mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-10 05:17:59 +03:00
qemuDomainValidateStorageSource: Add validation of 'encryption' support
Reject encryption requests for unsupported image format types. Add negative test for the rejected cases as well as modify 'disk-network-rbd-encryption' case to validate that with librbd encryption the format doesn't matter. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
parent
7c9459b88b
commit
487f15b26a
@ -5012,6 +5012,12 @@ qemuDomainValidateStorageSource(virStorageSource *src,
|
||||
switch ((virStorageEncryptionFormatType) src->encryption->format) {
|
||||
case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS:
|
||||
case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
|
||||
if (src->format != VIR_STORAGE_FILE_QCOW2 &&
|
||||
src->format != VIR_STORAGE_FILE_RAW) {
|
||||
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
||||
_("encryption is supported only with 'raw' and 'qcow2' image format"));
|
||||
return -1;
|
||||
}
|
||||
break;
|
||||
|
||||
case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2:
|
||||
@ -5035,6 +5041,13 @@ qemuDomainValidateStorageSource(virStorageSource *src,
|
||||
_("librbd encryption is not supported by this QEMU binary"));
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (actualType != VIR_STORAGE_TYPE_NETWORK &&
|
||||
src->protocol != VIR_STORAGE_NET_PROTOCOL_RBD) {
|
||||
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
||||
_("librbd encryption is supported only with RBD backed disks"));
|
||||
return -1;
|
||||
}
|
||||
break;
|
||||
|
||||
case VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT:
|
||||
|
@ -0,0 +1 @@
|
||||
unsupported configuration: encryption is supported only with 'raw' and 'qcow2' image format
|
37
tests/qemuxml2argvdata/disk-encryption-wrong.xml
Normal file
37
tests/qemuxml2argvdata/disk-encryption-wrong.xml
Normal file
@ -0,0 +1,37 @@
|
||||
<domain type='qemu'>
|
||||
<name>encryptdisk</name>
|
||||
<uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
|
||||
<memory unit='KiB'>1048576</memory>
|
||||
<currentMemory unit='KiB'>524288</currentMemory>
|
||||
<vcpu placement='static'>1</vcpu>
|
||||
<os>
|
||||
<type arch='x86_64' machine='pc'>hvm</type>
|
||||
<boot dev='hd'/>
|
||||
</os>
|
||||
<clock offset='utc'/>
|
||||
<on_poweroff>destroy</on_poweroff>
|
||||
<on_reboot>restart</on_reboot>
|
||||
<on_crash>destroy</on_crash>
|
||||
<devices>
|
||||
<emulator>/usr/bin/qemu-system-x86_64</emulator>
|
||||
<disk type='file' device='disk'>
|
||||
<driver name='qemu' type='vmdk'/>
|
||||
<source file='/storage/guest_disks/encryptdisk'>
|
||||
<encryption format='luks'>
|
||||
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
|
||||
</encryption>
|
||||
</source>
|
||||
<target dev='vdb' bus='virtio'/>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
|
||||
</disk>
|
||||
<controller type='usb' index='0'>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
|
||||
</controller>
|
||||
<controller type='pci' index='0' model='pci-root'/>
|
||||
<input type='mouse' bus='ps2'/>
|
||||
<input type='keyboard' bus='ps2'/>
|
||||
<memballoon model='virtio'>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
|
||||
</memballoon>
|
||||
</devices>
|
||||
</domain>
|
@ -42,7 +42,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-encryptdisk/.config \
|
||||
-device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x5","drive":"libvirt-2-format","id":"virtio-disk2"}' \
|
||||
-object '{"qom-type":"secret","id":"libvirt-1-format-encryption-secret0","data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","keyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw==","format":"base64"}' \
|
||||
-blockdev '{"driver":"rbd","pool":"pool","image":"image2","server":[{"host":"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"},{"host":"mon3.example.org","port":"6322"}],"encrypt":{"format":"luks2","key-secret":"libvirt-1-format-encryption-secret0"},"node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
|
||||
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
|
||||
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"vmdk","file":"libvirt-1-storage"}' \
|
||||
-device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x6","drive":"libvirt-1-format","id":"virtio-disk3"}' \
|
||||
-audiodev '{"id":"audio1","driver":"none"}' \
|
||||
-device '{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.0","addr":"0x3"}' \
|
||||
|
@ -51,7 +51,7 @@
|
||||
<target dev='vdc' bus='virtio'/>
|
||||
</disk>
|
||||
<disk type='network' device='disk'>
|
||||
<driver name='qemu' type='raw'/>
|
||||
<driver name='qemu' type='vmdk'/>
|
||||
<source protocol='rbd' name='pool/image2'>
|
||||
<host name='mon1.example.org' port='6321'/>
|
||||
<host name='mon2.example.org' port='6322'/>
|
||||
|
@ -1374,6 +1374,7 @@ mymain(void)
|
||||
DO_TEST_CAPS_LATEST("disk-network-rbd");
|
||||
DO_TEST_CAPS_VER_PARSE_ERROR("disk-network-rbd-encryption", "6.0.0");
|
||||
DO_TEST_CAPS_LATEST("disk-network-rbd-encryption");
|
||||
DO_TEST_CAPS_LATEST_PARSE_ERROR("disk-encryption-wrong");
|
||||
DO_TEST_CAPS_VER_FAILURE("disk-network-rbd-no-colon", "4.1.0");
|
||||
DO_TEST_CAPS_LATEST("disk-network-rbd-no-colon");
|
||||
DO_TEST_CAPS_VER("disk-network-sheepdog", "4.1.0");
|
||||
|
@ -57,7 +57,7 @@
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
|
||||
</disk>
|
||||
<disk type='network' device='disk'>
|
||||
<driver name='qemu' type='raw'/>
|
||||
<driver name='qemu' type='vmdk'/>
|
||||
<source protocol='rbd' name='pool/image2'>
|
||||
<host name='mon1.example.org' port='6321'/>
|
||||
<host name='mon2.example.org' port='6322'/>
|
||||
|
Loading…
Reference in New Issue
Block a user