-
Notifications
You must be signed in to change notification settings - Fork 91
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merge feature/REQ-718 branch #415
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Mark Syms <mark.syms@citrix.com>
Signed-off-by: Mark Syms <mark.syms@citrix.com>
If the key_hash entry is present in the VDI's sm_config from xapi's DB, look up the key using the key lookup plugin, and pass it to tap-ctl. Signed-off-by: Gabor Igloi <gabor.igloi@citrix.com>
* Ensure that the key_hash entry in the input VDI record's sm_config field is stored in the newly-created VDI's sm_config field in xapi's DB, by adding it to SM_CONFIG_PASS_THROUGH_FIELDS * Xapi interprets the stdout of the invoked SMAPIv1 commands as XML. The keymanagerutil logged the key to stdout when SM queried the key, and xapi tried to interpret it as the beginning of the XML, and VDI attach failed. So I've removed the problematic log line for now. * We do not do a key check as key fetching is not required during VDI creation. Signed-off-by: Thomas Mckelvey <thomas.mckelvey@citrix.com> Signed-off-by: Gabor Igloi <gabor.igloi@citrix.com>
Signed-off-by: Thomas Mckelvey <thomas.mckelvey@citrix.com>
For each VHD that we find, we try to get the encryption key hash using vhd-util. We add this to the sm_config_override map of the VDI, which will cause the VDI's sm_config in xapi's DB to be updated as necessary at a later stage during SR scan. Thus for new encrypted VHDs, the key_hash sm_config field will be added to xapi's DB during SR scan, and xapi and SM will know that this is an encrypted VDI and which key it requires. Signed-off-by: Gabor Igloi <gabor.igloi@citrix.com>
* Generate completely random keys, that can contain any byte value. This is useful to test that the product code can handle the entire range of possible keys, not just the ones that are made up of bytes corresponding to printable characters. * Store keys in base64 in the json file and accept keys in base64 format on the command line. This is necessary because the keys are completely random and may not contain valid characters. * Read and write the entire key store as one json object. Previously we wrote one json object per line when saving the key store. * Fix some pylint warnings. Signed-off-by: Gabor Igloi <gabor.igloi@citrix.com>
Signed-off-by: Thomas Mckelvey <thomas.mckelvey@citrix.com>
key_hash in sm_config now survives vdi-resize operation (and possibly removes the need for the hardcoding in other places of the code so the key_hash doesn't disappear) Signed-off-by: Elias Calocane <elias.calocane@citrix.com>
Signed-off-by: Gabor Igloi <gabor.igloi@citrix.com>
- Previously we did not log anything in the plugin manager when key lookup plugins were invoked or when they failed with an exception. So now I have added debug logs to the plugin manager that are written to SMlog. - Fixed how modules in the plugins directory are loaded. To avoid loading itself, the plugin manager compared each filename in its directory to the __file__ variable. However, sometimes this variable was __init__.pyc, not __init__.py, so the comparison returned false, and the key manager loaded itself recursively, which in turn tried to load the plugins again, but failed. - I've also removed some pylint warnings: I've converted the Logger class into a function, fixed indentation, and removed trailing whitespace. Signed-off-by: Gabor Igloi <gabor.igloi@citrix.com>
MarkSymsCtx
approved these changes
Nov 16, 2018
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I've rewritten the history a bit to halve the number of commits.