A common way to build a qemu secret object to be used by qemu_command.c in
the short term and a bit longer term by storage_backend.c for qemu-img.
Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx>
---
src/libvirt_private.syms | 1 +
src/util/virqemu.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++++
src/util/virqemu.h | 8 ++++++
3 files changed, 78 insertions(+)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index d25baae..e46172b 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2144,6 +2144,7 @@ virProcessWait;
# util/virqemu.h
virQEMUBuildObjectCommandlineFromJSON;
+virQEMUBuildSecretObjectProps;
# util/virrandom.h
diff --git a/src/util/virqemu.c b/src/util/virqemu.c
index f87e20b..243fcbe 100644
--- a/src/util/virqemu.c
+++ b/src/util/virqemu.c
@@ -140,3 +140,72 @@ virQEMUBuildObjectCommandlineFromJSON(const char *type,
virBufferFreeAndReset(&buf);
return ret;
}
+
+
+/**
+ * virQEMUBuildSecretObjectProps
+ * @data: Pointer to data string
+ * @isfile: Boolean to indicate whether data is raw data or a filepath string
+ * @fmt: Format for the data/file (may be NULL)
+ * @keyid: Master key alias id (may be NULL)
+ * @iv: Initialization vector (may be NULL)
+ * @propsret: location to store the created/built property object
+ *
+ * There's many ways to build a secret object for qemu depending on need,
+ *
+ * -object secret,id=$alias,data=$data,format=base64
+ * -object secret,id=$alias,file=$file[,format=base64]
+ * -object secret,id=$alias,data=$data,keyid=$keyid,[iv=$iv],format=base64
+ *
+ * When a keyid and/or iv are provided, they are assumed to be base64 encoded
+ *
+ * Build the JSON object property thusly and return
+ *
+ * Returns 0 on success, -1 on failure w/ error set
+ */
+int
+virQEMUBuildSecretObjectProps(const char *data,
+ bool isfile,
+ const char *fmt,
+ const char *keyid,
+ const char *iv,
+ virJSONValuePtr *propsret)
+{
+ /* Don't allow a construct such as:
+ * -object secret,id=$alias,data=$data
+ * It could provide a raw, text secret on the command line
+ */
+ if (!isfile && STREQ_NULLABLE(fmt, "raw")) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("cannot provide a raw data secret"));
+ return -1;
+ }
+
+ if (!(*propsret = virJSONValueNewObject()))
+ return -1;
+
+ if (isfile) {
+ if (virJSONValueObjectAdd(*propsret, "s:file", data, NULL) < 0)
+ goto error;
+ } else {
+ if (virJSONValueObjectAdd(*propsret, "s:data", data, NULL) < 0)
+ goto error;
+ }
+
+ if (keyid && virJSONValueObjectAdd(*propsret, "s:keyid", keyid, NULL) < 0)
+ goto error;
+
+ if (iv && virJSONValueObjectAdd(*propsret, "s:iv", iv, NULL) < 0)
+ goto error;
+
+ /* NB: QEMU will assume "raw" when fmt not provided! */
+ if (fmt && virJSONValueObjectAdd(*propsret, "s:format", fmt, NULL) < 0)
+ goto error;
+
+ return 0;
+
+ error:
+ virJSONValueFree(*propsret);
+
+ return -1;
+}
diff --git a/src/util/virqemu.h b/src/util/virqemu.h
index 0a72202..dedde3c 100644
--- a/src/util/virqemu.h
+++ b/src/util/virqemu.h
@@ -31,4 +31,12 @@ char *virQEMUBuildObjectCommandlineFromJSON(const char *type,
const char *alias,
virJSONValuePtr props);
+int virQEMUBuildSecretObjectProps(const char *data,
+ bool isfile,
+ const char *fmt,
+ const char *keyid,
+ const char *iv,
+ virJSONValuePtr *propsret)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_RETURN_CHECK;
+
#endif /* __VIR_QEMU_H_ */
--
2.5.5
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list