[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 4/5] block: deprecate iSCSI 'password' in favour of 'password-secr
From: |
Daniel P . Berrangé |
Subject: |
[PULL 4/5] block: deprecate iSCSI 'password' in favour of 'password-secret' |
Date: |
Wed, 15 Feb 2023 17:47:11 +0000 |
Support for referencing secret objects was added in
commit b189346eb1784df95ed6fed610411dbf23d19e1f
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: Thu Jan 21 14:19:21 2016 +0000
iscsi: add support for getting CHAP password via QCryptoSecret API
The existing 'password' option is overdue for deprecation and
subsequent removal.
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
block/iscsi.c | 3 +++
docs/about/deprecated.rst | 8 ++++++++
2 files changed, 11 insertions(+)
diff --git a/block/iscsi.c b/block/iscsi.c
index b3e10f40b6..ed3e87a548 100644
--- a/block/iscsi.c
+++ b/block/iscsi.c
@@ -1353,6 +1353,9 @@ static void apply_chap(struct iscsi_context *iscsi,
QemuOpts *opts,
} else if (!password) {
error_setg(errp, "CHAP username specified but no password was given");
return;
+ } else {
+ warn_report("iSCSI block driver 'password' option is deprecated, "
+ "use 'password-secret' instead");
}
if (iscsi_set_initiator_username_pwd(iscsi, user, password)) {
diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index cb1ec72347..d31ffa86d4 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -301,6 +301,14 @@ The above, converted to the current supported format::
json:{"file.driver":"rbd", "file.pool":"rbd", "file.image":"name"}
+``iscsi,password=xxx`` (since 8.0)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Specifying the iSCSI password in plain text on the command line using the
+``password`` option is insecure. The ``password-secret`` option should be
+used instead, to refer to a ``--object secret...`` instance that provides
+a password via a file, or encrypted.
+
Backwards compatibility
-----------------------
--
2.39.1
- [PULL 0/5] Misc next patches, Daniel P . Berrangé, 2023/02/15
- [PULL 1/5] crypto: TLS: introduce `check_pending`, Daniel P . Berrangé, 2023/02/15
- [PULL 2/5] io/channel-tls: fix handling of bigger read buffers, Daniel P . Berrangé, 2023/02/15
- [PULL 3/5] block: mention 'password-secret' option for -iscsi, Daniel P . Berrangé, 2023/02/15
- [PULL 5/5] ui: remove deprecated 'password' option for SPICE, Daniel P . Berrangé, 2023/02/15
- [PULL 4/5] block: deprecate iSCSI 'password' in favour of 'password-secret',
Daniel P . Berrangé <=
- Re: [PULL 0/5] Misc next patches, Peter Maydell, 2023/02/16