</pre>
</div>
</div>
<div id="footer">
<p id="sponsor">
Sponsored by:<br /><a href="http://et.redhat.com/"><img src="et.png" alt="Project sponsored by Red Hat Emerging Technology" /></a></p>
</div>
</body>
</html>

52
docs/formatsecret.html.in Normal file
View File

@ -0,0 +1,52 @@
<html>
<body>
<h1>Secret XML format</h1>
<ul id="toc"></ul>
<h2><a name="SecretAttributes">Secret XML</a></h2>
<p>
Secrets stored by libvirt may have attributes associated with them, using
the <code>secret</code> element. The <code>secret</code> element has two
optional attributes, each with values '<code>yes</code>' and
'<code>no</code>', and defaulting to '<code>no</code>':
</p>
<dl>
<dt><code>ephemeral</code></dt>
<dd>This secret must only be kept in memory, never stored persistently.
</dd>
<dt><code>private</code></dt>
<dd>The value of the secret must not be revealed to any caller of libvirt,
nor to any other node.
</dd>
</dl>
<p>
The top-level <code>secret</code> element may contain the following
elements:
</p>
<dl>
<dt><code>uuid</code></dt>
<dd>
An unique identifier for this secret (not necessarily in the UUID
format). If omitted when defining a new secret, a random UUID is
generated.
</dd>
<dt><code>volume</code></dt>
<dd>Key of a volume this secret is associated with. It is safe to delete
the secret after the volume is deleted.
</dd>
<dt><code>description</code></dt>
<dd>A human-readable description of the purpose of the secret.
</dd>
</dl>
<h2><a name="example">Example</a></h2>
<pre>
&lt;secret ephemeral='no' private='yes'&gt;
&lt;volume&gt;/var/lib/libvirt/images/mail.img&lt;/volume&gt;
&lt;description&gt;LUKS passphrase for the main hard drive of our mail server&lt;/description&gt;
&lt;/secret&gt;</pre>
</body>
</html>

4
docs/formatstorage.html
View File

@ -70,6 +70,10 @@
<div>
<a title="The host device XML format" class="inactive" href="formatnode.html">Node Devices</a>
</div>
</li><li>
<div>
<a title="The secret XML format" class="inactive" href="formatsecret.html">Secrets</a>
</div>
</li></ul>
</div>
</li><li>

1
docs/schemas/Makefile.am
View File

@ -5,6 +5,7 @@ schema_DATA = \
domain.rng \
interface.rng \
network.rng \
secret.rng \
storagepool.rng \
storagevol.rng \
nodedev.rng \

44
docs/schemas/secret.rng Normal file
View File

@ -0,0 +1,44 @@
<!-- A Relax NG schema for the libvirt secret properties XML format -->
<grammar xmlns="http://relaxng.org/ns/structure/1.0">
<start>
<ref name='secret'/>
</start>
<define name='secret'>
<element name='secret'>
<optional>
<attribute name='ephemeral'>
<choice>
<value>yes</value>
<value>no</value>
</choice>
</attribute>
</optional>
<optional>
<attribute name='private'>
<choice>
<value>yes</value>
<value>no</value>
</choice>
</attribute>
</optional>
<interleave>
<optional>
<element name='uuid'>
<text/>
</element>
</optional>
<optional>
<element name='description'>
<text/>
</element>
</optional>
<optional>
<element name='volume'>
<text/>
</element>
</optional>
</interleave>
</element>
</define>
</grammar>

3
docs/sitemap.html
View File

@ -141,6 +141,9 @@
</li><li>
<a href="formatnode.html">Node Devices</a>
<span>The host device XML format</span>
</li><li>
<a href="formatsecret.html">Secrets</a>
<span>The secret XML format</span>
</li></ul></li><li>
<a href="drivers.html">Drivers</a>
<span>Hypervisor specific driver information</span>

4
docs/sitemap.html.in
View File

@ -106,6 +106,10 @@
<a href="formatnode.html">Node Devices</a>
<span>The host device XML format</span>
</li>
<li>
<a href="formatsecret.html">Secrets</a>
<span>The secret XML format</span>
</li>
</ul>
</li>
<li>

38
include/libvirt/libvirt.h
View File

@ -1448,6 +1448,44 @@ void virEventRegisterImpl(virEventAddHandleFunc addHandle,
virEventAddTimeoutFunc addTimeout,
virEventUpdateTimeoutFunc updateTimeout,
virEventRemoveTimeoutFunc removeTimeout);
/*
* Secret manipulation API
*/
/**
* virSecret:
*
* A virSecret stores a secret value (e.g. a passphrase or encryption key)
* and associated metadata.
*/
typedef struct _virSecret virSecret;
typedef virSecret *virSecretPtr;
virConnectPtr virSecretGetConnect (virSecretPtr secret);
int virConnectNumOfSecrets (virConnectPtr conn);
int virConnectListSecrets (virConnectPtr conn,
char **uuids,
int maxuuids);
virSecretPtr virSecretLookupByUUIDString(virConnectPtr conn,
const char *uuid);
virSecretPtr virSecretDefineXML (virConnectPtr conn,
const char *xml,
unsigned int flags);
char * virSecretGetUUIDString (virSecretPtr secret);
char * virSecretGetXMLDesc (virSecretPtr secret,
unsigned int flags);
int virSecretSetValue (virSecretPtr secret,
const unsigned char *value,
size_t value_size,
unsigned int flags);
unsigned char * virSecretGetValue (virSecretPtr secret,
size_t *value_size,
unsigned int flags);
int virSecretUndefine (virSecretPtr secret);
int virSecretRef (virSecretPtr secret);
int virSecretFree (virSecretPtr secret);
#ifdef __cplusplus
}
#endif

38
include/libvirt/libvirt.h.in
View File

@ -1448,6 +1448,44 @@ void virEventRegisterImpl(virEventAddHandleFunc addHandle,
virEventAddTimeoutFunc addTimeout,
virEventUpdateTimeoutFunc updateTimeout,
virEventRemoveTimeoutFunc removeTimeout);
/*
* Secret manipulation API
*/
/**
* virSecret:
*
* A virSecret stores a secret value (e.g. a passphrase or encryption key)
* and associated metadata.
*/
typedef struct _virSecret virSecret;
typedef virSecret *virSecretPtr;
virConnectPtr virSecretGetConnect (virSecretPtr secret);
int virConnectNumOfSecrets (virConnectPtr conn);
int virConnectListSecrets (virConnectPtr conn,
char **uuids,
int maxuuids);
virSecretPtr virSecretLookupByUUIDString(virConnectPtr conn,
const char *uuid);
virSecretPtr virSecretDefineXML (virConnectPtr conn,
const char *xml,
unsigned int flags);
char * virSecretGetUUIDString (virSecretPtr secret);
char * virSecretGetXMLDesc (virSecretPtr secret,
unsigned int flags);
int virSecretSetValue (virSecretPtr secret,
const unsigned char *value,
size_t value_size,
unsigned int flags);
unsigned char * virSecretGetValue (virSecretPtr secret,
size_t *value_size,
unsigned int flags);
int virSecretUndefine (virSecretPtr secret);
int virSecretRef (virSecretPtr secret);
int virSecretFree (virSecretPtr secret);
#ifdef __cplusplus
}
#endif

1
libvirt.spec.in
View File

@ -581,6 +581,7 @@ fi
%{_datadir}/libvirt/schemas/nodedev.rng
%{_datadir}/libvirt/schemas/capability.rng
%{_datadir}/libvirt/schemas/interface.rng
%{_datadir}/libvirt/schemas/secret.rng
%if %{with_sasl}
%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf

1
mingw32-libvirt.spec.in
View File

@ -94,6 +94,7 @@ rm -rf $RPM_BUILD_ROOT
%{_mingw32_datadir}/libvirt/schemas/nodedev.rng
%{_mingw32_datadir}/libvirt/schemas/capability.rng
%{_mingw32_datadir}/libvirt/schemas/interface.rng
%{_mingw32_datadir}/libvirt/schemas/secret.rng
%{_mingw32_datadir}/locale/*/LC_MESSAGES/libvirt.mo

16
src/libvirt_public.syms
View File

@ -292,3 +292,19 @@ LIBVIRT_0.7.0 {
} LIBVIRT_0.6.4;
# .... define new API here using predicted next version number ....
LIBVIRT_0.7.1 {
global:
virSecretGetConnect;
virConnectNumOfSecrets;
virConnectListSecrets;
virSecretLookupByUUIDString;
virSecretDefineXML;
virSecretGetUUIDString;
virSecretGetXMLDesc;
virSecretSetValue;
virSecretGetValue;
virSecretUndefine;
virSecretRef;
virSecretFree;
} LIBVIRT_0.7.0;