From: John Ferlan <jferlan@redhat.com>
Date: Mon, 15 Jul 2013 18:44:32 +0000 (-0400)
Subject: Adjust 'ceph' authentication secret usage for rbd pool.
X-Git-Tag: v1.1.1-rc1~14
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c2257d2ef90fd919aac7557ba02ce6fce8abfcab;p=thirdparty%2Flibvirt.git

Adjust 'ceph' authentication secret usage for rbd pool.

Update virStorageBackendRBDOpenRADOSConn() to use the internal API to the
secret driver in order to get the secret value instead of the external
virSecretGetValue() path. Without the flag VIR_SECRET_GET_VALUE_INTERNAL_CALL
there is no way to get the value of private secret.

This also requires ensuring there is a connection which wasn't true for
for the refreshPool() path calls from storageDriverAutostart() prior to
adding support for the connection to a qemu driver. It seems calls to
virSecretLookupByUUIDString() and virSecretLookupByUsage() from the
refreshPool() path would have failed with no way to find the secret - that is
theoretically speaking since the 'conn' was NULL the failure would have been
"failed to find the secret".
---

diff --git a/src/storage/storage_backend_rbd.c b/src/storage/storage_backend_rbd.c
index badbdac962..e3340f63f4 100644
--- a/src/storage/storage_backend_rbd.c
+++ b/src/storage/storage_backend_rbd.c
@@ -23,6 +23,7 @@
 
 #include <config.h>
 
+#include "datatypes.h"
 #include "virerror.h"
 #include "storage_backend_rbd.h"
 #include "storage_conf.h"
@@ -71,6 +72,13 @@ static int virStorageBackendRBDOpenRADOSConn(virStorageBackendRBDStatePtr *ptr,
             goto cleanup;
         }
 
+        if (!conn) {
+            virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                           _("'ceph' authentication not supported "
+                             "for autostarted pools"));
+            return -1;
+        }
+
         if (pool->def->source.auth.cephx.secret.uuidUsable) {
             virUUIDFormat(pool->def->source.auth.cephx.secret.uuid, secretUuid);
             VIR_DEBUG("Looking up secret by UUID: %s", secretUuid);
@@ -88,7 +96,17 @@ static int virStorageBackendRBDOpenRADOSConn(virStorageBackendRBDStatePtr *ptr,
             goto cleanup;
         }
 
-        secret_value = virSecretGetValue(secret, &secret_value_size, 0);
+        secret_value = conn->secretDriver->secretGetValue(secret, &secret_value_size, 0,
+                                                          VIR_SECRET_GET_VALUE_INTERNAL_CALL);
+
+        if (!secret_value) {
+            virReportError(VIR_ERR_INTERNAL_ERROR,
+                           _("could not get the value of the secret "
+                             "for username %s"),
+                           pool->def->source.auth.cephx.username);
+            goto cleanup;
+        }
+
         base64_encode_alloc((char *)secret_value,
                             secret_value_size, &rados_key);
         memset(secret_value, 0, secret_value_size);
@@ -257,7 +275,7 @@ cleanup:
     return ret;
 }
 
-static int virStorageBackendRBDRefreshPool(virConnectPtr conn ATTRIBUTE_UNUSED,
+static int virStorageBackendRBDRefreshPool(virConnectPtr conn,
                                            virStoragePoolObjPtr pool)
 {
     size_t max_size = 1024;