Add ability to use a LUKS keys vault

[ghost]

For customers that have LUKS encrypted devices, we need a way to pass the LUKS keys to virt-v2v. This PR implements it by allowing a luks_keys_vault key in the JSON input. Currently, the implementation is really basic and only accept a clear JSON file as vault. The expected JSON file structure is:

{
    "my_vm": [
        {
            "device": "/dev/sda1",
            "key": "0123456789abcdef"
        },
        {
            "device": "/dev/sda2",
            "key": "fedcba9876543210"
        }
    ]
}

With this format, we can have many virtual machines declared into a single file.
To reduce coupling with ManageIQ, there's a default path for the vault file, so that it only has to exist to be leveraged by virt-v2v-wrapper. In the future, ManageIQ may generate the vault file(s) and override that default value.

[ovirt-infra]

Hello contributor, thanks for submitting a PR for this project!

I am the bot who triggers "standard-CI" builds for this project.
As a security measure, I will not run automated tests on PRs that are not from white-listed contributors.

In order to allow automated tests to run, please ask one of the project maintainers to review the code and then do one of the following:

1. Type ci test please on this PR to trigger automated tests for it.
2. Type ci add to whitelist on this PR to trigger automated tests for it and also add you to the contributor white-list so that your future PRs will be tested automatically. ( keep in mind this list might be overwritten if the job XML is refreshed, for permanent whitelisting, please follow Added support for network mappings #3 option )
3. If you are planning to contribute to more than one project, maybe it's better to ask them to add you to the project organization, so you'll be able to run tests for all the organization's projects.

[nyoxi]

Create a new dictionary with the LUKS specific lines. I.e. copy VDDK_RHV and extend it with the above lines.

[ghost]

Should it still be the case, now that I moved it to wrapper/tests/test_v2v_args.py ?

[nyoxi]

Please pick this commit 745fe83. It will fix the tests.

[nyoxi]

These changes should go to prepare_command() in virt_v2v_wrapper.py instead of into every host class.

[ghost]

Done

[nyoxi]

create new test function for the LUKS related changes instead of reusing test_vddk_basic()

[nyoxi]

Do we need a default? If yes, it may be worth using some other directory then /tmp, e.g. /etc or user's home directory. What do you think? Also what do you think about adding a check and refusing to load file that is readable/writable by someone else than owner?

[ghost]

Good points. Changed to use user's home directory and added checks on permissions.

[ghost]

@nyoxi the tests fail, but I don't know what's causing the errors. Could you look at it, please ?

[nyoxi]

some leftover here

[ghost]

not sure I understand. this line is already deleted.

[nyoxi]

Please pick this commit 745fe83. It will fix the tests.

[nyoxi]

This cast is ugly. I would prefer if file_stat.st_mode & stat.S_IRWXO > 0:

[ghost]

Done

[nyoxi]

same as above

[ghost]

Done

[nyoxi]

CI failure is unrelated

[nyoxi]

ci test please