secret_ceph: Validate value format

Ensure uuid is a valid UUID v4 string and value is base64-encoded. Change-Id: If34038d4bc6f970045847d8dc92ada98e3083f99
2024-05-03 01:29:56 +09:00 · 2024-05-03 01:29:56 +09:00 · b749df0f91
parent 8b5ae727cd
commit b749df0f91
2 changed files with 14 additions and 14 deletions
--- a/manifests/compute/libvirt/secret_ceph.pp
+++ b/manifests/compute/libvirt/secret_ceph.pp
@ -20,7 +20,7 @@
 # (Required) The UUID of the libvirt secret.
 #
 # [*value*]
-# (Required) The value to store in the secret.
+# (Required) The value to store in the secret. It should be base64-encoded.
 #
 # [*secret_name*]
 # (Optional) The name of the libvirt secret.
@ -31,8 +31,8 @@
 # Defaults to /etc/nova
 #
 define nova::compute::libvirt::secret_ceph(
-  String $uuid,
-  String $value,
+  Pattern[/^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[0-9a-f]{4}-[0-9a-f]{12}$/] $uuid,
+  Stdlib::Base64 $value,
  String[1] $secret_name            = $name,
  Stdlib::Absolutepath $secret_path = '/etc/nova',
 ) {
--- a/spec/classes/nova_compute_rbd_spec.rb
+++ b/spec/classes/nova_compute_rbd_spec.rb
@ -82,22 +82,22 @@ describe 'nova::compute::rbd' do
    context 'when using cephx' do
      before do
        params.merge!(
-          :libvirt_rbd_secret_uuid => 'UUID',
-          :libvirt_rbd_secret_key  => 'LIBVIRT/SECRET/KEY',
+          :libvirt_rbd_secret_uuid => '4f515eff-47e4-425c-b24d-9c6adc56401c',
+          :libvirt_rbd_secret_key  => 'AQBHCbtT6APDHhAA5W00cBchwkQjh3dkKsyPjw==',
        )
      end

-      it { is_expected.to contain_nova__compute__libvirt__secret_ceph('UUID').with(
-        :uuid  => params[:libvirt_rbd_secret_uuid],
-        :value => params[:libvirt_rbd_secret_key],
+      it { is_expected.to contain_nova__compute__libvirt__secret_ceph('4f515eff-47e4-425c-b24d-9c6adc56401c').with(
+        :uuid  => '4f515eff-47e4-425c-b24d-9c6adc56401c',
+        :value => 'AQBHCbtT6APDHhAA5W00cBchwkQjh3dkKsyPjw==',
      )}
    end

    context 'when using cephx but disabling ephemeral storage' do
      before do
        params.merge!(
-          :libvirt_rbd_secret_uuid => 'UUID',
-          :libvirt_rbd_secret_key  => 'LIBVIRT/SECRET/KEY',
+          :libvirt_rbd_secret_uuid => '4f515eff-47e4-425c-b24d-9c6adc56401c',
+          :libvirt_rbd_secret_key  => 'AQBHCbtT6APDHhAA5W00cBchwkQjh3dkKsyPjw==',
          :ephemeral_storage       => false
        )
      end
@ -112,12 +112,12 @@ describe 'nova::compute::rbd' do
        is_expected.to contain_nova_config('libvirt/rbd_destroy_volume_retry_interval').with_ensure('absent')
        is_expected.to contain_nova_config('libvirt/rbd_destroy_volume_retries').with_ensure('absent')
        is_expected.to contain_nova_config('libvirt/rbd_user').with_value('nova')
-        is_expected.to contain_nova_config('libvirt/rbd_secret_uuid').with_value('UUID')
+        is_expected.to contain_nova_config('libvirt/rbd_secret_uuid').with_value('4f515eff-47e4-425c-b24d-9c6adc56401c')
      end

-      it { is_expected.to contain_nova__compute__libvirt__secret_ceph('UUID').with(
-        :uuid  => params[:libvirt_rbd_secret_uuid],
-        :value => params[:libvirt_rbd_secret_key],
+      it { is_expected.to contain_nova__compute__libvirt__secret_ceph('4f515eff-47e4-425c-b24d-9c6adc56401c').with(
+        :uuid  => '4f515eff-47e4-425c-b24d-9c6adc56401c',
+        :value => 'AQBHCbtT6APDHhAA5W00cBchwkQjh3dkKsyPjw==',
      )}
    end