mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 17:34:18 +03:00
qemu: add support for multiple secret aliases
Change secret aliases from %s-%s-secret0 to %s-%s-secret%lu, which will later be used for storage encryption requiring more than a single secret. Signed-off-by: Or Ozeri <oro@il.ibm.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
This commit is contained in:
parent
6c34f19334
commit
e239f7d0a8
@ -813,17 +813,19 @@ qemuDomainGetMasterKeyAlias(void)
|
||||
/* qemuAliasForSecret:
|
||||
* @parentalias: alias of the parent object
|
||||
* @obj: optional sub-object of the parent device the secret is for
|
||||
* @secret_idx: secret index number (0 in the case of a single secret)
|
||||
*
|
||||
* Generate alias for a secret object used by @parentalias device or one of
|
||||
* the dependencies of the device described by @obj.
|
||||
*/
|
||||
char *
|
||||
qemuAliasForSecret(const char *parentalias,
|
||||
const char *obj)
|
||||
const char *obj,
|
||||
size_t secret_idx)
|
||||
{
|
||||
if (obj)
|
||||
return g_strdup_printf("%s-%s-secret0", parentalias, obj);
|
||||
return g_strdup_printf("%s-secret0", parentalias);
|
||||
return g_strdup_printf("%s-%s-secret%lu", parentalias, obj, secret_idx);
|
||||
return g_strdup_printf("%s-secret%lu", parentalias, secret_idx);
|
||||
}
|
||||
|
||||
/* qemuAliasTLSObjFromSrcAlias
|
||||
|
@ -86,7 +86,8 @@ char *qemuAliasFromHostdev(const virDomainHostdevDef *hostdev);
|
||||
char *qemuDomainGetMasterKeyAlias(void);
|
||||
|
||||
char *qemuAliasForSecret(const char *parentalias,
|
||||
const char *obj);
|
||||
const char *obj,
|
||||
size_t secret_idx);
|
||||
|
||||
char *qemuAliasTLSObjFromSrcAlias(const char *srcAlias)
|
||||
ATTRIBUTE_NONNULL(1);
|
||||
|
@ -1317,6 +1317,7 @@ qemuDomainSecretInfoSetup(qemuDomainObjPrivate *priv,
|
||||
* @priv: pointer to domain private object
|
||||
* @srcalias: Alias of the disk/hostdev used to generate the secret alias
|
||||
* @secretuse: specific usage for the secret (may be NULL if main object is using it)
|
||||
* @secret_idx: secret index number (0 in the case of a single secret)
|
||||
* @usageType: The virSecretUsageType
|
||||
* @username: username to use for authentication (may be NULL)
|
||||
* @seclookupdef: Pointer to seclookupdef data
|
||||
@ -1329,12 +1330,13 @@ static qemuDomainSecretInfo *
|
||||
qemuDomainSecretInfoSetupFromSecret(qemuDomainObjPrivate *priv,
|
||||
const char *srcalias,
|
||||
const char *secretuse,
|
||||
size_t secret_idx,
|
||||
virSecretUsageType usageType,
|
||||
const char *username,
|
||||
virSecretLookupTypeDef *seclookupdef)
|
||||
{
|
||||
qemuDomainSecretInfo *secinfo;
|
||||
g_autofree char *alias = qemuAliasForSecret(srcalias, secretuse);
|
||||
g_autofree char *alias = qemuAliasForSecret(srcalias, secretuse, secret_idx);
|
||||
g_autofree uint8_t *secret = NULL;
|
||||
size_t secretlen = 0;
|
||||
VIR_IDENTITY_AUTORESTORE virIdentity *oldident = virIdentityElevateCurrent();
|
||||
@ -1384,7 +1386,7 @@ qemuDomainSecretInfoTLSNew(qemuDomainObjPrivate *priv,
|
||||
}
|
||||
seclookupdef.type = VIR_SECRET_LOOKUP_TYPE_UUID;
|
||||
|
||||
return qemuDomainSecretInfoSetupFromSecret(priv, srcAlias, NULL,
|
||||
return qemuDomainSecretInfoSetupFromSecret(priv, srcAlias, NULL, 0,
|
||||
VIR_SECRET_USAGE_TYPE_TLS,
|
||||
NULL, &seclookupdef);
|
||||
}
|
||||
@ -1411,7 +1413,7 @@ qemuDomainSecretStorageSourcePrepareCookies(qemuDomainObjPrivate *priv,
|
||||
virStorageSource *src,
|
||||
const char *aliasprotocol)
|
||||
{
|
||||
g_autofree char *secretalias = qemuAliasForSecret(aliasprotocol, "httpcookie");
|
||||
g_autofree char *secretalias = qemuAliasForSecret(aliasprotocol, "httpcookie", 0);
|
||||
g_autofree char *cookies = qemuBlockStorageSourceGetCookieString(src);
|
||||
|
||||
return qemuDomainSecretInfoSetup(priv, secretalias, NULL,
|
||||
@ -1460,7 +1462,7 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivate *priv,
|
||||
usageType = VIR_SECRET_USAGE_TYPE_CEPH;
|
||||
|
||||
if (!(srcPriv->secinfo = qemuDomainSecretInfoSetupFromSecret(priv, aliasprotocol,
|
||||
"auth",
|
||||
"auth", 0,
|
||||
usageType,
|
||||
src->auth->username,
|
||||
&src->auth->seclookupdef)))
|
||||
@ -1469,7 +1471,7 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivate *priv,
|
||||
|
||||
if (hasEnc) {
|
||||
if (!(srcPriv->encinfo = qemuDomainSecretInfoSetupFromSecret(priv, aliasformat,
|
||||
"encryption",
|
||||
"encryption", 0,
|
||||
VIR_SECRET_USAGE_TYPE_VOLUME,
|
||||
NULL,
|
||||
&src->encryption->secrets[0]->seclookupdef)))
|
||||
@ -11185,7 +11187,7 @@ qemuDomainPrepareHostdev(virDomainHostdevDef *hostdev,
|
||||
|
||||
if (!(srcPriv->secinfo = qemuDomainSecretInfoSetupFromSecret(priv,
|
||||
backendalias,
|
||||
NULL,
|
||||
NULL, 0,
|
||||
usageType,
|
||||
src->auth->username,
|
||||
&src->auth->seclookupdef)))
|
||||
|
@ -1753,7 +1753,7 @@ qemuDomainDelChardevTLSObjects(virQEMUDriver *driver,
|
||||
* secret UUID and we have a serial TCP chardev, then formulate a
|
||||
* secAlias which we'll attempt to destroy. */
|
||||
if (cfg->chardevTLSx509secretUUID &&
|
||||
!(secAlias = qemuAliasForSecret(inAlias, NULL)))
|
||||
!(secAlias = qemuAliasForSecret(inAlias, NULL, 0)))
|
||||
return -1;
|
||||
|
||||
qemuDomainObjEnterMonitor(vm);
|
||||
|
@ -1129,7 +1129,7 @@ qemuMigrationParamsResetTLS(virDomainObj *vm,
|
||||
return;
|
||||
|
||||
tlsAlias = qemuAliasTLSObjFromSrcAlias(QEMU_MIGRATION_TLS_ALIAS_BASE);
|
||||
secAlias = qemuAliasForSecret(QEMU_MIGRATION_TLS_ALIAS_BASE, NULL);
|
||||
secAlias = qemuAliasForSecret(QEMU_MIGRATION_TLS_ALIAS_BASE, NULL, 0);
|
||||
|
||||
qemuDomainDelTLSObjects(vm, asyncJob, secAlias, tlsAlias);
|
||||
g_clear_pointer(&QEMU_DOMAIN_PRIVATE(vm)->migSecinfo, qemuDomainSecretInfoFree);
|
||||
|
Loading…
Reference in New Issue
Block a user