[PATCH 12/13] domain: parse XML for iscsi authorization credentials

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
---
 docs/formatdomain.html.in                          | 12 ++++-----
 docs/schemas/domaincommon.rng                      |  1 +
 src/conf/domain_conf.c                             | 31 ++++++++++++++++------
 .../qemuxml2argv-disk-drive-network-iscsi-auth.xml | 31 ++++++++++++++++++++++
 tests/qemuxml2xmltest.c                            |  1 +
 5 files changed, 62 insertions(+), 14 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth.xml

diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index c590427..0906fe9 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -1760,12 +1760,12 @@
         holds the actual password or other credentials (the domain XML
         intentionally does not expose the password, only the reference
         to the object that does manage the password).  For now, the
-        only known secret <code>type</code> is "ceph", for Ceph RBD
-        network sources, and requires either an
-        attribute <code>uuid</code> with the UUID of the Ceph secret
-        object, or an attribute <code>usage</code> with the name
-        associated with the Ceph secret
-        object.  <span class="since">libvirt 0.9.7</span>
+        known secret <code>type</code>s are "ceph", for Ceph RBD
+        network sources, and "iscsi", for CHAP authentication of iSCSI
+        targets.  Both require either a <code>uuid</code> attribute
+        with the UUID of the secret object, or a <code>usage</code>
+        attribute matching the key that was specified in the
+        secret object.  <span class="since">libvirt 0.9.7</span>
       </dd>
       <dt><code>geometry</code></dt>
       <dd>The optional <code>geometry</code> element provides the
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index b8c4503..6f85e84 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -3592,6 +3592,7 @@
       <attribute name='type'>
         <choice>
           <value>ceph</value>
+          <value>iscsi</value>
         </choice>
       </attribute>
       <choice>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 71da694..e4c3e67 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -3885,6 +3885,8 @@ virDomainDiskDefParseXML(virCapsPtr caps,
     char *wwn = NULL;
     char *vendor = NULL;
     char *product = NULL;
+    int expected_secret_usage = -1;
+    int auth_secret_usage = -1;
 
     if (VIR_ALLOC(def) < 0) {
         virReportOOMError();
@@ -3922,7 +3924,6 @@ virDomainDiskDefParseXML(virCapsPtr caps,
         if (cur->type == XML_ELEMENT_NODE) {
             if (!source && !hosts &&
                 xmlStrEqual(cur->name, BAD_CAST "source")) {
-
                 sourceNode = cur;
 
                 switch (def->type) {
@@ -3958,6 +3959,9 @@ virDomainDiskDefParseXML(virCapsPtr caps,
                                            _("invalid logical unit number"));
                             goto error;
                         }
+                        expected_secret_usage = VIR_SECRET_USAGE_TYPE_ISCSI;
+                    } else if (def->protocol == VIR_DOMAIN_DISK_PROTOCOL_RBD) {
+                        expected_secret_usage = VIR_SECRET_USAGE_TYPE_CEPH;
                     }
                     if (!(source = virXMLPropString(cur, "name")) &&
                         def->protocol != VIR_DOMAIN_DISK_PROTOCOL_NBD) {
@@ -4144,8 +4148,9 @@ virDomainDiskDefParseXML(virCapsPtr caps,
                                            _("missing type for secret"));
                             goto error;
                         }
-                        if (virSecretUsageTypeTypeFromString(usageType) !=
-                            VIR_SECRET_USAGE_TYPE_CEPH) {
+                        auth_secret_usage =
+                            virSecretUsageTypeTypeFromString(usageType);
+                        if (auth_secret_usage < 0) {
                             virReportError(VIR_ERR_XML_ERROR,
                                            _("invalid secret type %s"),
                                            usageType);
@@ -4295,6 +4300,13 @@ virDomainDiskDefParseXML(virCapsPtr caps,
         cur = cur->next;
     }
 
+    if (auth_secret_usage != -1 && auth_secret_usage != expected_secret_usage) {
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("invalid secret type '%s'"),
+                       virSecretUsageTypeTypeToString(auth_secret_usage));
+        goto error;
+    }
+
     device = virXMLPropString(node, "device");
     if (device) {
         if ((def->device = virDomainDiskDeviceTypeFromString(device)) < 0) {
@@ -12500,15 +12512,18 @@ virDomainDiskDefFormat(virBufferPtr buf,
     if (def->auth.username) {
         virBufferEscapeString(buf, "      <auth username='%s'>\n",
                               def->auth.username);
+        if (def->protocol == VIR_DOMAIN_DISK_PROTOCOL_ISCSI) {
+            virBufferAsprintf(buf, "        <secret type='iscsi'");
+        } else if (def->protocol == VIR_DOMAIN_DISK_PROTOCOL_RBD) {
+            virBufferAsprintf(buf, "        <secret type='ceph'");
+        }
+
         if (def->auth.secretType == VIR_DOMAIN_DISK_SECRET_TYPE_UUID) {
             virUUIDFormat(def->auth.secret.uuid, uuidstr);
-            virBufferAsprintf(buf,
-                              "        <secret type='ceph' uuid='%s'/>\n",
-                              uuidstr);
+            virBufferAsprintf(buf, " uuid='%s'/>\n", uuidstr);
         }
         if (def->auth.secretType == VIR_DOMAIN_DISK_SECRET_TYPE_USAGE) {
-            virBufferEscapeString(buf,
-                                  "        <secret type='ceph' usage='%s'/>\n",
+            virBufferEscapeString(buf, " usage='%s'/>\n",
                                   def->auth.secret.usage);
         }
         virBufferAddLit(buf, "      </auth>\n");
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth.xml
new file mode 100644
index 0000000..acaa503
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth.xml
@@ -0,0 +1,31 @@
+<domain type='qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit='KiB'>219136</memory>
+  <currentMemory unit='KiB'>219136</currentMemory>
+  <vcpu placement='static'>1</vcpu>
+  <os>
+    <type arch='i686' machine='pc'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu</emulator>
+    <disk type='network' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <auth username='myname'>
+        <secret type='iscsi' usage='mycluster_myname'/>
+      </auth>
+      <source protocol='iscsi' name='iqn.1992-01.com.example'>
+        <host name='example.org'/>
+      </source>
+      <target dev='vda' bus='virtio'/>
+    </disk>
+    <controller type='usb' index='0'/>
+    <controller type='ide' index='0'/>
+    <memballoon model='virtio'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index e0d3b20..076bf79 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -172,6 +172,7 @@ mymain(void)
     DO_TEST("disk-drive-network-nbd-ipv6-export");
     DO_TEST("disk-drive-network-nbd-unix");
     DO_TEST("disk-drive-network-iscsi");
+    DO_TEST("disk-drive-network-iscsi-auth");
     DO_TEST("disk-scsi-device");
     DO_TEST("disk-scsi-vscsi");
     DO_TEST("disk-scsi-virtio-scsi");
-- 
1.8.1.2


--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]