search

OndrejHome / ansible.targetcli-modules

Modules for managing targetcli via Ansible
GNU General Public License v3.0
10 stars 12 forks source link

support (mutual) authentication #6

Open commonism opened 2 years ago

commonism commented 2 years ago
OndrejHome commented 2 years ago

Hello @commonism,

Thank you for opening the PR and the effort of providing interesting code! Sorry for my delayed response on this. Due to current workload on my side I will need some time to review this (you may expect my response within 2 weeks).

By having only a brief look I expect that there will be minor conflict with files that are currently in develop branch which I have used to provide preview of some recent changes, but I don't think it would be complicated to merge them - I'll have a look at that.

In the meantime could you please let me know on which system(s) you have tested the changes provided in this PR? (for example: CentOS 7.9, CentOS 8.4, ...) This is for me to know on which systems to expect this to be working when testing.

Ondrej

OndrejHome commented 2 years ago

Hello @commonism,

Thank you for your patience.

I have tested so far only unidirectional authentication, but for mutual one the results can be extrapolated.

  1. It seems that it is possible only to set authentication values but not remove them. For example: userid: 'test' will set the use to test, but there is no way to remove user value from userid. I have tried userid: '' and just not specifying userid at none worked - old value was still present. Would it be possible to adjust code to allow also removal of the auth attributes?

  2. Could you please add few examples into 'EXAMPLES' section showing the use of the new attributes? Such as 'adding unidirectional authentication', 'adding mutual authentication', 'removing authentication settings'.

NOTE: You can get cleaner output from targetcli get auth when you specify the auth parameters as shown below.

# targetcli /iscsi/iqn.2003-01.org.linux-iscsi.fastvm-centos-7-9-86.x8664:sn.8794b958d5c5/tpg1/acls iqn.1994-05.com.redhat:ee5772c5261 get auth userid password mutual_userid mutual_password 
userid=test
password=www
mutual_userid=
mutual_password=

If you have any questions or comments to above please let me know. Thank you!