[PATCH v5 5/5] Adjust 'ceph' authentication secret usage for rbd pool.

John Ferlan <jferlan@xxxxxxxxxx> · Mon, 22 Jul 2013 16:31:54 -0400

Update virStorageBackendRBDOpenRADOSConn() to use the internal API to the
secret driver in order to get the secret value instead of the external
virSecretGetValue() path. Without the flag VIR_SECRET_GET_VALUE_INTERNAL_CALL
there is no way to get the value of private secret.

This also requires ensuring there is a connection which wasn't true for
for the refreshPool() path calls from storageDriverAutostart() prior to
adding support for the connection to a qemu driver. It seems calls to
virSecretLookupByUUIDString() and virSecretLookupByUsage() from the
refreshPool() path would have failed with no way to find the secret - that is
theoretically speaking since the 'conn' was NULL the failure would have been
"failed to find the secret".
---
 src/storage/storage_backend_rbd.c | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/src/storage/storage_backend_rbd.c b/src/storage/storage_backend_rbd.c
index badbdac..70121bf 100644
--- a/src/storage/storage_backend_rbd.c
+++ b/src/storage/storage_backend_rbd.c
@@ -23,6 +23,7 @@
 
 #include <config.h>
 
+#include "datatypes.h"
 #include "virerror.h"
 #include "storage_backend_rbd.h"
 #include "storage_conf.h"
@@ -71,6 +72,12 @@ static int virStorageBackendRBDOpenRADOSConn(virStorageBackendRBDStatePtr *ptr,
             goto cleanup;
         }
 
+        if (!conn) {
+            virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                           _("'ceph' authentication requires connection"));
+            return -1;
+        }
+
         if (pool->def->source.auth.cephx.secret.uuidUsable) {
             virUUIDFormat(pool->def->source.auth.cephx.secret.uuid, secretUuid);
             VIR_DEBUG("Looking up secret by UUID: %s", secretUuid);
@@ -88,7 +95,17 @@ static int virStorageBackendRBDOpenRADOSConn(virStorageBackendRBDStatePtr *ptr,
             goto cleanup;
         }
 
-        secret_value = virSecretGetValue(secret, &secret_value_size, 0);
+        secret_value = conn->secretDriver->secretGetValue(secret, &secret_value_size, 0,
+                                                          VIR_SECRET_GET_VALUE_INTERNAL_CALL);
+
+        if (!secret_value) {
+            virReportError(VIR_ERR_INTERNAL_ERROR,
+                           _("could not get the value of the secret "
+                             "for username %s"),
+                           pool->def->source.auth.cephx.username);
+            goto cleanup;
+        }
+
         base64_encode_alloc((char *)secret_value,
                             secret_value_size, &rados_key);
         memset(secret_value, 0, secret_value_size);
@@ -257,7 +274,7 @@ cleanup:
     return ret;
 }
 
-static int virStorageBackendRBDRefreshPool(virConnectPtr conn ATTRIBUTE_UNUSED,
+static int virStorageBackendRBDRefreshPool(virConnectPtr conn,
                                            virStoragePoolObjPtr pool)
 {
     size_t max_size = 1024;
-- 
1.8.1.4

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list







