1
0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-22 17:34:18 +03:00

qemu: add support for multiple secret aliases

Change secret aliases from %s-%s-secret0 to %s-%s-secret%lu,
which will later be used for storage encryption requiring more
than a single secret.

Signed-off-by: Or Ozeri <oro@il.ibm.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
This commit is contained in:
Or Ozeri 2023-03-13 04:50:18 -05:00 committed by Peter Krempa
parent 6c34f19334
commit e239f7d0a8
5 changed files with 17 additions and 12 deletions

View File

@ -813,17 +813,19 @@ qemuDomainGetMasterKeyAlias(void)
/* qemuAliasForSecret:
* @parentalias: alias of the parent object
* @obj: optional sub-object of the parent device the secret is for
* @secret_idx: secret index number (0 in the case of a single secret)
*
* Generate alias for a secret object used by @parentalias device or one of
* the dependencies of the device described by @obj.
*/
char *
qemuAliasForSecret(const char *parentalias,
const char *obj)
const char *obj,
size_t secret_idx)
{
if (obj)
return g_strdup_printf("%s-%s-secret0", parentalias, obj);
return g_strdup_printf("%s-secret0", parentalias);
return g_strdup_printf("%s-%s-secret%lu", parentalias, obj, secret_idx);
return g_strdup_printf("%s-secret%lu", parentalias, secret_idx);
}
/* qemuAliasTLSObjFromSrcAlias

View File

@ -86,7 +86,8 @@ char *qemuAliasFromHostdev(const virDomainHostdevDef *hostdev);
char *qemuDomainGetMasterKeyAlias(void);
char *qemuAliasForSecret(const char *parentalias,
const char *obj);
const char *obj,
size_t secret_idx);
char *qemuAliasTLSObjFromSrcAlias(const char *srcAlias)
ATTRIBUTE_NONNULL(1);

View File

@ -1317,6 +1317,7 @@ qemuDomainSecretInfoSetup(qemuDomainObjPrivate *priv,
* @priv: pointer to domain private object
* @srcalias: Alias of the disk/hostdev used to generate the secret alias
* @secretuse: specific usage for the secret (may be NULL if main object is using it)
* @secret_idx: secret index number (0 in the case of a single secret)
* @usageType: The virSecretUsageType
* @username: username to use for authentication (may be NULL)
* @seclookupdef: Pointer to seclookupdef data
@ -1329,12 +1330,13 @@ static qemuDomainSecretInfo *
qemuDomainSecretInfoSetupFromSecret(qemuDomainObjPrivate *priv,
const char *srcalias,
const char *secretuse,
size_t secret_idx,
virSecretUsageType usageType,
const char *username,
virSecretLookupTypeDef *seclookupdef)
{
qemuDomainSecretInfo *secinfo;
g_autofree char *alias = qemuAliasForSecret(srcalias, secretuse);
g_autofree char *alias = qemuAliasForSecret(srcalias, secretuse, secret_idx);
g_autofree uint8_t *secret = NULL;
size_t secretlen = 0;
VIR_IDENTITY_AUTORESTORE virIdentity *oldident = virIdentityElevateCurrent();
@ -1384,7 +1386,7 @@ qemuDomainSecretInfoTLSNew(qemuDomainObjPrivate *priv,
}
seclookupdef.type = VIR_SECRET_LOOKUP_TYPE_UUID;
return qemuDomainSecretInfoSetupFromSecret(priv, srcAlias, NULL,
return qemuDomainSecretInfoSetupFromSecret(priv, srcAlias, NULL, 0,
VIR_SECRET_USAGE_TYPE_TLS,
NULL, &seclookupdef);
}
@ -1411,7 +1413,7 @@ qemuDomainSecretStorageSourcePrepareCookies(qemuDomainObjPrivate *priv,
virStorageSource *src,
const char *aliasprotocol)
{
g_autofree char *secretalias = qemuAliasForSecret(aliasprotocol, "httpcookie");
g_autofree char *secretalias = qemuAliasForSecret(aliasprotocol, "httpcookie", 0);
g_autofree char *cookies = qemuBlockStorageSourceGetCookieString(src);
return qemuDomainSecretInfoSetup(priv, secretalias, NULL,
@ -1460,7 +1462,7 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivate *priv,
usageType = VIR_SECRET_USAGE_TYPE_CEPH;
if (!(srcPriv->secinfo = qemuDomainSecretInfoSetupFromSecret(priv, aliasprotocol,
"auth",
"auth", 0,
usageType,
src->auth->username,
&src->auth->seclookupdef)))
@ -1469,7 +1471,7 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivate *priv,
if (hasEnc) {
if (!(srcPriv->encinfo = qemuDomainSecretInfoSetupFromSecret(priv, aliasformat,
"encryption",
"encryption", 0,
VIR_SECRET_USAGE_TYPE_VOLUME,
NULL,
&src->encryption->secrets[0]->seclookupdef)))
@ -11185,7 +11187,7 @@ qemuDomainPrepareHostdev(virDomainHostdevDef *hostdev,
if (!(srcPriv->secinfo = qemuDomainSecretInfoSetupFromSecret(priv,
backendalias,
NULL,
NULL, 0,
usageType,
src->auth->username,
&src->auth->seclookupdef)))

View File

@ -1753,7 +1753,7 @@ qemuDomainDelChardevTLSObjects(virQEMUDriver *driver,
* secret UUID and we have a serial TCP chardev, then formulate a
* secAlias which we'll attempt to destroy. */
if (cfg->chardevTLSx509secretUUID &&
!(secAlias = qemuAliasForSecret(inAlias, NULL)))
!(secAlias = qemuAliasForSecret(inAlias, NULL, 0)))
return -1;
qemuDomainObjEnterMonitor(vm);

View File

@ -1129,7 +1129,7 @@ qemuMigrationParamsResetTLS(virDomainObj *vm,
return;
tlsAlias = qemuAliasTLSObjFromSrcAlias(QEMU_MIGRATION_TLS_ALIAS_BASE);
secAlias = qemuAliasForSecret(QEMU_MIGRATION_TLS_ALIAS_BASE, NULL);
secAlias = qemuAliasForSecret(QEMU_MIGRATION_TLS_ALIAS_BASE, NULL, 0);
qemuDomainDelTLSObjects(vm, asyncJob, secAlias, tlsAlias);
g_clear_pointer(&QEMU_DOMAIN_PRIVATE(vm)->migSecinfo, qemuDomainSecretInfoFree);