From 43a9f09a175fb2503525f5f92ef091821ee27c26 Mon Sep 17 00:00:00 2001
From: Ricardo Sanchez <84853324+ricsanfre@users.noreply.github.com>
Date: Sun, 26 Sep 2021 13:38:17 +0200
Subject: [PATCH] open-iscsi: adding mutual authentication support and updating
 authentication parameters description (#3422)

* Adding mutual athentication support and changing doucumentation about authentication credentials

* Removing blank line with whitspaces

* Update plugins/modules/system/open_iscsi.py

Adding version_added to node_user_in parameter

Co-authored-by: Ajpantuso <ajpantuso@gmail.com>

* Update plugins/modules/system/open_iscsi.py

adding version_added attibute to new parameter password_in

Co-authored-by: Ajpantuso <ajpantuso@gmail.com>

* Update plugins/modules/system/open_iscsi.py

Co-authored-by: Ajpantuso <ajpantuso@gmail.com>

* Adding changelog fragment for #3422

* Rename 3422-open-iscsi-mutual-authentication-support.yam to 3422-open-iscsi-mutual-authentication-support.yaml

* Update changelogs/fragments/3422-open-iscsi-mutual-authentication-support.yaml

Co-authored-by: Ajpantuso <ajpantuso@gmail.com>

* Update changelogs/fragments/3422-open-iscsi-mutual-authentication-support.yaml

Co-authored-by: Ajpantuso <ajpantuso@gmail.com>

Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
---
 ...n-iscsi-mutual-authentication-support.yaml |  3 ++
 plugins/modules/system/open_iscsi.py          | 29 ++++++++++++++++---
 2 files changed, 28 insertions(+), 4 deletions(-)
 create mode 100644 changelogs/fragments/3422-open-iscsi-mutual-authentication-support.yaml

diff --git a/changelogs/fragments/3422-open-iscsi-mutual-authentication-support.yaml b/changelogs/fragments/3422-open-iscsi-mutual-authentication-support.yaml
new file mode 100644
index 0000000000..c5fc84d1ae
--- /dev/null
+++ b/changelogs/fragments/3422-open-iscsi-mutual-authentication-support.yaml
@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - open-iscsi - adding support for mutual authentication between target and initiator (https://github.com/ansible-collections/community.general/pull/3422).
diff --git a/plugins/modules/system/open_iscsi.py b/plugins/modules/system/open_iscsi.py
index 2d255356e6..d7fd8592ae 100644
--- a/plugins/modules/system/open_iscsi.py
+++ b/plugins/modules/system/open_iscsi.py
@@ -41,17 +41,27 @@ options:
         aliases: [ state ]
     node_auth:
         description:
-        - The value for C(discovery.sendtargets.auth.authmethod).
+        - The value for C(node.session.auth.authmethod).
         type: str
         default: CHAP
     node_user:
         description:
-        - The value for C(discovery.sendtargets.auth.username).
+        - The value for C(node.session.auth.username).
         type: str
     node_pass:
         description:
-        - The value for C(discovery.sendtargets.auth.password).
+        - The value for C(node.session.auth.password).
         type: str
+    node_user_in:
+        description:
+        - The value for C(node.session.auth.username_in).
+        type: str
+        version_added: 3.8.0
+    node_pass_in:
+        description:
+        - The value for C(node.session.auth.password_in).
+        type: str
+        version_added: 3.8.0
     auto_node_startup:
         description:
         - Whether the target node should be automatically connected at startup.
@@ -191,6 +201,8 @@ def target_login(module, target, portal=None, port=None):
     node_auth = module.params['node_auth']
     node_user = module.params['node_user']
     node_pass = module.params['node_pass']
+    node_user_in = module.params['node_user_in']
+    node_pass_in = module.params['node_pass_in']
 
     if node_user:
         params = [('node.session.auth.authmethod', node_auth),
@@ -200,6 +212,13 @@ def target_login(module, target, portal=None, port=None):
             cmd = [iscsiadm_cmd, '--mode', 'node', '--targetname', target, '--op=update', '--name', name, '--value', value]
             module.run_command(cmd, check_rc=True)
 
+    if node_user_in:
+        params = [('node.session.auth.username_in', node_user_in),
+                  ('node.session.auth.password_in', node_pass_in)]
+        for (name, value) in params:
+            cmd = '%s --mode node --targetname %s --op=update --name %s --value %s' % (iscsiadm_cmd, target, name, value)
+            module.run_command(cmd, check_rc=True)
+
     cmd = [iscsiadm_cmd, '--mode', 'node', '--targetname', target, '--login']
     if portal is not None and port is not None:
         cmd.append('--portal')
@@ -277,6 +296,8 @@ def main():
             node_auth=dict(type='str', default='CHAP'),
             node_user=dict(type='str'),
             node_pass=dict(type='str', no_log=True),
+            node_user_in=dict(type='str'),
+            node_pass_in=dict(type='str', no_log=True),
 
             # actions
             login=dict(type='bool', aliases=['state']),
@@ -286,7 +307,7 @@ def main():
             show_nodes=dict(type='bool', default=False),
         ),
 
-        required_together=[['node_user', 'node_pass']],
+        required_together=[['node_user', 'node_pass'], ['node_user_in', 'node_pass_in']],
         required_if=[('discover', True, ['portal'])],
         supports_check_mode=True,
     )