qemu: domain: Add helper to check if encrypted secrets can be used with a VM

author Peter Krempa <pkrempa@redhat.com>

Tue, 22 May 2018 14:36:20 +0000 (16:36 +0200)

committer Peter Krempa <pkrempa@redhat.com>

Tue, 5 Jun 2018 06:11:12 +0000 (08:11 +0200)
author Peter Krempa <pkrempa@redhat.com>
Tue, 22 May 2018 14:36:20 +0000 (16:36 +0200)
committer Peter Krempa <pkrempa@redhat.com>
Tue, 5 Jun 2018 06:11:12 +0000 (08:11 +0200)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c

index 474bef0ec930cce32512a290986ea870d36aa7bb..9463dd45f1932af2fe42a18a06bb567129392773 100644 (file)
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1292,6 +1292,22 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
  }
  
  
+/**
+ * qemuDomainSupportsEncryptedSecret:
+ * @priv: qemu domain private data
+ *
+ * Returns true if libvirt can use encrypted 'secret' objects with VM which
+ * @priv belongs to.
+ */
+bool
+qemuDomainSupportsEncryptedSecret(qemuDomainObjPrivatePtr priv)
+{
+    return virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC) &&
+           virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) &&
+           priv->masterKey;
+}
+
+
  /* qemuDomainSecretSetup:
   * @priv: pointer to domain private object
   * @secinfo: Pointer to secret info
@@ -1320,8 +1336,7 @@ qemuDomainSecretSetup(qemuDomainObjPrivatePtr priv,
      bool iscsiHasPS = virQEMUCapsGet(priv->qemuCaps,
                                       QEMU_CAPS_ISCSI_PASSWORD_SECRET);
  
-    if (virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC) &&
-        virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) &&
+    if (qemuDomainSupportsEncryptedSecret(priv) &&
          (usageType == VIR_SECRET_USAGE_TYPE_CEPH ||
           (usageType == VIR_SECRET_USAGE_TYPE_ISCSI && iscsiHasPS) ||
           usageType == VIR_SECRET_USAGE_TYPE_VOLUME ||
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h

index 2e0f4df0fba7f752e94342858e3e833d2d0f8c97..f7405e0c6c8621277593b29468069eb0c53c4f04 100644 (file)
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -831,6 +831,8 @@ int qemuDomainMasterKeyCreate(virDomainObjPtr vm);
  
  void qemuDomainMasterKeyRemove(qemuDomainObjPrivatePtr priv);
  
+bool qemuDomainSupportsEncryptedSecret(qemuDomainObjPrivatePtr priv);
+
  void qemuDomainSecretInfoFree(qemuDomainSecretInfoPtr *secinfo)
      ATTRIBUTE_NONNULL(1);
author	Peter Krempa <pkrempa@redhat.com>
	Tue, 22 May 2018 14:36:20 +0000 (16:36 +0200)
committer	Peter Krempa <pkrempa@redhat.com>
	Tue, 5 Jun 2018 06:11:12 +0000 (08:11 +0200)
src/qemu/qemu_domain.c		patch \| blob \| blame \| history
src/qemu/qemu_domain.h		patch \| blob \| blame \| history