External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-07 17:28:15 +00:00
Code

qemuDomainValidateStorageSource: Reorganize encryption config validation

Browse Source 
Move the two ad-hoc checks below into the block which already tests
whether encryption is requested.

If we first disallow the old-style qcow2 encryption we can remove a
whole block of validation later on.

Also the capability check for qcow2+luks can be simplified by moving it
into the same block.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Peter Krempa 2022-04-22 16:25:18 +02:00
parent a2b85fcc48
commit 7c9459b88b
1 changed files with 17 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
src/qemu/qemu_domain.c
View File

@ -4821,25 +4821,6 @@ qemuDomainValidateStorageSource(virStorageSource *src,
return -1;
}
if ((src->format == VIR_STORAGE_FILE_QCOW ||
src->format == VIR_STORAGE_FILE_QCOW2) &&
src->encryption &&
(src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT ||
src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_QCOW)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("old qcow/qcow2 encryption is not supported"));
return -1;
}
if (src->format == VIR_STORAGE_FILE_QCOW2 &&
src->encryption &&
src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS &&
!virQEMUCapsGet(qemuCaps, QEMU_CAPS_QCOW2_LUKS)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("LUKS encrypted QCOW2 images are not supported by this QEMU"));
return -1;
}
if (src->format == VIR_STORAGE_FILE_FAT &&
actualType != VIR_STORAGE_TYPE_VOLUME &&
actualType != VIR_STORAGE_TYPE_DIR) {
@ -5019,6 +5000,13 @@ qemuDomainValidateStorageSource(virStorageSource *src,
}
if (src->encryption) {
if (src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT ||
src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_QCOW) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("old qcow/qcow2 encryption is not supported"));
return -1;
}
switch (src->encryption->engine) {
case VIR_STORAGE_ENCRYPTION_ENGINE_QEMU:
switch ((virStorageEncryptionFormatType) src->encryption->format) {
@ -5040,38 +5028,29 @@ qemuDomainValidateStorageSource(virStorageSource *src,
}
break;
case VIR_STORAGE_ENCRYPTION_ENGINE_LIBRBD:
if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_RBD_ENCRYPTION)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("librbd encryption is not supported by this QEMU binary"));
return -1;
}
switch ((virStorageEncryptionFormatType) src->encryption->format) {
case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS:
case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2:
break;
case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("librbd encryption engine only supports luks/luks2 formats"));
return -1;
case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
default:
virReportEnumRangeError(virStorageEncryptionFormatType,
src->encryption->format);
return -1;
}
break;
case VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT:
case VIR_STORAGE_ENCRYPTION_ENGINE_LAST:
virReportEnumRangeError(virStorageEncryptionEngine,
src->encryption->engine);
return -1;
}
if (src->format == VIR_STORAGE_FILE_QCOW2 &&
src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS &&
!virQEMUCapsGet(qemuCaps, QEMU_CAPS_QCOW2_LUKS)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("LUKS encrypted QCOW2 images are not supported by this QEMU"));
return -1;
}
}
if (src->tlsHostname) {