qemu: add support for multiple secret aliases

Change secret aliases from %s-%s-secret0 to %s-%s-secret%lu, which will later be used for storage encryption requiring more than a single secret. Signed-off-by: Or Ozeri <oro@il.ibm.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2024-12-22 21:55:25 +00:00 · 2023-03-13 04:50:18 -05:00 · 2023-03-13 04:50:18 -05:00 · e239f7d0a8
commit e239f7d0a8
parent 6c34f19334
5 changed files with 17 additions and 12 deletions
--- a/src/qemu/qemu_alias.c
+++ b/src/qemu/qemu_alias.c
@ -813,17 +813,19 @@ qemuDomainGetMasterKeyAlias(void)
 /* qemuAliasForSecret:
 * @parentalias: alias of the parent object
 * @obj: optional sub-object of the parent device the secret is for
+ * @secret_idx: secret index number (0 in the case of a single secret)
 *
 * Generate alias for a secret object used by @parentalias device or one of
 * the dependencies of the device described by @obj.
 */
 char *
 qemuAliasForSecret(const char *parentalias,
-                   const char *obj)
+                   const char *obj,
+                   size_t secret_idx)
 {
    if (obj)
-        return g_strdup_printf("%s-%s-secret0", parentalias, obj);
-    return g_strdup_printf("%s-secret0", parentalias);
+        return g_strdup_printf("%s-%s-secret%lu", parentalias, obj, secret_idx);
+    return g_strdup_printf("%s-secret%lu", parentalias, secret_idx);
 }

 /* qemuAliasTLSObjFromSrcAlias
--- a/src/qemu/qemu_alias.h
+++ b/src/qemu/qemu_alias.h
@ -86,7 +86,8 @@ char *qemuAliasFromHostdev(const virDomainHostdevDef *hostdev);
 char *qemuDomainGetMasterKeyAlias(void);

 char *qemuAliasForSecret(const char *parentalias,
-                         const char *obj);
+                         const char *obj,
+                         size_t secret_idx);

 char *qemuAliasTLSObjFromSrcAlias(const char *srcAlias)
    ATTRIBUTE_NONNULL(1);
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@ -1317,6 +1317,7 @@ qemuDomainSecretInfoSetup(qemuDomainObjPrivate *priv,
 * @priv: pointer to domain private object
 * @srcalias: Alias of the disk/hostdev used to generate the secret alias
 * @secretuse: specific usage for the secret (may be NULL if main object is using it)
+ * @secret_idx: secret index number (0 in the case of a single secret)
 * @usageType: The virSecretUsageType
 * @username: username to use for authentication (may be NULL)
 * @seclookupdef: Pointer to seclookupdef data
@ -1329,12 +1330,13 @@ static qemuDomainSecretInfo *
 qemuDomainSecretInfoSetupFromSecret(qemuDomainObjPrivate *priv,
                                    const char *srcalias,
                                    const char *secretuse,
+                                    size_t secret_idx,
                                    virSecretUsageType usageType,
                                    const char *username,
                                    virSecretLookupTypeDef *seclookupdef)
 {
    qemuDomainSecretInfo *secinfo;
-    g_autofree char *alias = qemuAliasForSecret(srcalias, secretuse);
+    g_autofree char *alias = qemuAliasForSecret(srcalias, secretuse, secret_idx);
    g_autofree uint8_t *secret = NULL;
    size_t secretlen = 0;
    VIR_IDENTITY_AUTORESTORE virIdentity *oldident = virIdentityElevateCurrent();
@ -1384,7 +1386,7 @@ qemuDomainSecretInfoTLSNew(qemuDomainObjPrivate *priv,
    }
    seclookupdef.type = VIR_SECRET_LOOKUP_TYPE_UUID;

-    return qemuDomainSecretInfoSetupFromSecret(priv, srcAlias, NULL,
+    return qemuDomainSecretInfoSetupFromSecret(priv, srcAlias, NULL, 0,
                                               VIR_SECRET_USAGE_TYPE_TLS,
                                               NULL, &seclookupdef);
 }
@ -1411,7 +1413,7 @@ qemuDomainSecretStorageSourcePrepareCookies(qemuDomainObjPrivate *priv,
                                            virStorageSource *src,
                                            const char *aliasprotocol)
 {
-    g_autofree char *secretalias = qemuAliasForSecret(aliasprotocol, "httpcookie");
+    g_autofree char *secretalias = qemuAliasForSecret(aliasprotocol, "httpcookie", 0);
    g_autofree char *cookies = qemuBlockStorageSourceGetCookieString(src);

    return qemuDomainSecretInfoSetup(priv, secretalias, NULL,
@ -1460,7 +1462,7 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivate *priv,
            usageType = VIR_SECRET_USAGE_TYPE_CEPH;

        if (!(srcPriv->secinfo = qemuDomainSecretInfoSetupFromSecret(priv, aliasprotocol,
-                                                                     "auth",
+                                                                     "auth", 0,
                                                                     usageType,
                                                                     src->auth->username,
                                                                     &src->auth->seclookupdef)))
@ -1469,7 +1471,7 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivate *priv,

    if (hasEnc) {
        if (!(srcPriv->encinfo = qemuDomainSecretInfoSetupFromSecret(priv, aliasformat,
-                                                                     "encryption",
+                                                                     "encryption", 0,
                                                                     VIR_SECRET_USAGE_TYPE_VOLUME,
                                                                     NULL,
                                                                     &src->encryption->secrets[0]->seclookupdef)))
@ -11185,7 +11187,7 @@ qemuDomainPrepareHostdev(virDomainHostdevDef *hostdev,

                if (!(srcPriv->secinfo = qemuDomainSecretInfoSetupFromSecret(priv,
                                                                             backendalias,
-                                                                             NULL,
+                                                                             NULL, 0,
                                                                             usageType,
                                                                             src->auth->username,
                                                                             &src->auth->seclookupdef)))
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@ -1753,7 +1753,7 @@ qemuDomainDelChardevTLSObjects(virQEMUDriver *driver,
     * secret UUID and we have a serial TCP chardev, then formulate a
     * secAlias which we'll attempt to destroy. */
    if (cfg->chardevTLSx509secretUUID &&
-        !(secAlias = qemuAliasForSecret(inAlias, NULL)))
+        !(secAlias = qemuAliasForSecret(inAlias, NULL, 0)))
        return -1;

    qemuDomainObjEnterMonitor(vm);
--- a/src/qemu/qemu_migration_params.c
+++ b/src/qemu/qemu_migration_params.c
@ -1129,7 +1129,7 @@ qemuMigrationParamsResetTLS(virDomainObj *vm,
        return;

    tlsAlias = qemuAliasTLSObjFromSrcAlias(QEMU_MIGRATION_TLS_ALIAS_BASE);
-    secAlias = qemuAliasForSecret(QEMU_MIGRATION_TLS_ALIAS_BASE, NULL);
+    secAlias = qemuAliasForSecret(QEMU_MIGRATION_TLS_ALIAS_BASE, NULL, 0);

    qemuDomainDelTLSObjects(vm, asyncJob, secAlias, tlsAlias);
    g_clear_pointer(&QEMU_DOMAIN_PRIVATE(vm)->migSecinfo, qemuDomainSecretInfoFree);