From nobody Mon May  6 20:02:24 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=il.ibm.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1633444942129467.6735842521823;
 Tue, 5 Oct 2021 07:42:22 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-70-6XBvU315N22ApQtV7rfhUg-1; Tue, 05 Oct 2021 10:42:18 -0400
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 504F7A40C5;
	Tue,  5 Oct 2021 14:42:13 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 2EC9660C05;
	Tue,  5 Oct 2021 14:42:13 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id EE8BC4EA30;
	Tue,  5 Oct 2021 14:42:12 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com
	[10.11.54.6])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 195EfoZA012755 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 5 Oct 2021 10:41:50 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id E86F82166B25; Tue,  5 Oct 2021 14:41:49 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast06.extmail.prod.ext.rdu2.redhat.com [10.11.55.22])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id E06E62166B26
	for <libvir-list@redhat.com>; Tue,  5 Oct 2021 14:41:39 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
	[205.139.110.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 96E2318A01A0
	for <libvir-list@redhat.com>; Tue,  5 Oct 2021 14:41:39 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com
	[148.163.158.5]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-358-6hIk-6yKMVioGXe_VXyUmQ-1; Tue, 05 Oct 2021 10:41:34 -0400
Received: from pps.filterd (m0098420.ppops.net [127.0.0.1])
	by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
	195EBpsl002582
	for <libvir-list@redhat.com>; Tue, 5 Oct 2021 10:41:34 -0400
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0b-001b2d01.pphosted.com with ESMTP id 3bgr8g8vss-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT)
	for <libvir-list@redhat.com>; Tue, 05 Oct 2021 10:41:33 -0400
Received: from m0098420.ppops.net (m0098420.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 195EDmgk007988
	for <libvir-list@redhat.com>; Tue, 5 Oct 2021 10:41:33 -0400
Received: from ppma04wdc.us.ibm.com (1a.90.2fa9.ip4.static.sl-reverse.com
	[169.47.144.26])
	by mx0b-001b2d01.pphosted.com with ESMTP id 3bgr8g8vs9-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Tue, 05 Oct 2021 10:41:33 -0400
Received: from pps.filterd (ppma04wdc.us.ibm.com [127.0.0.1])
	by ppma04wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 195Ec9pR031693;
	Tue, 5 Oct 2021 14:41:32 GMT
Received: from b01cxnp22035.gho.pok.ibm.com (b01cxnp22035.gho.pok.ibm.com
	[9.57.198.25]) by ppma04wdc.us.ibm.com with ESMTP id 3bef2awm3t-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Tue, 05 Oct 2021 14:41:32 +0000
Received: from b01ledav001.gho.pok.ibm.com (b01ledav001.gho.pok.ibm.com
	[9.57.199.106])
	by b01cxnp22035.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
	195EfUlq39190944
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Tue, 5 Oct 2021 14:41:30 GMT
Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 930FF28058;
	Tue,  5 Oct 2021 14:41:30 +0000 (GMT)
Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 221E92805E;
	Tue,  5 Oct 2021 14:41:30 +0000 (GMT)
Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176])
	by b01ledav001.gho.pok.ibm.com (Postfix) with ESMTP;
	Tue,  5 Oct 2021 14:41:30 +0000 (GMT)
X-MC-Unique: 6XBvU315N22ApQtV7rfhUg-1
X-MC-Unique: 6hIk-6yKMVioGXe_VXyUmQ-1
From: Or Ozeri <oro@il.ibm.com>
To: libvir-list@redhat.com
Subject: [PATCH v2 1/5] qemu: add disk post parse to qemublocktest
Date: Tue,  5 Oct 2021 09:41:12 -0500
Message-Id: <20211005144116.316855-2-oro@il.ibm.com>
In-Reply-To: <20211005144116.316855-1-oro@il.ibm.com>
References: <20211005144116.316855-1-oro@il.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: RVk3IbRVIRywDVIMtvOCRJauQyA7F-Wj
X-Proofpoint-GUID: 9--GGSvOkMfP350_WSMP1HFV9EiEFWoo
X-Proofpoint-Virus-Version: vendor=baseguard
	engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.391,
	FMLib:17.0.607.475
	definitions=2021-10-05_02,2021-10-04_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	bulkscore=0 malwarescore=0
	clxscore=1015 priorityscore=1501 suspectscore=0 phishscore=0
	mlxlogscore=993 spamscore=0 lowpriorityscore=0 impostorscore=0
	mlxscore=0
	adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.12.0-2109230001 definitions=main-2110050086
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
X-loop: libvir-list@redhat.com
Cc: idryomov@gmail.com, Or Ozeri <oro@il.ibm.com>, to.my.trociny@gmail.com,
	dannyh@il.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1633444942970100003
Content-Type: text/plain; charset="utf-8"

The post parse callback is part of the real (non-test) processing flow.
This commit adds it (for disks) to the qemublocktest flow as well.

Signed-off-by: Or Ozeri <oro@il.ibm.com>
---
 src/qemu/qemu_domain.c | 2 +-
 src/qemu/qemu_domain.h | 4 ++++
 tests/qemublocktest.c  | 3 +++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 25b7f03204..472ff670b1 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -5415,7 +5415,7 @@ qemuDomainDeviceDiskDefPostParseRestoreSecAlias(virDo=
mainDiskDef *disk,
 }
=20
=20
-static int
+int
 qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
                                  virQEMUCaps *qemuCaps,
                                  unsigned int parseFlags)
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index cb1cd968d5..9a784501a0 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -899,6 +899,10 @@ int qemuDomainDefValidateDiskLunSource(const virStorag=
eSource *src)
 int qemuDomainDeviceDefValidateDisk(const virDomainDiskDef *disk,
                                     virQEMUCaps *qemuCaps);
=20
+int qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
+                                     virQEMUCaps *qemuCaps,
+                                     unsigned int parseFlags);
+
 int qemuDomainPrepareChannel(virDomainChrDef *chr,
                              const char *domainChannelTargetDir)
     ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
diff --git a/tests/qemublocktest.c b/tests/qemublocktest.c
index 4af8862c5b..617e1b8ae1 100644
--- a/tests/qemublocktest.c
+++ b/tests/qemublocktest.c
@@ -279,6 +279,9 @@ testQemuDiskXMLToProps(const void *opaque)
                                        VIR_DOMAIN_DEF_PARSE_STATUS)))
         return -1;
=20
+    if (qemuDomainDeviceDiskDefPostParse(disk, data->qemuCaps, 0) < 0)
+        return -1;
+
     if (!(vmdef =3D virDomainDefNew(data->driver->xmlopt)))
         return -1;
=20
--=20
2.25.1

From nobody Mon May  6 20:02:24 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=il.ibm.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1633444917519152.62834394307004;
 Tue, 5 Oct 2021 07:41:57 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-14-5F30bu_tNwGQAvDjwpFKXQ-1; Tue, 05 Oct 2021 10:41:54 -0400
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 2F6CE1006AA9;
	Tue,  5 Oct 2021 14:41:48 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id E4AEE60BD8;
	Tue,  5 Oct 2021 14:41:47 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 75A034E58F;
	Tue,  5 Oct 2021 14:41:46 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
	[10.11.54.3])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 195EfjWs012725 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 5 Oct 2021 10:41:45 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id B919A111F3BE; Tue,  5 Oct 2021 14:41:45 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id ADF28112C094
	for <libvir-list@redhat.com>; Tue,  5 Oct 2021 14:41:36 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
	[205.139.110.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id DDC16899EC0
	for <libvir-list@redhat.com>; Tue,  5 Oct 2021 14:41:36 +0000 (UTC)
Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com
	[148.163.158.5]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-264-DgWdiUDUMWS9dGr_X-5swg-1; Tue, 05 Oct 2021 10:41:35 -0400
Received: from pps.filterd (m0098417.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
	195Darg7006470
	for <libvir-list@redhat.com>; Tue, 5 Oct 2021 10:41:34 -0400
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3bgq15b7fg-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT)
	for <libvir-list@redhat.com>; Tue, 05 Oct 2021 10:41:34 -0400
Received: from m0098417.ppops.net (m0098417.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 195Db8BA011608
	for <libvir-list@redhat.com>; Tue, 5 Oct 2021 10:41:33 -0400
Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com
	[169.55.85.253])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3bgq15b7ey-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Tue, 05 Oct 2021 10:41:33 -0400
Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1])
	by ppma01wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 195EcXV2019497;
	Tue, 5 Oct 2021 14:41:33 GMT
Received: from b01cxnp22036.gho.pok.ibm.com (b01cxnp22036.gho.pok.ibm.com
	[9.57.198.26]) by ppma01wdc.us.ibm.com with ESMTP id 3bef2anjmt-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Tue, 05 Oct 2021 14:41:33 +0000
Received: from b01ledav001.gho.pok.ibm.com (b01ledav001.gho.pok.ibm.com
	[9.57.199.106])
	by b01cxnp22036.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
	195EfVC311535216
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Tue, 5 Oct 2021 14:41:31 GMT
Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 2F38128079;
	Tue,  5 Oct 2021 14:41:31 +0000 (GMT)
Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id B0BF428059;
	Tue,  5 Oct 2021 14:41:30 +0000 (GMT)
Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176])
	by b01ledav001.gho.pok.ibm.com (Postfix) with ESMTP;
	Tue,  5 Oct 2021 14:41:30 +0000 (GMT)
X-MC-Unique: 5F30bu_tNwGQAvDjwpFKXQ-1
X-MC-Unique: DgWdiUDUMWS9dGr_X-5swg-1
From: Or Ozeri <oro@il.ibm.com>
To: libvir-list@redhat.com
Subject: [PATCH v2 2/5] qemu: add rbd encryption capability probing
Date: Tue,  5 Oct 2021 09:41:13 -0500
Message-Id: <20211005144116.316855-3-oro@il.ibm.com>
In-Reply-To: <20211005144116.316855-1-oro@il.ibm.com>
References: <20211005144116.316855-1-oro@il.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: BTHcDPBfOKio8l8Y3NBCR2XzHdCjV5eM
X-Proofpoint-GUID: 380UsX5BSkAs9TE7fgLm4bXm5-GVFend
X-Proofpoint-Virus-Version: vendor=baseguard
	engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.391,
	FMLib:17.0.607.475
	definitions=2021-10-05_02,2021-10-04_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	mlxscore=0 lowpriorityscore=0
	malwarescore=0 mlxlogscore=968 suspectscore=0 priorityscore=1501
	spamscore=0 clxscore=1015 bulkscore=0 impostorscore=0 phishscore=0
	adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.12.0-2109230001 definitions=main-2110050086
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-loop: libvir-list@redhat.com
Cc: idryomov@gmail.com, Or Ozeri <oro@il.ibm.com>, to.my.trociny@gmail.com,
	dannyh@il.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1633444918798100002
Content-Type: text/plain; charset="utf-8"

rbd encryption is new in qemu 6.1.0.
This commit adds capability probing for it.

Signed-off-by: Or Ozeri <oro@il.ibm.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 src/qemu/qemu_capabilities.c                     | 2 ++
 src/qemu/qemu_capabilities.h                     | 1 +
 tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml | 1 +
 3 files changed, 4 insertions(+)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 70c3ec2f0c..85da5725cf 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -638,6 +638,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
               "query-display-options", /* QEMU_CAPS_QUERY_DISPLAY_OPTIONS =
*/
               "s390-pv-guest", /* QEMU_CAPS_S390_PV_GUEST */
               "set-action", /* QEMU_CAPS_SET_ACTION */
+              "rbd-encryption", /* QEMU_CAPS_RBD_ENCRYPTION */
     );
=20
=20
@@ -1560,6 +1561,7 @@ static struct virQEMUCapsStringFlags virQEMUCapsQMPSc=
hemaQueries[] =3D {
     { "blockdev-add/arg-type/+file/$dynamic-auto-read-only", QEMU_CAPS_BLO=
CK_FILE_AUTO_READONLY_DYNAMIC },
     { "blockdev-add/arg-type/+nvme", QEMU_CAPS_DRIVE_NVME },
     { "blockdev-add/arg-type/+file/aio/^io_uring", QEMU_CAPS_AIO_IO_URING =
},
+    { "blockdev-add/arg-type/+rbd/encrypt", QEMU_CAPS_RBD_ENCRYPTION },
     { "blockdev-add/arg-type/discard", QEMU_CAPS_DRIVE_DISCARD },
     { "blockdev-add/arg-type/detect-zeroes", QEMU_CAPS_DRIVE_DETECT_ZEROES=
 },
     { "blockdev-backup", QEMU_CAPS_BLOCKDEV_BACKUP },
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index bc762d1916..576ed9d1ba 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -618,6 +618,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for =
syntax-check */
     QEMU_CAPS_QUERY_DISPLAY_OPTIONS, /* 'query-display-options' qmp comman=
d present */
     QEMU_CAPS_S390_PV_GUEST, /* -object s390-pv-guest,... */
     QEMU_CAPS_SET_ACTION, /* 'set-action' QMP command */
+    QEMU_CAPS_RBD_ENCRYPTION, /* Ceph RBD encryption support */
=20
     QEMU_CAPS_LAST /* this must always be the last item */
 } virQEMUCapsFlags;
diff --git a/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml b/tests/qemuc=
apabilitiesdata/caps_6.1.0.x86_64.xml
index eca9facf80..efd37e8ee1 100644
--- a/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml
@@ -257,6 +257,7 @@
   <flag name=3D'confidential-guest-support'/>
   <flag name=3D'query-display-options'/>
   <flag name=3D'set-action'/>
+  <flag name=3D'rbd-encryption'/>
   <version>6001000</version>
   <kvmVersion>0</kvmVersion>
   <microcodeVersion>43100243</microcodeVersion>
--=20
2.25.1

From nobody Mon May  6 20:02:24 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 216.205.24.124 as permitted sender) client-ip=216.205.24.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=il.ibm.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
	with SMTPS id 1633444917101668.994518815807;
 Tue, 5 Oct 2021 07:41:57 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-443-GJQ9w9YNNZeU68ZNWb4GFg-1; Tue, 05 Oct 2021 10:41:54 -0400
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8866B19253CC;
	Tue,  5 Oct 2021 14:41:48 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 3D7889AA2E;
	Tue,  5 Oct 2021 14:41:48 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id EE29B1800B9C;
	Tue,  5 Oct 2021 14:41:47 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com
	[10.11.54.4])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 195EfjIv012726 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 5 Oct 2021 10:41:46 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id D49342026D65; Tue,  5 Oct 2021 14:41:45 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast06.extmail.prod.ext.rdu2.redhat.com [10.11.55.22])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id D00382026D60
	for <libvir-list@redhat.com>; Tue,  5 Oct 2021 14:41:38 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 737D418A01A5
	for <libvir-list@redhat.com>; Tue,  5 Oct 2021 14:41:38 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
	[148.163.156.1]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-49-RrR1VOLZPQ6JIIUJMldI7A-1; Tue, 05 Oct 2021 10:41:36 -0400
Received: from pps.filterd (m0098399.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
	195E7TNC014937
	for <libvir-list@redhat.com>; Tue, 5 Oct 2021 10:41:35 -0400
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3bgpxbb56d-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT)
	for <libvir-list@redhat.com>; Tue, 05 Oct 2021 10:41:35 -0400
Received: from m0098399.ppops.net (m0098399.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 195E8nWb017487
	for <libvir-list@redhat.com>; Tue, 5 Oct 2021 10:41:34 -0400
Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com
	[169.53.41.122])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3bgpxbb560-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Tue, 05 Oct 2021 10:41:34 -0400
Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1])
	by ppma04dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 195Ec6q8013381;
	Tue, 5 Oct 2021 14:41:34 GMT
Received: from b01cxnp22036.gho.pok.ibm.com (b01cxnp22036.gho.pok.ibm.com
	[9.57.198.26]) by ppma04dal.us.ibm.com with ESMTP id 3bef2bjfb4-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Tue, 05 Oct 2021 14:41:34 +0000
Received: from b01ledav001.gho.pok.ibm.com (b01ledav001.gho.pok.ibm.com
	[9.57.199.106])
	by b01cxnp22036.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
	195EfVXP16449828
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Tue, 5 Oct 2021 14:41:31 GMT
Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id B9B4B28072;
	Tue,  5 Oct 2021 14:41:31 +0000 (GMT)
Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 4BEBF28073;
	Tue,  5 Oct 2021 14:41:31 +0000 (GMT)
Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176])
	by b01ledav001.gho.pok.ibm.com (Postfix) with ESMTP;
	Tue,  5 Oct 2021 14:41:31 +0000 (GMT)
X-MC-Unique: GJQ9w9YNNZeU68ZNWb4GFg-1
X-MC-Unique: RrR1VOLZPQ6JIIUJMldI7A-1
From: Or Ozeri <oro@il.ibm.com>
To: libvir-list@redhat.com
Subject: [PATCH v2 3/5] conf: add luks2 encryption format
Date: Tue,  5 Oct 2021 09:41:14 -0500
Message-Id: <20211005144116.316855-4-oro@il.ibm.com>
In-Reply-To: <20211005144116.316855-1-oro@il.ibm.com>
References: <20211005144116.316855-1-oro@il.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: rIo1msGvUT3CmvYwTbffydmDpwaYfAJ8
X-Proofpoint-GUID: iL7Hk54J6TUtKJZITMYsDKRP-KdEYB95
X-Proofpoint-Virus-Version: vendor=baseguard
	engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.391,
	FMLib:17.0.607.475
	definitions=2021-10-05_02,2021-10-04_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	lowpriorityscore=0
	suspectscore=0 priorityscore=1501 malwarescore=0 mlxlogscore=973
	bulkscore=0 mlxscore=0 adultscore=0 spamscore=0 phishscore=0
	clxscore=1015
	impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.12.0-2109230001 definitions=main-2110050086
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4
X-loop: libvir-list@redhat.com
Cc: idryomov@gmail.com, Or Ozeri <oro@il.ibm.com>, to.my.trociny@gmail.com,
	dannyh@il.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1633444918751100001
Content-Type: text/plain; charset="utf-8"

This commit extends libvirt XML configuration to support luks2 encryption f=
ormat.
This means that <encryption format=3D"luks2"> becomes valid.
Actual handler (other than returning "not supported") for this new format w=
ill be added in an upcoming commit.

Signed-off-by: Or Ozeri <oro@il.ibm.com>
---
 docs/formatstorageencryption.html.in | 2 +-
 docs/schemas/storagecommon.rng       | 1 +
 src/conf/storage_encryption_conf.c   | 2 +-
 src/conf/storage_encryption_conf.h   | 1 +
 src/qemu/qemu_block.c                | 1 +
 src/qemu/qemu_domain.c               | 3 ++-
 6 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencry=
ption.html.in
index 7215c307d7..b2631ab25d 100644
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -18,7 +18,7 @@
       is <code>encryption</code>, with a mandatory
       attribute <code>format</code>.  Currently defined values
       of <code>format</code> are <code>default</code>, <code>qcow</code>,
-      and <code>luks</code>.
+      <code>luks</code>, and <code>luks2</code>.
       Each value of <code>format</code> implies some expectations about the
       content of the <code>encryption</code> tag.  Other format values may=
 be
       defined in the future.
diff --git a/docs/schemas/storagecommon.rng b/docs/schemas/storagecommon.rng
index 9ebb27700d..7d1d066289 100644
--- a/docs/schemas/storagecommon.rng
+++ b/docs/schemas/storagecommon.rng
@@ -13,6 +13,7 @@
           <value>default</value>
           <value>qcow</value>
           <value>luks</value>
+          <value>luks2</value>
         </choice>
       </attribute>
       <interleave>
diff --git a/src/conf/storage_encryption_conf.c b/src/conf/storage_encrypti=
on_conf.c
index 9112b96cc7..2df4ec96af 100644
--- a/src/conf/storage_encryption_conf.c
+++ b/src/conf/storage_encryption_conf.c
@@ -44,7 +44,7 @@ VIR_ENUM_IMPL(virStorageEncryptionSecret,
=20
 VIR_ENUM_IMPL(virStorageEncryptionFormat,
               VIR_STORAGE_ENCRYPTION_FORMAT_LAST,
-              "default", "qcow", "luks",
+              "default", "qcow", "luks", "luks2",
 );
=20
 static void
diff --git a/src/conf/storage_encryption_conf.h b/src/conf/storage_encrypti=
on_conf.h
index 34adbd5f7b..32e3a1243a 100644
--- a/src/conf/storage_encryption_conf.h
+++ b/src/conf/storage_encryption_conf.h
@@ -56,6 +56,7 @@ typedef enum {
     VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT =3D 0,
     VIR_STORAGE_ENCRYPTION_FORMAT_QCOW, /* Both qcow and qcow2 */
     VIR_STORAGE_ENCRYPTION_FORMAT_LUKS,
+    VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2,
=20
     VIR_STORAGE_ENCRYPTION_FORMAT_LAST,
 } virStorageEncryptionFormatType;
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index 0bc92f6a23..f7aa052822 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -1333,6 +1333,7 @@ qemuBlockStorageSourceGetCryptoProps(virStorageSource=
 *src,
         break;
=20
     case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
+    case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2:
     case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
     default:
         virReportEnumRangeError(virStorageEncryptionFormatType,
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 472ff670b1..2d35106c2f 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1354,7 +1354,8 @@ static bool
 qemuDomainDiskHasEncryptionSecret(virStorageSource *src)
 {
     if (!virStorageSourceIsEmpty(src) && src->encryption &&
-        src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_LUKS =
&&
+        (src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_LUKS=
 ||
+         src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_LUKS=
2) &&
         src->encryption->nsecrets > 0)
         return true;
=20
--=20
2.25.1

From nobody Mon May  6 20:02:24 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=il.ibm.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1633444942546192.55234498885136;
 Tue, 5 Oct 2021 07:42:22 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-88-n_4HiUb8PQm9qZhsANuiQA-1; Tue, 05 Oct 2021 10:42:19 -0400
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1E03CA40C0;
	Tue,  5 Oct 2021 14:42:14 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 009669AA35;
	Tue,  5 Oct 2021 14:42:13 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id C5C6B1806D02;
	Tue,  5 Oct 2021 14:42:13 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com
	[10.11.54.5])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 195EfnXK012754 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 5 Oct 2021 10:41:49 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id A5C967C4D; Tue,  5 Oct 2021 14:41:49 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 9CAFB9E89
	for <libvir-list@redhat.com>; Tue,  5 Oct 2021 14:41:39 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
	[205.139.110.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 4F392800883
	for <libvir-list@redhat.com>; Tue,  5 Oct 2021 14:41:39 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
	[148.163.156.1]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-458-3co2kdb_Pba_d6_aySU5RQ-1; Tue, 05 Oct 2021 10:41:37 -0400
Received: from pps.filterd (m0098396.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
	195E8jGm014967
	for <libvir-list@redhat.com>; Tue, 5 Oct 2021 10:41:36 -0400
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3bgr798yhd-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT)
	for <libvir-list@redhat.com>; Tue, 05 Oct 2021 10:41:35 -0400
Received: from m0098396.ppops.net (m0098396.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 195EGo0G012881
	for <libvir-list@redhat.com>; Tue, 5 Oct 2021 10:41:35 -0400
Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com
	[169.53.41.122])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3bgr798yh1-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Tue, 05 Oct 2021 10:41:35 -0400
Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1])
	by ppma04dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 195Ec6w1013392;
	Tue, 5 Oct 2021 14:41:34 GMT
Received: from b01cxnp22034.gho.pok.ibm.com (b01cxnp22034.gho.pok.ibm.com
	[9.57.198.24]) by ppma04dal.us.ibm.com with ESMTP id 3bef2bjfbn-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Tue, 05 Oct 2021 14:41:34 +0000
Received: from b01ledav001.gho.pok.ibm.com (b01ledav001.gho.pok.ibm.com
	[9.57.199.106])
	by b01cxnp22034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
	195EfWr713435160
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Tue, 5 Oct 2021 14:41:32 GMT
Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 69A0928066;
	Tue,  5 Oct 2021 14:41:32 +0000 (GMT)
Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id E218228073;
	Tue,  5 Oct 2021 14:41:31 +0000 (GMT)
Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176])
	by b01ledav001.gho.pok.ibm.com (Postfix) with ESMTP;
	Tue,  5 Oct 2021 14:41:31 +0000 (GMT)
X-MC-Unique: n_4HiUb8PQm9qZhsANuiQA-1
X-MC-Unique: 3co2kdb_Pba_d6_aySU5RQ-1
From: Or Ozeri <oro@il.ibm.com>
To: libvir-list@redhat.com
Subject: [PATCH v2 4/5] conf: add encryption engine property
Date: Tue,  5 Oct 2021 09:41:15 -0500
Message-Id: <20211005144116.316855-5-oro@il.ibm.com>
In-Reply-To: <20211005144116.316855-1-oro@il.ibm.com>
References: <20211005144116.316855-1-oro@il.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: J7PgwlEQ0T1R_00hJp6KdOh5gt7mMlUy
X-Proofpoint-ORIG-GUID: SMBGPT0xVxXdm659D4T9nWvbtr9qAcFb
X-Proofpoint-Virus-Version: vendor=baseguard
	engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.391,
	FMLib:17.0.607.475
	definitions=2021-10-05_02,2021-10-04_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	clxscore=1015 mlxscore=0
	priorityscore=1501 lowpriorityscore=0 malwarescore=0 spamscore=0
	bulkscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 phishscore=0
	suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.12.0-2109230001 definitions=main-2110050086
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5
X-loop: libvir-list@redhat.com
Cc: idryomov@gmail.com, Or Ozeri <oro@il.ibm.com>, to.my.trociny@gmail.com,
	dannyh@il.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1633444943088100005
Content-Type: text/plain; charset="utf-8"

This commit extends libvirt XML configuration to support a custom encryptio=
n engine.
This means that <encryption format=3D"luks" engine=3D"qemu">  becomes valid.
The only engine for now is qemu. However, a new engine (librbd) will be add=
ed in an upcoming commit.
If no engine is specified, qemu will be used (assuming qemu driver is used).

Signed-off-by: Or Ozeri <oro@il.ibm.com>
---
 docs/formatstorageencryption.html.in          |   6 +
 docs/schemas/domainbackup.rng                 |   7 +
 docs/schemas/storagecommon.rng                |   7 +
 src/conf/storage_encryption_conf.c            |  31 +++-
 src/conf/storage_encryption_conf.h            |   9 +
 src/qemu/qemu_block.c                         |   2 +
 src/qemu/qemu_domain.c                        |   8 +
 tests/qemustatusxml2xmldata/upgrade-out.xml   |   6 +-
 tests/qemuxml2xmloutdata/disk-nvme.xml        |  65 ++++++-
 .../disk-slices.x86_64-latest.xml             |   4 +-
 .../encrypted-disk-usage.xml                  |  38 ++++-
 tests/qemuxml2xmloutdata/encrypted-disk.xml   |   2 +-
 .../luks-disks-source-qcow2.x86_64-latest.xml |  14 +-
 .../qemuxml2xmloutdata/luks-disks-source.xml  |  10 +-
 tests/qemuxml2xmloutdata/luks-disks.xml       |  47 +++++-
 tests/qemuxml2xmloutdata/user-aliases.xml     | 159 +++++++++++++++++-
 16 files changed, 392 insertions(+), 23 deletions(-)
 mode change 120000 =3D> 100644 tests/qemuxml2xmloutdata/disk-nvme.xml
 mode change 120000 =3D> 100644 tests/qemuxml2xmloutdata/encrypted-disk-usa=
ge.xml
 mode change 120000 =3D> 100644 tests/qemuxml2xmloutdata/luks-disks.xml
 mode change 120000 =3D> 100644 tests/qemuxml2xmloutdata/user-aliases.xml

diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencry=
ption.html.in
index b2631ab25d..5783381a4a 100644
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -23,6 +23,12 @@
       content of the <code>encryption</code> tag.  Other format values may=
 be
       defined in the future.
     </p>
+    <p>
+      The <code>encryption</code> tag supports an optional <code>engine</c=
ode>
+      tag, which allows selecting which component actually handles
+      the encryption. Currently defined values of <code>engine</code> are
+      <code>qemu</code>.
+    </p>
     <p>
       The <code>encryption</code> tag can currently contain a sequence of
       <code>secret</code> tags, each with mandatory attributes <code>type<=
/code>
diff --git a/docs/schemas/domainbackup.rng b/docs/schemas/domainbackup.rng
index c03455a5a7..05cc28ab00 100644
--- a/docs/schemas/domainbackup.rng
+++ b/docs/schemas/domainbackup.rng
@@ -14,6 +14,13 @@
           <value>luks</value>
         </choice>
       </attribute>
+      <optional>
+        <attribute name=3D"engine">
+          <choice>
+            <value>qemu</value>
+          </choice>
+        </attribute>
+      </optional>
       <interleave>
         <ref name=3D"secret"/>
         <optional>
diff --git a/docs/schemas/storagecommon.rng b/docs/schemas/storagecommon.rng
index 7d1d066289..b34577c582 100644
--- a/docs/schemas/storagecommon.rng
+++ b/docs/schemas/storagecommon.rng
@@ -16,6 +16,13 @@
           <value>luks2</value>
         </choice>
       </attribute>
+      <optional>
+        <attribute name=3D"engine">
+          <choice>
+            <value>qemu</value>
+          </choice>
+        </attribute>
+      </optional>
       <interleave>
         <ref name=3D"secret"/>
         <optional>
diff --git a/src/conf/storage_encryption_conf.c b/src/conf/storage_encrypti=
on_conf.c
index 2df4ec96af..e8da02b605 100644
--- a/src/conf/storage_encryption_conf.c
+++ b/src/conf/storage_encryption_conf.c
@@ -47,6 +47,11 @@ VIR_ENUM_IMPL(virStorageEncryptionFormat,
               "default", "qcow", "luks", "luks2",
 );
=20
+VIR_ENUM_IMPL(virStorageEncryptionEngine,
+              VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
+              "default", "qemu",
+);
+
 static void
 virStorageEncryptionInfoDefClear(virStorageEncryptionInfoDef *def)
 {
@@ -120,6 +125,7 @@ virStorageEncryptionCopy(const virStorageEncryption *sr=
c)
     ret->secrets =3D g_new0(virStorageEncryptionSecret *, src->nsecrets);
     ret->nsecrets =3D src->nsecrets;
     ret->format =3D src->format;
+    ret->engine =3D src->engine;
=20
     for (i =3D 0; i < src->nsecrets; i++) {
         if (!(ret->secrets[i] =3D virStorageEncryptionSecretCopy(src->secr=
ets[i])))
@@ -217,6 +223,7 @@ virStorageEncryptionParseNode(xmlNodePtr node,
     xmlNodePtr *nodes =3D NULL;
     virStorageEncryption *encdef =3D NULL;
     virStorageEncryption *ret =3D NULL;
+    g_autofree char *engine_str =3D NULL;
     g_autofree char *format_str =3D NULL;
     int n;
     size_t i;
@@ -239,6 +246,16 @@ virStorageEncryptionParseNode(xmlNodePtr node,
         goto cleanup;
     }
=20
+    if ((engine_str =3D virXPathString("string(./@engine)", ctxt))) {
+        if ((encdef->engine =3D
+             virStorageEncryptionEngineTypeFromString(engine_str)) < 0) {
+            virReportError(VIR_ERR_XML_ERROR,
+                           _("unknown volume encryption engine type %s"),
+                           engine_str);
+            goto cleanup;
+        }
+    }
+
     if ((n =3D virXPathNodeSet("./secret", ctxt, &nodes)) < 0)
         goto cleanup;
=20
@@ -327,6 +344,7 @@ int
 virStorageEncryptionFormat(virBuffer *buf,
                            virStorageEncryption *enc)
 {
+    const char *engine;
     const char *format;
     size_t i;
=20
@@ -335,7 +353,18 @@ virStorageEncryptionFormat(virBuffer *buf,
                        "%s", _("unexpected encryption format"));
         return -1;
     }
-    virBufferAsprintf(buf, "<encryption format=3D'%s'>\n", format);
+    if (enc->engine =3D=3D VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT) {
+        virBufferAsprintf(buf, "<encryption format=3D'%s'>\n", format);
+    } else {
+        if (!(engine =3D virStorageEncryptionEngineTypeToString(enc->engin=
e))) {
+            virReportError(VIR_ERR_INTERNAL_ERROR,
+                           "%s", _("unexpected encryption engine"));
+            return -1;
+        }
+        virBufferAsprintf(buf, "<encryption format=3D'%s' engine=3D'%s'>\n=
",
+                          format, engine);
+    }
+
     virBufferAdjustIndent(buf, 2);
=20
     for (i =3D 0; i < enc->nsecrets; i++) {
diff --git a/src/conf/storage_encryption_conf.h b/src/conf/storage_encrypti=
on_conf.h
index 32e3a1243a..c722f832f5 100644
--- a/src/conf/storage_encryption_conf.h
+++ b/src/conf/storage_encryption_conf.h
@@ -51,6 +51,14 @@ struct _virStorageEncryptionInfoDef {
     char *ivgen_hash;
 };
=20
+typedef enum {
+    VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT =3D 0,
+    VIR_STORAGE_ENCRYPTION_ENGINE_QEMU,
+
+    VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
+} virStorageEncryptionEngineType;
+VIR_ENUM_DECL(virStorageEncryptionEngine);
+
 typedef enum {
     /* "default" is only valid for volume creation */
     VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT =3D 0,
@@ -64,6 +72,7 @@ VIR_ENUM_DECL(virStorageEncryptionFormat);
=20
 typedef struct _virStorageEncryption virStorageEncryption;
 struct _virStorageEncryption {
+    int engine; /* virStorageEncryptionEngineType */
     int format; /* virStorageEncryptionFormatType */
     int payload_offset;
=20
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index f7aa052822..693c43dfcc 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -1318,6 +1318,7 @@ qemuBlockStorageSourceGetCryptoProps(virStorageSource=
 *src,
      * VIR_DOMAIN_SECRET_INFO_TYPE_AES works here. The correct type needs =
to be
      * instantiated elsewhere. */
     if (!src->encryption ||
+        src->encryption->engine !=3D VIR_STORAGE_ENCRYPTION_ENGINE_QEMU ||
         !srcpriv ||
         !srcpriv->encinfo ||
         srcpriv->encinfo->type !=3D VIR_DOMAIN_SECRET_INFO_TYPE_AES)
@@ -1454,6 +1455,7 @@ qemuBlockStorageSourceGetBlockdevFormatProps(virStora=
geSource *src)
          * put a raw layer on top */
     case VIR_STORAGE_FILE_RAW:
         if (src->encryption &&
+            src->encryption->engine =3D=3D VIR_STORAGE_ENCRYPTION_ENGINE_Q=
EMU &&
             src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_L=
UKS) {
             if (qemuBlockStorageSourceGetFormatLUKSProps(src, props) < 0)
                 return NULL;
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 2d35106c2f..9c873c129b 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -5421,6 +5421,8 @@ qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *di=
sk,
                                  virQEMUCaps *qemuCaps,
                                  unsigned int parseFlags)
 {
+    virStorageSource *n;
+
     /* set default disk types and drivers */
     if (!virDomainDiskGetDriver(disk))
         virDomainDiskSetDriver(disk, "qemu");
@@ -5435,6 +5437,12 @@ qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *d=
isk,
         disk->mirror->format =3D=3D VIR_STORAGE_FILE_NONE)
         disk->mirror->format =3D VIR_STORAGE_FILE_RAW;
=20
+    /* default disk encryption engine */
+    for (n =3D disk->src; virStorageSourceIsBacking(n); n =3D n->backingSt=
ore) {
+        if (n->encryption && n->encryption->engine =3D=3D VIR_STORAGE_ENCR=
YPTION_ENGINE_DEFAULT)
+            n->encryption->engine =3D VIR_STORAGE_ENCRYPTION_ENGINE_QEMU;
+    }
+
     if (qemuDomainDeviceDiskDefPostParseRestoreSecAlias(disk, qemuCaps,
                                                         parseFlags) < 0)
         return -1;
diff --git a/tests/qemustatusxml2xmldata/upgrade-out.xml b/tests/qemustatus=
xml2xmldata/upgrade-out.xml
index f9476731f6..5218092cb9 100644
--- a/tests/qemustatusxml2xmldata/upgrade-out.xml
+++ b/tests/qemustatusxml2xmldata/upgrade-out.xml
@@ -316,7 +316,7 @@
       <disk type=3D'file' device=3D'disk'>
         <driver name=3D'qemu' type=3D'qcow2'/>
         <source file=3D'/var/lib/libvirt/images/b.qcow2'>
-          <encryption format=3D'luks'>
+          <encryption format=3D'luks' engine=3D'qemu'>
             <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21=
ccc2f80d6f'/>
           </encryption>
           <privateData>
@@ -333,7 +333,7 @@
       <disk type=3D'file' device=3D'disk'>
         <driver name=3D'qemu' type=3D'qcow2'/>
         <source file=3D'/var/lib/libvirt/images/c.qcow2'>
-          <encryption format=3D'luks'>
+          <encryption format=3D'luks' engine=3D'qemu'>
             <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21=
ccc2f80d6f'/>
           </encryption>
           <privateData>
@@ -354,7 +354,7 @@
           <auth username=3D'testuser-iscsi'>
             <secret type=3D'iscsi' usage=3D'testuser-iscsi-secret'/>
           </auth>
-          <encryption format=3D'luks'>
+          <encryption format=3D'luks' engine=3D'qemu'>
             <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21=
ccc2f80d6f'/>
           </encryption>
           <privateData>
diff --git a/tests/qemuxml2xmloutdata/disk-nvme.xml b/tests/qemuxml2xmloutd=
ata/disk-nvme.xml
deleted file mode 120000
index ea9eb267ac..0000000000
--- a/tests/qemuxml2xmloutdata/disk-nvme.xml
+++ /dev/null
@@ -1 +0,0 @@
-../qemuxml2argvdata/disk-nvme.xml
\ No newline at end of file
diff --git a/tests/qemuxml2xmloutdata/disk-nvme.xml b/tests/qemuxml2xmloutd=
ata/disk-nvme.xml
new file mode 100644
index 0000000000..9a5fafce7d
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/disk-nvme.xml
@@ -0,0 +1,64 @@
+<domain type=3D'qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit=3D'KiB'>219136</memory>
+  <currentMemory unit=3D'KiB'>219136</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'i686' machine=3D'pc'>hvm</type>
+    <boot dev=3D'hd'/>
+  </os>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-i386</emulator>
+    <disk type=3D'nvme' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source type=3D'pci' managed=3D'yes' namespace=3D'1'>
+        <address domain=3D'0x0000' bus=3D'0x01' slot=3D'0x00' function=3D'=
0x0'/>
+      </source>
+      <target dev=3D'vda' bus=3D'virtio'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x04' f=
unction=3D'0x0'/>
+    </disk>
+    <disk type=3D'nvme' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source type=3D'pci' managed=3D'yes' namespace=3D'2'>
+        <address domain=3D'0x0000' bus=3D'0x01' slot=3D'0x00' function=3D'=
0x0'/>
+      </source>
+      <target dev=3D'vdb' bus=3D'virtio'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x05' f=
unction=3D'0x0'/>
+    </disk>
+    <disk type=3D'nvme' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source type=3D'pci' managed=3D'no' namespace=3D'1'>
+        <address domain=3D'0x0000' bus=3D'0x02' slot=3D'0x00' function=3D'=
0x0'/>
+      </source>
+      <target dev=3D'vdc' bus=3D'virtio'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x06' f=
unction=3D'0x0'/>
+    </disk>
+    <disk type=3D'nvme' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'qcow2' cache=3D'none'/>
+      <source type=3D'pci' managed=3D'no' namespace=3D'2'>
+        <address domain=3D'0x0001' bus=3D'0x02' slot=3D'0x00' function=3D'=
0x0'/>
+        <encryption format=3D'luks' engine=3D'qemu'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80d6f'/>
+        </encryption>
+      </source>
+      <target dev=3D'vdd' bus=3D'virtio'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x07' f=
unction=3D'0x0'/>
+    </disk>
+    <controller type=3D'usb' index=3D'0'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x2'/>
+    </controller>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <controller type=3D'scsi' index=3D'0' model=3D'virtio-scsi'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x03' f=
unction=3D'0x0'/>
+    </controller>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <audio id=3D'1' type=3D'none'/>
+    <memballoon model=3D'none'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml b/tests=
/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml
index be5cd25084..a058cbad61 100644
--- a/tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml
@@ -49,7 +49,7 @@
         <slices>
           <slice type=3D'storage' offset=3D'1234' size=3D'321'/>
         </slices>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80d6f'/>
         </encryption>
       </source>
@@ -75,7 +75,7 @@
         <slices>
           <slice type=3D'storage' offset=3D'1234' size=3D'321'/>
         </slices>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80d6f'/>
         </encryption>
       </source>
diff --git a/tests/qemuxml2xmloutdata/encrypted-disk-usage.xml b/tests/qemu=
xml2xmloutdata/encrypted-disk-usage.xml
deleted file mode 120000
index a1a4f841e9..0000000000
--- a/tests/qemuxml2xmloutdata/encrypted-disk-usage.xml
+++ /dev/null
@@ -1 +0,0 @@
-../qemuxml2argvdata/encrypted-disk-usage.xml
\ No newline at end of file
diff --git a/tests/qemuxml2xmloutdata/encrypted-disk-usage.xml b/tests/qemu=
xml2xmloutdata/encrypted-disk-usage.xml
new file mode 100644
index 0000000000..d2b87b94b6
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/encrypted-disk-usage.xml
@@ -0,0 +1,37 @@
+<domain type=3D'qemu'>
+  <name>encryptdisk</name>
+  <uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <currentMemory unit=3D'KiB'>524288</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'i686' machine=3D'pc'>hvm</type>
+    <boot dev=3D'hd'/>
+  </os>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-i386</emulator>
+    <disk type=3D'file' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'qcow2'/>
+      <source file=3D'/storage/guest_disks/encryptdisk'/>
+      <target dev=3D'vda' bus=3D'virtio'/>
+      <encryption format=3D'luks' engine=3D'qemu'>
+        <secret type=3D'passphrase' usage=3D'/storage/guest_disks/encryptd=
isk'/>
+      </encryption>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x04' f=
unction=3D'0x0'/>
+    </disk>
+    <controller type=3D'usb' index=3D'0'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x2'/>
+    </controller>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <audio id=3D'1' type=3D'none'/>
+    <memballoon model=3D'virtio'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x03' f=
unction=3D'0x0'/>
+    </memballoon>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/encrypted-disk.xml b/tests/qemuxml2xm=
loutdata/encrypted-disk.xml
index 06f2c5b47c..e30c8a36e8 100644
--- a/tests/qemuxml2xmloutdata/encrypted-disk.xml
+++ b/tests/qemuxml2xmloutdata/encrypted-disk.xml
@@ -18,7 +18,7 @@
       <driver name=3D'qemu' type=3D'qcow2'/>
       <source file=3D'/storage/guest_disks/encryptdisk'/>
       <target dev=3D'vda' bus=3D'virtio'/>
-      <encryption format=3D'luks'>
+      <encryption format=3D'luks' engine=3D'qemu'>
         <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21ccc2=
f80d6f'/>
       </encryption>
       <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x04' f=
unction=3D'0x0'/>
diff --git a/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest=
.xml b/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml
index 5f600f5ba7..7f98dd597e 100644
--- a/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml
@@ -20,7 +20,7 @@
     <disk type=3D'file' device=3D'disk'>
       <driver name=3D'qemu' type=3D'qcow2'/>
       <source file=3D'/storage/guest_disks/encryptdisk'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80d6f'/>
         </encryption>
       </source>
@@ -30,7 +30,7 @@
     <disk type=3D'file' device=3D'disk'>
       <driver name=3D'qemu' type=3D'qcow2'/>
       <source file=3D'/storage/guest_disks/encryptdisk2'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' usage=3D'/storage/guest_disks/encryp=
tdisk2'/>
         </encryption>
       </source>
@@ -44,7 +44,7 @@
         <auth username=3D'myname'>
           <secret type=3D'iscsi' uuid=3D'0a81f5b2-8403-7b23-c8d6-21ccc2f80=
e80'/>
         </auth>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80f77'/>
         </encryption>
       </source>
@@ -54,7 +54,7 @@
     <disk type=3D'volume' device=3D'disk'>
       <driver name=3D'qemu' type=3D'qcow2'/>
       <source pool=3D'pool-iscsi' volume=3D'unit:0:0:3' mode=3D'direct'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80f80'/>
         </encryption>
       </source>
@@ -67,7 +67,7 @@
         <host name=3D'mon1.example.org' port=3D'6321'/>
         <host name=3D'mon2.example.org' port=3D'6322'/>
         <host name=3D'mon3.example.org' port=3D'6322'/>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
         </encryption>
       </source>
@@ -77,14 +77,14 @@
     <disk type=3D'file' device=3D'disk'>
       <driver name=3D'qemu' type=3D'qcow2'/>
       <source file=3D'/storage/guest_disks/encryptdisk5'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80d6f'/>
         </encryption>
       </source>
       <backingStore type=3D'file'>
         <format type=3D'qcow2'/>
         <source file=3D'/storage/guest_disks/base.qcow2'>
-          <encryption format=3D'luks'>
+          <encryption format=3D'luks' engine=3D'qemu'>
             <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21=
ccc2f80d6f'/>
           </encryption>
         </source>
diff --git a/tests/qemuxml2xmloutdata/luks-disks-source.xml b/tests/qemuxml=
2xmloutdata/luks-disks-source.xml
index 5333d4ac6e..891b5d9d17 100644
--- a/tests/qemuxml2xmloutdata/luks-disks-source.xml
+++ b/tests/qemuxml2xmloutdata/luks-disks-source.xml
@@ -17,7 +17,7 @@
     <disk type=3D'file' device=3D'disk'>
       <driver name=3D'qemu' type=3D'raw'/>
       <source file=3D'/storage/guest_disks/encryptdisk'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80d6f'/>
         </encryption>
       </source>
@@ -27,7 +27,7 @@
     <disk type=3D'file' device=3D'disk'>
       <driver name=3D'qemu' type=3D'raw'/>
       <source file=3D'/storage/guest_disks/encryptdisk2'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' usage=3D'/storage/guest_disks/encryp=
tdisk2'/>
         </encryption>
       </source>
@@ -41,7 +41,7 @@
         <auth username=3D'myname'>
           <secret type=3D'iscsi' uuid=3D'0a81f5b2-8403-7b23-c8d6-21ccc2f80=
e80'/>
         </auth>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80f77'/>
         </encryption>
       </source>
@@ -51,7 +51,7 @@
     <disk type=3D'volume' device=3D'disk'>
       <driver name=3D'qemu' type=3D'raw'/>
       <source pool=3D'pool-iscsi' volume=3D'unit:0:0:3' mode=3D'direct'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80f80'/>
         </encryption>
       </source>
@@ -64,7 +64,7 @@
         <host name=3D'mon1.example.org' port=3D'6321'/>
         <host name=3D'mon2.example.org' port=3D'6322'/>
         <host name=3D'mon3.example.org' port=3D'6322'/>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
         </encryption>
       </source>
diff --git a/tests/qemuxml2xmloutdata/luks-disks.xml b/tests/qemuxml2xmlout=
data/luks-disks.xml
deleted file mode 120000
index d65e470c32..0000000000
--- a/tests/qemuxml2xmloutdata/luks-disks.xml
+++ /dev/null
@@ -1 +0,0 @@
-../qemuxml2argvdata/luks-disks.xml
\ No newline at end of file
diff --git a/tests/qemuxml2xmloutdata/luks-disks.xml b/tests/qemuxml2xmlout=
data/luks-disks.xml
new file mode 100644
index 0000000000..1c76f0dc26
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/luks-disks.xml
@@ -0,0 +1,46 @@
+<domain type=3D'qemu'>
+  <name>encryptdisk</name>
+  <uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <currentMemory unit=3D'KiB'>524288</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc-i440fx-2.1'>hvm</type>
+    <boot dev=3D'hd'/>
+  </os>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type=3D'file' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source file=3D'/storage/guest_disks/encryptdisk'/>
+      <target dev=3D'vda' bus=3D'virtio'/>
+      <encryption format=3D'luks' engine=3D'qemu'>
+        <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21ccc2=
f80d6f'/>
+      </encryption>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x04' f=
unction=3D'0x0'/>
+    </disk>
+    <disk type=3D'file' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source file=3D'/storage/guest_disks/encryptdisk2'/>
+      <target dev=3D'vdb' bus=3D'virtio'/>
+      <encryption format=3D'luks' engine=3D'qemu'>
+        <secret type=3D'passphrase' usage=3D'/storage/guest_disks/encryptd=
isk2'/>
+      </encryption>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x05' f=
unction=3D'0x0'/>
+    </disk>
+    <controller type=3D'usb' index=3D'0'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x2'/>
+    </controller>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <audio id=3D'1' type=3D'none'/>
+    <memballoon model=3D'virtio'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x03' f=
unction=3D'0x0'/>
+    </memballoon>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/user-aliases.xml b/tests/qemuxml2xmlo=
utdata/user-aliases.xml
deleted file mode 120000
index b5a27f08cd..0000000000
--- a/tests/qemuxml2xmloutdata/user-aliases.xml
+++ /dev/null
@@ -1 +0,0 @@
-../qemuxml2argvdata/user-aliases.xml
\ No newline at end of file
diff --git a/tests/qemuxml2xmloutdata/user-aliases.xml b/tests/qemuxml2xmlo=
utdata/user-aliases.xml
new file mode 100644
index 0000000000..10b7749521
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/user-aliases.xml
@@ -0,0 +1,158 @@
+<domain type=3D'kvm'>
+  <name>gentoo</name>
+  <uuid>a75aca4b-a02f-2bcb-4a91-c93cd848c34b</uuid>
+  <memory unit=3D'KiB'>4194304</memory>
+  <currentMemory unit=3D'KiB'>4194304</currentMemory>
+  <memoryBacking>
+    <hugepages>
+      <page size=3D'1048576' unit=3D'KiB' nodeset=3D'0-3'/>
+    </hugepages>
+  </memoryBacking>
+  <vcpu placement=3D'static'>4</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc-i440fx-1.4'>hvm</type>
+    <boot dev=3D'hd'/>
+    <boot dev=3D'cdrom'/>
+  </os>
+  <features>
+    <acpi/>
+    <apic/>
+    <pae/>
+  </features>
+  <cpu>
+    <numa>
+      <cell id=3D'0' cpus=3D'0' memory=3D'1048576' unit=3D'KiB'/>
+      <cell id=3D'1' cpus=3D'1' memory=3D'1048576' unit=3D'KiB'/>
+      <cell id=3D'2' cpus=3D'2' memory=3D'1048576' unit=3D'KiB'/>
+      <cell id=3D'3' cpus=3D'3' memory=3D'1048576' unit=3D'KiB'/>
+    </numa>
+  </cpu>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>restart</on_crash>
+  <pm>
+    <suspend-to-mem enabled=3D'yes'/>
+    <suspend-to-disk enabled=3D'yes'/>
+  </pm>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type=3D'file' device=3D'floppy'>
+      <driver name=3D'qemu' type=3D'raw' cache=3D'none'/>
+      <source file=3D'/var/lib/libvirt/images/fd.img'/>
+      <target dev=3D'fda' bus=3D'fdc'/>
+      <alias name=3D'ua-myDisk1'/>
+      <address type=3D'drive' controller=3D'0' bus=3D'0' target=3D'0' unit=
=3D'0'/>
+    </disk>
+    <disk type=3D'file' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'qcow2'/>
+      <source file=3D'/var/lib/libvirt/images/gentoo.qcow2'/>
+      <target dev=3D'vda' bus=3D'virtio'/>
+      <alias name=3D'ua-myDisk2'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x05' f=
unction=3D'0x0'/>
+    </disk>
+    <disk type=3D'file' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'qcow2'/>
+      <source file=3D'/var/lib/libvirt/images/OtherDemo.img'/>
+      <target dev=3D'vdb' bus=3D'virtio'/>
+      <encryption format=3D'luks' engine=3D'qemu'>
+        <secret type=3D'passphrase' uuid=3D'e78d4b51-a2af-485f-b0f5-afca70=
9a80f4'/>
+      </encryption>
+      <alias name=3D'ua-myEncryptedDisk1'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x07' f=
unction=3D'0x0'/>
+    </disk>
+    <disk type=3D'file' device=3D'cdrom'>
+      <driver name=3D'qemu' type=3D'raw' cache=3D'none'/>
+      <source file=3D'/home/zippy/tmp/install-amd64-minimal-20140619.iso'/>
+      <target dev=3D'hdc' bus=3D'ide'/>
+      <readonly/>
+      <shareable/>
+      <alias name=3D'ua-WhatAnAwesomeCDROM'/>
+      <address type=3D'drive' controller=3D'0' bus=3D'1' target=3D'0' unit=
=3D'0'/>
+    </disk>
+    <controller type=3D'usb' index=3D'0'>
+      <alias name=3D'ua-SomeWeirdController'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x2'/>
+    </controller>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'>
+      <alias name=3D'ua-MyPCIRootController'/>
+    </controller>
+    <controller type=3D'ide' index=3D'0'>
+      <alias name=3D'ua-DoesAnybodyStillUseIDE'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x1'/>
+    </controller>
+    <controller type=3D'virtio-serial' index=3D'0'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x08' f=
unction=3D'0x0'/>
+    </controller>
+    <controller type=3D'fdc' index=3D'0'/>
+    <controller type=3D'ccid' index=3D'0'>
+      <alias name=3D'ua-myCCID'/>
+      <address type=3D'usb' bus=3D'0' port=3D'1'/>
+    </controller>
+    <controller type=3D'ccid' index=3D'1'>
+      <alias name=3D'ua-myCCID2'/>
+      <address type=3D'usb' bus=3D'0' port=3D'2'/>
+    </controller>
+    <interface type=3D'ethernet'>
+      <mac address=3D'52:54:00:d6:c0:0b'/>
+      <model type=3D'virtio'/>
+      <alias name=3D'ua-CheckoutThisNIC'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x03' f=
unction=3D'0x0'/>
+    </interface>
+    <interface type=3D'server'>
+      <mac address=3D'52:54:00:22:c9:42'/>
+      <source address=3D'127.0.0.1' port=3D'1234'/>
+      <bandwidth>
+        <inbound average=3D'1234'/>
+        <outbound average=3D'5678'/>
+      </bandwidth>
+      <model type=3D'rtl8139'/>
+      <alias name=3D'ua-WeCanAlsoDoServerMode'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x09' f=
unction=3D'0x0'/>
+    </interface>
+    <interface type=3D'client'>
+      <mac address=3D'52:54:00:8c:b1:f8'/>
+      <source address=3D'127.0.0.1' port=3D'1234'/>
+      <model type=3D'rtl8139'/>
+      <alias name=3D'ua-AndAlsoClientMode'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x0a' f=
unction=3D'0x0'/>
+    </interface>
+    <smartcard mode=3D'host'>
+      <address type=3D'ccid' controller=3D'0' slot=3D'0'/>
+    </smartcard>
+    <serial type=3D'pty'>
+      <target type=3D'isa-serial' port=3D'0'>
+        <model name=3D'isa-serial'/>
+      </target>
+    </serial>
+    <serial type=3D'pty'>
+      <target type=3D'isa-serial' port=3D'1'>
+        <model name=3D'isa-serial'/>
+      </target>
+    </serial>
+    <console type=3D'pty'>
+      <target type=3D'serial' port=3D'0'/>
+    </console>
+    <channel type=3D'unix'>
+      <source mode=3D'bind' path=3D'/var/lib/libvirt/qemu/channel/target/g=
entoo.org.qemu.guest_agent.0'/>
+      <target type=3D'virtio' name=3D'org.qemu.guest_agent.0'/>
+      <address type=3D'virtio-serial' controller=3D'0' bus=3D'0' port=3D'1=
'/>
+    </channel>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <graphics type=3D'vnc' port=3D'-1' autoport=3D'yes'>
+      <listen type=3D'address'/>
+    </graphics>
+    <sound model=3D'ich6'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x04' f=
unction=3D'0x0'/>
+    </sound>
+    <audio id=3D'1' type=3D'none'/>
+    <video>
+      <model type=3D'cirrus' vram=3D'16384' heads=3D'1' primary=3D'yes'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x02' f=
unction=3D'0x0'/>
+    </video>
+    <memballoon model=3D'virtio'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x06' f=
unction=3D'0x0'/>
+    </memballoon>
+  </devices>
+</domain>
--=20
2.25.1

From nobody Mon May  6 20:02:24 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=il.ibm.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 163344491855066.3475880831943;
 Tue, 5 Oct 2021 07:41:58 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-30-L9x5UEK0PHu1Odwfq6-rqA-1; Tue, 05 Oct 2021 10:41:55 -0400
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 036921006AA6;
	Tue,  5 Oct 2021 14:41:50 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id D230360BF4;
	Tue,  5 Oct 2021 14:41:49 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id A09551800FE4;
	Tue,  5 Oct 2021 14:41:49 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com
	[10.11.54.4])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 195EfmJU012748 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 5 Oct 2021 10:41:48 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id A36082026D46; Tue,  5 Oct 2021 14:41:48 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast06.extmail.prod.ext.rdu2.redhat.com [10.11.55.22])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 9E6CB2026D64
	for <libvir-list@redhat.com>; Tue,  5 Oct 2021 14:41:40 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com
 [205.139.110.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 3CB1318A01AE
	for <libvir-list@redhat.com>; Tue,  5 Oct 2021 14:41:40 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com
	[148.163.158.5]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-24-T2Z8wtrANjSMmXNW8q8-uQ-1; Tue, 05 Oct 2021 10:41:37 -0400
Received: from pps.filterd (m0098420.ppops.net [127.0.0.1])
	by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
	195EBg3M002398
	for <libvir-list@redhat.com>; Tue, 5 Oct 2021 10:41:36 -0400
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0b-001b2d01.pphosted.com with ESMTP id 3bgr8g8vuv-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT)
	for <libvir-list@redhat.com>; Tue, 05 Oct 2021 10:41:36 -0400
Received: from m0098420.ppops.net (m0098420.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 195EConG004504
	for <libvir-list@redhat.com>; Tue, 5 Oct 2021 10:41:36 -0400
Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com
	[169.53.41.122])
	by mx0b-001b2d01.pphosted.com with ESMTP id 3bgr8g8vuc-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Tue, 05 Oct 2021 10:41:36 -0400
Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1])
	by ppma04dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 195Ec6qC013381;
	Tue, 5 Oct 2021 14:41:35 GMT
Received: from b01cxnp22033.gho.pok.ibm.com (b01cxnp22033.gho.pok.ibm.com
	[9.57.198.23]) by ppma04dal.us.ibm.com with ESMTP id 3bef2bjfc1-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Tue, 05 Oct 2021 14:41:35 +0000
Received: from b01ledav001.gho.pok.ibm.com (b01ledav001.gho.pok.ibm.com
	[9.57.199.106])
	by b01cxnp22033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
	195EfXNL17891806
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Tue, 5 Oct 2021 14:41:33 GMT
Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 120A628071;
	Tue,  5 Oct 2021 14:41:33 +0000 (GMT)
Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 91A9E2805E;
	Tue,  5 Oct 2021 14:41:32 +0000 (GMT)
Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176])
	by b01ledav001.gho.pok.ibm.com (Postfix) with ESMTP;
	Tue,  5 Oct 2021 14:41:32 +0000 (GMT)
X-MC-Unique: L9x5UEK0PHu1Odwfq6-rqA-1
X-MC-Unique: T2Z8wtrANjSMmXNW8q8-uQ-1
From: Or Ozeri <oro@il.ibm.com>
To: libvir-list@redhat.com
Subject: [PATCH v2 5/5] qemu: add librbd encryption engine
Date: Tue,  5 Oct 2021 09:41:16 -0500
Message-Id: <20211005144116.316855-6-oro@il.ibm.com>
In-Reply-To: <20211005144116.316855-1-oro@il.ibm.com>
References: <20211005144116.316855-1-oro@il.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: 8lRoGzMuQ82GgMKDAfSozPEV18wx33t7
X-Proofpoint-GUID: l3fYmQrvIe8OVOomuUcPXWf1tkh-uVYC
X-Proofpoint-Virus-Version: vendor=baseguard
	engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.391,
	FMLib:17.0.607.475
	definitions=2021-10-05_02,2021-10-04_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	bulkscore=0 malwarescore=0
	clxscore=1015 priorityscore=1501 suspectscore=0 phishscore=0
	mlxlogscore=999 spamscore=0 lowpriorityscore=0 impostorscore=0
	mlxscore=0
	adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.12.0-2109230001 definitions=main-2110050086
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4
X-loop: libvir-list@redhat.com
Cc: idryomov@gmail.com, Or Ozeri <oro@il.ibm.com>, to.my.trociny@gmail.com,
	dannyh@il.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1633444919038100005
Content-Type: text/plain; charset="utf-8"

rbd encryption is new in qemu 6.1.0.
This commit adds a new encryption engine property which
allows the user to use this new encryption engine.

Signed-off-by: Or Ozeri <oro@il.ibm.com>
---
 docs/formatstorageencryption.html.in          |  2 +-
 docs/schemas/storagecommon.rng                |  1 +
 src/conf/storage_encryption_conf.c            |  2 +-
 src/conf/storage_encryption_conf.h            |  1 +
 src/qemu/qemu_block.c                         | 30 +++++++
 src/qemu/qemu_domain.c                        | 24 ++++++
 ...sk-network-rbd-encryption.x86_64-6.0.0.err |  1 +
 ...-network-rbd-encryption.x86_64-latest.args | 49 +++++++++++
 .../disk-network-rbd-encryption.xml           | 75 +++++++++++++++++
 tests/qemuxml2argvtest.c                      |  2 +
 ...k-network-rbd-encryption.x86_64-latest.xml | 83 +++++++++++++++++++
 tests/qemuxml2xmltest.c                       |  1 +
 12 files changed, 269 insertions(+), 2 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_=
64-6.0.0.err
 create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_=
64-latest.args
 create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.xml
 create mode 100644 tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x8=
6_64-latest.xml

diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencry=
ption.html.in
index 5783381a4a..31ec2698a1 100644
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -27,7 +27,7 @@
       The <code>encryption</code> tag supports an optional <code>engine</c=
ode>
       tag, which allows selecting which component actually handles
       the encryption. Currently defined values of <code>engine</code> are
-      <code>qemu</code>.
+      <code>qemu</code> and <code>librbd</code>.
     </p>
     <p>
       The <code>encryption</code> tag can currently contain a sequence of
diff --git a/docs/schemas/storagecommon.rng b/docs/schemas/storagecommon.rng
index b34577c582..591a158209 100644
--- a/docs/schemas/storagecommon.rng
+++ b/docs/schemas/storagecommon.rng
@@ -20,6 +20,7 @@
         <attribute name=3D"engine">
           <choice>
             <value>qemu</value>
+            <value>librbd</value>
           </choice>
         </attribute>
       </optional>
diff --git a/src/conf/storage_encryption_conf.c b/src/conf/storage_encrypti=
on_conf.c
index e8da02b605..2639b43119 100644
--- a/src/conf/storage_encryption_conf.c
+++ b/src/conf/storage_encryption_conf.c
@@ -49,7 +49,7 @@ VIR_ENUM_IMPL(virStorageEncryptionFormat,
=20
 VIR_ENUM_IMPL(virStorageEncryptionEngine,
               VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
-              "default", "qemu",
+              "default", "qemu", "librbd",
 );
=20
 static void
diff --git a/src/conf/storage_encryption_conf.h b/src/conf/storage_encrypti=
on_conf.h
index c722f832f5..2e6f9193bd 100644
--- a/src/conf/storage_encryption_conf.h
+++ b/src/conf/storage_encryption_conf.h
@@ -54,6 +54,7 @@ struct _virStorageEncryptionInfoDef {
 typedef enum {
     VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT =3D 0,
     VIR_STORAGE_ENCRYPTION_ENGINE_QEMU,
+    VIR_STORAGE_ENCRYPTION_ENGINE_LIBRBD,
=20
     VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
 } virStorageEncryptionEngineType;
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index 693c43dfcc..164365b820 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -875,6 +875,8 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *src,
     qemuDomainStorageSourcePrivate *srcPriv =3D QEMU_DOMAIN_STORAGE_SOURCE=
_PRIVATE(src);
     g_autoptr(virJSONValue) servers =3D NULL;
     virJSONValue *ret =3D NULL;
+    g_autoptr(virJSONValue) encrypt =3D NULL;
+    const char *encformat;
     const char *username =3D NULL;
     g_autoptr(virJSONValue) authmodes =3D NULL;
     g_autoptr(virJSONValue) mode =3D NULL;
@@ -899,12 +901,40 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *s=
rc,
             return NULL;
     }
=20
+    if (src->encryption &&
+        src->encryption->engine =3D=3D VIR_STORAGE_ENCRYPTION_ENGINE_LIBRB=
D) {
+        switch ((virStorageEncryptionFormatType) src->encryption->format) {
+            case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS:
+                encformat =3D "luks";
+                break;
+
+            case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2:
+                encformat =3D "luks2";
+                break;
+
+            case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
+            case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
+            case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
+            default:
+                virReportEnumRangeError(virStorageEncryptionFormatType,
+                                        src->encryption->format);
+                return NULL;
+        }
+
+        if (virJSONValueObjectCreate(&encrypt,
+                                     "s:format", encformat,
+                                     "s:key-secret", srcPriv->encinfo->s.a=
es.alias,
+                                     NULL) < 0)
+            return NULL;
+    }
+
     if (virJSONValueObjectCreate(&ret,
                                  "s:pool", src->volume,
                                  "s:image", src->path,
                                  "S:snapshot", src->snapshot,
                                  "S:conf", src->configFile,
                                  "A:server", &servers,
+                                 "A:encrypt", &encrypt,
                                  "S:user", username,
                                  "A:auth-client-required", &authmodes,
                                  "S:key-secret", keysecret,
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 9c873c129b..f4942953b1 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -4965,6 +4965,30 @@ qemuDomainValidateStorageSource(virStorageSource *sr=
c,
         }
     }
=20
+    if (src->encryption &&
+        src->encryption->engine =3D=3D VIR_STORAGE_ENCRYPTION_ENGINE_LIBRB=
D) {
+        if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_RBD_ENCRYPTION)) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("librbd encryption is not supported by this Q=
EMU binary"));
+            return -1;
+        }
+
+        switch ((virStorageEncryptionFormatType) src->encryption->format) {
+            case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS:
+            case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2:
+                break;
+
+            case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
+            case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
+            case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
+            default:
+                virReportEnumRangeError(virStorageEncryptionFormatType,
+                                        src->encryption->format);
+                return -1;
+        }
+    }
+
+
     return 0;
 }
=20
diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-6.0.=
0.err b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-6.0.0.err
new file mode 100644
index 0000000000..edd8481a20
--- /dev/null
+++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-6.0.0.err
@@ -0,0 +1 @@
+unsupported configuration: librbd encryption is not supported by this QEMU=
 binary
diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-late=
st.args b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.=
args
new file mode 100644
index 0000000000..9b3e8d31b8
--- /dev/null
+++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.args
@@ -0,0 +1,49 @@
+LC_ALL=3DC \
+PATH=3D/bin \
+HOME=3D/tmp/lib/domain--1-encryptdisk \
+USER=3Dtest \
+LOGNAME=3Dtest \
+XDG_DATA_HOME=3D/tmp/lib/domain--1-encryptdisk/.local/share \
+XDG_CACHE_HOME=3D/tmp/lib/domain--1-encryptdisk/.cache \
+XDG_CONFIG_HOME=3D/tmp/lib/domain--1-encryptdisk/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=3Dencryptdisk,debug-threads=3Don \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tm=
p/lib/domain--1-encryptdisk/master-key.aes"}' \
+-machine pc-i440fx-2.1,accel=3Dtcg,usb=3Doff,dump-guest-core=3Doff,memory-=
backend=3Dpc.ram \
+-cpu qemu64 \
+-m 1024 \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}=
' \
+-overcommit mem-lock=3Doff \
+-smp 1,sockets=3D1,cores=3D1,threads=3D1 \
+-uuid 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=3Dcharmonitor,fd=3D1729,server=3Don,wait=3Doff \
+-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \
+-rtc base=3Dutc \
+-no-shutdown \
+-no-acpi \
+-boot strict=3Don \
+-device piix3-usb-uhci,id=3Dusb,bus=3Dpci.0,addr=3D0x1.0x2 \
+-object '{"qom-type":"secret","id":"libvirt-4-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"node-name":"libvirt-4-storage=
","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-4-format","read-only":false,"driver":"luk=
s","key-secret":"libvirt-4-format-encryption-secret0","file":"libvirt-4-sto=
rage"}' \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x2,drive=3Dlibvirt-4-format,id=
=3Dvirtio-disk0,bootindex=3D1 \
+-object '{"qom-type":"secret","id":"libvirt-3-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"node-name":"libvirt-3-storage=
","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-3-format","read-only":false,"driver":"luk=
s","key-secret":"libvirt-3-format-encryption-secret0","file":"libvirt-3-sto=
rage"}' \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Dlibvirt-3-format,id=
=3Dvirtio-disk1 \
+-object '{"qom-type":"secret","id":"libvirt-2-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"encrypt":{"format":"luks","ke=
y-secret":"libvirt-2-format-encryption-secret0"},"node-name":"libvirt-2-sto=
rage","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-2-format","read-only":false,"driver":"raw=
","file":"libvirt-2-storage"}' \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x5,drive=3Dlibvirt-2-format,id=
=3Dvirtio-disk2 \
+-object '{"qom-type":"secret","id":"libvirt-1-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image2","server":[{"host=
":"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322=
"},{"host":"mon3.example.org","port":"6322"}],"encrypt":{"format":"luks2","=
key-secret":"libvirt-1-format-encryption-secret0"},"node-name":"libvirt-1-s=
torage","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw=
","file":"libvirt-1-storage"}' \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x6,drive=3Dlibvirt-1-format,id=
=3Dvirtio-disk3 \
+-audiodev id=3Daudio1,driver=3Dnone \
+-device virtio-balloon-pci,id=3Dballoon0,bus=3Dpci.0,addr=3D0x3 \
+-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource=
control=3Ddeny \
+-msg timestamp=3Don
diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption.xml b/tests=
/qemuxml2argvdata/disk-network-rbd-encryption.xml
new file mode 100644
index 0000000000..eeadbfeeba
--- /dev/null
+++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption.xml
@@ -0,0 +1,75 @@
+<domain type=3D'qemu'>
+  <name>encryptdisk</name>
+  <uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <currentMemory unit=3D'KiB'>524288</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc-i440fx-2.1'>hvm</type>
+    <boot dev=3D'hd'/>
+  </os>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vda' bus=3D'virtio'/>
+    </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks' engine=3D'qemu'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vdb' bus=3D'virtio'/>
+    </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks' engine=3D'librbd'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vdc' bus=3D'virtio'/>
+    </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image2'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks2' engine=3D'librbd'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vdd' bus=3D'virtio'/>
+    </disk>
+    <controller type=3D'usb' index=3D'0'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x2'/>
+    </controller>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <memballoon model=3D'virtio'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x03' f=
unction=3D'0x0'/>
+    </memballoon>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 3b331d5fd4..097909c912 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1385,6 +1385,8 @@ mymain(void)
     DO_TEST_CAPS_LATEST("disk-network-gluster");
     DO_TEST_CAPS_VER("disk-network-rbd", "2.12.0");
     DO_TEST_CAPS_LATEST("disk-network-rbd");
+    DO_TEST_CAPS_VER_PARSE_ERROR("disk-network-rbd-encryption", "6.0.0");
+    DO_TEST_CAPS_LATEST("disk-network-rbd-encryption");
     DO_TEST_FAILURE_NOCAPS("disk-network-rbd-no-colon");
     DO_TEST_NOCAPS("disk-network-sheepdog");
     DO_TEST_CAPS_VER("disk-network-sheepdog", "2.12.0");
diff --git a/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-la=
test.xml b/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-late=
st.xml
new file mode 100644
index 0000000000..a91504202a
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-latest.xml
@@ -0,0 +1,83 @@
+<domain type=3D'qemu'>
+  <name>encryptdisk</name>
+  <uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <currentMemory unit=3D'KiB'>524288</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc-i440fx-2.1'>hvm</type>
+    <boot dev=3D'hd'/>
+  </os>
+  <cpu mode=3D'custom' match=3D'exact' check=3D'none'>
+    <model fallback=3D'forbid'>qemu64</model>
+  </cpu>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks' engine=3D'qemu'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vda' bus=3D'virtio'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x02' f=
unction=3D'0x0'/>
+    </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks' engine=3D'qemu'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vdb' bus=3D'virtio'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x04' f=
unction=3D'0x0'/>
+    </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks' engine=3D'librbd'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vdc' bus=3D'virtio'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x05' f=
unction=3D'0x0'/>
+    </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image2'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks2' engine=3D'librbd'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vdd' bus=3D'virtio'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x06' f=
unction=3D'0x0'/>
+    </disk>
+    <controller type=3D'usb' index=3D'0' model=3D'piix3-uhci'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x2'/>
+    </controller>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <audio id=3D'1' type=3D'none'/>
+    <memballoon model=3D'virtio'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x03' f=
unction=3D'0x0'/>
+    </memballoon>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index 6d3526f91f..bfbeee6a7e 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -315,6 +315,7 @@ mymain(void)
             QEMU_CAPS_SCSI_BLOCK);
     DO_TEST_NOCAPS("disk-network-gluster");
     DO_TEST_NOCAPS("disk-network-rbd");
+    DO_TEST_CAPS_LATEST("disk-network-rbd-encryption");
     DO_TEST_NOCAPS("disk-network-source-auth");
     DO_TEST_NOCAPS("disk-network-sheepdog");
     DO_TEST_NOCAPS("disk-network-vxhs");
--=20
2.25.1