Re: [Libguestfs] [PATCH v3] v2v: -o openstack: Allow -oo insecure (RHBZ#1651432).
On Tuesday, 20 November 2018 11:25:10 CET Richard W.M. Jones wrote:
Previously we allowed arbitrary flags to be passed through to the
underlying openstack CLI command, provided they have the format
‘--key=value’. We want to pass the ‘--insecure’ flag through, but
that doesn't have the key=value form. However a small modification to
the matching rules would allow this.
The effect of this change is that you can now use ‘virt-v2v -oo
insecure’ to turn off SSL certificate validation. The default is to
verify the server certificate (which is the default of the openstack
command).
---
I'm not sure this is something we should support. This effectively
passes through every -oo to openstack, and I'm afraid people will just
(ab)use it to workaround stuff rather than reporting issues in
virt-v2v. Potentially even options that conflict/revert what virt-v2v
itself passes to the openstack client.
IMHO it is still better, and safer to explicitly allow options as
needed.
--
Pino Toscano
Attachments:
- signature.asc (application/pgp-signature — 833 bytes)