[libvirt] [PATCH 09/10] storage: open secret driver connection at time of use
Peter Krempa
pkrempa at redhat.com
Mon Jan 29 10:50:36 UTC 2018
On Fri, Jan 26, 2018 at 13:35:36 +0000, Daniel Berrange wrote:
> Instead of passing around a virConnectPtr object, just open a connection
> to the secret driver at time of use. Opening connections on demand will
> be beneficial when the secret driver is in a separate daemon. It also
> solves the problem that a number of callers just pass in a NULL
> connection today which prevents secret lookup working at all.
>
> Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
> ---
> src/storage/storage_backend_iscsi.c | 14 +++---
> src/storage/storage_backend_logical.c | 2 +-
> src/storage/storage_backend_rbd.c | 41 +++++++--------
> src/storage/storage_util.c | 95 ++++++++++++++++-------------------
> src/storage/storage_util.h | 6 +--
> 5 files changed, 71 insertions(+), 87 deletions(-)
>
> diff --git a/src/storage/storage_backend_iscsi.c b/src/storage/storage_backend_iscsi.c
> index b0c5096adb..921215c9e9 100644
> --- a/src/storage/storage_backend_iscsi.c
> +++ b/src/storage/storage_backend_iscsi.c
> @@ -273,13 +273,13 @@ virStorageBackendISCSICheckPool(virStoragePoolObjPtr pool,
>
> static int
> virStorageBackendISCSISetAuth(const char *portal,
> - virConnectPtr conn,
> virStoragePoolSourcePtr source)
> {
> unsigned char *secret_value = NULL;
> size_t secret_size;
> virStorageAuthDefPtr authdef = source->auth;
> int ret = -1;
> + virConnectPtr conn = NULL;
>
> if (!authdef || authdef->authType == VIR_STORAGE_AUTH_TYPE_NONE)
> return 0;
> @@ -292,12 +292,9 @@ virStorageBackendISCSISetAuth(const char *portal,
> return -1;
> }
>
> - if (!conn) {
> - virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> - _("iscsi 'chap' authentication not supported "
> - "for autostarted pools"));
> + conn = virConnectOpen(geteuid() == 0 ? "secret:///system" : "secret:///session");
You should add this as a helper function. If we decide that geteuid() is
not a good enough check whether a connection is privileged or anything
else we'd need to fix a lot of similar ugly ternary conditions.
Same for the connection to the secret driver in this patch.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20180129/dffd47a1/attachment-0001.sig>
More information about the libvir-list
mailing list