Attach encryption information to virStorageVolDef.

The XML allows <encryption format='unencrypted'/>, this implementation
canonicalizes the internal representation so that "vol->encryption" is
non-NULL iff the volume is encrypted.

Note that partial encryption information (e.g. specifying an encryption
format, but not the key/passphrase) is valid, libvirt will automatically
choose value for the missing information during volume creation.  The
user can read the volume XML, and use the unmodified <encryption> tag in
future operations (without having to be able to understand) its contents.

* docs/formatstorage.html, docs/formatstorage.html.in: Document
  storage volume encryption options
* src/storage_conf.c, src/storage_conf.h: Hook up storage
  encryption XML handling
* tests/storagevolschemadata/vol-qcow2.xml: Test case for encryption
  schema changes

docs/formatstorage.html

@@ -252,6 +252,9 @@
             <mode>0744</mode>
             <label>virt_image_t</label>
           </permissions>
+          <encryption type='...'>
+            ...
+          </encryption>
         </target>
       &lt;/pool&gt;</pre>
         <dl><dt><code>path</code></dt><dd>Provides the location at which the pool will be mapped into
@@ -274,6 +277,9 @@
 	element contains the numeric group ID. The <code>label</code> element
 	contains the MAC (eg SELinux) label string.
 	<span class="since">Since 0.4.1</span>
+      </dd><dt><code>encryption</code></dt><dd>If present, specifies how the volume is encrypted.  See
+        the <a href="formatstorageencryption.html">Storage Encryption</a> page
+        for more information.
       </dd></dl>
         <h3>
           <a name="StoragePoolExtents" id="StoragePoolExtents">Device extents</a>

docs/formatstorage.html.in

@@ -124,6 +124,9 @@
             <mode>0744</mode>
             <label>virt_image_t</label>
           </permissions>
+          <encryption type='...'>
+            ...
+          </encryption>
         </target>
       &lt;/pool&gt;</pre>
 
@@ -152,6 +155,11 @@
 	contains the MAC (eg SELinux) label string.
 	<span class="since">Since 0.4.1</span>
       </dd>
+      <dt><code>encryption</code></dt>
+      <dd>If present, specifies how the volume is encrypted.  See
+        the <a href="formatstorageencryption.html">Storage Encryption</a> page
+        for more information.
+      </dd>
     </dl>
 
     <h3><a name="StoragePoolExtents">Device extents</a></h3>

docs/schemas/storagevol.rng

@@ -5,6 +5,8 @@
     <ref name='vol'/>
   </start>
 
+  <include href='storageencryption.rng'/>
+
 
   <define name='vol'>
     <element name='volume'>
@@ -73,6 +75,9 @@
       </optional>
       <ref name='format'/>
       <ref name='permissions'/>
+      <optional>
+        <ref name='encryption'/>
+      </optional>
     </element>
   </define>
 

src/storage_conf.c

@@ -260,8 +260,10 @@ virStorageVolDefFree(virStorageVolDefPtr def) {
 
     VIR_FREE(def->target.path);
     VIR_FREE(def->target.perms.label);
+    virStorageEncryptionFree(def->target.encryption);
     VIR_FREE(def->backingStore.path);
     VIR_FREE(def->backingStore.perms.label);
+    virStorageEncryptionFree(def->backingStore.encryption);
     VIR_FREE(def);
 }
 
@@ -955,6 +957,7 @@ virStorageVolDefParseXML(virConnectPtr conn,
     char *allocation = NULL;
     char *capacity = NULL;
     char *unit = NULL;
+    xmlNodePtr node;
 
     options = virStorageVolOptionsForPoolType(pool->type);
     if (options == NULL)
@@ -1019,6 +1022,14 @@ virStorageVolDefParseXML(virConnectPtr conn,
                                 "./target/permissions", 0600) < 0)
         goto cleanup;
 
+    node = virXPathNode(conn, "./target/encryption", ctxt);
+    if (node != NULL) {
+        ret->target.encryption = virStorageEncryptionParseNode(conn, ctxt->doc,
+                                                               node);
+        if (ret->target.encryption == NULL)
+            goto cleanup;
+    }
+
 
 
     ret->backingStore.path = virXPathString(conn, "string(./backingStore/path)", ctxt);
@@ -1189,6 +1200,10 @@ virStorageVolTargetDefFormat(virConnectPtr conn,
 
     virBufferAddLit(buf,"    </permissions>\n");
 
+    if (def->encryption != NULL &&
+        virStorageEncryptionFormat(conn, buf, def->encryption) < 0)
+        return -1;
+
     virBufferVSprintf(buf, "  </%s>\n", type);
 
     return 0;

src/storage_conf.h

@@ -26,6 +26,7 @@
 
 #include "internal.h"
 #include "util.h"
+#include "storage_encryption_conf.h"
 #include "threads.h"
 
 #include <libxml/tree.h>
@@ -77,6 +78,8 @@ struct _virStorageVolTarget {
     int format;
     virStoragePerms perms;
     int type; /* only used by disk backend for partition type */
+    /* Currently used only in virStorageVolDef.target, not in .backingstore. */
+    virStorageEncryptionPtr encryption;
 };
 
 

tests/storagevolschemadata/vol-qcow2.xml

@@ -14,6 +14,9 @@
       <group>0</group>
       <label>unconfined_u:object_r:virt_image_t:s0</label>
     </permissions>
+    <encryption format='qcow'>
+      <secret type='passphrase' uuid='e78d4b51-a2af-485f-b0f5-afca709a80f4'/>
+    </encryption>
   </target>
   <backingStore>
     <path>/var/lib/libvirt/images/BaseDemo.img</path>