[PATCH v2 07/14] conf: Add/Allow parsing the encryption in the disk source

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Since the virStorageEncryptionPtr encryption; is a member of
 _virStorageSource it really should be allowed to be a subelement
of the disk <source> for various disk formats:

   Source{File|Dir|Block|Volume}
   SourceProtocol{RBD|ISCSI|NBD|Gluster|Simple|HTTP}

NB: Simple includes sheepdog, ftp, ftps, tftp

That way we can set up to allow the <encryption> element to be
formatted within the disk source.

For now just allow the format in the RNG and read it in domain_conf.

Modify the qemuxml2argvtest to add a parse failure when there is an
<encryption> as a child of <disk> *and* an <encryption> as a child
of <source>.

The virschematest will read the new test files and validate from a
RNG viewpoint things are fine. The luks-disks-source file has various
formats to test, but not all valid/invalid.

Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx>
---
 docs/schemas/domaincommon.rng                      | 30 ++++++++
 src/conf/domain_conf.c                             | 56 +++++++++++++--
 .../qemuxml2argv-luks-disks-source-both.xml        | 40 +++++++++++
 .../qemuxml2argv-luks-disks-source.xml             | 81 ++++++++++++++++++++++
 tests/qemuxml2argvtest.c                           |  1 +
 5 files changed, 202 insertions(+), 6 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source-both.xml
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.xml

diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 139f1eea2..d1ef25b7b 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -1469,6 +1469,9 @@
         <optional>
           <ref name="storageStartupPolicy"/>
         </optional>
+        <optional>
+          <ref name="encryption"/>
+        </optional>
         <zeroOrMore>
           <ref name='devSeclabel'/>
         </zeroOrMore>
@@ -1490,6 +1493,9 @@
         <optional>
           <ref name="storageStartupPolicy"/>
         </optional>
+        <optional>
+          <ref name="encryption"/>
+        </optional>
         <zeroOrMore>
           <ref name='devSeclabel'/>
         </zeroOrMore>
@@ -1509,6 +1515,9 @@
         <optional>
           <ref name="storageStartupPolicy"/>
         </optional>
+        <optional>
+          <ref name="encryption"/>
+        </optional>
         <empty/>
       </element>
     </optional>
@@ -1581,6 +1590,9 @@
         <optional>
           <ref name="diskAuth"/>
         </optional>
+        <optional>
+          <ref name="encryption"/>
+        </optional>
         <empty/>
       </interleave>
     </element>
@@ -1598,6 +1610,9 @@
       <optional>
         <ref name="diskAuth"/>
       </optional>
+      <optional>
+        <ref name="encryption"/>
+      </optional>
     </element>
   </define>
 
@@ -1611,6 +1626,9 @@
       </attribute>
       <attribute name="name"/>
       <ref name="diskSourceNetworkHost"/>
+      <optional>
+        <ref name="encryption"/>
+      </optional>
     </element>
   </define>
 
@@ -1626,6 +1644,9 @@
       </attribute>
       <attribute name="name"/>
       <ref name="diskSourceNetworkHost"/>
+      <optional>
+        <ref name="encryption"/>
+      </optional>
     </element>
   </define>
 
@@ -1638,6 +1659,9 @@
         <attribute name="name"/>
       </optional>
       <ref name="diskSourceNetworkHost"/>
+      <optional>
+        <ref name="encryption"/>
+      </optional>
     </element>
   </define>
 
@@ -1650,6 +1674,9 @@
       <oneOrMore>
         <ref name="diskSourceNetworkHost"/>
       </oneOrMore>
+      <optional>
+        <ref name="encryption"/>
+      </optional>
     </element>
   </define>
 
@@ -1690,6 +1717,9 @@
         <optional>
           <ref name="storageStartupPolicy"/>
         </optional>
+        <optional>
+          <ref name="encryption"/>
+        </optional>
         <zeroOrMore>
           <ref name='devSeclabel'/>
         </zeroOrMore>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index a3900488f..2a52462d0 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -8135,6 +8135,29 @@ virDomainDiskSourceAuthParse(xmlNodePtr node,
 }
 
 
+static int
+virDomainDiskSourceEncryptionParse(xmlNodePtr node,
+                                   virStorageEncryptionPtr *encryptionsrc)
+{
+    xmlNodePtr child;
+    virStorageEncryptionPtr encryption = NULL;
+
+    for (child = node->children; child; child = child->next) {
+        if (child->type == XML_ELEMENT_NODE &&
+            virXMLNodeNameEqual(child, "encryption")) {
+
+            if (!(encryption = virStorageEncryptionParseNode(node->doc, child)))
+                return -1;
+
+            *encryptionsrc = encryption;
+            return 0;
+        }
+    }
+
+    return 0;
+}
+
+
 int
 virDomainDiskSourceParse(xmlNodePtr node,
                          xmlXPathContextPtr ctxt,
@@ -8224,6 +8247,9 @@ virDomainDiskSourceParse(xmlNodePtr node,
     if (virDomainDiskSourceAuthParse(node, &src->auth) < 0)
         goto cleanup;
 
+    if (virDomainDiskSourceEncryptionParse(node, &src->encryption) < 0)
+        goto cleanup;
+
     /* People sometimes pass a bogus '' source path when they mean to omit the
      * source element completely (e.g. CDROM without media). This is just a
      * little compatibility check to help those broken apps */
@@ -8798,6 +8824,7 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt,
     char *bus = NULL;
     char *devaddr = NULL;
     virStorageEncryptionPtr encryption = NULL;
+    bool diskEncryption = false;
     char *serial = NULL;
     char *startupPolicy = NULL;
     virStorageAuthDefPtr authdef = NULL;
@@ -8861,6 +8888,15 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt,
                 goto error;
             }
 
+            /* Similarly for <encryption> - it's a child of <source> too
+             * and we cannot find in both places */
+            if (diskEncryption && def->src->encryption) {
+                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                               _("an <encryption> definition already found for "
+                                 "the <disk> definition"));
+                goto error;
+            }
+
             source = true;
 
             startupPolicy = virXMLPropString(cur, "startupPolicy");
@@ -8943,12 +8979,20 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt,
                    virXMLNodeNameEqual(cur, "state")) {
             /* Legacy back-compat. Don't add any more attributes here */
             devaddr = virXMLPropString(cur, "devaddr");
-        } else if (encryption == NULL &&
+        } else if (!diskEncryption &&
                    virXMLNodeNameEqual(cur, "encryption")) {
-            encryption = virStorageEncryptionParseNode(node->doc,
-                                                       cur);
-            if (encryption == NULL)
+            diskEncryption = true;
+            if (!(encryption = virStorageEncryptionParseNode(node->doc, cur)))
                 goto error;
+
+            /* If we've already parsed <source> and found an <encryption> child,
+             * then generate an error to avoid ambiguity */
+            if (source && def->src->encryption) {
+                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                               _("an <encryption> definition already found for "
+                                 "disk source"));
+                goto error;
+            }
         } else if (!serial &&
                    virXMLNodeNameEqual(cur, "serial")) {
             serial = (char *)xmlNodeGetContent(cur);
@@ -9165,8 +9209,8 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt,
     target = NULL;
     if (diskAuth)
         VIR_STEAL_PTR(def->src->auth, authdef);
-    def->src->encryption = encryption;
-    encryption = NULL;
+    if (diskEncryption)
+        VIR_STEAL_PTR(def->src->encryption, encryption);
     def->domain_name = domain_name;
     domain_name = NULL;
     def->serial = serial;
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source-both.xml b/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source-both.xml
new file mode 100644
index 000000000..c4b762a1e
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source-both.xml
@@ -0,0 +1,40 @@
+<domain type='qemu'>
+  <name>encryptdisk</name>
+  <uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
+  <memory unit='KiB'>1048576</memory>
+  <currentMemory unit='KiB'>524288</currentMemory>
+  <vcpu placement='static'>1</vcpu>
+  <os>
+    <type arch='x86_64' machine='pc-i440fx-2.1'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source file='/storage/guest_disks/encryptdisk'>
+        <encryption format='luks'>
+          <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
+        </encryption>
+      </source>
+      <target dev='vda' bus='virtio'/>
+      <encryption format='luks'>
+        <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
+      </encryption>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
+    </disk>
+    <controller type='usb' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
+    </controller>
+    <controller type='pci' index='0' model='pci-root'/>
+    <input type='mouse' bus='ps2'/>
+    <input type='keyboard' bus='ps2'/>
+    <memballoon model='virtio'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+    </memballoon>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.xml b/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.xml
new file mode 100644
index 000000000..293877df9
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.xml
@@ -0,0 +1,81 @@
+<domain type='qemu'>
+  <name>encryptdisk</name>
+  <uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
+  <memory unit='KiB'>1048576</memory>
+  <currentMemory unit='KiB'>524288</currentMemory>
+  <vcpu placement='static'>1</vcpu>
+  <os>
+    <type arch='x86_64' machine='pc-i440fx-2.1'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source file='/storage/guest_disks/encryptdisk'>
+        <encryption format='luks'>
+          <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
+        </encryption>
+      </source>
+      <target dev='vda' bus='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
+    </disk>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source file='/storage/guest_disks/encryptdisk2'>
+        <encryption format='luks'>
+          <secret type='passphrase' usage='/storage/guest_disks/encryptdisk2'/>
+        </encryption>
+      </source>
+      <target dev='vdb' bus='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
+    </disk>
+    <disk type='network' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source protocol='iscsi' name='iqn.1992-01.com.example:storage/1'>
+        <host name='example.org' port='6000'/>
+        <auth username='myname'>
+          <secret type='iscsi' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80e80'/>
+        </auth>
+        <encryption format='luks'>
+          <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f77'/>
+        </encryption>
+      </source>
+      <target dev='vdc' bus='virtio'/>
+    </disk>
+    <disk type='volume' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source pool='pool-iscsi' volume='unit:0:0:3' mode='direct'>
+        <encryption format='luks'>
+          <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80f80'/>
+        </encryption>
+      </source>
+      <target dev='vdd' bus='virtio'/>
+    </disk>
+    <disk type='network' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source protocol='rbd' name='pool/image'>
+        <host name='mon1.example.org' port='6321'/>
+        <host name='mon2.example.org' port='6322'/>
+        <host name='mon3.example.org' port='6322'/>
+        <encryption format='luks'>
+          <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev='vde' bus='virtio'/>
+    </disk>
+    <controller type='usb' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
+    </controller>
+    <controller type='pci' index='0' model='pci-root'/>
+    <input type='mouse' bus='ps2'/>
+    <input type='keyboard' bus='ps2'/>
+    <memballoon model='virtio'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+    </memballoon>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 69548cc15..9a8caaa38 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1652,6 +1652,7 @@ mymain(void)
     DO_TEST_FAILURE("luks-disks", QEMU_CAPS_OBJECT_SECRET);
 # endif
     DO_TEST_PARSE_ERROR("luks-disk-invalid", NONE);
+    DO_TEST_PARSE_ERROR("luks-disks-source-both", QEMU_CAPS_OBJECT_SECRET);
 
     DO_TEST("memtune", NONE);
     DO_TEST("memtune-unlimited", NONE);
-- 
2.13.5

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]
  Powered by Linux