diff options
| -rw-r--r-- | docs/system/deprecated.rst | 11 | ||||
| -rw-r--r-- | qapi/crypto.json | 61 | ||||
| -rw-r--r-- | qapi/qom.json | 5 |
3 files changed, 77 insertions, 0 deletions
diff --git a/docs/system/deprecated.rst b/docs/system/deprecated.rst index 612b34b02c..15b9767ba5 100644 --- a/docs/system/deprecated.rst +++ b/docs/system/deprecated.rst @@ -162,6 +162,17 @@ other options have been processed. This will either have no effect (if ``opened`` was the last option) or cause errors. The property is therefore useless and should not be specified. +``loaded`` property of ``secret`` and ``secret_keyring`` objects (since 6.0.0) +'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' + +The only effect of specifying ``loaded=on`` in the command line or QMP +``object-add`` is that the secret is loaded immediately, possibly before all +other options have been processed. This will either have no effect (if +``loaded`` was the last option) or cause options to be effectively ignored as +if they were not given. The property is therefore useless and should not be +specified. + + QEMU Machine Protocol (QMP) commands ------------------------------------ diff --git a/qapi/crypto.json b/qapi/crypto.json index 2aebe6fa20..0fef3de66d 100644 --- a/qapi/crypto.json +++ b/qapi/crypto.json @@ -381,3 +381,64 @@ 'discriminator': 'format', 'data': { 'luks': 'QCryptoBlockAmendOptionsLUKS' } } + +## +# @SecretCommonProperties: +# +# Properties for objects of classes derived from secret-common. +# +# @loaded: if true, the secret is loaded immediately when applying this option +# and will probably fail when processing the next option. Don't use; +# only provided for compatibility. (default: false) +# +# @format: the data format that the secret is provided in (default: raw) +# +# @keyid: the name of another secret that should be used to decrypt the +# provided data. If not present, the data is assumed to be unencrypted. +# +# @iv: the random initialization vector used for encryption of this particular +# secret. Should be a base64 encrypted string of the 16-byte IV. Mandatory +# if @keyid is given. Ignored if @keyid is absent. +# +# Features: +# @deprecated: Member @loaded is deprecated. Setting true doesn't make sense, +# and false is already the default. +# +# Since: 2.6 +## +{ 'struct': 'SecretCommonProperties', + 'data': { '*loaded': { 'type': 'bool', 'features': ['deprecated'] }, + '*format': 'QCryptoSecretFormat', + '*keyid': 'str', + '*iv': 'str' } } + +## +# @SecretProperties: +# +# Properties for secret objects. +# +# Either @data or @file must be provided, but not both. +# +# @data: the associated with the secret from +# +# @file: the filename to load the data associated with the secret from +# +# Since: 2.6 +## +{ 'struct': 'SecretProperties', + 'base': 'SecretCommonProperties', + 'data': { '*data': 'str', + '*file': 'str' } } + +## +# @SecretKeyringProperties: +# +# Properties for secret_keyring objects. +# +# @serial: serial number that identifies a key to get from the kernel +# +# Since: 5.1 +## +{ 'struct': 'SecretKeyringProperties', + 'base': 'SecretCommonProperties', + 'data': { 'serial': 'int32' } } diff --git a/qapi/qom.json b/qapi/qom.json index fa56083a0b..a9ab10c124 100644 --- a/qapi/qom.json +++ b/qapi/qom.json @@ -7,6 +7,7 @@ { 'include': 'authz.json' } { 'include': 'block-core.json' } { 'include': 'common.json' } +{ 'include': 'crypto.json' } ## # = QEMU Object Model (QOM) @@ -453,6 +454,8 @@ 'rng-builtin', 'rng-egd', 'rng-random', + 'secret', + 'secret_keyring', 'throttle-group' ] } @@ -489,6 +492,8 @@ 'rng-builtin': 'RngProperties', 'rng-egd': 'RngEgdProperties', 'rng-random': 'RngRandomProperties', + 'secret': 'SecretProperties', + 'secret_keyring': 'SecretKeyringProperties', 'throttle-group': 'ThrottleGroupProperties' } } |