Module libvirt-secret from libvirt

Provides APIs for the management of secrets

Table of Contents

Types

typedef enum virConnectListAllSecretsFlags
typedef struct _virSecret virSecret
typedef virSecret * virSecretPtr
typedef enum virSecretUsageType

Functions

int	virConnectListAllSecrets	(virConnectPtr conn, 
virSecretPtr ** secrets,
unsigned int flags) int virConnectListSecrets (virConnectPtr conn,
char ** uuids,
int maxuuids) int virConnectNumOfSecrets (virConnectPtr conn) virSecretPtr virSecretDefineXML (virConnectPtr conn,
const char * xml,
unsigned int flags) int virSecretFree (virSecretPtr secret) virConnectPtr virSecretGetConnect (virSecretPtr secret) int virSecretGetUUID (virSecretPtr secret,
unsigned char * uuid) int virSecretGetUUIDString (virSecretPtr secret,
char * buf) const char * virSecretGetUsageID (virSecretPtr secret) int virSecretGetUsageType (virSecretPtr secret) unsigned char * virSecretGetValue (virSecretPtr secret,
size_t * value_size,
unsigned int flags) char * virSecretGetXMLDesc (virSecretPtr secret,
unsigned int flags) virSecretPtr virSecretLookupByUUID (virConnectPtr conn,
const unsigned char * uuid) virSecretPtr virSecretLookupByUUIDString (virConnectPtr conn,
const char * uuidstr) virSecretPtr virSecretLookupByUsage (virConnectPtr conn,
int usageType,
const char * usageID) int virSecretRef (virSecretPtr secret) int virSecretSetValue (virSecretPtr secret,
const unsigned char * value,
size_t value_size,
unsigned int flags) int virSecretUndefine (virSecretPtr secret)

Description

Types

virConnectListAllSecretsFlags

enum virConnectListAllSecretsFlags {
VIR_CONNECT_LIST_SECRETS_EPHEMERAL = 1
kept in memory, never stored persistently
VIR_CONNECT_LIST_SECRETS_NO_EPHEMERAL = 2
VIR_CONNECT_LIST_SECRETS_PRIVATE = 4
not revealed to any caller of libvirt, nor to any other node
VIR_CONNECT_LIST_SECRETS_NO_PRIVATE = 8
}

virSecret

struct virSecret {
The content of this structure is not made public by the API
}

virSecretUsageType

enum virSecretUsageType {
VIR_SECRET_USAGE_TYPE_NONE = 0
VIR_SECRET_USAGE_TYPE_VOLUME = 1
VIR_SECRET_USAGE_TYPE_CEPH = 2
VIR_SECRET_USAGE_TYPE_ISCSI = 3
VIR_SECRET_USAGE_TYPE_TLS = 4
VIR_SECRET_USAGE_TYPE_LAST = 5
NB: this enum value will increase over time as new events are added to the libvirt API. It reflects the last secret owner ID supported by this version of the libvirt API.
}

Functions

virConnectListAllSecrets

int	virConnectListAllSecrets	(virConnectPtr conn,
					 virSecretPtr ** secrets,
					 unsigned int flags)

Collect the list of secrets, and allocate an array to store those objects.

Normally, all secrets are returned; however, @flags can be used to filter the results for a smaller list of targeted secrets. The valid flags are divided into groups, where each group contains bits that describe mutually exclusive attributes of a secret, and where all bits within a group describe all possible secrets.

The first group of @flags is used to filter secrets by its storage location. Flag VIR_CONNECT_LIST_SECRETS_EPHEMERAL selects secrets that are kept only in memory. Flag VIR_CONNECT_LIST_SECRETS_NO_EPHEMERAL selects secrets that are kept in persistent storage.

The second group of @flags is used to filter secrets by privacy. Flag VIR_CONNECT_LIST_SECRETS_PRIVATE selects secrets that are never revealed to any caller of libvirt nor to any other node. Flag VIR_CONNECT_LIST_SECRETS_NO_PRIVATE selects non-private secrets.

conn
Pointer to the hypervisor connection.
secrets
Pointer to a variable to store the array containing the secret objects or NULL if the list is not required (just returns the number of secrets).
flags
extra flags; not used yet, so callers should always pass 0
Returns
the number of secrets found or -1 and sets @secrets to NULL in case of error. On success, the array stored into @secrets is guaranteed to have an extra allocated element set to NULL but not included in the return count, to make iteration easier. The caller is responsible for calling virSecretFree() on each array element, then calling free() on @secrets.

virConnectListSecrets

int	virConnectListSecrets		(virConnectPtr conn,
					 char ** uuids,
					 int maxuuids)

List UUIDs of defined secrets, store pointers to names in uuids.

conn
virConnect connection
uuids
Pointer to an array to store the UUIDs
maxuuids
size of the array.
Returns
the number of UUIDs provided in the array, or -1 on failure.

virConnectNumOfSecrets

int	virConnectNumOfSecrets		(virConnectPtr conn)

Fetch number of currently defined secrets.

conn
virConnect connection
Returns
the number currently defined secrets.

virSecretDefineXML

virSecretPtr	virSecretDefineXML	(virConnectPtr conn,
					 const char * xml,
					 unsigned int flags)

If XML specifies a UUID, locates the specified secret and replaces all attributes of the secret specified by UUID by attributes specified in xml (any attributes not specified in xml are discarded).

Otherwise, creates a new secret with an automatically chosen UUID, and initializes its attributes from xml.

virSecretFree should be used to free the resources after the secret object is no longer needed.

conn
virConnect connection
xml
XML describing the secret.
flags
extra flags; not used yet, so callers should always pass 0
Returns
a secret on success, NULL on failure.

virSecretFree

int	virSecretFree			(virSecretPtr secret)

Release the secret handle. The underlying secret continues to exist.

secret
pointer to a secret
Returns
0 on success, or -1 on error

virSecretGetConnect

virConnectPtr	virSecretGetConnect	(virSecretPtr secret)

Provides the connection pointer associated with a secret. The reference counter on the connection is not increased by this call.

WARNING: When writing libvirt bindings in other languages, do not use this function. Instead, store the connection and the secret object together.

secret
A virSecret secret
Returns
the virConnectPtr or NULL in case of failure.

virSecretGetUUID

int	virSecretGetUUID		(virSecretPtr secret,
					 unsigned char * uuid)

Fetches the UUID of the secret.

secret
A virSecret secret
uuid
buffer of VIR_UUID_BUFLEN bytes in size
Returns
0 on success with the uuid buffer being filled, or -1 upon failure.

virSecretGetUUIDString

int	virSecretGetUUIDString		(virSecretPtr secret,
					 char * buf)

Get the UUID for a secret as string. For more information about UUID see RFC4122.

secret
a secret object
buf
pointer to a VIR_UUID_STRING_BUFLEN bytes array
Returns
-1 in case of error, 0 in case of success

virSecretGetUsageID

const char *	virSecretGetUsageID	(virSecretPtr secret)

Get the unique identifier of the object with which this secret is to be used. The format of the identifier is dependent on the usage type of the secret. For a secret with a usage type of VIR_SECRET_USAGE_TYPE_VOLUME the identifier will be a fully qualified path name. The identifiers are intended to be unique within the set of all secrets sharing the same usage type. ie, there shall only ever be one secret for each volume path.

secret
a secret object
Returns
a string identifying the object using the secret, or NULL upon error

virSecretGetUsageType

int	virSecretGetUsageType		(virSecretPtr secret)

Get the type of object which uses this secret. The returned value is one of the constants defined in the virSecretUsageType enumeration. More values may be added to this enumeration in the future, so callers should expect to see usage types they do not explicitly know about.

secret
a secret object
Returns
a positive integer identifying the type of object, or -1 upon error.

virSecretGetValue

unsigned char *	virSecretGetValue	(virSecretPtr secret,
					 size_t * value_size,
					 unsigned int flags)

Fetches the value of a secret.

secret
A virSecret connection
value_size
Place for storing size of the secret value
flags
extra flags; not used yet, so callers should always pass 0
Returns
the secret value on success, NULL on failure. The caller must free() the secret value.

virSecretGetXMLDesc

char *	virSecretGetXMLDesc		(virSecretPtr secret,
					 unsigned int flags)

Fetches an XML document describing attributes of the secret.

secret
A virSecret secret
flags
extra flags; not used yet, so callers should always pass 0
Returns
the XML document on success, NULL on failure. The caller must free() the XML.

virSecretLookupByUUID

virSecretPtr	virSecretLookupByUUID	(virConnectPtr conn,
					 const unsigned char * uuid)

Try to lookup a secret on the given hypervisor based on its UUID. Uses the 16 bytes of raw data to describe the UUID

virSecretFree should be used to free the resources after the secret object is no longer needed.

conn
pointer to the hypervisor connection
uuid
the raw UUID for the secret
Returns
a new secret object or NULL in case of failure. If the secret cannot be found, then VIR_ERR_NO_SECRET error is raised.

virSecretLookupByUUIDString

virSecretPtr	virSecretLookupByUUIDString	(virConnectPtr conn,
						 const char * uuidstr)

Try to lookup a secret on the given hypervisor based on its UUID. Uses the printable string value to describe the UUID

virSecretFree should be used to free the resources after the secret object is no longer needed.

conn
pointer to the hypervisor connection
uuidstr
the string UUID for the secret
Returns
a new secret object or NULL in case of failure. If the secret cannot be found, then VIR_ERR_NO_SECRET error is raised.

virSecretLookupByUsage

virSecretPtr	virSecretLookupByUsage	(virConnectPtr conn,
					 int usageType,
					 const char * usageID)

Try to lookup a secret on the given hypervisor based on its usage The usageID is unique within the set of secrets sharing the same usageType value.

virSecretFree should be used to free the resources after the secret object is no longer needed.

conn
pointer to the hypervisor connection
usageType
the type of secret usage
usageID
identifier of the object using the secret
Returns
a new secret object or NULL in case of failure. If the secret cannot be found, then VIR_ERR_NO_SECRET error is raised.

virSecretRef

int	virSecretRef			(virSecretPtr secret)

Increment the reference count on the secret. For each additional call to this method, there shall be a corresponding call to virSecretFree to release the reference count, once the caller no longer needs the reference to this object.

This method is typically useful for applications where multiple threads are using a connection, and it is required that the connection remain open until all threads have finished using it. ie, each new thread using a secret would increment the reference count.

secret
the secret to hold a reference on
Returns
0 in case of success, -1 in case of failure.

virSecretSetValue

int	virSecretSetValue		(virSecretPtr secret,
					 const unsigned char * value,
					 size_t value_size,
					 unsigned int flags)

Sets the value of a secret.

secret
A virSecret secret
value
Value of the secret
value_size
Size of the value
flags
extra flags; not used yet, so callers should always pass 0
Returns
0 on success, -1 on failure.

virSecretUndefine

int	virSecretUndefine		(virSecretPtr secret)

Deletes the specified secret. This does not free the associated virSecretPtr object.

secret
A virSecret secret
Returns
0 on success, -1 on failure.