secret: add Ceph secret type

Add a new secret type to store a Ceph authentication key. The name is simply an identifier for easy human reference. The xml looks like this: <secret ephemeral='no' private='no'> <uuid>0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f</uuid> <usage type='ceph'> <name>mycluster_admin</name> </usage> </secret> Signed-off-by: N Sage Weil <sage@newdream.net> Signed-off-by: N Josh Durgin <josh.durgin@dreamhost.net>

secret: add Ceph secret type
Add a new secret type to store a Ceph authentication key. The name is simply an identifier for easy human reference. The xml looks like this: <secret ephemeral='no' private='no'> <uuid>0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f</uuid> <usage type='ceph'> <name>mycluster_admin</name> </usage> </secret> Signed-off-by: N Sage Weil <sage@newdream.net> Signed-off-by: N Josh Durgin <josh.durgin@dreamhost.net>
536d1f87 · Sage Weil · Eric Blake · 87b7e148 · 536d1f87 · 536d1f87
6 changed file
--- a/docs/formatsecret.html.in
+++ b/docs/formatsecret.html.in
@@ -39,8 +39,8 @@
      <dd>
        Specifies what this secret is used for.  A mandatory
        <code>type</code> attribute specifies the usage category, currently
-        only <code>volume</code> is defined.  Specific usage categories are
+        only <code>volume</code> and <code>ceph</code> are defined.
-        described below.
+        Specific usage categories are described below.
      </dd>
    </dl>
@@ -54,6 +54,18 @@
      this secret is associated with.
    </p>
+    <h3>Usage type "ceph"</h3>
+    <p>
+      This secret is associated with a Ceph RBD (rados block device).
+      The <code>&lt;usage type='ceph'&gt;</code> element must contain
+      a single <code>name</code> element that specifies a usage name
+      for the secret.  The Ceph secret can then be used by UUID or by
+      this usage name via the <code>&lt;auth&gt;</code> element of
+      a <a href="domain.html#elementsDisks">disk
+      device</a>. <span class="since">Since 0.9.7</span>.
+    </p>
    <h2><a name="example">Example</a></h2>
    <pre>

--- a/docs/schemas/secret.rng
+++ b/docs/schemas/secret.rng
@@ -37,6 +37,7 @@
          <element name='usage'>
            <choice>
              <ref name='usagevolume'/>
+              <ref name='usageceph'/>
              <!-- More choices later -->
            </choice>
          </element>
@@ -54,6 +55,15 @@
    </element>
  </define>
+  <define name='usageceph'>
+    <attribute name='type'>
+      <value>ceph</value>
+    </attribute>
+    <element name='name'>
+      <text/>
+    </element>
+  </define>
  <define name="UUID">
    <choice>
      <data type="string">

--- a/include/libvirt/libvirt.h.in
+++ b/include/libvirt/libvirt.h.in
@@ -2381,7 +2381,14 @@ typedef virSecret *virSecretPtr;
 typedef enum {
    VIR_SECRET_USAGE_TYPE_NONE = 0,
    VIR_SECRET_USAGE_TYPE_VOLUME = 1,
-    /* Expect more owner types later... */
+    VIR_SECRET_USAGE_TYPE_CEPH = 2,
+    /*
+     * NB: this enum value will increase over time as new events are
+     * added to the libvirt API. It reflects the last secret owner ID
+     * supported by this version of the libvirt API.
+     */
+    VIR_SECRET_USAGE_TYPE_LAST
 } virSecretUsageType;
 virConnectPtr           virSecretGetConnect     (virSecretPtr secret);

--- a/src/conf/secret_conf.c
+++ b/src/conf/secret_conf.c
@@ -35,7 +35,8 @@
 #define VIR_FROM_THIS VIR_FROM_SECRET
-VIR_ENUM_IMPL(virSecretUsageType, VIR_SECRET_USAGE_TYPE_VOLUME + 1, "none", "volume")
+VIR_ENUM_IMPL(virSecretUsageType, VIR_SECRET_USAGE_TYPE_LAST,
+              "none", "volume", "ceph")
 void
 virSecretDefFree(virSecretDefPtr def)
@@ -52,6 +53,9 @@ virSecretDefFree(virSecretDefPtr def)
        VIR_FREE(def->usage.volume);
        break;
+    case VIR_SECRET_USAGE_TYPE_CEPH:
+        VIR_FREE(def->usage.ceph);
    default:
        VIR_ERROR(_("unexpected secret usage type %d"), def->usage_type);
        break;
@@ -94,6 +98,15 @@ virSecretDefParseUsage(xmlXPathContextPtr ctxt,
        }
        break;
+    case VIR_SECRET_USAGE_TYPE_CEPH:
+        def->usage.ceph = virXPathString("string(./usage/name)", ctxt);
+        if (!def->usage.ceph) {
+            virSecretReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                                 _("Ceph usage specified, but name is missing"));
+            return -1;
+        }
+        break;
    default:
        virSecretReportError(VIR_ERR_INTERNAL_ERROR,
                             _("unexpected secret usage type %d"),
@@ -239,6 +252,13 @@ virSecretDefFormatUsage(virBufferPtr buf,
                                  def->usage.volume);
        break;
+    case VIR_SECRET_USAGE_TYPE_CEPH:
+        if (def->usage.ceph != NULL) {
+            virBufferEscapeString(buf, "    <name>%s</name>\n",
+                                  def->usage.ceph);
+        }
+        break;
    default:
        virSecretReportError(VIR_ERR_INTERNAL_ERROR,
                             _("unexpected secret usage type %d"),

--- a/src/conf/secret_conf.h
+++ b/src/conf/secret_conf.h
@@ -42,6 +42,7 @@ struct _virSecretDef {
    int usage_type;
    union {
        char *volume;               /* May be NULL */
+        char *ceph;
    } usage;
 };

--- a/src/secret/secret_driver.c
+++ b/src/secret/secret_driver.c
@@ -144,6 +144,11 @@ secretFindByUsage(virSecretDriverStatePtr driver, int usageType, const char *usa
            if (STREQ(s->def->usage.volume, usageID))
                return s;
            break;
+        case VIR_SECRET_USAGE_TYPE_CEPH:
+            if (STREQ(s->def->usage.ceph, usageID))
+                return s;
+            break;
        }
    }
    return NULL;
@@ -607,6 +612,9 @@ secretUsageIDForDef(virSecretDefPtr def)
    case VIR_SECRET_USAGE_TYPE_VOLUME:
        return def->usage.volume;
+    case VIR_SECRET_USAGE_TYPE_CEPH:
+        return def->usage.ceph;
    default:
        return NULL;
    }