qemu-e2k/qapi
Markus Armbruster a3699de4dd rbd: New parameter auth-client-required
Parameter auth-client-required lets you configure authentication
methods.  We tried to provide that in v2.9.0, but backed out due to
interface design doubts (commit 464444fcc1).

This commit is similar to what we backed out, but simpler: we use a
list of enumeration values instead of a list of objects with a member
of enumeration type.

Let's review our reasons for backing out the first try, as stated in
the commit message:

    * The implementation uses deprecated rados_conf_set() key
      "auth_supported".  No biggie.

Fixed: we use "auth-client-required".

    * The implementation makes -drive silently ignore invalid parameters
      "auth" and "auth-supported.*.X" where X isn't "auth".  Fixable (in
      fact I'm going to fix similar bugs around parameter server), so
      again no biggie.

That fix is commit 2836284db6.  This commit doesn't bring the bugs
back.

    * BlockdevOptionsRbd member @password-secret applies only to
      authentication method cephx.  Should it be a variant member of
      RbdAuthMethod?

We've had time to ponder, and we decided to stick to the way Ceph
configuration works: the key configured separately, and silently
ignored if the authentication method doesn't use it.

    * BlockdevOptionsRbd member @user could apply to both methods cephx
      and none, but I'm not sure it's actually used with none.  If it
      isn't, should it be a variant member of RbdAuthMethod?

Likewise.

    * The client offers a *set* of authentication methods, not a list.
      Should the methods be optional members of BlockdevOptionsRbd instead
      of members of list @auth-supported?  The latter begs the question
      what multiple entries for the same method mean.  Trivial question
      now that RbdAuthMethod contains nothing but @type, but less so when
      RbdAuthMethod acquires other members, such the ones discussed above.

Again, we decided to stick to the way Ceph configuration works, except
we make auth-client-required a list of enumeration values instead of a
string containing keywords separated by delimiters.

    * How BlockdevOptionsRbd member @auth-supported interacts with
      settings from a configuration file specified with @conf is
      undocumented.  I suspect it's untested, too.

Not actually true, the documentation for @conf says "Values in the
configuration file will be overridden by options specified via QAPI",
and we've tested this.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-06-15 14:49:44 +02:00
..
block-core.json rbd: New parameter auth-client-required 2018-06-15 14:49:44 +02:00
block.json qapi: add nbd-server-remove 2018-01-26 09:37:20 -06:00
char.json qapi-schema: Collect char device stuff in qapi/char.json 2017-09-04 13:09:12 +02:00
common.json qapi: Change "since 2.13" annotations to "since 3.0" 2018-05-29 11:28:46 +01:00
crypto.json qapi-schema: Improve section headings 2017-09-04 13:09:12 +02:00
introspect.json qapi: introduce new cmd option "allow-preconfig" 2018-05-30 13:19:09 -03:00
job.json jobs: fix verb references in docs 2018-06-15 14:49:44 +02:00
Makefile.objs
migration.json migration: Don't activate block devices if using -S 2018-06-04 05:46:15 +02:00
misc.json * Linux header upgrade (Peter) 2018-06-01 18:24:16 +01:00
net.json slirp: fix domainname version availability 2018-06-08 09:08:30 +03:00
opts-visitor.c
qapi-clone-visitor.c qapi/qnull: Add own header 2017-11-17 18:21:30 +01:00
qapi-dealloc-visitor.c qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF 2018-05-04 08:27:53 +02:00
qapi-schema.json job: Introduce qapi/job.json 2018-05-23 14:30:51 +02:00
qapi-util.c qapi: Change data type of the FOO_lookup generated for enum FOO 2017-09-04 13:09:13 +02:00
qapi-visit-core.c Include qapi/qmp/qobject.h exactly where needed 2018-02-09 13:52:15 +01:00
qmp-dispatch.c cli: add --preconfig option 2018-05-30 13:19:14 -03:00
qmp-event.c Include qapi/qmp/qdict.h exactly where needed 2018-02-09 13:52:15 +01:00
qmp-registry.c
qobject-input-visitor.c qobject: Modify qobject_ref() to return obj 2018-05-04 08:27:53 +02:00
qobject-output-visitor.c qobject: Modify qobject_ref() to return obj 2018-05-04 08:27:53 +02:00
rocker.json
run-state.json qapi: introduce new cmd option "allow-preconfig" 2018-05-30 13:19:09 -03:00
sockets.json sockets: allow SocketAddress 'fd' to reference numeric file descriptors 2018-03-13 18:06:06 +00:00
string-input-visitor.c qapi/qnull: Add own header 2017-11-17 18:21:30 +01:00
string-output-visitor.c qapi: Use QNull for a more regular visit_type_null() 2017-07-24 13:35:11 +02:00
tpm.json tpm: add CRB device 2018-01-29 14:22:50 -05:00
trace-events qapi: Use QNull for a more regular visit_type_null() 2017-07-24 13:35:11 +02:00
trace.json qapi-schema: Improve section headings 2017-09-04 13:09:12 +02:00
transaction.json qmp: transaction support for x-block-dirty-bitmap-enable/disable 2018-06-11 14:53:32 -04:00
ui.json qapi: Change "since 2.13" annotations to "since 3.0" 2018-05-29 11:28:46 +01:00