[PATCH v2 2/6] util: Introduce virQEMUBuildSecretObjectProps

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



A common way to build a qemu secret object to be used by qemu_command.c in
the short term and a bit longer term by storage_backend.c for qemu-img.

Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx>
---
 src/libvirt_private.syms |  1 +
 src/util/virqemu.c       | 69 ++++++++++++++++++++++++++++++++++++++++++++++++
 src/util/virqemu.h       |  8 ++++++
 3 files changed, 78 insertions(+)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index d25baae..e46172b 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2144,6 +2144,7 @@ virProcessWait;
 
 # util/virqemu.h
 virQEMUBuildObjectCommandlineFromJSON;
+virQEMUBuildSecretObjectProps;
 
 
 # util/virrandom.h
diff --git a/src/util/virqemu.c b/src/util/virqemu.c
index f87e20b..243fcbe 100644
--- a/src/util/virqemu.c
+++ b/src/util/virqemu.c
@@ -140,3 +140,72 @@ virQEMUBuildObjectCommandlineFromJSON(const char *type,
     virBufferFreeAndReset(&buf);
     return ret;
 }
+
+
+/**
+ * virQEMUBuildSecretObjectProps
+ * @data: Pointer to data string
+ * @isfile: Boolean to indicate whether data is raw data or a filepath string
+ * @fmt: Format for the data/file (may be NULL)
+ * @keyid: Master key alias id (may be NULL)
+ * @iv: Initialization vector (may be NULL)
+ * @propsret: location to store the created/built property object
+ *
+ * There's many ways to build a secret object for qemu depending on need,
+ *
+ *    -object secret,id=$alias,data=$data,format=base64
+ *    -object secret,id=$alias,file=$file[,format=base64]
+ *    -object secret,id=$alias,data=$data,keyid=$keyid,[iv=$iv],format=base64
+ *
+ * When a keyid and/or iv are provided, they are assumed to be base64 encoded
+ *
+ * Build the JSON object property thusly and return
+ *
+ * Returns 0 on success, -1 on failure w/ error set
+ */
+int
+virQEMUBuildSecretObjectProps(const char *data,
+                              bool isfile,
+                              const char *fmt,
+                              const char *keyid,
+                              const char *iv,
+                              virJSONValuePtr *propsret)
+{
+    /* Don't allow a construct such as:
+     *    -object secret,id=$alias,data=$data
+     * It could provide a raw, text secret on the command line
+     */
+    if (!isfile && STREQ_NULLABLE(fmt, "raw")) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("cannot provide a raw data secret"));
+        return -1;
+    }
+
+    if (!(*propsret = virJSONValueNewObject()))
+        return -1;
+
+    if (isfile) {
+        if (virJSONValueObjectAdd(*propsret, "s:file", data, NULL) < 0)
+            goto error;
+    } else  {
+        if (virJSONValueObjectAdd(*propsret, "s:data", data, NULL) < 0)
+            goto error;
+    }
+
+    if (keyid && virJSONValueObjectAdd(*propsret, "s:keyid", keyid, NULL) < 0)
+        goto error;
+
+    if (iv && virJSONValueObjectAdd(*propsret, "s:iv", iv, NULL) < 0)
+        goto error;
+
+    /* NB: QEMU will assume "raw" when fmt not provided! */
+    if (fmt && virJSONValueObjectAdd(*propsret, "s:format", fmt, NULL) < 0)
+        goto error;
+
+    return 0;
+
+ error:
+    virJSONValueFree(*propsret);
+
+    return -1;
+}
diff --git a/src/util/virqemu.h b/src/util/virqemu.h
index 0a72202..dedde3c 100644
--- a/src/util/virqemu.h
+++ b/src/util/virqemu.h
@@ -31,4 +31,12 @@ char *virQEMUBuildObjectCommandlineFromJSON(const char *type,
                                             const char *alias,
                                             virJSONValuePtr props);
 
+int virQEMUBuildSecretObjectProps(const char *data,
+                                  bool isfile,
+                                  const char *fmt,
+                                  const char *keyid,
+                                  const char *iv,
+                                  virJSONValuePtr *propsret)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_RETURN_CHECK;
+
 #endif /* __VIR_QEMU_H_ */
-- 
2.5.5

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]