qemu/tests/qemu-iotests/296

#!/usr/bin/env python3
# group: rw
#
# Test case for encryption key management versus image sharing
#
# Copyright (C) 2019 Red Hat, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

import iotests
import os
import time
import json

test_img = os.path.join(iotests.test_dir, 'test.img')

class Secret:
    def __init__(self, index):
        self._id = "keysec" + str(index)
        # you are not supposed to see the password...
        self._secret = "hunter" + str(index)

    def id(self):
        return self._id

    def secret(self):
        return self._secret

    def to_cmdline_object(self):
        return  [ "secret,id=" + self._id + ",data=" + self._secret]

    def to_qmp_object(self):
        return { "qom_type" : "secret", "id": self.id(),
                 "data": self.secret() }

################################################################################

class EncryptionSetupTestCase(iotests.QMPTestCase):

    # test case startup
    def setUp(self):

        # start the VMs
        self.vm1 = iotests.VM(path_suffix = 'VM1')
        self.vm2 = iotests.VM(path_suffix = 'VM2')
        self.vm1.launch()
        self.vm2.launch()

        # create the secrets and load 'em into the VMs
        self.secrets = [ Secret(i) for i in range(0, 4) ]
        for secret in self.secrets:
            result = self.vm1.qmp("object-add", **secret.to_qmp_object())
            self.assert_qmp(result, 'return', {})
            result = self.vm2.qmp("object-add", **secret.to_qmp_object())
            self.assert_qmp(result, 'return', {})

    # test case shutdown
    def tearDown(self):
        # stop the VM
        self.vm1.shutdown()
        self.vm2.shutdown()

    ###########################################################################
    # create the encrypted block device using qemu-img
    def createImg(self, file, secret):

        output = iotests.qemu_img_pipe(
            'create',
            '--object', *secret.to_cmdline_object(),
            '-f', iotests.imgfmt,
            '-o', 'key-secret=' + secret.id(),
            '-o', 'iter-time=10',
            file,
            '1M')

        iotests.log(output, filters=[iotests.filter_test_dir])

    # attempts to add a key using qemu-img
    def addKey(self, file, secret, new_secret):

        image_options = {
            'key-secret' : secret.id(),
            'driver' : iotests.imgfmt,
            'file' : {
                'driver':'file',
                'filename': file,
                }
            }

        output = iotests.qemu_img_pipe(
            'amend',
            '--object', *secret.to_cmdline_object(),
            '--object', *new_secret.to_cmdline_object(),

            '-o', 'state=active',
            '-o', 'new-secret=' + new_secret.id(),
            '-o', 'iter-time=10',

            "json:" + json.dumps(image_options)
            )

        iotests.log(output, filters=[iotests.filter_test_dir])

    ###########################################################################
    # open an encrypted block device
    def openImageQmp(self, vm, id, file, secret,
                     readOnly = False, reOpen = False):

        command = 'blockdev-reopen' if reOpen else 'blockdev-add'

        opts = {
                'driver': iotests.imgfmt,
                'node-name': id,
                'read-only': readOnly,
                'key-secret' : secret.id(),
                'file': {
                    'driver': 'file',
                    'filename': test_img,
                }
            }

        if reOpen:
            result = vm.qmp(command, options=[opts])
        else:
            result = vm.qmp(command, **opts)
        self.assert_qmp(result, 'return', {})


    ###########################################################################
    # add virtio-blk consumer for a block device
    def addImageUser(self, vm, id, disk_id, share_rw=False):
        result = vm.qmp('device_add', **
            {
                'driver': 'virtio-blk',
                'id': id,
                'drive': disk_id,
                'share-rw' : share_rw
            }
        )

        iotests.log(result)

    # close the encrypted block device
    def closeImageQmp(self, vm, id):
        result = vm.qmp('blockdev-del', **{ 'node-name': id })
        self.assert_qmp(result, 'return', {})

    ###########################################################################

    # add a key to an encrypted block device
    def addKeyQmp(self, vm, id, new_secret):

        args = {
            'node-name': id,
            'job-id' : 'job0',
            'options' : {
                'state'     : 'active',
                'driver'    : iotests.imgfmt,
                'new-secret': new_secret.id(),
                'iter-time' : 10
            },
        }

        result = vm.qmp('x-blockdev-amend', **args)
        assert result['return'] == {}
        vm.run_job('job0')

    # test that when the image opened by two qemu processes,
    # neither of them can update the encryption keys
    def test1(self):
        self.createImg(test_img, self.secrets[0]);

        # VM1 opens the image and adds a key
        self.openImageQmp(self.vm1, "testdev", test_img, self.secrets[0])
        self.addKeyQmp(self.vm1, "testdev", new_secret = self.secrets[1])


        # VM2 opens the image
        self.openImageQmp(self.vm2, "testdev", test_img, self.secrets[0])


        # neither VMs now should be able to add a key
        self.addKeyQmp(self.vm1, "testdev", new_secret = self.secrets[2])
        self.addKeyQmp(self.vm2, "testdev", new_secret = self.secrets[2])


        # VM 1 closes the image
        self.closeImageQmp(self.vm1, "testdev")


        # now VM2 can add the key
        self.addKeyQmp(self.vm2, "testdev", new_secret = self.secrets[2])


        # qemu-img should also not be able to add a key
        self.addKey(test_img, self.secrets[0], self.secrets[2])

        # cleanup
        self.closeImageQmp(self.vm2, "testdev")
        os.remove(test_img)


    # test that when the image opened by two qemu processes,
    # even if first VM opens it read-only, the second can't update encryption
    # keys
    def test2(self):
        self.createImg(test_img, self.secrets[0]);

        # VM1 opens the image readonly
        self.openImageQmp(self.vm1, "testdev", test_img, self.secrets[0],
                          readOnly = True)

        # VM2 opens the image
        self.openImageQmp(self.vm2, "testdev", test_img, self.secrets[0])

        # VM1 can't add a key since image is readonly
        self.addKeyQmp(self.vm1, "testdev", new_secret = self.secrets[2])

        # VM2 can't add a key since VM is has the image opened
        self.addKeyQmp(self.vm2, "testdev", new_secret = self.secrets[2])


        #VM1 reopens the image read-write
        self.openImageQmp(self.vm1, "testdev", test_img, self.secrets[0],
                          reOpen = True, readOnly = False)

        # VM1 still can't add the key
        self.addKeyQmp(self.vm1, "testdev", new_secret = self.secrets[2])

        # VM2 gets away
        self.closeImageQmp(self.vm2, "testdev")

        # VM1 now can add the key
        self.addKeyQmp(self.vm1, "testdev", new_secret = self.secrets[2])

        self.closeImageQmp(self.vm1, "testdev")
        os.remove(test_img)

    # test that two VMs can't open the same luks image by default
    # and attach it to a guest device
    def test3(self):
        self.createImg(test_img, self.secrets[0]);

        self.openImageQmp(self.vm1, "testdev", test_img, self.secrets[0])
        self.addImageUser(self.vm1, "testctrl", "testdev")

        self.openImageQmp(self.vm2, "testdev", test_img, self.secrets[0])
        self.addImageUser(self.vm2, "testctrl", "testdev")


    # test that two VMs can attach the same luks image to a guest device,
    # if both use share-rw=on
    def test4(self):
        self.createImg(test_img, self.secrets[0]);

        self.openImageQmp(self.vm1, "testdev", test_img, self.secrets[0])
        self.addImageUser(self.vm1, "testctrl", "testdev", share_rw=True)

        self.openImageQmp(self.vm2, "testdev", test_img, self.secrets[0])
        self.addImageUser(self.vm2, "testctrl", "testdev", share_rw=True)


if __name__ == '__main__':
    # support only raw luks since luks encrypted qcow2 is a proper
    # format driver which doesn't allow any sharing
    iotests.activate_logging()
    iotests.main(supported_fmts = ['luks'])
iotests: add tests for blockdev-amend This commit adds two tests that cover the new blockdev-amend functionality of luks and qcow2 driver Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> [mreitz: Let 295 verify that LUKS works; drop 295 and 296 from the auto group] Signed-off-by: Max Reitz <mreitz@redhat.com> Message-Id: <20200625125548.870061-20-mreitz@redhat.com> 2020-06-25 14:55:48 +02:00			`#!/usr/bin/env python3`
iotests: define group in each iotest We are going to drop group file. Define group in tests as a preparatory step. The patch is generated by cd tests/qemu-iotests grep '^[0-9]\{3\} ' group \| while read line; do file=$(awk '{print $1}' <<< "$line"); groups=$(sed -e 's/^... //' <<< "$line"); awk "NR==2{print \"# group: $groups\"}1" $file > tmp; cat tmp > $file; done Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20210116134424.82867-7-vsementsov@virtuozzo.com> Signed-off-by: Eric Blake <eblake@redhat.com> 2021-01-16 16:44:19 +03:00			`# group: rw`
iotests: add tests for blockdev-amend This commit adds two tests that cover the new blockdev-amend functionality of luks and qcow2 driver Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> [mreitz: Let 295 verify that LUKS works; drop 295 and 296 from the auto group] Signed-off-by: Max Reitz <mreitz@redhat.com> Message-Id: <20200625125548.870061-20-mreitz@redhat.com> 2020-06-25 14:55:48 +02:00			`#`
			`# Test case for encryption key management versus image sharing`
			`#`
			`# Copyright (C) 2019 Red Hat, Inc.`
			`#`
			`# This program is free software; you can redistribute it and/or modify`
			`# it under the terms of the GNU General Public License as published by`
			`# the Free Software Foundation; either version 2 of the License, or`
			`# (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`#`

			`import iotests`
			`import os`
			`import time`
			`import json`

			`test_img = os.path.join(iotests.test_dir, 'test.img')`

			`class Secret:`
			`def __init__(self, index):`
			`self._id = "keysec" + str(index)`
			`# you are not supposed to see the password...`
			`self._secret = "hunter" + str(index)`

			`def id(self):`
			`return self._id`

			`def secret(self):`
			`return self._secret`

			`def to_cmdline_object(self):`
			`return [ "secret,id=" + self._id + ",data=" + self._secret]`

			`def to_qmp_object(self):`
			`return { "qom_type" : "secret", "id": self.id(),`
iotests: Drop deprecated 'props' from object-add Signed-off-by: Alberto Garcia <berto@igalia.com> Message-Id: <20210222115737.2993-1-berto@igalia.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> 2021-02-22 12:57:37 +01:00			`"data": self.secret() }`
iotests: add tests for blockdev-amend This commit adds two tests that cover the new blockdev-amend functionality of luks and qcow2 driver Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> [mreitz: Let 295 verify that LUKS works; drop 295 and 296 from the auto group] Signed-off-by: Max Reitz <mreitz@redhat.com> Message-Id: <20200625125548.870061-20-mreitz@redhat.com> 2020-06-25 14:55:48 +02:00
			`################################################################################`

			`class EncryptionSetupTestCase(iotests.QMPTestCase):`

			`# test case startup`
			`def setUp(self):`

			`# start the VMs`
			`self.vm1 = iotests.VM(path_suffix = 'VM1')`
			`self.vm2 = iotests.VM(path_suffix = 'VM2')`
			`self.vm1.launch()`
			`self.vm2.launch()`

			`# create the secrets and load 'em into the VMs`
			`self.secrets = [ Secret(i) for i in range(0, 4) ]`
			`for secret in self.secrets:`
			`result = self.vm1.qmp("object-add", **secret.to_qmp_object())`
			`self.assert_qmp(result, 'return', {})`
			`result = self.vm2.qmp("object-add", **secret.to_qmp_object())`
			`self.assert_qmp(result, 'return', {})`

			`# test case shutdown`
			`def tearDown(self):`
			`# stop the VM`
			`self.vm1.shutdown()`
			`self.vm2.shutdown()`

			`###########################################################################`
			`# create the encrypted block device using qemu-img`
			`def createImg(self, file, secret):`

			`output = iotests.qemu_img_pipe(`
			`'create',`
			`'--object', *secret.to_cmdline_object(),`
			`'-f', iotests.imgfmt,`
			`'-o', 'key-secret=' + secret.id(),`
			`'-o', 'iter-time=10',`
			`file,`
			`'1M')`

			`iotests.log(output, filters=[iotests.filter_test_dir])`

			`# attempts to add a key using qemu-img`
			`def addKey(self, file, secret, new_secret):`

			`image_options = {`
			`'key-secret' : secret.id(),`
			`'driver' : iotests.imgfmt,`
			`'file' : {`
			`'driver':'file',`
			`'filename': file,`
			`}`
			`}`

			`output = iotests.qemu_img_pipe(`
			`'amend',`
			`'--object', *secret.to_cmdline_object(),`
			`'--object', *new_secret.to_cmdline_object(),`

			`'-o', 'state=active',`
			`'-o', 'new-secret=' + new_secret.id(),`
			`'-o', 'iter-time=10',`

			`"json:" + json.dumps(image_options)`
			`)`

			`iotests.log(output, filters=[iotests.filter_test_dir])`

			`###########################################################################`
			`# open an encrypted block device`
			`def openImageQmp(self, vm, id, file, secret,`
			`readOnly = False, reOpen = False):`

block: Make blockdev-reopen stable API This patch drops the 'x-' prefix from x-blockdev-reopen. Signed-off-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20210708114709.206487-7-kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> 2021-07-08 13:47:09 +02:00			`command = 'blockdev-reopen' if reOpen else 'blockdev-add'`
iotests: add tests for blockdev-amend This commit adds two tests that cover the new blockdev-amend functionality of luks and qcow2 driver Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> [mreitz: Let 295 verify that LUKS works; drop 295 and 296 from the auto group] Signed-off-by: Max Reitz <mreitz@redhat.com> Message-Id: <20200625125548.870061-20-mreitz@redhat.com> 2020-06-25 14:55:48 +02:00
block: Support multiple reopening with x-blockdev-reopen [ kwolf: Fixed AioContext locking ] Signed-off-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20210708114709.206487-5-kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> 2021-07-08 13:47:07 +02:00			`opts = {`
iotests: add tests for blockdev-amend This commit adds two tests that cover the new blockdev-amend functionality of luks and qcow2 driver Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> [mreitz: Let 295 verify that LUKS works; drop 295 and 296 from the auto group] Signed-off-by: Max Reitz <mreitz@redhat.com> Message-Id: <20200625125548.870061-20-mreitz@redhat.com> 2020-06-25 14:55:48 +02:00			`'driver': iotests.imgfmt,`
			`'node-name': id,`
			`'read-only': readOnly,`
			`'key-secret' : secret.id(),`
			`'file': {`
			`'driver': 'file',`
			`'filename': test_img,`
			`}`
			`}`
block: Support multiple reopening with x-blockdev-reopen [ kwolf: Fixed AioContext locking ] Signed-off-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20210708114709.206487-5-kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> 2021-07-08 13:47:07 +02:00
			`if reOpen:`
			`result = vm.qmp(command, options=[opts])`
			`else:`
			`result = vm.qmp(command, **opts)`
iotests: add tests for blockdev-amend This commit adds two tests that cover the new blockdev-amend functionality of luks and qcow2 driver Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> [mreitz: Let 295 verify that LUKS works; drop 295 and 296 from the auto group] Signed-off-by: Max Reitz <mreitz@redhat.com> Message-Id: <20200625125548.870061-20-mreitz@redhat.com> 2020-06-25 14:55:48 +02:00			`self.assert_qmp(result, 'return', {})`

qemu-iotests: add testcase for bz #1857490 Test that we can't write-share raw luks images by default, but we still can with share-rw=on Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Message-Id: <20200719122059.59843-3-mlevitsk@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com> 2020-07-19 15:20:59 +03:00
			`###########################################################################`
			`# add virtio-blk consumer for a block device`
			`def addImageUser(self, vm, id, disk_id, share_rw=False):`
			`result = vm.qmp('device_add', **`
			`{`
			`'driver': 'virtio-blk',`
			`'id': id,`
			`'drive': disk_id,`
			`'share-rw' : share_rw`
			`}`
			`)`

			`iotests.log(result)`

iotests: add tests for blockdev-amend This commit adds two tests that cover the new blockdev-amend functionality of luks and qcow2 driver Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> [mreitz: Let 295 verify that LUKS works; drop 295 and 296 from the auto group] Signed-off-by: Max Reitz <mreitz@redhat.com> Message-Id: <20200625125548.870061-20-mreitz@redhat.com> 2020-06-25 14:55:48 +02:00			`# close the encrypted block device`
			`def closeImageQmp(self, vm, id):`
			`result = vm.qmp('blockdev-del', **{ 'node-name': id })`
			`self.assert_qmp(result, 'return', {})`

			`###########################################################################`

			`# add a key to an encrypted block device`
			`def addKeyQmp(self, vm, id, new_secret):`

			`args = {`
			`'node-name': id,`
			`'job-id' : 'job0',`
			`'options' : {`
			`'state' : 'active',`
			`'driver' : iotests.imgfmt,`
			`'new-secret': new_secret.id(),`
			`'iter-time' : 10`
			`},`
			`}`

			`result = vm.qmp('x-blockdev-amend', **args)`
			`assert result['return'] == {}`
			`vm.run_job('job0')`

			`# test that when the image opened by two qemu processes,`
qemu-iotests: add testcase for bz #1857490 Test that we can't write-share raw luks images by default, but we still can with share-rw=on Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Message-Id: <20200719122059.59843-3-mlevitsk@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com> 2020-07-19 15:20:59 +03:00			`# neither of them can update the encryption keys`
iotests: add tests for blockdev-amend This commit adds two tests that cover the new blockdev-amend functionality of luks and qcow2 driver Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> [mreitz: Let 295 verify that LUKS works; drop 295 and 296 from the auto group] Signed-off-by: Max Reitz <mreitz@redhat.com> Message-Id: <20200625125548.870061-20-mreitz@redhat.com> 2020-06-25 14:55:48 +02:00			`def test1(self):`
			`self.createImg(test_img, self.secrets[0]);`

			`# VM1 opens the image and adds a key`
			`self.openImageQmp(self.vm1, "testdev", test_img, self.secrets[0])`
			`self.addKeyQmp(self.vm1, "testdev", new_secret = self.secrets[1])`


			`# VM2 opens the image`
			`self.openImageQmp(self.vm2, "testdev", test_img, self.secrets[0])`


			`# neither VMs now should be able to add a key`
			`self.addKeyQmp(self.vm1, "testdev", new_secret = self.secrets[2])`
			`self.addKeyQmp(self.vm2, "testdev", new_secret = self.secrets[2])`


			`# VM 1 closes the image`
			`self.closeImageQmp(self.vm1, "testdev")`


			`# now VM2 can add the key`
			`self.addKeyQmp(self.vm2, "testdev", new_secret = self.secrets[2])`


			`# qemu-img should also not be able to add a key`
			`self.addKey(test_img, self.secrets[0], self.secrets[2])`

			`# cleanup`
			`self.closeImageQmp(self.vm2, "testdev")`
			`os.remove(test_img)`


qemu-iotests: add testcase for bz #1857490 Test that we can't write-share raw luks images by default, but we still can with share-rw=on Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Message-Id: <20200719122059.59843-3-mlevitsk@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com> 2020-07-19 15:20:59 +03:00			`# test that when the image opened by two qemu processes,`
			`# even if first VM opens it read-only, the second can't update encryption`
			`# keys`
iotests: add tests for blockdev-amend This commit adds two tests that cover the new blockdev-amend functionality of luks and qcow2 driver Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> [mreitz: Let 295 verify that LUKS works; drop 295 and 296 from the auto group] Signed-off-by: Max Reitz <mreitz@redhat.com> Message-Id: <20200625125548.870061-20-mreitz@redhat.com> 2020-06-25 14:55:48 +02:00			`def test2(self):`
			`self.createImg(test_img, self.secrets[0]);`

			`# VM1 opens the image readonly`
			`self.openImageQmp(self.vm1, "testdev", test_img, self.secrets[0],`
			`readOnly = True)`

			`# VM2 opens the image`
			`self.openImageQmp(self.vm2, "testdev", test_img, self.secrets[0])`

			`# VM1 can't add a key since image is readonly`
			`self.addKeyQmp(self.vm1, "testdev", new_secret = self.secrets[2])`

			`# VM2 can't add a key since VM is has the image opened`
			`self.addKeyQmp(self.vm2, "testdev", new_secret = self.secrets[2])`


			`#VM1 reopens the image read-write`
			`self.openImageQmp(self.vm1, "testdev", test_img, self.secrets[0],`
			`reOpen = True, readOnly = False)`

			`# VM1 still can't add the key`
			`self.addKeyQmp(self.vm1, "testdev", new_secret = self.secrets[2])`

			`# VM2 gets away`
			`self.closeImageQmp(self.vm2, "testdev")`

			`# VM1 now can add the key`
			`self.addKeyQmp(self.vm1, "testdev", new_secret = self.secrets[2])`

			`self.closeImageQmp(self.vm1, "testdev")`
			`os.remove(test_img)`

qemu-iotests: add testcase for bz #1857490 Test that we can't write-share raw luks images by default, but we still can with share-rw=on Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Message-Id: <20200719122059.59843-3-mlevitsk@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com> 2020-07-19 15:20:59 +03:00			`# test that two VMs can't open the same luks image by default`
			`# and attach it to a guest device`
			`def test3(self):`
			`self.createImg(test_img, self.secrets[0]);`

			`self.openImageQmp(self.vm1, "testdev", test_img, self.secrets[0])`
			`self.addImageUser(self.vm1, "testctrl", "testdev")`

			`self.openImageQmp(self.vm2, "testdev", test_img, self.secrets[0])`
			`self.addImageUser(self.vm2, "testctrl", "testdev")`


			`# test that two VMs can attach the same luks image to a guest device,`
			`# if both use share-rw=on`
			`def test4(self):`
			`self.createImg(test_img, self.secrets[0]);`

			`self.openImageQmp(self.vm1, "testdev", test_img, self.secrets[0])`
			`self.addImageUser(self.vm1, "testctrl", "testdev", share_rw=True)`

			`self.openImageQmp(self.vm2, "testdev", test_img, self.secrets[0])`
			`self.addImageUser(self.vm2, "testctrl", "testdev", share_rw=True)`


iotests: add tests for blockdev-amend This commit adds two tests that cover the new blockdev-amend functionality of luks and qcow2 driver Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> [mreitz: Let 295 verify that LUKS works; drop 295 and 296 from the auto group] Signed-off-by: Max Reitz <mreitz@redhat.com> Message-Id: <20200625125548.870061-20-mreitz@redhat.com> 2020-06-25 14:55:48 +02:00
			`if __name__ == '__main__':`
			`# support only raw luks since luks encrypted qcow2 is a proper`
			`# format driver which doesn't allow any sharing`
			`iotests.activate_logging()`
			`iotests.main(supported_fmts = ['luks'])`