qemu: Disallow usage of luks encryption if aes secret not possible

Resolves a CI test integration failure with a RHEL6/Centos6 environment.

In order to use a LUKS encrypted device, the design decision was to
generate an encrypted secret based on the master key. However, commit
id 'da86c6c' missed checking for that specifically.

When qemuDomainSecretSetup was implemented, a design decision was made
to "fall back" to a plain text secret setup if the specific cipher was
not available (e.g. virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC))
as well as the QEMU_CAPS_OBJECT_SECRET. For the luks encryption setup
there is no fall back to the plaintext secret, thus if that gets set
up by qemuDomainSecretSetup, then we need to fail.

Also, while the qemuxml2argvtest has set the QEMU_CAPS_OBJECT_SECRET
bit, it didn't take into account the second requirement that the
ability to generate the encrypted secret is possible. So modify the
test to not attempt to run the luks-disk if we know we don't have
the encryption algorithm.

src/qemu/qemu_domain.c

@@ -1089,6 +1089,13 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn,
                                   true) < 0)
             goto error;
 
+        if (secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("luks encryption requires encrypted secrets "
+                             "to be supported"));
+            goto error;
+        }
+
         diskPriv->encinfo = secinfo;
     }
 

tests/qemuxml2argvtest.c

@@ -1365,7 +1365,11 @@ mymain(void)
 
     DO_TEST("encrypted-disk", NONE);
     DO_TEST("encrypted-disk-usage", NONE);
+# ifdef HAVE_GNUTLS_CIPHER_ENCRYPT
     DO_TEST("luks-disks", QEMU_CAPS_OBJECT_SECRET);
+# else
+    DO_TEST_FAILURE("luks-disks", QEMU_CAPS_OBJECT_SECRET);
+# endif
 
     DO_TEST("memtune", NONE);
     DO_TEST("memtune-unlimited", NONE);