diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index fd3381827c..c2cf75f5ff 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -1768,12 +1768,12 @@
holds the actual password or other credentials (the domain XML
intentionally does not expose the password, only the reference
to the object that does manage the password). For now, the
- only known secret type
is "ceph", for Ceph RBD
- network sources, and requires either an
- attribute uuid
with the UUID of the Ceph secret
- object, or an attribute usage
with the name
- associated with the Ceph secret
- object. libvirt 0.9.7
+ known secret type
s are "ceph", for Ceph RBD
+ network sources, and "iscsi", for CHAP authentication of iSCSI
+ targets. Both require either a uuid
attribute
+ with the UUID of the secret object, or a usage
+ attribute matching the key that was specified in the
+ secret object. libvirt 0.9.7
geometry
The optional geometry
element provides the
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 1b49b5aee2..32a69153ad 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -3642,6 +3642,7 @@
ceph
+ iscsi
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 8f76e8eacd..159a23dc64 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -3992,6 +3992,8 @@ virDomainDiskDefParseXML(virCapsPtr caps,
char *wwn = NULL;
char *vendor = NULL;
char *product = NULL;
+ int expected_secret_usage = -1;
+ int auth_secret_usage = -1;
if (VIR_ALLOC(def) < 0) {
virReportOOMError();
@@ -4029,7 +4031,6 @@ virDomainDiskDefParseXML(virCapsPtr caps,
if (cur->type == XML_ELEMENT_NODE) {
if (!source && !hosts &&
xmlStrEqual(cur->name, BAD_CAST "source")) {
-
sourceNode = cur;
switch (def->type) {
@@ -4057,6 +4058,11 @@ virDomainDiskDefParseXML(virCapsPtr caps,
protocol);
goto error;
}
+ if (def->protocol == VIR_DOMAIN_DISK_PROTOCOL_ISCSI) {
+ expected_secret_usage = VIR_SECRET_USAGE_TYPE_ISCSI;
+ } else if (def->protocol == VIR_DOMAIN_DISK_PROTOCOL_RBD) {
+ expected_secret_usage = VIR_SECRET_USAGE_TYPE_CEPH;
+ }
if (!(source = virXMLPropString(cur, "name")) &&
def->protocol != VIR_DOMAIN_DISK_PROTOCOL_NBD) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
@@ -4242,8 +4248,9 @@ virDomainDiskDefParseXML(virCapsPtr caps,
_("missing type for secret"));
goto error;
}
- if (virSecretUsageTypeTypeFromString(usageType) !=
- VIR_SECRET_USAGE_TYPE_CEPH) {
+ auth_secret_usage =
+ virSecretUsageTypeTypeFromString(usageType);
+ if (auth_secret_usage < 0) {
virReportError(VIR_ERR_XML_ERROR,
_("invalid secret type %s"),
usageType);
@@ -4393,6 +4400,13 @@ virDomainDiskDefParseXML(virCapsPtr caps,
cur = cur->next;
}
+ if (auth_secret_usage != -1 && auth_secret_usage != expected_secret_usage) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("invalid secret type '%s'"),
+ virSecretUsageTypeTypeToString(auth_secret_usage));
+ goto error;
+ }
+
device = virXMLPropString(node, "device");
if (device) {
if ((def->device = virDomainDiskDeviceTypeFromString(device)) < 0) {
@@ -12787,15 +12801,18 @@ virDomainDiskDefFormat(virBufferPtr buf,
if (def->auth.username) {
virBufferEscapeString(buf, " \n",
def->auth.username);
+ if (def->protocol == VIR_DOMAIN_DISK_PROTOCOL_ISCSI) {
+ virBufferAsprintf(buf, " protocol == VIR_DOMAIN_DISK_PROTOCOL_RBD) {
+ virBufferAsprintf(buf, " auth.secretType == VIR_DOMAIN_DISK_SECRET_TYPE_UUID) {
virUUIDFormat(def->auth.secret.uuid, uuidstr);
- virBufferAsprintf(buf,
- " \n",
- uuidstr);
+ virBufferAsprintf(buf, " uuid='%s'/>\n", uuidstr);
}
if (def->auth.secretType == VIR_DOMAIN_DISK_SECRET_TYPE_USAGE) {
- virBufferEscapeString(buf,
- " \n",
+ virBufferEscapeString(buf, " usage='%s'/>\n",
def->auth.secret.usage);
}
virBufferAddLit(buf, " \n");
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth.xml
new file mode 100644
index 0000000000..acaa5031e9
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth.xml
@@ -0,0 +1,31 @@
+
+ QEMUGuest1
+ c7a5fdbd-edaf-9455-926a-d65c16db1809
+ 219136
+ 219136
+ 1
+
+ hvm
+
+
+
+ destroy
+ restart
+ destroy
+
+ /usr/bin/qemu
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index 41613ea95c..899414df5f 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -175,6 +175,7 @@ mymain(void)
DO_TEST("disk-drive-network-nbd-ipv6-export");
DO_TEST("disk-drive-network-nbd-unix");
DO_TEST("disk-drive-network-iscsi");
+ DO_TEST("disk-drive-network-iscsi-auth");
DO_TEST("disk-scsi-device");
DO_TEST("disk-scsi-vscsi");
DO_TEST("disk-scsi-virtio-scsi");