diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencryption.html.in
index 04c334661476f06816d3f0611b1943ca9e94bd1f..58e1073561ded1a0fc63c70420c325083e56a125 100644
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -25,10 +25,14 @@
The encryption
tag can currently contain a sequence of
secret
tags, each with mandatory attributes type
- and uuid
. The only currently defined value of
- type
is passphrase
. uuid
- refers to a secret known to libvirt. libvirt can use a secret value
- previously set using virSecretSetValue()
, or, if supported
+ and either uuid
or usage
+ (since 2.1.0). The only currently defined
+ value of type
is passphrase
. The
+ uuid
is "uuid" of the secret
while
+ usage
is the value "usage" subelement field.
+ A secret value can be set in libvirt by the
+
+ virSecretSetValue
API. Alternatively, if supported
by the particular volume format and driver, automatically generate a
secret value at the time of volume creation, and store it using the
specified uuid
.
diff --git a/docs/schemas/storagecommon.rng b/docs/schemas/storagecommon.rng
index 7c0446247c95dca386085e63a0003c13dcc0da53..c5b71deb7caeda685d5384a9e28438e725eed930 100644
--- a/docs/schemas/storagecommon.rng
+++ b/docs/schemas/storagecommon.rng
@@ -27,9 +27,14 @@
passphrase
-
-
-
+
+
+
+
+
+
+
+
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 4eb35ea93d1d1775173f61b54ee68bcf34e48275..4ffd9b7f14009e4a98b2587fab96f825c8753a7b 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -70,6 +70,7 @@
#include "virnuma.h"
#include "virstring.h"
#include "virhostdev.h"
+#include "secret_util.h"
#include "storage/storage_driver.h"
#include "configmake.h"
#include "nwfilter_conf.h"
@@ -377,7 +378,6 @@ qemuProcessGetVolumeQcowPassphrase(virConnectPtr conn,
char **secretRet,
size_t *secretLen)
{
- virSecretPtr secret;
char *passphrase;
unsigned char *data;
size_t size;
@@ -416,14 +416,9 @@ qemuProcessGetVolumeQcowPassphrase(virConnectPtr conn,
goto cleanup;
}
- secret = conn->secretDriver->secretLookupByUUID(conn,
- enc->secrets[0]->uuid);
- if (secret == NULL)
- goto cleanup;
- data = conn->secretDriver->secretGetValue(secret, &size, 0,
- VIR_SECRET_GET_VALUE_INTERNAL_CALL);
- virObjectUnref(secret);
- if (data == NULL)
+ if (virSecretGetSecretString(conn, &enc->secrets[0]->seclookupdef,
+ VIR_SECRET_USAGE_TYPE_VOLUME,
+ &data, &size) < 0)
goto cleanup;
if (memchr(data, '\0', size) != NULL) {
diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c
index 5adf1fd71b69fa8a6503e8f024e6424b745215ef..d6a451d20c3ec0386495fb3db41c87b812d68e7d 100644
--- a/src/storage/storage_backend.c
+++ b/src/storage/storage_backend.c
@@ -648,7 +648,8 @@ virStorageGenerateQcowEncryption(virConnectPtr conn,
goto cleanup;
enc_secret->type = VIR_STORAGE_ENCRYPTION_SECRET_TYPE_PASSPHRASE;
- memcpy(enc_secret->uuid, secret->uuid, VIR_UUID_BUFLEN);
+ enc_secret->seclookupdef.type = VIR_SECRET_LOOKUP_TYPE_UUID;
+ memcpy(enc_secret->seclookupdef.u.uuid, secret->uuid, VIR_UUID_BUFLEN);
enc->format = VIR_STORAGE_ENCRYPTION_FORMAT_QCOW;
enc->secrets[0] = enc_secret; /* Space for secrets[0] allocated above */
enc_secret = NULL;
diff --git a/src/storage/storage_backend_fs.c b/src/storage/storage_backend_fs.c
index 44dabf4774276044fc76e44c30c21523e83ec23e..839a2c70b28b81ac403f8bc702f5ed9420fcd025 100644
--- a/src/storage/storage_backend_fs.c
+++ b/src/storage/storage_backend_fs.c
@@ -1312,7 +1312,8 @@ virStorageBackendFileSystemLoadDefaultSecrets(virConnectPtr conn,
vol->target.encryption->secrets[0] = encsec;
encsec->type = VIR_STORAGE_ENCRYPTION_SECRET_TYPE_PASSPHRASE;
- virSecretGetUUID(sec, encsec->uuid);
+ encsec->seclookupdef.type = VIR_SECRET_LOOKUP_TYPE_UUID;
+ virSecretGetUUID(sec, encsec->seclookupdef.u.uuid);
virObjectUnref(sec);
return 0;
diff --git a/src/util/virstorageencryption.c b/src/util/virstorageencryption.c
index 8105158d18b5985c9eb746abf3ea3061d6965eb8..afb44da54d9fdff888969351bba43e40be16204e 100644
--- a/src/util/virstorageencryption.c
+++ b/src/util/virstorageencryption.c
@@ -34,6 +34,7 @@
#include "virerror.h"
#include "viruuid.h"
#include "virfile.h"
+#include "virsecret.h"
#define VIR_FROM_THIS VIR_FROM_STORAGE
@@ -114,6 +115,7 @@ virStorageEncryptionSecretParse(xmlXPathContextPtr ctxt,
virStorageEncryptionSecretPtr ret;
char *type_str = NULL;
char *uuidstr = NULL;
+ char *usagestr = NULL;
if (VIR_ALLOC(ret) < 0)
return NULL;
@@ -133,21 +135,12 @@ virStorageEncryptionSecretParse(xmlXPathContextPtr ctxt,
type_str);
goto cleanup;
}
- VIR_FREE(type_str);
- if ((uuidstr = virXPathString("string(./@uuid)", ctxt))) {
- if (virUUIDParse(uuidstr, ret->uuid) < 0) {
- virReportError(VIR_ERR_XML_ERROR,
- _("malformed volume encryption uuid '%s'"),
- uuidstr);
- goto cleanup;
- }
- VIR_FREE(uuidstr);
- } else {
- virReportError(VIR_ERR_XML_ERROR, "%s",
- _("missing volume encryption uuid"));
+ if (virSecretLookupParseSecret(node, &ret->seclookupdef) < 0)
goto cleanup;
- }
+
+ VIR_FREE(type_str);
+
ctxt->node = old_node;
return ret;
@@ -155,6 +148,7 @@ virStorageEncryptionSecretParse(xmlXPathContextPtr ctxt,
VIR_FREE(type_str);
virStorageEncryptionSecretFree(ret);
VIR_FREE(uuidstr);
+ VIR_FREE(usagestr);
ctxt->node = old_node;
return NULL;
}
@@ -244,7 +238,6 @@ virStorageEncryptionSecretFormat(virBufferPtr buf,
virStorageEncryptionSecretPtr secret)
{
const char *type;
- char uuidstr[VIR_UUID_STRING_BUFLEN];
if (!(type = virStorageEncryptionSecretTypeToString(secret->type))) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
@@ -252,9 +245,8 @@ virStorageEncryptionSecretFormat(virBufferPtr buf,
return -1;
}
- virUUIDFormat(secret->uuid, uuidstr);
- virBufferAsprintf(buf, "\n",
- type, uuidstr);
+ virSecretLookupFormatSecret(buf, type, &secret->seclookupdef);
+
return 0;
}
diff --git a/src/util/virstorageencryption.h b/src/util/virstorageencryption.h
index 04641b1dcd636a7c069ab532177dd50a9e832b8b..c68c66ebde348ff0b808a17f417dcc281f844f06 100644
--- a/src/util/virstorageencryption.h
+++ b/src/util/virstorageencryption.h
@@ -25,6 +25,7 @@
# include "internal.h"
# include "virbuffer.h"
+# include "virsecret.h"
# include "virutil.h"
# include
@@ -40,7 +41,7 @@ typedef struct _virStorageEncryptionSecret virStorageEncryptionSecret;
typedef virStorageEncryptionSecret *virStorageEncryptionSecretPtr;
struct _virStorageEncryptionSecret {
int type; /* virStorageEncryptionSecretType */
- unsigned char uuid[VIR_UUID_BUFLEN];
+ virSecretLookupTypeDef seclookupdef;
};
typedef enum {
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.args b/tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.args
new file mode 100644
index 0000000000000000000000000000000000000000..4371413230c1f5946c5c52faa45d592432478897
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.args
@@ -0,0 +1,24 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/home/test \
+USER=test \
+LOGNAME=test \
+QEMU_AUDIO_DRV=none \
+/usr/bin/qemu \
+-name encryptdisk \
+-S \
+-M pc \
+-m 1024 \
+-smp 1 \
+-uuid 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 \
+-nographic \
+-nodefaults \
+-monitor unix:/tmp/lib/domain--1-encryptdisk/monitor.sock,server,nowait \
+-no-acpi \
+-boot c \
+-usb \
+-drive file=/storage/guest_disks/encryptdisk,format=qcow2,if=none,\
+id=drive-virtio-disk0 \
+-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
+id=virtio-disk0 \
+-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.xml b/tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.xml
new file mode 100644
index 0000000000000000000000000000000000000000..ec6413f71f90e463039cf4683ea08db4d443fd5a
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.xml
@@ -0,0 +1,36 @@
+
+ encryptdisk
+ 496898a6-e6ff-f7c8-5dc2-3cf410945ee9
+ 1048576
+ 524288
+ 1
+
+ hvm
+
+
+
+ destroy
+ restart
+ destroy
+
+ /usr/bin/qemu
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index a73db5ec850642647a822818595033c6e8c3632a..f8bd91c01a6e9140ac8106f3d337c2457a1078f9 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1341,6 +1341,7 @@ mymain(void)
driver.caps->host.cpu = cpuDefault;
DO_TEST("encrypted-disk", NONE);
+ DO_TEST("encrypted-disk-usage", NONE);
DO_TEST("memtune", NONE);
DO_TEST("memtune-unlimited", NONE);
diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-encrypted-disk-usage.xml b/tests/qemuxml2xmloutdata/qemuxml2xmlout-encrypted-disk-usage.xml
new file mode 120000
index 0000000000000000000000000000000000000000..824120a52ad00ffd003a0f57e46185ce9984233a
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-encrypted-disk-usage.xml
@@ -0,0 +1 @@
+../qemuxml2argvdata/qemuxml2argv-encrypted-disk-usage.xml
\ No newline at end of file
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index 7db9cb793147427d6980642246fe0155dae88989..d045fd4fc4f72ac6aed01728fcd44ac3fa624662 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -501,6 +501,7 @@ mymain(void)
DO_TEST("pci-serial-dev-chardev");
DO_TEST("encrypted-disk");
+ DO_TEST("encrypted-disk-usage");
DO_TEST("memtune");
DO_TEST("memtune-unlimited");
DO_TEST("blkiotune");