qapi/qom: Add ObjectOptions for secret*, deprecate 'loaded'

This adds a QAPI schema for the properties of the secret* objects.

The 'loaded' property doesn't seem to make sense as an external
interface: It is automatically set to true in ucc->complete, and
explicitly setting it to true earlier just means that additional options
will be silently ignored.

In other words, the 'loaded' property is useless. Mark it as deprecated
in the schema from the start.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
Acked-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
This commit is contained in:
Kevin Wolf 2020-10-20 12:47:58 +02:00
parent 381bd7440d
commit 39c4c27d37
3 changed files with 77 additions and 0 deletions

View file

@ -162,6 +162,17 @@ other options have been processed. This will either have no effect (if
``opened`` was the last option) or cause errors. The property is therefore
useless and should not be specified.
``loaded`` property of ``secret`` and ``secret_keyring`` objects (since 6.0.0)
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
The only effect of specifying ``loaded=on`` in the command line or QMP
``object-add`` is that the secret is loaded immediately, possibly before all
other options have been processed. This will either have no effect (if
``loaded`` was the last option) or cause options to be effectively ignored as
if they were not given. The property is therefore useless and should not be
specified.
QEMU Machine Protocol (QMP) commands
------------------------------------

View file

@ -381,3 +381,64 @@
'discriminator': 'format',
'data': {
'luks': 'QCryptoBlockAmendOptionsLUKS' } }
##
# @SecretCommonProperties:
#
# Properties for objects of classes derived from secret-common.
#
# @loaded: if true, the secret is loaded immediately when applying this option
# and will probably fail when processing the next option. Don't use;
# only provided for compatibility. (default: false)
#
# @format: the data format that the secret is provided in (default: raw)
#
# @keyid: the name of another secret that should be used to decrypt the
# provided data. If not present, the data is assumed to be unencrypted.
#
# @iv: the random initialization vector used for encryption of this particular
# secret. Should be a base64 encrypted string of the 16-byte IV. Mandatory
# if @keyid is given. Ignored if @keyid is absent.
#
# Features:
# @deprecated: Member @loaded is deprecated. Setting true doesn't make sense,
# and false is already the default.
#
# Since: 2.6
##
{ 'struct': 'SecretCommonProperties',
'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] },
'*format': 'QCryptoSecretFormat',
'*keyid': 'str',
'*iv': 'str' } }
##
# @SecretProperties:
#
# Properties for secret objects.
#
# Either @data or @file must be provided, but not both.
#
# @data: the associated with the secret from
#
# @file: the filename to load the data associated with the secret from
#
# Since: 2.6
##
{ 'struct': 'SecretProperties',
'base': 'SecretCommonProperties',
'data': { '*data': 'str',
'*file': 'str' } }
##
# @SecretKeyringProperties:
#
# Properties for secret_keyring objects.
#
# @serial: serial number that identifies a key to get from the kernel
#
# Since: 5.1
##
{ 'struct': 'SecretKeyringProperties',
'base': 'SecretCommonProperties',
'data': { 'serial': 'int32' } }

View file

@ -7,6 +7,7 @@
{ 'include': 'authz.json' }
{ 'include': 'block-core.json' }
{ 'include': 'common.json' }
{ 'include': 'crypto.json' }
##
# = QEMU Object Model (QOM)
@ -453,6 +454,8 @@
'rng-builtin',
'rng-egd',
'rng-random',
'secret',
'secret_keyring',
'throttle-group'
] }
@ -489,6 +492,8 @@
'rng-builtin': 'RngProperties',
'rng-egd': 'RngEgdProperties',
'rng-random': 'RngRandomProperties',
'secret': 'SecretProperties',
'secret_keyring': 'SecretKeyringProperties',
'throttle-group': 'ThrottleGroupProperties'
} }