[PATCH 02/11] qemuDomainValidateStorageSource: Reorganize encryption config validation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Move the two ad-hoc checks below into the block which already tests
whether encryption is requested.

If we first disallow the old-style qcow2 encryption we can remove a
whole block of validation later on.

Also the capability check for qcow2+luks can be simplified by moving it
into the same block.

Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
---
 src/qemu/qemu_domain.c | 55 +++++++++++++-----------------------------
 1 file changed, 17 insertions(+), 38 deletions(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 00c209313b..f3d9b2e48e 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -4821,25 +4821,6 @@ qemuDomainValidateStorageSource(virStorageSource *src,
         return -1;
     }

-    if ((src->format == VIR_STORAGE_FILE_QCOW ||
-         src->format == VIR_STORAGE_FILE_QCOW2) &&
-        src->encryption &&
-        (src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT ||
-         src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_QCOW)) {
-            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                           _("old qcow/qcow2 encryption is not supported"));
-            return -1;
-    }
-
-    if (src->format == VIR_STORAGE_FILE_QCOW2 &&
-        src->encryption &&
-        src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS &&
-        !virQEMUCapsGet(qemuCaps, QEMU_CAPS_QCOW2_LUKS)) {
-        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                       _("LUKS encrypted QCOW2 images are not supported by this QEMU"));
-        return -1;
-    }
-
     if (src->format == VIR_STORAGE_FILE_FAT &&
         actualType != VIR_STORAGE_TYPE_VOLUME &&
         actualType != VIR_STORAGE_TYPE_DIR) {
@@ -5019,6 +5000,13 @@ qemuDomainValidateStorageSource(virStorageSource *src,
     }

     if (src->encryption) {
+        if (src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT ||
+            src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_QCOW) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("old qcow/qcow2 encryption is not supported"));
+            return -1;
+        }
+
         switch (src->encryption->engine) {
             case VIR_STORAGE_ENCRYPTION_ENGINE_QEMU:
                 switch ((virStorageEncryptionFormatType) src->encryption->format) {
@@ -5040,38 +5028,29 @@ qemuDomainValidateStorageSource(virStorageSource *src,
                 }

                 break;
+
             case VIR_STORAGE_ENCRYPTION_ENGINE_LIBRBD:
                 if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_RBD_ENCRYPTION)) {
                     virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                                    _("librbd encryption is not supported by this QEMU binary"));
                     return -1;
                 }
-
-                switch ((virStorageEncryptionFormatType) src->encryption->format) {
-                    case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS:
-                    case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2:
-                        break;
-
-                    case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
-                        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                                       _("librbd encryption engine only supports luks/luks2 formats"));
-                        return -1;
-
-                    case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
-                    case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
-                    default:
-                        virReportEnumRangeError(virStorageEncryptionFormatType,
-                                                src->encryption->format);
-                        return -1;
-                }
-
                 break;
+
             case VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT:
             case VIR_STORAGE_ENCRYPTION_ENGINE_LAST:
                 virReportEnumRangeError(virStorageEncryptionEngine,
                                         src->encryption->engine);
                 return -1;
         }
+
+        if (src->format == VIR_STORAGE_FILE_QCOW2 &&
+            src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS &&
+            !virQEMUCapsGet(qemuCaps, QEMU_CAPS_QCOW2_LUKS)) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("LUKS encrypted QCOW2 images are not supported by this QEMU"));
+            return -1;
+        }
     }

     if (src->tlsHostname) {
-- 
2.35.1
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux