[PATCH 7/7] schema: secret: Relax requirements for usage name

Peter Krempa <pkrempa@xxxxxxxxxx> · Wed, 6 Jan 2021 17:58:01 +0100

There's plenty of existing documentation [1] which shows as example a
name which contains a space and a dot ('client.admin secret') as ceph
usage name.

Use a more relaxed type in the RNG schema since the usage name is
actually just a string used to look up the secret.

[1]:
https://docs.ceph.com/en/latest/rbd/libvirt/#configuring-the-vm
https://documentation.suse.com/ses/6/html/ses-all/cha-ceph-libvirt.html#ceph-libvirt-cfg-vm
Libvirt docs were correct though:
https://libvirt.org/formatsecret.html#CephUsageType

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1689168

Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
---
 docs/schemas/domaincommon.rng                 |  2 +-
 docs/schemas/secret.rng                       |  8 ++---
 .../disk-network-source-auth.args             |  8 ++++-
 ...isk-network-source-auth.x86_64-2.12.0.args |  9 ++++++
 ...isk-network-source-auth.x86_64-latest.args | 29 ++++++++++++++-----
 .../disk-network-source-auth.xml              | 12 ++++++++
 tests/qemuxml2argvtest.c                      |  3 +-
 .../disk-network-source-auth.xml              | 13 +++++++++
 tests/secretxml2xmlin/usage-ceph-space.xml    |  7 +++++
 tests/secretxml2xmltest.c                     |  1 +
 10 files changed, 77 insertions(+), 15 deletions(-)
 create mode 100644 tests/secretxml2xmlin/usage-ceph-space.xml

diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 4fc6a7ee7a..701db7e7d2 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -6261,7 +6261,7 @@
           <ref name="UUID"/>
         </attribute>
         <attribute name="usage">
-          <ref name="genericName"/>
+          <ref name="objectName"/>
         </attribute>
       </choice>
     </element>
diff --git a/docs/schemas/secret.rng b/docs/schemas/secret.rng
index 1aafe03e61..c90e2eb81f 100644
--- a/docs/schemas/secret.rng
+++ b/docs/schemas/secret.rng
@@ -60,7 +60,7 @@
       <value>ceph</value>
     </attribute>
     <element name="name">
-      <ref name="genericName"/>
+      <ref name="objectName"/>
     </element>
   </define>

@@ -69,7 +69,7 @@
       <value>iscsi</value>
     </attribute>
     <element name="target">
-      <ref name="genericName"/>
+      <ref name="objectName"/>
     </element>
   </define>

@@ -78,7 +78,7 @@
       <value>tls</value>
     </attribute>
     <element name="name">
-      <ref name="genericName"/>
+      <ref name="objectName"/>
     </element>
   </define>

@@ -87,7 +87,7 @@
       <value>vtpm</value>
     </attribute>
     <element name="name">
-      <ref name="genericName"/>
+      <ref name="objectName"/>
     </element>
   </define>

diff --git a/tests/qemuxml2argvdata/disk-network-source-auth.args b/tests/qemuxml2argvdata/disk-network-source-auth.args
index e68b81fde0..18d48b263f 100644
--- a/tests/qemuxml2argvdata/disk-network-source-auth.args
+++ b/tests/qemuxml2argvdata/disk-network-source-auth.args
@@ -35,4 +35,10 @@ key=QVFDVm41aE82SHpGQWhBQXEwTkN2OGp0SmNJY0UrSE9CbE1RMUE=:\
 auth_supported=cephx\;none:mon_host=mon1.example.org\:6321\;mon2.example.org\:\
 6322\;mon3.example.org\:6322,format=raw,if=none,id=drive-virtio-disk1' \
 -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk1,\
-id=virtio-disk1
+id=virtio-disk1 \
+-drive 'file=rbd:pool/image2:id=myname:\
+key=QVFDVm41aE82SHpGQWhBQXEwTkN2OGp0SmNJY0UrSE9CbE1RMUE=:\
+auth_supported=cephx\;none:mon_host=mon1.example.org\:6321\;mon2.example.org\:\
+6322\;mon3.example.org\:6322,format=raw,if=none,id=drive-virtio-disk2' \
+-device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk2,\
+id=virtio-disk2
diff --git a/tests/qemuxml2argvdata/disk-network-source-auth.x86_64-2.12.0.args b/tests/qemuxml2argvdata/disk-network-source-auth.x86_64-2.12.0.args
index 279d5c73ec..0ccf3df106 100644
--- a/tests/qemuxml2argvdata/disk-network-source-auth.x86_64-2.12.0.args
+++ b/tests/qemuxml2argvdata/disk-network-source-auth.x86_64-2.12.0.args
@@ -45,6 +45,15 @@ mon_host=mon1.example.org\:6321\;mon2.example.org\:6322\;mon3.example.org\:\
 id=drive-virtio-disk1' \
 -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x3,drive=drive-virtio-disk1,\
 id=virtio-disk1 \
+-object secret,id=virtio-disk2-auth-secret0,\
+data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
+keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
+-drive 'file=rbd:pool/image2:id=myname:auth_supported=cephx\;none:\
+mon_host=mon1.example.org\:6321\;mon2.example.org\:6322\;mon3.example.org\:\
+6322,file.password-secret=virtio-disk2-auth-secret0,format=raw,if=none,\
+id=drive-virtio-disk2' \
+-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=drive-virtio-disk2,\
+id=virtio-disk2 \
 -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\
 resourcecontrol=deny \
 -msg timestamp=on
diff --git a/tests/qemuxml2argvdata/disk-network-source-auth.x86_64-latest.args b/tests/qemuxml2argvdata/disk-network-source-auth.x86_64-latest.args
index 257ca1376c..879a52123c 100644
--- a/tests/qemuxml2argvdata/disk-network-source-auth.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/disk-network-source-auth.x86_64-latest.args
@@ -29,21 +29,34 @@ file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \
 -no-acpi \
 -boot strict=on \
 -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \
--object secret,id=libvirt-2-storage-auth-secret0,\
+-object secret,id=libvirt-3-storage-auth-secret0,\
 data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
 keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
 -blockdev '{"driver":"iscsi","portal":"example.org:6000",\
 "target":"iqn.1992-01.com.example:storage","lun":1,"transport":"tcp",\
-"user":"myname","password-secret":"libvirt-2-storage-auth-secret0",\
-"node-name":"libvirt-2-storage","auto-read-only":true,"discard":"unmap"}' \
+"user":"myname","password-secret":"libvirt-3-storage-auth-secret0",\
+"node-name":"libvirt-3-storage","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-3-format","read-only":false,"driver":"raw",\
+"file":"libvirt-3-storage"}' \
+-device virtio-blk-pci,bus=pci.0,addr=0x2,drive=libvirt-3-format,\
+id=virtio-disk0,bootindex=1 \
+-object secret,id=libvirt-2-storage-auth-secret0,\
+data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
+keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image",\
+"server":[{"host":"mon1.example.org","port":"6321"},{"host":"mon2.example.org",\
+"port":"6322"},{"host":"mon3.example.org","port":"6322"}],"user":"myname",\
+"auth-client-required":["cephx","none"],\
+"key-secret":"libvirt-2-storage-auth-secret0","node-name":"libvirt-2-storage",\
+"auto-read-only":true,"discard":"unmap"}' \
 -blockdev '{"node-name":"libvirt-2-format","read-only":false,"driver":"raw",\
 "file":"libvirt-2-storage"}' \
--device virtio-blk-pci,bus=pci.0,addr=0x2,drive=libvirt-2-format,\
-id=virtio-disk0,bootindex=1 \
+-device virtio-blk-pci,bus=pci.0,addr=0x3,drive=libvirt-2-format,\
+id=virtio-disk1 \
 -object secret,id=libvirt-1-storage-auth-secret0,\
 data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
 keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
--blockdev '{"driver":"rbd","pool":"pool","image":"image",\
+-blockdev '{"driver":"rbd","pool":"pool","image":"image2",\
 "server":[{"host":"mon1.example.org","port":"6321"},{"host":"mon2.example.org",\
 "port":"6322"},{"host":"mon3.example.org","port":"6322"}],"user":"myname",\
 "auth-client-required":["cephx","none"],\
@@ -51,8 +64,8 @@ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
 "auto-read-only":true,"discard":"unmap"}' \
 -blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw",\
 "file":"libvirt-1-storage"}' \
--device virtio-blk-pci,bus=pci.0,addr=0x3,drive=libvirt-1-format,\
-id=virtio-disk1 \
+-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=libvirt-1-format,\
+id=virtio-disk2 \
 -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\
 resourcecontrol=deny \
 -msg timestamp=on
diff --git a/tests/qemuxml2argvdata/disk-network-source-auth.xml b/tests/qemuxml2argvdata/disk-network-source-auth.xml
index 7cc5c96ae7..0f8d29070f 100644
--- a/tests/qemuxml2argvdata/disk-network-source-auth.xml
+++ b/tests/qemuxml2argvdata/disk-network-source-auth.xml
@@ -36,6 +36,18 @@
       </source>
       <target dev='vdb' bus='virtio'/>
     </disk>
+    <disk type='network' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source protocol='rbd' name='pool/image2'>
+        <host name='mon1.example.org' port='6321'/>
+        <host name='mon2.example.org' port='6322'/>
+        <host name='mon3.example.org' port='6322'/>
+        <auth username='myname'>
+          <secret type='ceph' usage='client.admin secret'/>
+        </auth>
+      </source>
+      <target dev='vdc' bus='virtio'/>
+    </disk>
     <controller type='usb' index='0'/>
     <controller type='pci' index='0' model='pci-root'/>
     <input type='mouse' bus='ps2'/>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index d2712e0dce..b63ba29739 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -64,7 +64,8 @@ fakeSecretLookupByUsage(virConnectPtr conn,
                            usageID);
             return NULL;
         }
-    } else if (STRNEQ(usageID, "mycluster_myname")) {
+    } else if (STRNEQ(usageID, "mycluster_myname") &&
+               STRNEQ(usageID, "client.admin secret")) {
         virReportError(VIR_ERR_INTERNAL_ERROR,
                        "test provided incorrect usage '%s'", usageID);
         return NULL;
diff --git a/tests/qemuxml2xmloutdata/disk-network-source-auth.xml b/tests/qemuxml2xmloutdata/disk-network-source-auth.xml
index b9f06448c1..d9c85c478d 100644
--- a/tests/qemuxml2xmloutdata/disk-network-source-auth.xml
+++ b/tests/qemuxml2xmloutdata/disk-network-source-auth.xml
@@ -38,6 +38,19 @@
       <target dev='vdb' bus='virtio'/>
       <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
     </disk>
+    <disk type='network' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source protocol='rbd' name='pool/image2'>
+        <host name='mon1.example.org' port='6321'/>
+        <host name='mon2.example.org' port='6322'/>
+        <host name='mon3.example.org' port='6322'/>
+        <auth username='myname'>
+          <secret type='ceph' usage='client.admin secret'/>
+        </auth>
+      </source>
+      <target dev='vdc' bus='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
+    </disk>
     <controller type='usb' index='0'>
       <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
     </controller>
diff --git a/tests/secretxml2xmlin/usage-ceph-space.xml b/tests/secretxml2xmlin/usage-ceph-space.xml
new file mode 100644
index 0000000000..557b12474d
--- /dev/null
+++ b/tests/secretxml2xmlin/usage-ceph-space.xml
@@ -0,0 +1,7 @@
+<secret ephemeral='no' private='yes'>
+  <uuid>f52a81b2-424e-490c-823d-6bd4235bc573</uuid>
+  <description>Ceph secret with space and dot</description>
+  <usage type='ceph'>
+    <name>client.admin secret</name>
+  </usage>
+</secret>
diff --git a/tests/secretxml2xmltest.c b/tests/secretxml2xmltest.c
index 9eb3c460e7..74a262e1e8 100644
--- a/tests/secretxml2xmltest.c
+++ b/tests/secretxml2xmltest.c
@@ -74,6 +74,7 @@ mymain(void)
     DO_TEST("ephemeral-usage-volume");
     DO_TEST("usage-volume");
     DO_TEST("usage-ceph");
+    DO_TEST("usage-ceph-space");
     DO_TEST("usage-iscsi");
     DO_TEST("usage-tls");
     DO_TEST("usage-vtpm");
-- 
2.29.2







