[Libguestfs] [PATCH v3] v2v: -o openstack: Allow -oo insecure (RHBZ#1651432).

Pino Toscano ptoscano at redhat.com
Tue Nov 20 11:46:29 UTC 2018

On Tuesday, 20 November 2018 11:25:10 CET Richard W.M. Jones wrote:
> Previously we allowed arbitrary flags to be passed through to the
> underlying openstack CLI command, provided they have the format
> ‘--key=value’.  We want to pass the ‘--insecure’ flag through, but
> that doesn't have the key=value form.  However a small modification to
> the matching rules would allow this.
> The effect of this change is that you can now use ‘virt-v2v -oo
> insecure’ to turn off SSL certificate validation.  The default is to
> verify the server certificate (which is the default of the openstack
> command).
> ---

I'm not sure this is something we should support.  This effectively
passes through every -oo to openstack, and I'm afraid people will just
(ab)use it to workaround stuff rather than reporting issues in
virt-v2v.  Potentially even options that conflict/revert what virt-v2v
itself passes to the openstack client.

IMHO it is still better, and safer to explicitly allow options as

Pino Toscano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/libguestfs/attachments/20181120/ee50ee5a/attachment.sig>

More information about the Libguestfs mailing list