Some disk auth/encryption cleanups

[libvirt] [PATCH 5/6] conf: Move <disk> encryption validation

Posted by John Ferlan 8 years, 4 months ago

Rather than checking during XML processing, move the check for
valid <encryption> into virDomainDiskDefParseValidate.

Signed-off-by: John Ferlan <jferlan@redhat.com>
---
 src/conf/domain_conf.c | 29 +++++++++++++++++------------
 1 file changed, 17 insertions(+), 12 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 07bda1a36..09c5bc1ae 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -8605,7 +8605,23 @@ virDomainDiskDefParseValidate(const virDomainDiskDef *def)
         }
     }
 
-    return virDomainDiskSourceDefParseAuthValidate(def->src);
+    if (virDomainDiskSourceDefParseAuthValidate(def->src) < 0)
+        return -1;
+
+    if (def->src->encryption) {
+        virStorageEncryptionPtr encryption = def->src->encryption;
+
+        if (encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS &&
+            encryption->encinfo.cipher_name) {
+
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("supplying the <cipher> for a domain is "
+                             "unnecessary"));
+            return -1;
+        }
+    }
+
+    return 0;
 }
 
 
@@ -9095,17 +9111,6 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt,
         def->startupPolicy = val;
     }
 
-    if (encryption) {
-        if (encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS &&
-            encryption->encinfo.cipher_name) {
-
-            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                           _("supplying the <cipher> for a domain is "
-                             "unnecessary"));
-            goto error;
-        }
-    }
-
     def->dst = target;
     target = NULL;
     def->src->auth = authdef;
-- 
2.13.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 5/6] conf: Move <disk> encryption validation

Posted by Peter Krempa 8 years, 4 months ago

On Thu, Sep 14, 2017 at 14:03:09 -0400, John Ferlan wrote:
> Rather than checking during XML processing, move the check for
> valid <encryption> into virDomainDiskDefParseValidate.
> 
> Signed-off-by: John Ferlan <jferlan@redhat.com>
> ---
>  src/conf/domain_conf.c | 29 +++++++++++++++++------------
>  1 file changed, 17 insertions(+), 12 deletions(-)
> 
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index 07bda1a36..09c5bc1ae 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -8605,7 +8605,23 @@ virDomainDiskDefParseValidate(const virDomainDiskDef *def)
>          }
>      }
>  
> -    return virDomainDiskSourceDefParseAuthValidate(def->src);
> +    if (virDomainDiskSourceDefParseAuthValidate(def->src) < 0)

This is the exact reason why I did not like this style in the patch that
added it.

> +        return -1;
> +
> +    if (def->src->encryption) {
> +        virStorageEncryptionPtr encryption = def->src->encryption;
> +
> +        if (encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS &&
> +            encryption->encinfo.cipher_name) {
> +
> +            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> +                           _("supplying the <cipher> for a domain is "
> +                             "unnecessary"));

Perhaps we can improve the message now. How about:

"supplying <cipher> for domain disk definition is unnecessary" ?

> +            return -1;
> +        }

ACK
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 5/6] conf: Move <disk> encryption validation

Posted by John Ferlan 8 years, 4 months ago


On 09/15/2017 12:06 AM, Peter Krempa wrote:
> On Thu, Sep 14, 2017 at 14:03:09 -0400, John Ferlan wrote:
>> Rather than checking during XML processing, move the check for
>> valid <encryption> into virDomainDiskDefParseValidate.
>>
>> Signed-off-by: John Ferlan <jferlan@redhat.com>
>> ---
>>  src/conf/domain_conf.c | 29 +++++++++++++++++------------
>>  1 file changed, 17 insertions(+), 12 deletions(-)
>>
>> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
>> index 07bda1a36..09c5bc1ae 100644
>> --- a/src/conf/domain_conf.c
>> +++ b/src/conf/domain_conf.c
>> @@ -8605,7 +8605,23 @@ virDomainDiskDefParseValidate(const virDomainDiskDef *def)
>>          }
>>      }
>>  
>> -    return virDomainDiskSourceDefParseAuthValidate(def->src);
>> +    if (virDomainDiskSourceDefParseAuthValidate(def->src) < 0)
> 
> This is the exact reason why I did not like this style in the patch that
> added it.
> 
>> +        return -1;
>> +
>> +    if (def->src->encryption) {
>> +        virStorageEncryptionPtr encryption = def->src->encryption;
>> +
>> +        if (encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS &&
>> +            encryption->encinfo.cipher_name) {
>> +
>> +            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
>> +                           _("supplying the <cipher> for a domain is "
>> +                             "unnecessary"));
> 
> Perhaps we can improve the message now. How about:
> 
> "supplying <cipher> for domain disk definition is unnecessary" ?
> 

Yep - fixed here and adjusted the previous commit to note that error
message will be to the effect that <cipher> is unnecessary.

Tks -

John

>> +            return -1;
>> +        }
> 
> ACK
> 

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH 1/6] docs: Remove unnecessary <auth> example for iscsi disk type='volume'
[libvirt] [PATCH 2/6] conf: Add invalid secrettype checks
[libvirt] [PATCH 3/6] conf: Move <disk> authdef validation
[libvirt] [PATCH 4/6] conf: Add invalid domain disk encryption test
[libvirt] [PATCH 5/6] conf: Move <disk> encryption validation
[libvirt] [PATCH 6/6] conf: Use virXMLFormatElement to format disk source network