Commit Graph

15 Commits

Author SHA1 Message Date
Peter Krempa
9aa1a1ea77 schema: secret: Relax requirements for usage name
There's plenty of existing documentation [1] which shows as example a
name which contains a space and a dot ('client.admin secret') as ceph
usage name.

Use a more relaxed type in the RNG schema since the usage name is
actually just a string used to look up the secret.

[1]:
https://docs.ceph.com/en/latest/rbd/libvirt/#configuring-the-vm
https://documentation.suse.com/ses/6/html/ses-all/cha-ceph-libvirt.html#ceph-libvirt-cfg-vm
Libvirt docs were correct though:
https://libvirt.org/formatsecret.html#CephUsageType

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1689168

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-01-08 09:18:21 +01:00
Tim Wiederhake
0e907b8216 schema: Unify apostrophe and quotation mark usage
Quotation marks were used ~ 7000 times, apostrophes ~ 3000 times.

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2020-10-07 09:18:07 +02:00
Stefan Berger
50a7b0cb4e secret: Add support for usage type vTPM, extend schema and test case
Add support for usage type vTPM to secret.
Extend the schema for the Secret to support the vTPM usage type
and add a test case for parsing the Secret with usage type vTPM.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-26 09:59:27 +01:00
John Ferlan
13350a17e4 conf: Add new secret type "tls"
Add a new secret usage type known as "tls" - it will handle adding the
secret objects for various TLS objects that need to provide some sort
of passphrase in order to access the credentials.

The format is:

   <secret ephemeral='no' private='no'>
     <description>Sample TLS secret</description>
     <usage type='tls'>
       <name>mumblyfratz</name>
     </usage>
</secret>

Once defined and a passphrase set, future patches will allow the UUID
to be set in the qemu.conf file and thus used as a secret for various
TLS options such as a chardev serial TCP connection, a NBD client/server
connection, and migration.

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-09-09 08:20:05 -04:00
John Ferlan
dae3b96560 conf: Revert changes to add new secret type "passphrase"
Revert the remainder of commit id 'c84380106'
2016-07-14 13:47:08 -04:00
John Ferlan
c84380106f conf: Add new secret type "passphrase"
Add a new secret type known as "passphrase" - it will handle adding the
secret objects that need a passphrase without a specific username.

The format is:

   <secret ...>
     <uuid>...</uuid>
     ...
     <usage type='passphrase'>
       <name>mumblyfratz</name>
     </usage>
   </secret>

Signed-off-by: John Ferlan <jferlan@redhat.com>
2016-07-01 15:45:41 -04:00
Martin Kletzander
f864aac90b schemas: finish virTristate{Bool,Switch} transition
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-09-17 16:10:26 +02:00
Paolo Bonzini
adba070122 secret: add iscsi to possible usage types
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-03-22 12:10:23 +08:00
Josh Durgin
7e02076624 Use a common xml type for ceph secret usage.
The types used in domaincommon.rng and secret.rng should be the same.

Move genericName to basictypes.rng, then drop redundant types now
that secret.rng uses basictypes.rng.

Signed-off-by: Josh Durgin <josh.durgin@dreamhost.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2011-10-28 16:01:14 -06:00
Sage Weil
536d1f8746 secret: add Ceph secret type
Add a new secret type to store a Ceph authentication key. The name
is simply an identifier for easy human reference.

The xml looks like this:

<secret ephemeral='no' private='no'>
 <uuid>0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f</uuid>
 <usage type='ceph'>
   <name>mycluster_admin</name>
 </usage>
</secret>

Signed-off-by: Sage Weil <sage@newdream.net>
Signed-off-by: Josh Durgin <josh.durgin@dreamhost.net>
2011-10-28 11:34:17 -06:00
Diego Elio Pettenò
51ea18a844 Fix a wellformedness problem in secret.rng
* docs/schemas/secret.rng: ref tag for usagevolume wasn't closed
2009-12-10 17:03:47 +01:00
Daniel P. Berrange
67b2d5e0bf Make secrets RNG more strict
* docs/schemas/secret.rng: Require volume element to be an absolute
  path. Fix whitespace indentation
2009-09-14 17:49:37 +01:00
Daniel P. Berrange
47e7a258db Fix UUID handling in secrets/storage encryption APIs
Convert all the secret/storage encryption APIs / wire format to
handle UUIDs in raw format instead of non-canonical printable
format. Guarentees data format correctness.

* docs/schemas/storageencryption.rng: Make UUID mandatory for a secret
  and validate fully
* docs/schemas/secret.rng: Fully validate UUID
* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add
  virSecretLookupByUUID and virSecretGetUUID. Make
  virSecretGetUUIDString follow normal API design pattern
* python/generator.py: Skip generation of virSecretGetUUID,
  virSecretGetUUIDString and virSecretLookupByUUID
* python/libvir.c, python/libvirt-python-api.xml: Manual impl
  of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID
* qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/
  Fix get_nonnull_secret/make_nonnull_secret to use unsigned char
* qemud/remote_protocol.x: Fix remote_nonnull_secret to use a
  remote_uuid instead of remote_nonnull_string for UUID field.
  Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to
  REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an
  remote_uuid  value
* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
  qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
  qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
* src/datatypes.h, src/datatypes.c: Store UUID in raw format instead
  of printable. Change virGetSecret to use raw format UUID
* src/driver.h: Rename virDrvSecretLookupByUUIDString to
  virDrvSecretLookupByUUID and use raw format UUID
* src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID
  and re-implement virSecretLookupByUUIDString and
  virSecretGetUUIDString in terms of those
* src/libvirt_public.syms: Add virSecretLookupByUUID and
  virSecretGetUUID
* src/remote_internal.c: Rename remoteSecretLookupByUUIDString
  to remoteSecretLookupByUUID. Fix typo in args for
  remoteSecretDefineXML impl. Use raw UUID format for
  get_nonnull_secret and make_nonnull_secret
* src/storage_encryption_conf.c, src/storage_encryption_conf.h:
  Storage UUID in raw format, and require it to be present in
  XML. Use UUID parser to validate.
* secret_conf.h, secret_conf.c: Generate a UUID if none is provided.
  Storage UUID in raw format.
* src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets
  in a filed with printable UUID, instead of base64 UUID.
* src/virsh.c: Adjust for changed public API contract of
  virSecretGetUUIDString.
* src/storage_Backend.c: DOn't undefine secret we just generated
  upon successful volume creation. Fix to handle raw UUIDs. Generate
  a non-clashing UUID
* src/qemu_driver.c: Change to use lookupByUUID instead of
  lookupByUUIDString
2009-09-14 17:48:29 +01:00
Miloslav Trmač
78811ae572 Add <usage> to <secret> docs
* docs/formatsecret.html.in, docs/formatsecret.html: Document <usage
  type='volume'>, replacing stand-alone <volume>.
* docs/schemas/secret.rng: Update schema to require <usage
  type='volume'>
2009-09-10 15:30:47 +01:00
Miloslav Trmač
6acc17af8c Secret manipulation public API
This patch adds a "secret" as a separately managed object, using a
special-purpose API to transfer the secret values between nodes and
libvirt users.

* docs/schemas/secret.rng, docs/schemas/Makefilem.am: Add new
  schema for virSecret objects
* docs/*html: Re-generated
* docs/formatsecret.html.in, docs/sitemap.html.in: Add page
  describing the virSecret XML schema
* include/libvirt/libvirt.h.in: Define the new virSecret public
  API
* src/libvirt_public.syms: Export symbols for new public APIs
* mingw32-libvirt.spec.in, libvirt.spec.in: Add secret.rng to
  files list
2009-09-01 17:38:52 +01:00