mudler
commented
1 year ago Hey @cmbaron,
very good point, this should have been hashed directly from the start - what you propose sounds good actually, I'd be even tempted to say to hash directly the MachineID so it's safe to use by default and we avoid misuse, altough if someone already relied on it that would be bad - so it's best to split those two, and make a deprecation warning as you suggest.
However, there might be use-cases where it is used just internally, and not exposed at all, so maybe a warning would be enough to make sure that the user understand implications of using it.
The Hostname Plugin allows using MachineID in a template to generate hostname.
Per the manual page and the machine id library used by this project, machine-id is confidential and shouldn't be disclosed in whole or part.
How do we feel about adding "SecuredMachineID" as an available template variable in the hostname plugin to generate a machine-id derived ID using machine.id.ProtectedID("yipCloudInitHostnameConfiguration"), then later deprecating "MachineID" with a warning when its used?