From nobody Wed Dec 17 06:10:17 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1506455465747751.3999912060408; Tue, 26 Sep 2017 12:51:05 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 665E86B223; Tue, 26 Sep 2017 19:51:04 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3D28817577; Tue, 26 Sep 2017 19:51:04 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id EF2C01855946; Tue, 26 Sep 2017 19:51:03 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v8QJd93u009962 for ; Tue, 26 Sep 2017 15:39:09 -0400 Received: by smtp.corp.redhat.com (Postfix) id CF1F366D26; Tue, 26 Sep 2017 19:39:09 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-117-1.phx2.redhat.com [10.3.117.1]) by smtp.corp.redhat.com (Postfix) with ESMTP id 847A85C550 for ; Tue, 26 Sep 2017 19:39:09 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 665E86B223 Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: John Ferlan To: libvir-list@redhat.com Date: Tue, 26 Sep 2017 15:38:47 -0400 Message-Id: <20170926193901.4770-2-jferlan@redhat.com> In-Reply-To: <20170926193901.4770-1-jferlan@redhat.com> References: <20170926193901.4770-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 01/15] conf: Add/Allow parsing the auth in the disk source X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Tue, 26 Sep 2017 19:51:04 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Since the virStorageAuthDefPtr auth; is a member of _virStorageSource it really should be allowed to be a subelement of the disk for the RBD and iSCSI prototcols. That way we can set up to allow the element to be formatted within the disk source. Since we've allowed the to be a child of , we'll need to keep track of how it was read so that when writing out we'll know whether to format as child of or . For the argv2xml parsing, let's format under as a preference. Do not allow to be both a child of and . Modify the qemuxml2argvtest to add a parse failure when there is an as a child of *and* an as a child of . Add tests to validate that if the was found in , then the resulting xml2xml and xml2arg works just fine. The two new .args file are exact copies of the non "-source" version of the file. The virschematest will read the new test files and validate from a RNG viewpoint things are fine Update the virstoragefile, virstoragetest, and args2xml file to show the "preference" to place as a child of . Signed-off-by: John Ferlan --- docs/formatdomain.html.in | 67 +++++++++++++-----= ---- docs/schemas/domaincommon.rng | 18 +++++- src/conf/domain_conf.c | 67 ++++++++++++++++++= +++- src/util/virstoragefile.c | 1 + src/util/virstoragefile.h | 1 + .../qemuargv2xml-disk-drive-network-rbd-auth.xml | 6 +- ...ml2argv-disk-drive-network-source-auth-both.xml | 51 ++++++++++++++++ ...emuxml2argv-disk-drive-network-source-auth.args | 32 +++++++++++ ...qemuxml2argv-disk-drive-network-source-auth.xml | 45 +++++++++++++++ tests/qemuxml2argvtest.c | 2 + ...muxml2xmlout-disk-drive-network-source-auth.xml | 49 ++++++++++++++++ tests/qemuxml2xmltest.c | 1 + tests/virstoragetest.c | 6 ++ 13 files changed, 311 insertions(+), 35 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-= source-auth-both.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-= source-auth.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-= source-auth.xml create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-netw= ork-source-auth.xml diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 1602ed3e9..e773b2939 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -2293,11 +2293,11 @@ <host name=3D"hostname" port=3D"7000"/> <snapshot name=3D"snapname"/> <config file=3D"/path/to/file"/> + <auth username=3D'myuser'> + <secret type=3D'ceph' usage=3D'mypassid'/> + </auth> </source> <target dev=3D"hdc" bus=3D"ide"/> - <auth username=3D'myuser'> - <secret type=3D'ceph' usage=3D'mypassid'/> - </auth> </disk> <disk type=3D'block' device=3D'cdrom'> <driver name=3D'qemu' type=3D'raw'/> @@ -2366,20 +2366,20 @@ <driver name=3D'qemu' type=3D'raw'/> <source protocol=3D'iscsi' name=3D'iqn.2013-07.com.example:iscsi-no= pool/2'> <host name=3D'example.com' port=3D'3260'/> + <auth username=3D'myuser'> + <secret type=3D'iscsi' usage=3D'libvirtiscsi'/> + </auth> </source> - <auth username=3D'myuser'> - <secret type=3D'iscsi' usage=3D'libvirtiscsi'/> - </auth> <target dev=3D'vda' bus=3D'virtio'/> </disk> <disk type=3D'network' device=3D'lun'> <driver name=3D'qemu' type=3D'raw'/> <source protocol=3D'iscsi' name=3D'iqn.2013-07.com.example:iscsi-no= pool/1'> <host name=3D'example.com' port=3D'3260'/> + <auth username=3D'myuser'> + <secret type=3D'iscsi' usage=3D'libvirtiscsi'/> + </auth> </source> - <auth username=3D'myuser'> - <secret type=3D'iscsi' usage=3D'libvirtiscsi'/> - </auth> <target dev=3D'sdb' bus=3D'scsi'/> </disk> <disk type=3D'volume' device=3D'disk'> @@ -2659,6 +2659,28 @@ protocol. Supported for 'rbd' since 1.2.= 11 (QEMU only). +
auth
+
Since libvirt 3.8.0, the + auth element is supported for a disk + type "network" that is using a source + element with the protocol attributes "rbd" or "is= csi". + If present, the auth element provides the + authentication credentials needed to access the source. It + includes a mandatory attribute username, which + identifies the username to use during authentication, as well + as a sub-element secret with mandatory + attribute type, to tie back to + a libvirt secret object that + holds the actual password or other credentials (the domain XML + intentionally does not expose the password, only the reference + to the object that does manage the password). + Known secret types are "ceph" for Ceph RBD network sources and + "iscsi" for CHAP authentication of iSCSI targets. + Both will require either a uuid attribute + with the UUID of the secret object or a usage + attribute matching the key that was specified in the + secret object. +
=20

@@ -3128,25 +3150,14 @@ are available, each defaulting to 0.

auth
-
The auth element is supported for a disk - type "network" that is using a source - element with the protocol attributes "rbd" or "iscsi". - If present, the auth element provides the - authentication credentials needed to access the source. It - includes a mandatory attribute username, which - identifies the username to use during authentication, as well - as a sub-element secret with mandatory - attribute type, to tie back to - a libvirt secret object that - holds the actual password or other credentials (the domain XML - intentionally does not expose the password, only the reference - to the object that does manage the password). - Known secret types are "ceph" for Ceph RBD network sources and - "iscsi" for CHAP authentication of iSCSI targets. - Both will require either a uuid attribute - with the UUID of the secret object or a usage - attribute matching the key that was specified in the - secret object. libvirt 0.9.7 +
Starting with libvirt 3.8.0 the + auth element is preferred to be a sub-element of + the source element. The element is still read and + managed as a disk sub-element. It is invalid to use + auth as both a sub-element of disk + and source. The auth element was + introduced as a disk sub-element in + libvirt 0.9.7.
geometry
The optional geometry element provides the diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 36e2966f2..0f8c0ab8f 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -1578,11 +1578,27 @@ + + + =20 + + + + iscsi + + + + + + + + + @@ -1601,7 +1617,6 @@ sheepdog - iscsi ftp ftps tftp @@ -1656,6 +1671,7 @@ + diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 44cfb52b4..fa20840c0 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -8106,6 +8106,29 @@ virDomainDiskSourcePoolDefParse(xmlNodePtr node, } =20 =20 +static int +virDomainDiskSourceAuthParse(xmlNodePtr node, + virStorageAuthDefPtr *authdefsrc) +{ + xmlNodePtr child; + virStorageAuthDefPtr authdef; + + for (child =3D node->children; child; child =3D child->next) { + if (child->type =3D=3D XML_ELEMENT_NODE && + virXMLNodeNameEqual(child, "auth")) { + + if (!(authdef =3D virStorageAuthDefParse(node->doc, child))) + return -1; + + *authdefsrc =3D authdef; + return 0; + } + } + + return 0; +} + + int virDomainDiskSourceParse(xmlNodePtr node, xmlXPathContextPtr ctxt, @@ -8192,6 +8215,9 @@ virDomainDiskSourceParse(xmlNodePtr node, goto cleanup; } =20 + if (virDomainDiskSourceAuthParse(node, &src->auth) < 0) + goto cleanup; + /* People sometimes pass a bogus '' source path when they mean to omit= the * source element completely (e.g. CDROM without media). This is just a * little compatibility check to help those broken apps */ @@ -8818,6 +8844,19 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlop= t, if (virDomainDiskSourceParse(cur, ctxt, def->src) < 0) goto error; =20 + /* If we've already found an as a child of and + * we find one as a child of , then force an error to + * avoid ambiguity */ + if (authdef && def->src->auth) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("an definition already found for " + "the definition")); + goto error; + } + + if (def->src->auth) + def->src->authDefined =3D true; + source =3D true; =20 startupPolicy =3D virXMLPropString(cur, "startupPolicy"); @@ -8875,6 +8914,15 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlop= t, goto error; } else if (!authdef && virXMLNodeNameEqual(cur, "auth")) { + /* If we've already parsed and found an child, + * then generate an error to avoid ambiguity */ + if (def->src->authDefined) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("an definition already found for " + "disk source")); + goto error; + } + if (!(authdef =3D virStorageAuthDefParse(node->doc, cur))) goto error; } else if (virXMLNodeNameEqual(cur, "iotune")) { @@ -9110,8 +9158,8 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt, =20 def->dst =3D target; target =3D NULL; - def->src->auth =3D authdef; - authdef =3D NULL; + if (authdef) + VIR_STEAL_PTR(def->src->auth, authdef); def->src->encryption =3D encryption; encryption =3D NULL; def->domain_name =3D domain_name; @@ -21800,6 +21848,17 @@ virDomainDiskSourceFormatInternal(virBufferPtr buf, goto error; } =20 + /* Storage Source formatting will not carry through the blunder + * that disk source formatting had at one time to format the + * for a volume source type. The information is + * kept in the storage pool and would be overwritten anyway. + * So avoid formatting it for volumes. */ + if (src->auth && src->authDefined && + src->type !=3D VIR_STORAGE_TYPE_VOLUME) { + if (virStorageAuthDefFormat(&childBuf, src->auth) < 0) + goto error; + } + if (virXMLFormatElement(buf, "source", &attrBuf, &childBuf) < 0) goto error; } @@ -21985,7 +22044,9 @@ virDomainDiskDefFormat(virBufferPtr buf, virBufferAddLit(buf, "/>\n"); } =20 - if (def->src->auth) { + /* Format as child of if defined there; otherwise, + * if defined as child of , then format later */ + if (def->src->auth && !def->src->authDefined) { if (virStorageAuthDefFormat(buf, def->src->auth) < 0) return -1; } diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c index 484a5c806..488798252 100644 --- a/src/util/virstoragefile.c +++ b/src/util/virstoragefile.c @@ -2551,6 +2551,7 @@ virStorageSourceParseRBDColonString(const char *rbdst= r, virSecretUsageTypeToString(VIR_SECRET_USAGE_TYP= E_CEPH)) < 0) goto error; src->auth =3D authdef; + src->authDefined =3D true; authdef =3D NULL; =20 /* Cannot formulate a secretType (eg, usage or uuid) given diff --git a/src/util/virstoragefile.h b/src/util/virstoragefile.h index f7e897f25..b3a786b42 100644 --- a/src/util/virstoragefile.h +++ b/src/util/virstoragefile.h @@ -238,6 +238,7 @@ struct _virStorageSource { virStorageNetHostDefPtr hosts; virStorageSourcePoolDefPtr srcpool; virStorageAuthDefPtr auth; + bool authDefined; virStorageEncryptionPtr encryption; =20 char *driverName; diff --git a/tests/qemuargv2xmldata/qemuargv2xml-disk-drive-network-rbd-aut= h.xml b/tests/qemuargv2xmldata/qemuargv2xml-disk-drive-network-rbd-auth.xml index 3f30296c0..e1326b925 100644 --- a/tests/qemuargv2xmldata/qemuargv2xml-disk-drive-network-rbd-auth.xml +++ b/tests/qemuargv2xmldata/qemuargv2xml-disk-drive-network-rbd-auth.xml @@ -22,13 +22,13 @@ - - - + + +
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-source-= auth-both.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-sour= ce-auth-both.xml new file mode 100644 index 000000000..fed75ad70 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-source-auth-bo= th.xml @@ -0,0 +1,51 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219136 + 219136 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-i686 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-source-= auth.args b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-source-a= uth.args new file mode 100644 index 000000000..23b1490ee --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-source-auth.ar= gs @@ -0,0 +1,32 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/home/test \ +USER=3Dtest \ +LOGNAME=3Dtest \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-i686 \ +-name QEMUGuest1 \ +-S \ +-M pc \ +-m 214 \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-nographic \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,path=3D/tmp/lib/domain--1-QEMUGuest1/moni= tor.sock,\ +server,nowait \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dreadline \ +-no-acpi \ +-boot c \ +-usb \ +-drive file=3Discsi://myname:AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A@exampl= e.org:\ +6000/iqn.1992-01.com.example%3Astorage/1,format=3Draw,if=3Dnone,\ +id=3Ddrive-virtio-disk0 \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x3,drive=3Ddrive-virtio-disk0,\ +id=3Dvirtio-disk0 \ +-drive 'file=3Drbd:pool/image:id=3Dmyname:\ +key=3DQVFDVm41aE82SHpGQWhBQXEwTkN2OGp0SmNJY0UrSE9CbE1RMUE=3D:\ +auth_supported=3Dcephx\;none:mon_host=3Dmon1.example.org\:6321\;mon2.examp= le.org\:\ +6322\;mon3.example.org\:6322,format=3Draw,if=3Dnone,id=3Ddrive-virtio-disk= 1' \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Ddrive-virtio-disk1,\ +id=3Dvirtio-disk1 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-source-= auth.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-source-au= th.xml new file mode 100644 index 000000000..bd84cc42f --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-source-auth.xml @@ -0,0 +1,45 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219136 + 219136 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-i686 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 70be0c32d..a240a21a6 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -927,6 +927,7 @@ mymain(void) DO_TEST("disk-drive-network-iscsi-auth", NONE); DO_TEST_PARSE_ERROR("disk-drive-network-iscsi-auth-secrettype-invalid"= , NONE); DO_TEST_PARSE_ERROR("disk-drive-network-iscsi-auth-wrong-secrettype", = NONE); + DO_TEST_PARSE_ERROR("disk-drive-network-source-auth-both", NONE); DO_TEST("disk-drive-network-iscsi-lun", QEMU_CAPS_NODEFCONFIG, QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_SCSI_BLOCK); @@ -935,6 +936,7 @@ mymain(void) DO_TEST("disk-drive-network-rbd", NONE); DO_TEST("disk-drive-network-sheepdog", NONE); DO_TEST("disk-drive-network-rbd-auth", NONE); + DO_TEST("disk-drive-network-source-auth", NONE); # ifdef HAVE_GNUTLS_CIPHER_ENCRYPT DO_TEST("disk-drive-network-rbd-auth-AES", QEMU_CAPS_OBJECT_SECRET, QEMU_CAPS_VIRTIO_SCSI); diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-network-sou= rce-auth.xml b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-network-s= ource-auth.xml new file mode 100644 index 000000000..9dc063dea --- /dev/null +++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-network-source-aut= h.xml @@ -0,0 +1,49 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219136 + 219136 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-i686 + + + + + + + + + +
+ + + + + + + + + + + + +
+ + +
+ + + + + + + diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c index 4b2fbd990..f733953e5 100644 --- a/tests/qemuxml2xmltest.c +++ b/tests/qemuxml2xmltest.c @@ -473,6 +473,7 @@ mymain(void) DO_TEST("disk-drive-network-rbd-auth", NONE); DO_TEST("disk-drive-network-rbd-ipv6", NONE); DO_TEST("disk-drive-network-rbd-ceph-env", NONE); + DO_TEST("disk-drive-network-source-auth", NONE); DO_TEST("disk-drive-network-sheepdog", NONE); DO_TEST("disk-drive-network-vxhs", NONE); DO_TEST("disk-scsi-device", diff --git a/tests/virstoragetest.c b/tests/virstoragetest.c index ffebd4dc1..fe1521d9c 100644 --- a/tests/virstoragetest.c +++ b/tests/virstoragetest.c @@ -1361,6 +1361,9 @@ mymain(void) TEST_BACKING_PARSE("rbd:testshare:id=3Dasdf:mon_host=3Dexample.com", "\n" " \n" + " \n" + " \n" + " \n" "\n"); TEST_BACKING_PARSE("nbd:example.org:6000:exportname=3Dblah", "\n" @@ -1526,6 +1529,9 @@ mymain(void) "}", "\n" " \n" + " \n" + " \n" + " \n" "\n"); TEST_BACKING_PARSE("json:{\"file\":{\"driver\":\"rbd\"," "\"image\":\"test\"," --=20 2.13.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list