Module libvirt-secret from libvirt

Provides APIs for the management of secrets

Table of Contents

Macros

#define VIR_SECRET_EVENT_CALLBACK

Types

typedef enum virConnectListAllSecretsFlags
typedef struct _virSecret virSecret
typedef enum virSecretDefineFlags
typedef enum virSecretEventID
typedef enum virSecretEventLifecycleType
typedef virSecret * virSecretPtr
typedef enum virSecretUsageType

Functions

int	virConnectListAllSecrets	(virConnectPtr conn, 
					 virSecretPtr ** secrets, 
					 unsigned int flags)
int	virConnectListSecrets		(virConnectPtr conn, 
					 char ** uuids, 
					 int maxuuids)
int	virConnectNumOfSecrets		(virConnectPtr conn)
int	virConnectSecretEventDeregisterAny	(virConnectPtr conn, 
						 int callbackID)
typedef virConnectSecretEventGenericCallback
void	virConnectSecretEventGenericCallback	(virConnectPtr conn, 
						 virSecretPtr secret, 
						 void * opaque)

typedef virConnectSecretEventLifecycleCallback
void	virConnectSecretEventLifecycleCallback	(virConnectPtr conn, 
						 virSecretPtr secret, 
						 int event, 
						 int detail, 
						 void * opaque)

int	virConnectSecretEventRegisterAny	(virConnectPtr conn, 
						 virSecretPtr secret, 
						 int eventID, 
						 virConnectSecretEventGenericCallback cb, 
						 void * opaque, 
						 virFreeCallback freecb)
virSecretPtr	virSecretDefineXML	(virConnectPtr conn, 
					 const char * xml, 
					 unsigned int flags)
int	virSecretFree			(virSecretPtr secret)
virConnectPtr	virSecretGetConnect	(virSecretPtr secret)
int	virSecretGetUUID		(virSecretPtr secret, 
					 unsigned char * uuid)
int	virSecretGetUUIDString		(virSecretPtr secret, 
					 char * buf)
const char *	virSecretGetUsageID	(virSecretPtr secret)
int	virSecretGetUsageType		(virSecretPtr secret)
unsigned char *	virSecretGetValue	(virSecretPtr secret, 
					 size_t * value_size, 
					 unsigned int flags)
char *	virSecretGetXMLDesc		(virSecretPtr secret, 
					 unsigned int flags)
virSecretPtr	virSecretLookupByUUID	(virConnectPtr conn, 
					 const unsigned char * uuid)
virSecretPtr	virSecretLookupByUUIDString	(virConnectPtr conn, 
						 const char * uuidstr)
virSecretPtr	virSecretLookupByUsage	(virConnectPtr conn, 
					 int usageType, 
					 const char * usageID)
int	virSecretRef			(virSecretPtr secret)
int	virSecretSetValue		(virSecretPtr secret, 
					 const unsigned char * value, 
					 size_t value_size, 
					 unsigned int flags)
int	virSecretUndefine		(virSecretPtr secret)

Description

Macros

VIR_SECRET_EVENT_CALLBACK

#define VIR_SECRET_EVENT_CALLBACK

Used to cast the event specific callback into the generic one for use for virConnectSecretEventRegisterAny()

Types

virConnectListAllSecretsFlags

Flags used to filter the returned secrets. Flags in each group are exclusive attributes of a secret.

enum virConnectListAllSecretsFlags {
VIR_CONNECT_LIST_SECRETS_EPHEMERAL = 1 (0x1; 1 << 0)
kept in memory, never stored persistently
VIR_CONNECT_LIST_SECRETS_NO_EPHEMERAL = 2 (0x2; 1 << 1)
VIR_CONNECT_LIST_SECRETS_PRIVATE = 4 (0x4; 1 << 2)
not revealed to any caller of libvirt, nor to any other node
VIR_CONNECT_LIST_SECRETS_NO_PRIVATE = 8 (0x8; 1 << 3)
}

virSecret

struct virSecret {
The content of this structure is not made public by the API
}

virSecretDefineFlags

enum virSecretDefineFlags {
VIR_SECRET_DEFINE_VALIDATE = 1 (0x1; 1 << 0)
Validate the XML document against schema
}

virSecretEventID

An enumeration of supported eventId parameters for virConnectSecretEventRegisterAny(). Each event id determines which signature of callback function will be used.

enum virSecretEventID {
VIR_SECRET_EVENT_ID_LIFECYCLE = 0 (0x0)
virConnectSecretEventLifecycleCallback
VIR_SECRET_EVENT_ID_VALUE_CHANGED = 1 (0x1)
virConnectSecretEventGenericCallback
VIR_SECRET_EVENT_ID_LAST = 2 (0x2)
NB: this enum value will increase over time as new events are added to the libvirt API. It reflects the last event ID supported by this version of the libvirt API.
}

virSecretEventLifecycleType

a virSecretEventLifecycleType is emitted during secret lifecycle events

enum virSecretEventLifecycleType {
VIR_SECRET_EVENT_DEFINED = 0 (0x0)
VIR_SECRET_EVENT_UNDEFINED = 1 (0x1)
VIR_SECRET_EVENT_LAST = 2 (0x2)
}

virSecretPtr

typedef virSecret * virSecretPtr;

virSecretUsageType

enum virSecretUsageType {
VIR_SECRET_USAGE_TYPE_NONE = 0 (0x0)
VIR_SECRET_USAGE_TYPE_VOLUME = 1 (0x1)
VIR_SECRET_USAGE_TYPE_CEPH = 2 (0x2)
VIR_SECRET_USAGE_TYPE_ISCSI = 3 (0x3)
VIR_SECRET_USAGE_TYPE_TLS = 4 (0x4)
VIR_SECRET_USAGE_TYPE_VTPM = 5 (0x5)
VIR_SECRET_USAGE_TYPE_LAST = 6 (0x6)
NB: this enum value will increase over time as new usage types are added to the libvirt API. It reflects the last usage type supported by this version of the libvirt API.
}

Functions

virConnectListAllSecrets

int	virConnectListAllSecrets	(virConnectPtr conn,
					 virSecretPtr ** secrets,
					 unsigned int flags)

Collect the list of secrets, and allocate an array to store those objects.

Normally, all secrets are returned; however, flags can be used to filter the results for a smaller list of targeted secrets. The valid flags are divided into groups, where each group contains bits that describe mutually exclusive attributes of a secret, and where all bits within a group describe all possible secrets.

The first group of flags is used to filter secrets by its storage location. Flag VIR_CONNECT_LIST_SECRETS_EPHEMERAL selects secrets that are kept only in memory. Flag VIR_CONNECT_LIST_SECRETS_NO_EPHEMERAL selects secrets that are kept in persistent storage.

The second group of flags is used to filter secrets by privacy. Flag VIR_CONNECT_LIST_SECRETS_PRIVATE selects secrets that are never revealed to any caller of libvirt nor to any other node. Flag VIR_CONNECT_LIST_SECRETS_NO_PRIVATE selects non-private secrets.

conn
Pointer to the hypervisor connection.
secrets
Pointer to a variable to store the array containing the secret objects or NULL if the list is not required (just returns the number of secrets).
flags
bitwise-OR of virConnectListAllSecretsFlags.
Returns
the number of secrets found or -1 and sets secrets to NULL in case of error. On success, the array stored into secrets is guaranteed to have an extra allocated element set to NULL but not included in the return count, to make iteration easier. The caller is responsible for calling virSecretFree() on each array element, then calling free() on secrets.
Access control parameter checks
ObjectPermissionCondition
connectsearch-secrets-
Access control return value filters
ObjectPermission
secretgetattr

virConnectListSecrets

int	virConnectListSecrets		(virConnectPtr conn,
					 char ** uuids,
					 int maxuuids)

List UUIDs of defined secrets, store pointers to names in uuids.

The use of this function is discouraged. Instead, use virConnectListAllSecrets().

conn
virConnect connection
uuids
Pointer to an array to store the UUIDs
maxuuids
size of the array.
Returns
the number of UUIDs provided in the array, or -1 on failure.
Access control parameter checks
ObjectPermissionCondition
connectsearch-secrets-
Access control return value filters
ObjectPermission
secretgetattr

virConnectNumOfSecrets

int	virConnectNumOfSecrets		(virConnectPtr conn)

Fetch number of currently defined secrets.

conn
virConnect connection
Returns
the number currently defined secrets.
Access control parameter checks
ObjectPermissionCondition
connectsearch-secrets-
Access control return value filters
ObjectPermission
secretgetattr

virConnectSecretEventDeregisterAny

int	virConnectSecretEventDeregisterAny	(virConnectPtr conn,
						 int callbackID)

Removes an event callback. The callbackID parameter should be the value obtained from a previous virConnectSecretEventRegisterAny() method.

conn
pointer to the connection
callbackID
the callback identifier
Returns
0 on success, -1 on failure.
Access control parameter checks
ObjectPermissionCondition
connectread-

virConnectSecretEventGenericCallback

typedef void	(*virConnectSecretEventGenericCallback)	(virConnectPtr conn,
						 virSecretPtr secret,
						 void * opaque)

A generic secret event callback handler, for use with virConnectSecretEventRegisterAny(). Specific events usually have a customization with extra parameters, often with opaque being passed in a different parameter position; use VIR_SECRET_EVENT_CALLBACK() when registering an appropriate handler.

conn
the connection pointer
secret
the secret pointer
opaque
application specified data

virConnectSecretEventLifecycleCallback

typedef void	(*virConnectSecretEventLifecycleCallback)	(virConnectPtr conn,
						 virSecretPtr secret,
						 int event,
						 int detail,
						 void * opaque)

This callback is called when a secret lifecycle action is performed, like added or removed.

The callback signature to use when registering for an event of type VIR_SECRET_EVENT_ID_LIFECYCLE with virConnectSecretEventRegisterAny()

conn
connection object
secret
secret on which the event occurred
event
The specific virSecretEventLifecycleType which occurred
detail
contains some details on the reason of the event (currently unused)
opaque
application specified data

virConnectSecretEventRegisterAny

int	virConnectSecretEventRegisterAny	(virConnectPtr conn,
						 virSecretPtr secret,
						 int eventID,
						 virConnectSecretEventGenericCallback cb,
						 void * opaque,
						 virFreeCallback freecb)

Adds a callback to receive notifications of arbitrary secret events occurring on a secret. This function requires that an event loop has been previously registered with virEventRegisterImpl() or virEventRegisterDefaultImpl().

If secret is NULL, then events will be monitored for any secret. If secret is non-NULL, then only the specific secret will be monitored.

Most types of events have a callback providing a custom set of parameters for the event. When registering an event, it is thus necessary to use the VIR_SECRET_EVENT_CALLBACK() macro to cast the supplied function pointer to match the signature of this method.

The virSecretPtr object handle passed into the callback upon delivery of an event is only valid for the duration of execution of the callback. If the callback wishes to keep the secret object after the callback returns, it shall take a reference to it, by calling virSecretRef(). The reference can be released once the object is no longer required by calling virSecretFree().

The return value from this method is a positive integer identifier for the callback. To unregister a callback, this callback ID should be passed to the virConnectSecretEventDeregisterAny() method.

conn
pointer to the connection
secret
pointer to the secret
eventID
the event type to receive
cb
callback to the function handling secret events
opaque
opaque data to pass on to the callback
freecb
optional function to deallocate opaque when not used anymore
Returns
a callback identifier on success, -1 on failure.
Access control parameter checks
ObjectPermissionCondition
connectsearch-secrets-
Access control return value filters
ObjectPermission
secretgetattr

virSecretDefineXML

virSecretPtr	virSecretDefineXML	(virConnectPtr conn,
					 const char * xml,
					 unsigned int flags)

If XML specifies a UUID, locates the specified secret and replaces all attributes of the secret specified by UUID by attributes specified in xml (any attributes not specified in xml are discarded).

Otherwise, creates a new secret with an automatically chosen UUID, and initializes its attributes from xml.

virSecretFree should be used to free the resources after the secret object is no longer needed.

conn
virConnect connection
xml
XML describing the secret.
flags
bitwise-OR of virSecretDefineFlags
Returns
a secret on success, NULL on failure.
Access control parameter checks
ObjectPermissionCondition
secretwrite-
secretsave-

virSecretFree

int	virSecretFree			(virSecretPtr secret)

Release the secret handle. The underlying secret continues to exist.

secret
pointer to a secret
Returns
0 on success, or -1 on error

virSecretGetConnect

virConnectPtr	virSecretGetConnect	(virSecretPtr secret)

Provides the connection pointer associated with a secret. The reference counter on the connection is not increased by this call.

secret
A virSecret secret
Returns
the virConnectPtr or NULL in case of failure.

virSecretGetUUID

int	virSecretGetUUID		(virSecretPtr secret,
					 unsigned char * uuid)

Fetches the UUID of the secret.

secret
A virSecret secret
uuid
buffer of VIR_UUID_BUFLEN bytes in size
Returns
0 on success with the uuid buffer being filled, or -1 upon failure.

virSecretGetUUIDString

int	virSecretGetUUIDString		(virSecretPtr secret,
					 char * buf)

Get the UUID for a secret as string. For more information about UUID see RFC4122.

secret
a secret object
buf
pointer to a VIR_UUID_STRING_BUFLEN bytes array
Returns
-1 in case of error, 0 in case of success

virSecretGetUsageID

const char *	virSecretGetUsageID	(virSecretPtr secret)

Get the unique identifier of the object with which this secret is to be used. The format of the identifier is dependent on the usage type of the secret. For a secret with a usage type of VIR_SECRET_USAGE_TYPE_VOLUME the identifier will be a fully qualified path name. The identifiers are intended to be unique within the set of all secrets sharing the same usage type. ie, there shall only ever be one secret for each volume path.

secret
a secret object
Returns
a string identifying the object using the secret, or NULL upon error

virSecretGetUsageType

int	virSecretGetUsageType		(virSecretPtr secret)

Get the type of object which uses this secret. The returned value is one of the constants defined in the virSecretUsageType enumeration. More values may be added to this enumeration in the future, so callers should expect to see usage types they do not explicitly know about.

secret
a secret object
Returns
a positive integer identifying the type of object, or -1 upon error.

virSecretGetValue

unsigned char *	virSecretGetValue	(virSecretPtr secret,
					 size_t * value_size,
					 unsigned int flags)

Fetches the value of a secret.

secret
A virSecret connection
value_size
Place for storing size of the secret value
flags
extra flags; not used yet, so callers should always pass 0
Returns
the secret value on success, NULL on failure. The caller must free() the secret value.
Access control parameter checks
ObjectPermissionCondition
secretread-secure-

virSecretGetXMLDesc

char *	virSecretGetXMLDesc		(virSecretPtr secret,
					 unsigned int flags)

Fetches an XML document describing attributes of the secret.

secret
A virSecret secret
flags
extra flags; not used yet, so callers should always pass 0
Returns
the XML document on success, NULL on failure. The caller must free() the XML.
Access control parameter checks
ObjectPermissionCondition
secretread-

virSecretLookupByUUID

virSecretPtr	virSecretLookupByUUID	(virConnectPtr conn,
					 const unsigned char * uuid)

Try to lookup a secret on the given hypervisor based on its UUID. Uses the 16 bytes of raw data to describe the UUID

virSecretFree should be used to free the resources after the secret object is no longer needed.

conn
pointer to the hypervisor connection
uuid
the raw UUID for the secret
Returns
a new secret object or NULL in case of failure. If the secret cannot be found, then VIR_ERR_NO_SECRET error is raised.
Access control parameter checks
ObjectPermissionCondition
secretgetattr-

virSecretLookupByUUIDString

virSecretPtr	virSecretLookupByUUIDString	(virConnectPtr conn,
						 const char * uuidstr)

Try to lookup a secret on the given hypervisor based on its UUID. Uses the printable string value to describe the UUID

virSecretFree should be used to free the resources after the secret object is no longer needed.

conn
pointer to the hypervisor connection
uuidstr
the string UUID for the secret
Returns
a new secret object or NULL in case of failure. If the secret cannot be found, then VIR_ERR_NO_SECRET error is raised.

virSecretLookupByUsage

virSecretPtr	virSecretLookupByUsage	(virConnectPtr conn,
					 int usageType,
					 const char * usageID)

Try to lookup a secret on the given hypervisor based on its usage The usageID is unique within the set of secrets sharing the same usageType value.

virSecretFree should be used to free the resources after the secret object is no longer needed.

conn
pointer to the hypervisor connection
usageType
the type of secret usage
usageID
identifier of the object using the secret
Returns
a new secret object or NULL in case of failure. If the secret cannot be found, then VIR_ERR_NO_SECRET error is raised.
Access control parameter checks
ObjectPermissionCondition
secretgetattr-

virSecretRef

int	virSecretRef			(virSecretPtr secret)

Increment the reference count on the secret. For each additional call to this method, there shall be a corresponding call to virSecretFree to release the reference count, once the caller no longer needs the reference to this object.

This method is typically useful for applications where multiple threads are using a connection, and it is required that the connection remain open until all threads have finished using it. ie, each new thread using a secret would increment the reference count.

secret
the secret to hold a reference on
Returns
0 in case of success, -1 in case of failure.

virSecretSetValue

int	virSecretSetValue		(virSecretPtr secret,
					 const unsigned char * value,
					 size_t value_size,
					 unsigned int flags)

Sets the value of a secret.

secret
A virSecret secret
value
Value of the secret
value_size
Size of the value
flags
extra flags; not used yet, so callers should always pass 0
Returns
0 on success, -1 on failure.
Access control parameter checks
ObjectPermissionCondition
secretwrite-

virSecretUndefine

int	virSecretUndefine		(virSecretPtr secret)

Deletes the specified secret. This does not free the associated virSecretPtr object.

secret
A virSecret secret
Returns
0 on success, -1 on failure.
Access control parameter checks
ObjectPermissionCondition
secretdelete-