mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-05 22:05:47 +00:00
qemu: split qemuDomainSecretStorageSourcePrepare
This prepares encryption secrets and authentication secrets. When we add nbdkit-backed network storage sources, we will not need to send authentication secrets to qemu, since they will be sent to nbdkit instead. So split this into two different functions. Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
This commit is contained in:
parent
b5b1e5a947
commit
d20a6eda44
@ -1398,38 +1398,70 @@ qemuDomainSecretStorageSourcePrepareCookies(qemuDomainObjPrivate *priv,
|
|||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* qemuDomainSecretStorageSourcePrepare:
|
* qemuDomainSecretStorageSourcePrepareEncryption:
|
||||||
* @priv: domain private object
|
* @priv: domain private object
|
||||||
* @src: storage source struct to setup
|
* @src: storage source struct to setup
|
||||||
* @authalias: prefix of the alias for secret holding authentication data
|
* @alias: prefix of the alias for secret holding encryption password
|
||||||
* @encalias: prefix of the alias for secret holding encryption password
|
|
||||||
*
|
*
|
||||||
* Prepares data necessary for encryption and authentication of @src. The two
|
* Prepares data necessary for encryption of @src.
|
||||||
* alias prefixes are provided since in the backing chain authentication belongs
|
|
||||||
* to the storage protocol data whereas encryption is relevant to the format
|
|
||||||
* driver in qemu. The two will have different node names.
|
|
||||||
*
|
*
|
||||||
* Returns 0 on success; -1 on error while reporting an libvirt error.
|
* Returns 0 on success; -1 on error while reporting an libvirt error.
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivate *priv,
|
qemuDomainSecretStorageSourcePrepareEncryption(qemuDomainObjPrivate *priv,
|
||||||
virStorageSource *src,
|
virStorageSource *src,
|
||||||
const char *aliasprotocol,
|
const char *alias)
|
||||||
const char *aliasformat)
|
|
||||||
{
|
{
|
||||||
qemuDomainStorageSourcePrivate *srcPriv;
|
qemuDomainStorageSourcePrivate *srcPriv;
|
||||||
bool hasEnc = src->encryption && src->encryption->nsecrets > 0;
|
size_t nsecrets = 0;
|
||||||
|
size_t i;
|
||||||
|
|
||||||
|
if (!(src->encryption && src->encryption->nsecrets > 0))
|
||||||
|
return 0;
|
||||||
|
|
||||||
if (virStorageSourceIsEmpty(src))
|
if (virStorageSourceIsEmpty(src))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (!src->auth && !hasEnc && src->ncookies == 0)
|
nsecrets = src->encryption->nsecrets;
|
||||||
|
|
||||||
|
srcPriv = qemuDomainStorageSourcePrivateFetch(src);
|
||||||
|
|
||||||
|
srcPriv->enccount = nsecrets;
|
||||||
|
srcPriv->encinfo = g_new0(qemuDomainSecretInfo *, nsecrets);
|
||||||
|
for (i = 0; i < nsecrets; ++i) {
|
||||||
|
if (!(srcPriv->encinfo[i] = qemuDomainSecretInfoSetupFromSecret(priv, alias,
|
||||||
|
"encryption", i,
|
||||||
|
VIR_SECRET_USAGE_TYPE_VOLUME,
|
||||||
|
NULL,
|
||||||
|
&src->encryption->secrets[i]->seclookupdef)))
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* qemuDomainSecretStorageSourcePrepareAuth:
|
||||||
|
* @priv: domain private object
|
||||||
|
* @src: storage source struct to setup
|
||||||
|
* @alias: prefix of the alias for secret holding authentication data
|
||||||
|
*
|
||||||
|
* Prepares data necessary for authentication of @src.
|
||||||
|
*
|
||||||
|
* Returns 0 on success; -1 on error while reporting an libvirt error.
|
||||||
|
*/
|
||||||
|
static int
|
||||||
|
qemuDomainSecretStorageSourcePrepareAuth(qemuDomainObjPrivate *priv,
|
||||||
|
virStorageSource *src,
|
||||||
|
const char *alias)
|
||||||
|
{
|
||||||
|
qemuDomainStorageSourcePrivate *srcPriv;
|
||||||
|
|
||||||
|
if (virStorageSourceIsEmpty(src))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (!(src->privateData = qemuDomainStorageSourcePrivateNew()))
|
srcPriv = qemuDomainStorageSourcePrivateFetch(src);
|
||||||
return -1;
|
|
||||||
|
|
||||||
srcPriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(src);
|
|
||||||
|
|
||||||
if (src->auth) {
|
if (src->auth) {
|
||||||
virSecretUsageType usageType = VIR_SECRET_USAGE_TYPE_ISCSI;
|
virSecretUsageType usageType = VIR_SECRET_USAGE_TYPE_ISCSI;
|
||||||
@ -1437,7 +1469,7 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivate *priv,
|
|||||||
if (src->protocol == VIR_STORAGE_NET_PROTOCOL_RBD)
|
if (src->protocol == VIR_STORAGE_NET_PROTOCOL_RBD)
|
||||||
usageType = VIR_SECRET_USAGE_TYPE_CEPH;
|
usageType = VIR_SECRET_USAGE_TYPE_CEPH;
|
||||||
|
|
||||||
if (!(srcPriv->secinfo = qemuDomainSecretInfoSetupFromSecret(priv, aliasprotocol,
|
if (!(srcPriv->secinfo = qemuDomainSecretInfoSetupFromSecret(priv, alias,
|
||||||
"auth", 0,
|
"auth", 0,
|
||||||
usageType,
|
usageType,
|
||||||
src->auth->username,
|
src->auth->username,
|
||||||
@ -1445,26 +1477,10 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivate *priv,
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (hasEnc) {
|
|
||||||
size_t nsecrets = src->encryption->nsecrets;
|
|
||||||
size_t i;
|
|
||||||
|
|
||||||
srcPriv->enccount = nsecrets;
|
|
||||||
srcPriv->encinfo = g_new0(qemuDomainSecretInfo *, nsecrets);
|
|
||||||
for (i = 0; i < nsecrets; ++i) {
|
|
||||||
if (!(srcPriv->encinfo[i] = qemuDomainSecretInfoSetupFromSecret(priv, aliasformat,
|
|
||||||
"encryption", i,
|
|
||||||
VIR_SECRET_USAGE_TYPE_VOLUME,
|
|
||||||
NULL,
|
|
||||||
&src->encryption->secrets[i]->seclookupdef)))
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (src->ncookies &&
|
if (src->ncookies &&
|
||||||
!(srcPriv->httpcookie = qemuDomainSecretStorageSourcePrepareCookies(priv,
|
!(srcPriv->httpcookie = qemuDomainSecretStorageSourcePrepareCookies(priv,
|
||||||
src,
|
src,
|
||||||
aliasprotocol)))
|
alias)))
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
@ -10988,8 +11004,11 @@ qemuDomainPrepareDiskSourceLegacy(virDomainDiskDef *disk,
|
|||||||
qemuDomainPrepareStorageSourceConfig(disk->src, cfg);
|
qemuDomainPrepareStorageSourceConfig(disk->src, cfg);
|
||||||
qemuDomainPrepareDiskSourceData(disk, disk->src);
|
qemuDomainPrepareDiskSourceData(disk, disk->src);
|
||||||
|
|
||||||
if (qemuDomainSecretStorageSourcePrepare(priv, disk->src,
|
if (qemuDomainSecretStorageSourcePrepareEncryption(priv, disk->src,
|
||||||
disk->info.alias,
|
disk->info.alias) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
if (qemuDomainSecretStorageSourcePrepareAuth(priv, disk->src,
|
||||||
disk->info.alias) < 0)
|
disk->info.alias) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
@ -11081,10 +11100,12 @@ qemuDomainPrepareStorageSourceBlockdevNodename(virDomainDiskDef *disk,
|
|||||||
qemuDomainPrepareStorageSourceConfig(src, cfg);
|
qemuDomainPrepareStorageSourceConfig(src, cfg);
|
||||||
qemuDomainPrepareDiskSourceData(disk, src);
|
qemuDomainPrepareDiskSourceData(disk, src);
|
||||||
|
|
||||||
if (qemuDomainSecretStorageSourcePrepare(priv, src,
|
if (qemuDomainSecretStorageSourcePrepareEncryption(priv, src,
|
||||||
src->nodestorage,
|
|
||||||
src->nodeformat) < 0)
|
src->nodeformat) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
if (qemuDomainSecretStorageSourcePrepareAuth(priv, src,
|
||||||
|
src->nodestorage) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
if (qemuDomainPrepareStorageSourcePR(src, priv, src->nodestorage) < 0)
|
if (qemuDomainPrepareStorageSourcePR(src, priv, src->nodestorage) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
Loading…
Reference in New Issue
Block a user