Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

set/get secret value do not work properly #89

Open
oferb1 opened this issue Mar 15, 2017 · 4 comments
Open

set/get secret value do not work properly #89

oferb1 opened this issue Mar 15, 2017 · 4 comments

Comments

@oferb1
Copy link

oferb1 commented Mar 15, 2017

I have found the following issues when testing secrets (for Ceph storage pools)

  • setValue will clip the passed key
  • virsh retrieves the data base64 transposed
const Promise = require('bluebird'),
      exec = Promise.promisify(require('child_process').exec),
      virt = require('libvirt'),
      uuid = require('uuid');

let secretUUID = uuid.v4(),
    secretXml =  `<secret ephemeral="no" private="no"><uuid>${secretUUID}</uuid><usage type="ceph">` +
                 '<name>client.test secret</name></usage></secret>',
    key = 'do not tell anyone',
    secret;

let hv = virt.createHypervisor('qemu:///system');

hv.connectAsync()
  .then(() => hv.defineSecretAsync(secretXml))
  .then(_secret => {
    secret = _secret;
    secret.setValueAsync(key);
  })
  .then(() => secret.getValueAsync())
  .then(value => console.log(`setValue('${key}'), while getValue() returns '${value}'`))
  .then(() => exec(`virsh secret-get-value ${secretUUID}`))
  .then(stdout => console.log(`virsh reads the secret value as '${stdout.trim()}', which is base64 transposed of the cropped key`))
  .then(() => secret.undefineAsync())
  .then(() => hv.disconnectAsync());
@mbroadst
Copy link
Contributor

@oferb1 okay the SetValue bug is fixed in fcb1637. I'm not sure what you mean in the second part of your question: that virsh returns the value base64 encoded? The test I added here shows that setValue will have the same getValue, so I might make the argument that base64 encoding/decoding is up to the end user in this case (and a weird implementation detail of virsh)

@oferb1
Copy link
Author

oferb1 commented Mar 19, 2017

Thanks - I confirmed that it works, and was able to set a secret, and define a Ceph pool using it.

Still when I use virsh to read the value, I get it base64 transposed - weird...

@mbroadst
Copy link
Contributor

Still not sure what you mean about "transposed" in this case. Can you use node-libvirt to check if virsh is converting to base64 on the way in or out? like store it with virsh and read with node-libvirt and visa versa

@oferb1
Copy link
Author

oferb1 commented Mar 19, 2017

virsh set value

# virsh secret-set-value a14408e2-e147-4ce9-b081-fd56ffab8e48 AQAGE8hYGi8fFxAAS7c7XdFda/ZblwlF9Z5p/A==
Secret value set

node-libvirt get value

hv.lookupSecretByUUIDAsync('a14408e2-e147-4ce9-b081-fd56ffab8e48').then(secret => secret.getValueAsync()).then(console.log)
Promise {
  _bitField: 0,
  _fulfillmentHandler0: undefined,
  _rejectionHandler0: undefined,
  _promise0: undefined,
  _receiver0: undefined }
> �X/K�;]�]k�[�	E��i�

node libvirt set-value

hv.lookupSecretByUUIDAsync('a14408e2-e147-4ce9-b081-fd56ffab8e48').then(secret => secret.setValueAsync('AQAGE8hYGi8fFxAAS7c7XdFda/ZblwlF9Z5p/A=='))

virsh get value

# virsh secret-get-value a14408e2-e147-4ce9-b081-fd56ffab8e48
QVFBR0U4aFlHaThmRnhBQVM3YzdYZEZkYS9aYmx3bEY5WjVwL0E9PQ==
# virsh secret-get-value a14408e2-e147-4ce9-b081-fd56ffab8e48 | base64 -d
AQAGE8hYGi8fFxAAS7c7XdFda/ZblwlF9Z5p/A==

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mbroadst @oferb1