conf: backup: Store 'tlsAlias' and 'tlsSecretAlias' as internals of a backup

Add fields for storing the aliases necessary to clean up the TLS env for a backup job after it finishes. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2024-10-05 05:45:46 +00:00 · 2020-07-01 09:48:27 +02:00 · 2020-07-01 09:48:27 +02:00 · fffc147ba2
commit fffc147ba2
parent bfd9721671
5 changed files with 86 additions and 0 deletions
--- a/src/conf/backup_conf.c
+++ b/src/conf/backup_conf.c
@ -79,6 +79,10 @@ virDomainBackupDefFree(virDomainBackupDefPtr def)
    }

    g_free(def->disks);
+
+    g_free(def->tlsAlias);
+    g_free(def->tlsSecretAlias);
+
    g_free(def);
 }

@ -192,6 +196,19 @@ virDomainBackupDiskDefParseXML(xmlNodePtr node,
 }


+static void
+virDomainBackupDefParsePrivate(virDomainBackupDefPtr def,
+                               xmlXPathContextPtr ctxt,
+                               unsigned int flags)
+{
+    if (!(flags & VIR_DOMAIN_BACKUP_PARSE_INTERNAL))
+        return;
+
+    def->tlsSecretAlias = virXPathString("string(./privateData/objects/secret[@type='tlskey']/@alias)", ctxt);
+    def->tlsAlias = virXPathString("string(./privateData/objects/TLSx509/@alias)", ctxt);
+}
+
+
 static virDomainBackupDefPtr
 virDomainBackupDefParse(xmlXPathContextPtr ctxt,
                        virDomainXMLOptionPtr xmlopt,
@ -261,6 +278,8 @@ virDomainBackupDefParse(xmlXPathContextPtr ctxt,
            return NULL;
    }

+    virDomainBackupDefParsePrivate(def, ctxt, flags);
+
    return g_steal_pointer(&def);
 }

@ -360,6 +379,26 @@ virDomainBackupDiskDefFormat(virBufferPtr buf,
 }


+static void
+virDomainBackupDefFormatPrivate(virBufferPtr buf,
+                                virDomainBackupDefPtr def,
+                                bool internal)
+{
+    g_auto(virBuffer) privChildBuf = VIR_BUFFER_INIT_CHILD(buf);
+    g_auto(virBuffer) objectsChildBuf = VIR_BUFFER_INIT_CHILD(&privChildBuf);
+
+    if (!internal)
+        return;
+
+    virBufferEscapeString(&objectsChildBuf, "<secret type='tlskey' alias='%s'/>\n",
+                          def->tlsSecretAlias);
+    virBufferEscapeString(&objectsChildBuf, "<TLSx509 alias='%s'/>\n", def->tlsAlias);
+
+    virXMLFormatElement(&privChildBuf, "objects", NULL, &objectsChildBuf);
+    virXMLFormatElement(buf, "privateData", NULL, &privChildBuf);
+}
+
+
 int
 virDomainBackupDefFormat(virBufferPtr buf,
                         virDomainBackupDefPtr def,
@ -394,6 +433,9 @@ virDomainBackupDefFormat(virBufferPtr buf,
    }

    virXMLFormatElement(&childBuf, "disks", NULL, &disksChildBuf);
+
+    virDomainBackupDefFormatPrivate(&childBuf, def, internal);
+
    virXMLFormatElement(buf, "domainbackup", &attrBuf, &childBuf);

    return 0;
--- a/src/conf/backup_conf.h
+++ b/src/conf/backup_conf.h
@ -75,6 +75,11 @@ struct _virDomainBackupDef {
    virDomainBackupDiskDef *disks;

    /* internal data */
+
+    /* NBD TLS internals */
+    char *tlsAlias;
+    char *tlsSecretAlias;
+
    /* statistic totals for completed disks */
    unsigned long long push_transferred;
    unsigned long long push_total;
--- a/tests/domainbackupxml2xmlin/backup-pull-internal-invalid.xml
+++ b/tests/domainbackupxml2xmlin/backup-pull-internal-invalid.xml
@ -0,0 +1,36 @@
+<domainbackup mode='pull'>
+  <incremental>1525889631</incremental>
+  <server transport='tcp' name='localhost' port='10809'/>
+  <disks>
+    <disk name='vda' backup='yes' state='running' type='file' exportname='test-vda' exportbitmap='blah'>
+      <driver type='qcow2'/>
+      <scratch file='/path/to/file'>
+        <encryption format='luks'>
+          <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
+        </encryption>
+      </scratch>
+    </disk>
+    <disk name='vdb' backup='yes' state='complete' type='file' exportname='test-vda' exportbitmap='blah'>
+      <driver type='qcow2'/>
+      <scratch file='/path/to/file'>
+        <encryption format='luks'>
+          <secret type='passphrase' usage='/storage/backup/vdb'/>
+        </encryption>
+      </scratch>
+    </disk>
+    <disk name='vdc' backup='yes' state='running' type='block'>
+      <driver type='qcow2'/>
+      <scratch dev='/dev/block'>
+        <encryption format='luks'>
+          <secret type='passphrase' usage='/storage/backup/vdc'/>
+        </encryption>
+      </scratch>
+    </disk>
+  </disks>
+  <privateData>
+    <objects>
+      <secret type='tlskey' alias='test-tlskey'/>
+      <TLSx509 alias='test-tlsobj'/>
+    </objects>
+  </privateData>
+</domainbackup>
--- a/tests/domainbackupxml2xmlout/backup-pull-internal-invalid.xml
+++ b/tests/domainbackupxml2xmlout/backup-pull-internal-invalid.xml
@ -0,0 +1 @@
+../domainbackupxml2xmlin/backup-pull-internal-invalid.xml
--- a/tests/genericxml2xmltest.c
+++ b/tests/genericxml2xmltest.c
@ -215,6 +215,8 @@ mymain(void)
    DO_TEST_BACKUP("backup-push-seclabel");
    DO_TEST_BACKUP("backup-push-encrypted");

+    DO_TEST_BACKUP_FULL("backup-pull-internal-invalid", true);
+

    virObjectUnref(caps);
    virObjectUnref(xmlopt);
				`@ -0,0 +1 @@`
				`../domainbackupxml2xmlin/backup-pull-internal-invalid.xml`