conf: backup: Add 'tls' attribute for 'server' element

Allow enabling TLS for the NBD server used to do pull-mode backups. Note that documentation already mentions 'tls', so this just implements the schema and XML bits. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2024-12-22 05:35:25 +00:00 · 2020-07-01 12:25:42 +02:00 · 2020-07-01 12:25:42 +02:00 · fc6aaf6a19
commit fc6aaf6a19
parent d37a2cd5ed
6 changed files with 29 additions and 4 deletions
--- a/docs/schemas/domainbackup.rng
+++ b/docs/schemas/domainbackup.rng
@ -51,6 +51,14 @@
            </attribute>
            <interleave>
              <element name='server'>
+                <optional>
+                  <attribute name='tls'>
+                    <choice>
+                      <value>yes</value>
+                      <value>no</value>
+                    </choice>
+                  </attribute>
+                </optional>
                <choice>
                  <group>
                    <optional>
@ -69,7 +77,6 @@
                        <ref name='unsignedInt'/>
                      </attribute>
                    </optional>
-                    <!-- add tls? -->
                  </group>
                  <group>
                    <attribute name='transport'>
--- a/src/conf/backup_conf.c
+++ b/src/conf/backup_conf.c
@ -239,6 +239,8 @@ virDomainBackupDefParse(xmlXPathContextPtr ctxt,
    def->incremental = virXPathString("string(./incremental)", ctxt);

    if ((node = virXPathNode("./server", ctxt))) {
+        g_autofree char *tls = NULL;
+
        if (def->type != VIR_DOMAIN_BACKUP_TYPE_PULL) {
            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                           _("use of <server> requires pull mode backup"));
@ -263,6 +265,19 @@ virDomainBackupDefParse(xmlXPathContextPtr ctxt,
                           def->server->socket);
            return NULL;
        }
+
+        if ((tls = virXMLPropString(node, "tls"))) {
+            int tmp;
+
+            if ((tmp = virTristateBoolTypeFromString(tls)) <= 0) {
+                virReportError(VIR_ERR_XML_ERROR,
+                               _("unknown value '%s' of 'tls' attribute"),\
+                               tls);
+                return NULL;
+            }
+
+            def->tls = tmp;
+        }
    }

    if ((n = virXPathNodeSet("./disks/*", ctxt, &nodes)) < 0)
@ -417,6 +432,8 @@ virDomainBackupDefFormat(virBufferPtr buf,
    if (def->server) {
        virBufferAsprintf(&serverAttrBuf, " transport='%s'",
                          virStorageNetHostTransportTypeToString(def->server->transport));
+        if (def->tls != VIR_TRISTATE_BOOL_ABSENT)
+            virBufferAsprintf(&serverAttrBuf, " tls='%s'", virTristateBoolTypeToString(def->tls));
        virBufferEscapeString(&serverAttrBuf, " name='%s'", def->server->name);
        if (def->server->port)
            virBufferAsprintf(&serverAttrBuf, " port='%u'", def->server->port);
--- a/src/conf/backup_conf.h
+++ b/src/conf/backup_conf.h
@ -70,6 +70,7 @@ struct _virDomainBackupDef {
    int type; /* virDomainBackupType */
    char *incremental;
    virStorageNetHostDefPtr server; /* only when type == PULL */
+    virTristateBool tls; /* use TLS for NBD */

    size_t ndisks; /* should not exceed dom->ndisks */
    virDomainBackupDiskDef *disks;
--- a/tests/domainbackupxml2xmlin/backup-pull-encrypted.xml
+++ b/tests/domainbackupxml2xmlin/backup-pull-encrypted.xml
@ -1,6 +1,6 @@
 <domainbackup mode="pull">
  <incremental>1525889631</incremental>
-  <server transport='tcp' name='localhost' port='10809'/>
+  <server transport='tcp' tls='yes' name='localhost' port='10809'/>
  <disks>
    <disk name='vda' type='file' exportname='test-vda' exportbitmap='blah'>
      <driver type='qcow2'/>
--- a/tests/domainbackupxml2xmlin/backup-pull-internal-invalid.xml
+++ b/tests/domainbackupxml2xmlin/backup-pull-internal-invalid.xml
@ -1,6 +1,6 @@
 <domainbackup mode='pull'>
  <incremental>1525889631</incremental>
-  <server transport='tcp' name='localhost' port='10809'/>
+  <server transport='tcp' tls='yes' name='localhost' port='10809'/>
  <disks>
    <disk name='vda' backup='yes' state='running' type='file' exportname='test-vda' exportbitmap='blah'>
      <driver type='qcow2'/>
--- a/tests/domainbackupxml2xmlout/backup-pull-encrypted.xml
+++ b/tests/domainbackupxml2xmlout/backup-pull-encrypted.xml
@ -1,6 +1,6 @@
 <domainbackup mode='pull'>
  <incremental>1525889631</incremental>
-  <server transport='tcp' name='localhost' port='10809'/>
+  <server transport='tcp' tls='yes' name='localhost' port='10809'/>
  <disks>
    <disk name='vda' backup='yes' type='file' exportname='test-vda' exportbitmap='blah'>
      <driver type='qcow2'/>