From 348e96511477fd8d89a0296da75015ca3182c836 Mon Sep 17 00:00:00 2001
From: Julia Kreger <juliaashleykreger@gmail.com>
Date: Tue, 25 Oct 2022 08:13:28 -0700
Subject: [PATCH] preserve secure information on xml changes

When setting parameters revolving around boot
mode, options, firmware, it is necessary to
extract and edit the XML document.

Some details, however, are not automatically
extracted and libvirt must be told to provide
secure information. This change prevents us
from accidently loosing such configuration
parameters

Story: 2010382
Task: 46651

Change-Id: I0da2f37c5b630d2a180f59b74f23c027ee56e17b
---
 ...serve-libvirt-domain-info-955410f570060241.yaml | 10 ++++++++++
 virtualbmc/vbmc.py                                 | 14 +++++++++++++-
 2 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/preserve-libvirt-domain-info-955410f570060241.yaml

diff --git a/releasenotes/notes/preserve-libvirt-domain-info-955410f570060241.yaml b/releasenotes/notes/preserve-libvirt-domain-info-955410f570060241.yaml
new file mode 100644
index 0000000..95f231e
--- /dev/null
+++ b/releasenotes/notes/preserve-libvirt-domain-info-955410f570060241.yaml
@@ -0,0 +1,10 @@
+---
+security:
+  - |
+    Secure information in the Libvirt domain XML document is now preserved.
+    For more information, please see `story 2010382
+    <https://storyboard.openstack.org/#!/story/2010382>`_.
+fixes:
+  - |
+    Fixes an issue where secure fields were accidently lost in the Libvirt
+    domain XML document.
diff --git a/virtualbmc/vbmc.py b/virtualbmc/vbmc.py
index 2dc18d2..aa6f830 100644
--- a/virtualbmc/vbmc.py
+++ b/virtualbmc/vbmc.py
@@ -60,6 +60,17 @@ class VirtualBMC(bmc.Bmc):
                            'sasl_username': libvirt_sasl_username,
                            'sasl_password': libvirt_sasl_password}
 
+    # Copied from nova/virt/libvirt/guest.py
+    def get_xml_desc(self, domain, dump_sensitive=False):
+        """Returns xml description of guest.
+
+        :param domain: The libvirt domain to call
+        :param dump_sensitive: Dump security sensitive information
+        :returns string: XML description of the guest
+        """
+        flags = dump_sensitive and libvirt.VIR_DOMAIN_XML_SECURE or 0
+        return domain.XMLDesc(flags=flags)
+
     def get_boot_device(self):
         LOG.debug('Get boot device called for %(domain)s',
                   {'domain': self.domain_name})
@@ -87,7 +98,8 @@ class VirtualBMC(bmc.Bmc):
         try:
             with utils.libvirt_open(**self._conn_args) as conn:
                 domain = utils.get_libvirt_domain(conn, self.domain_name)
-                tree = ET.fromstring(domain.XMLDesc())
+                tree = ET.fromstring(
+                    self.get_xml_desc(domain, dump_sensitive=True))
 
                 # Remove all "boot" element under "devices"
                 # They are mutually exclusive with "os/boot"