External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-22 11:22:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

qemu block: Add internals for handling 'secret' corresponding to TLS key

Browse Source 
Add infrastructure for hot- and cold-plug of the secret object holding
decryption key for the TLS key.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
This commit is contained in:
Peter Krempa 2020-06-29 15:11:00 +02:00
parent a3cbbc5afb
commit 7fa772bfd7
3 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/qemu/qemu_block.c
View File

@ -1542,7 +1542,9 @@ qemuBlockStorageSourceAttachDataFree(qemuBlockStorageSourceAttachDataPtr data)
virJSONValueFree(data->httpcookiesecretProps);
virJSONValueFree(data->encryptsecretProps);
virJSONValueFree(data->tlsProps);
virJSONValueFree(data->tlsKeySecretProps);
VIR_FREE(data->tlsAlias);
VIR_FREE(data->tlsKeySecretAlias);
VIR_FREE(data->authsecretAlias);
VIR_FREE(data->encryptsecretAlias);
VIR_FREE(data->httpcookiesecretAlias);
@ -1617,6 +1619,11 @@ qemuBlockStorageSourceAttachApplyStorageDeps(qemuMonitorPtr mon,
&data->httpcookiesecretAlias) < 0)
return -1;
if (data->tlsKeySecretProps &&
qemuMonitorAddObject(mon, &data->tlsKeySecretProps,
&data->tlsKeySecretAlias) < 0)
return -1;
if (data->tlsProps &&
qemuMonitorAddObject(mon, &data->tlsProps, &data->tlsAlias) < 0)
return -1;
@ -1766,6 +1773,8 @@ qemuBlockStorageSourceAttachRollback(qemuMonitorPtr mon,
if (data->tlsAlias)
ignore_value(qemuMonitorDelObject(mon, data->tlsAlias, false));
if (data->tlsKeySecretAlias)
ignore_value(qemuMonitorDelObject(mon, data->tlsKeySecretAlias, false));
virErrorRestore(&orig_err);
}
@ -1821,6 +1830,9 @@ qemuBlockStorageSourceDetachPrepare(virStorageSourcePtr src,
if (srcpriv->httpcookie)
data->httpcookiesecretAlias = g_strdup(srcpriv->httpcookie->s.aes.alias);
if (srcpriv->tlsKeySecret)
data->tlsKeySecretAlias = g_strdup(srcpriv->tlsKeySecret->s.aes.alias);
}
return g_steal_pointer(&data);

2
src/qemu/qemu_block.h
View File

@ -105,6 +105,8 @@ struct qemuBlockStorageSourceAttachData {
virJSONValuePtr tlsProps;
char *tlsAlias;
virJSONValuePtr tlsKeySecretProps;
char *tlsKeySecretAlias;
};

11
src/qemu/qemu_command.c
View File

@ -2047,6 +2047,7 @@ qemuBuildBlockStorageSourceAttachDataCommandline(virCommandPtr cmd,
qemuBuildObjectCommandline(cmd, data->authsecretProps) < 0 ||
qemuBuildObjectCommandline(cmd, data->encryptsecretProps) < 0 ||
qemuBuildObjectCommandline(cmd, data->httpcookiesecretProps) < 0 ||
qemuBuildObjectCommandline(cmd, data->tlsKeySecretProps) < 0 ||
qemuBuildObjectCommandline(cmd, data->tlsProps) < 0)
return -1;
@ -10161,6 +10162,7 @@ qemuBuildStorageSourceAttachPrepareCommon(virStorageSourcePtr src,
virQEMUCapsPtr qemuCaps)
{
qemuDomainStorageSourcePrivatePtr srcpriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(src);
const char *tlsKeySecretAlias = NULL;
if (src->pr &&
!virStoragePRDefIsManaged(src->pr) &&
@ -10180,11 +10182,18 @@ qemuBuildStorageSourceAttachPrepareCommon(virStorageSourcePtr src,
if (srcpriv->httpcookie &&
qemuBuildSecretInfoProps(srcpriv->httpcookie, &data->httpcookiesecretProps) < 0)
return -1;
if (srcpriv->tlsKeySecret) {
if (qemuBuildSecretInfoProps(srcpriv->tlsKeySecret, &data->tlsKeySecretProps) < 0)
return -1;
tlsKeySecretAlias = srcpriv->tlsKeySecret->s.aes.alias;
}
}
if (src->haveTLS == VIR_TRISTATE_BOOL_YES &&
qemuBuildTLSx509BackendProps(src->tlsCertdir, false, true, src->tlsAlias,
NULL, qemuCaps, &data->tlsProps) < 0)
tlsKeySecretAlias, qemuCaps, &data->tlsProps) < 0)
return -1;
return 0;