From: "Daniel P. Berrange" <berrange@redhat.com>
To: Josh Durgin <josh.durgin@dreamhost.com>
Cc: libvir-list@redhat.com, ceph-devel@vger.kernel.org
Subject: Re: [RFC PATCH v3 2/4] storage: add auth to virDomainDiskDef
Date: Thu, 27 Oct 2011 09:33:02 +0100 [thread overview]
Message-ID: <20111027083301.GB20878@redhat.com> (raw)
In-Reply-To: <24e32a383e9e614a3d192fa709e73c22a069ce9e.1319072460.git.josh.durgin@dreamhost.com>
On Thu, Oct 20, 2011 at 11:01:25AM -0700, Josh Durgin wrote:
> Add additional fields to let you specify the how to authenticate with a disk.
> The secret to use may be referenced by a usage string or a UUID, i.e.:
>
> <auth username='myuser'>
> <secret type='ceph' usage='secretname'/>
> </auth>
>
> or
>
> <auth username='myuser'>
> <secret type='ceph' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
> </auth>
>
> Signed-off-by: Josh Durgin <josh.durgin@dreamhost.com>
> ---
> docs/schemas/domaincommon.rng | 29 +++++++++++
> src/Makefile.am | 3 +-
> src/conf/domain_conf.c | 105 +++++++++++++++++++++++++++++++++++++---
> src/conf/domain_conf.h | 17 +++++++
> 4 files changed, 145 insertions(+), 9 deletions(-)
>
> diff --git a/src/Makefile.am b/src/Makefile.am
> index 2555f81..7f48981 100644
> --- a/src/Makefile.am
> +++ b/src/Makefile.am
> @@ -128,7 +128,8 @@ DOMAIN_CONF_SOURCES = \
> conf/capabilities.c conf/capabilities.h \
> conf/domain_conf.c conf/domain_conf.h \
> conf/domain_audit.c conf/domain_audit.h \
> - conf/domain_nwfilter.c conf/domain_nwfilter.h
> + conf/domain_nwfilter.c conf/domain_nwfilter.h \
> + conf/secret_conf.c
Unless I'm missing something, I don't think your code changes to
domain_conf.c actually introduce any dependancy on secret_conf.c
You include secret_conf.h, but that is only to get access to one
of the enum values. So there's no dep on the secret_conf.c code
and you can just drop this hunk
>
> DOMAIN_EVENT_SOURCES = \
> conf/domain_event.c conf/domain_event.h
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index 5959593..1de3742 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -49,6 +49,7 @@
> #include "virfile.h"
> #include "bitmap.h"
> #include "count-one-bits.h"
> +#include "secret_conf.h"
>
> #define VIR_FROM_THIS VIR_FROM_DOMAIN
>
> @@ -185,6 +186,11 @@ VIR_ENUM_IMPL(virDomainDiskProtocol, VIR_DOMAIN_DISK_PROTOCOL_LAST,
> "rbd",
> "sheepdog")
>
> +VIR_ENUM_IMPL(virDomainDiskSecretType, VIR_DOMAIN_DISK_SECRET_TYPE_LAST,
> + "none",
> + "uuid",
> + "usage")
> +
> VIR_ENUM_IMPL(virDomainDiskIo, VIR_DOMAIN_DISK_IO_LAST,
> "default",
> "native",
> @@ -782,6 +788,9 @@ void virDomainDiskDefFree(virDomainDiskDefPtr def)
> VIR_FREE(def->dst);
> VIR_FREE(def->driverName);
> VIR_FREE(def->driverType);
> + VIR_FREE(def->auth.username);
> + if (def->auth.secretType == VIR_DOMAIN_DISK_SECRET_TYPE_USAGE)
> + VIR_FREE(def->auth.secret.usage);
> virStorageEncryptionFree(def->encryption);
> virDomainDeviceInfoClear(&def->info);
>
> @@ -2298,7 +2307,7 @@ virDomainDiskDefParseXML(virCapsPtr caps,
> unsigned int flags)
> {
> virDomainDiskDefPtr def;
> - xmlNodePtr cur, host;
> + xmlNodePtr cur, child;
> char *type = NULL;
> char *device = NULL;
> char *snapshot = NULL;
> @@ -2319,6 +2328,10 @@ virDomainDiskDefParseXML(virCapsPtr caps,
> char *devaddr = NULL;
> virStorageEncryptionPtr encryption = NULL;
> char *serial = NULL;
> + char *authUsername = NULL;
> + char *authUsage = NULL;
> + char *authUUID = NULL;
> + char *usageType = NULL;
>
> if (VIR_ALLOC(def) < 0) {
> virReportOOMError();
> @@ -2374,10 +2387,10 @@ virDomainDiskDefParseXML(virCapsPtr caps,
> _("missing name for disk source"));
> goto error;
> }
> - host = cur->children;
> - while (host != NULL) {
> - if (host->type == XML_ELEMENT_NODE &&
> - xmlStrEqual(host->name, BAD_CAST "host")) {
> + child = cur->children;
> + while (child != NULL) {
> + if (child->type == XML_ELEMENT_NODE &&
> + xmlStrEqual(child->name, BAD_CAST "host")) {
> if (VIR_REALLOC_N(hosts, nhosts + 1) < 0) {
> virReportOOMError();
> goto error;
> @@ -2386,20 +2399,20 @@ virDomainDiskDefParseXML(virCapsPtr caps,
> hosts[nhosts].port = NULL;
> nhosts++;
>
> - hosts[nhosts - 1].name = virXMLPropString(host, "name");
> + hosts[nhosts - 1].name = virXMLPropString(child, "name");
> if (!hosts[nhosts - 1].name) {
> virDomainReportError(VIR_ERR_INTERNAL_ERROR,
> "%s", _("missing name for host"));
> goto error;
> }
> - hosts[nhosts - 1].port = virXMLPropString(host, "port");
> + hosts[nhosts - 1].port = virXMLPropString(child, "port");
> if (!hosts[nhosts - 1].port) {
> virDomainReportError(VIR_ERR_INTERNAL_ERROR,
> "%s", _("missing port for host"));
> goto error;
> }
> }
> - host = host->next;
> + child = child->next;
> }
> break;
> default:
> @@ -2436,6 +2449,58 @@ virDomainDiskDefParseXML(virCapsPtr caps,
> iotag = virXMLPropString(cur, "io");
> ioeventfd = virXMLPropString(cur, "ioeventfd");
> event_idx = virXMLPropString(cur, "event_idx");
> + } else if (xmlStrEqual(cur->name, BAD_CAST "auth")) {
> + authUsername = virXMLPropString(cur, "username");
> + if (authUsername == NULL) {
> + virDomainReportError(VIR_ERR_INTERNAL_ERROR,
> + _("missing username for auth"));
> + goto error;
> + }
> +
> + def->auth.secretType = VIR_DOMAIN_DISK_SECRET_TYPE_NONE;
> + child = cur->children;
> + while (child != NULL) {
> + if (child->type == XML_ELEMENT_NODE &&
> + xmlStrEqual(child->name, BAD_CAST "secret")) {
> + usageType = virXMLPropString(child, "type");
> + if (usageType == NULL) {
> + virDomainReportError(VIR_ERR_XML_ERROR,
> + _("missing type for secret"));
> + goto error;
> + }
> + if (virSecretUsageTypeTypeFromString(usageType) !=
> + VIR_SECRET_USAGE_TYPE_CEPH) {
> + virDomainReportError(VIR_ERR_XML_ERROR,
> + _("invalid secret type %s"),
> + usageType);
> + goto error;
> + }
> +
> + authUUID = virXMLPropString(child, "uuid");
> + authUsage = virXMLPropString(child, "usage");
> +
> + if (authUUID != NULL && authUsage != NULL) {
> + virDomainReportError(VIR_ERR_XML_ERROR,
> + _("only one of uuid and usage can be specfied"));
> + goto error;
> + }
> + if (authUUID != NULL) {
> + def->auth.secretType = VIR_DOMAIN_DISK_SECRET_TYPE_UUID;
> + if (virUUIDParse(authUUID,
> + def->auth.secret.uuid) < 0) {
> + virDomainReportError(VIR_ERR_XML_ERROR,
> + _("malformed uuid %s"),
> + authUUID);
> + goto error;
> + }
> + } else if (authUsage != NULL) {
> + def->auth.secretType = VIR_DOMAIN_DISK_SECRET_TYPE_USAGE;
> + def->auth.secret.usage = authUsage;
> + authUsage = NULL;
> + }
> + }
> + child = child->next;
> + }
> } else if (xmlStrEqual(cur->name, BAD_CAST "readonly")) {
> def->readonly = 1;
> } else if (xmlStrEqual(cur->name, BAD_CAST "shareable")) {
> @@ -2654,6 +2719,8 @@ virDomainDiskDefParseXML(virCapsPtr caps,
> hosts = NULL;
> def->nhosts = nhosts;
> nhosts = 0;
> + def->auth.username = authUsername;
> + authUsername = NULL;
> def->driverName = driverName;
> driverName = NULL;
> def->driverType = driverType;
> @@ -2690,6 +2757,10 @@ cleanup:
> VIR_FREE(hosts);
> VIR_FREE(protocol);
> VIR_FREE(device);
> + VIR_FREE(authUsername);
> + VIR_FREE(usageType);
> + VIR_FREE(authUUID);
> + VIR_FREE(authUsage);
> VIR_FREE(driverType);
> VIR_FREE(driverName);
> VIR_FREE(cachetag);
> @@ -9176,6 +9247,7 @@ virDomainDiskDefFormat(virBufferPtr buf,
> const char *iomode = virDomainDiskIoTypeToString(def->iomode);
> const char *ioeventfd = virDomainIoEventFdTypeToString(def->ioeventfd);
> const char *event_idx = virDomainVirtioEventIdxTypeToString(def->event_idx);
> + char uuidstr[VIR_UUID_STRING_BUFLEN];
>
> if (!type) {
> virDomainReportError(VIR_ERR_INTERNAL_ERROR,
> @@ -9234,6 +9306,23 @@ virDomainDiskDefFormat(virBufferPtr buf,
> virBufferAsprintf(buf, "/>\n");
> }
>
> + if (def->auth.username) {
> + virBufferAsprintf(buf, " <auth username='%s'>\n",
> + def->auth.username);
> + if (def->auth.secretType == VIR_DOMAIN_DISK_SECRET_TYPE_UUID) {
> + virUUIDFormat(def->auth.secret.uuid, uuidstr);
> + virBufferAsprintf(buf,
> + " <secret type='passphrase' uuid='%s'/>\n",
> + uuidstr);
> + }
> + if (def->auth.secretType == VIR_DOMAIN_DISK_SECRET_TYPE_USAGE) {
> + virBufferAsprintf(buf,
> + " <secret type='passphrase' usage='%s'/>\n",
> + def->auth.secret.usage);
> + }
> + virBufferAsprintf(buf, " </auth>\n");
> + }
> +
> if (def->src || def->nhosts > 0) {
> switch (def->type) {
> case VIR_DOMAIN_DISK_TYPE_FILE:
> diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
> index 2119b5a..0d08040 100644
> --- a/src/conf/domain_conf.h
> +++ b/src/conf/domain_conf.h
> @@ -269,6 +269,14 @@ enum virDomainSnapshotState {
> VIR_DOMAIN_DISK_SNAPSHOT = VIR_DOMAIN_LAST,
> };
>
> +enum virDomainDiskSecretType {
> + VIR_DOMAIN_DISK_SECRET_TYPE_NONE,
> + VIR_DOMAIN_DISK_SECRET_TYPE_UUID,
> + VIR_DOMAIN_DISK_SECRET_TYPE_USAGE,
> +
> + VIR_DOMAIN_DISK_SECRET_TYPE_LAST
> +};
> +
> /* Stores the virtual disk configuration */
> typedef struct _virDomainDiskDef virDomainDiskDef;
> typedef virDomainDiskDef *virDomainDiskDefPtr;
> @@ -281,6 +289,14 @@ struct _virDomainDiskDef {
> int protocol;
> int nhosts;
> virDomainDiskHostDefPtr hosts;
> + struct {
> + char *username;
> + int secretType;
> + union {
> + unsigned char uuid[VIR_UUID_BUFLEN];
> + char *usage;
> + } secret;
> + } auth;
> char *driverName;
> char *driverType;
> char *serial;
> @@ -1868,6 +1884,7 @@ VIR_ENUM_DECL(virDomainDiskCache)
> VIR_ENUM_DECL(virDomainDiskErrorPolicy)
> VIR_ENUM_DECL(virDomainDiskProtocol)
> VIR_ENUM_DECL(virDomainDiskIo)
> +VIR_ENUM_DECL(virDomainDiskSecretType)
> VIR_ENUM_DECL(virDomainDiskSnapshot)
> VIR_ENUM_DECL(virDomainIoEventFd)
> VIR_ENUM_DECL(virDomainVirtioEventIdx)
ACK with the Makefile.am hunk dropped
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
next prev parent reply other threads:[~2011-10-27 8:33 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-20 18:01 [RFC PATCH v3 0/4] Improve Ceph Qemu+RBD support Josh Durgin
2011-10-20 18:01 ` [RFC PATCH v3 1/4] secret: add Ceph secret type Josh Durgin
2011-10-27 8:28 ` Daniel P. Berrange
2011-10-28 16:33 ` [libvirt] " Eric Blake
2011-10-28 16:42 ` Eric Blake
2011-10-28 17:41 ` Eric Blake
2011-10-28 18:47 ` Josh Durgin
2011-10-28 18:56 ` Eric Blake
2011-10-20 18:01 ` [RFC PATCH v3 2/4] storage: add auth to virDomainDiskDef Josh Durgin
2011-10-27 8:33 ` Daniel P. Berrange [this message]
2011-10-28 18:53 ` [libvirt] " Eric Blake
2011-10-28 19:15 ` Josh Durgin
2011-10-28 21:19 ` [PATCH 1/1] Use a common xml type for ceph secret usage Josh Durgin
2011-10-28 22:03 ` Eric Blake
2011-10-20 18:01 ` [RFC PATCH v3 3/4] qemu: pass virConnectPtr into Domain{Attach,Detach}* Josh Durgin
2011-10-27 8:33 ` Daniel P. Berrange
2011-10-31 19:14 ` [libvirt] [RFC PATCH v3 3/4] qemu: pass virConnectPtr into Domain{Attach, Detach}* Eric Blake
2011-10-20 18:01 ` [RFC PATCH v3 4/4] qemu/rbd: improve rbd device specification Josh Durgin
2011-10-27 8:38 ` Daniel P. Berrange
2011-10-28 21:19 ` [PATCH v4 " Josh Durgin
2011-10-31 20:02 ` Eric Blake
2011-11-01 1:29 ` [PATCH v5 " Josh Durgin
2011-11-16 0:05 ` Eric Blake
2011-11-16 1:37 ` Josh Durgin
2011-11-16 15:40 ` Eric Blake
2011-11-16 10:25 ` [libvirt] " Daniel P. Berrange
2011-10-27 5:19 ` [RFC PATCH v3 0/4] Improve Ceph Qemu+RBD support Sage Weil
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111027083301.GB20878@redhat.com \
--to=berrange@redhat.com \
--cc=ceph-devel@vger.kernel.org \
--cc=josh.durgin@dreamhost.com \
--cc=libvir-list@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.