From b749df0f9122da05c7d7e673095f4d28926705b5 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Fri, 3 May 2024 01:29:56 +0900 Subject: [PATCH] secret_ceph: Validate value format Ensure uuid is a valid UUID v4 string and value is base64-encoded. Change-Id: If34038d4bc6f970045847d8dc92ada98e3083f99 --- manifests/compute/libvirt/secret_ceph.pp | 6 +++--- spec/classes/nova_compute_rbd_spec.rb | 22 +++++++++++----------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/manifests/compute/libvirt/secret_ceph.pp b/manifests/compute/libvirt/secret_ceph.pp index 039bb24d9..3676f8ee1 100644 --- a/manifests/compute/libvirt/secret_ceph.pp +++ b/manifests/compute/libvirt/secret_ceph.pp @@ -20,7 +20,7 @@ # (Required) The UUID of the libvirt secret. # # [*value*] -# (Required) The value to store in the secret. +# (Required) The value to store in the secret. It should be base64-encoded. # # [*secret_name*] # (Optional) The name of the libvirt secret. @@ -31,8 +31,8 @@ # Defaults to /etc/nova # define nova::compute::libvirt::secret_ceph( - String $uuid, - String $value, + Pattern[/^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[0-9a-f]{4}-[0-9a-f]{12}$/] $uuid, + Stdlib::Base64 $value, String[1] $secret_name = $name, Stdlib::Absolutepath $secret_path = '/etc/nova', ) { diff --git a/spec/classes/nova_compute_rbd_spec.rb b/spec/classes/nova_compute_rbd_spec.rb index 5379a94fc..67c9627a1 100644 --- a/spec/classes/nova_compute_rbd_spec.rb +++ b/spec/classes/nova_compute_rbd_spec.rb @@ -82,22 +82,22 @@ describe 'nova::compute::rbd' do context 'when using cephx' do before do params.merge!( - :libvirt_rbd_secret_uuid => 'UUID', - :libvirt_rbd_secret_key => 'LIBVIRT/SECRET/KEY', + :libvirt_rbd_secret_uuid => '4f515eff-47e4-425c-b24d-9c6adc56401c', + :libvirt_rbd_secret_key => 'AQBHCbtT6APDHhAA5W00cBchwkQjh3dkKsyPjw==', ) end - it { is_expected.to contain_nova__compute__libvirt__secret_ceph('UUID').with( - :uuid => params[:libvirt_rbd_secret_uuid], - :value => params[:libvirt_rbd_secret_key], + it { is_expected.to contain_nova__compute__libvirt__secret_ceph('4f515eff-47e4-425c-b24d-9c6adc56401c').with( + :uuid => '4f515eff-47e4-425c-b24d-9c6adc56401c', + :value => 'AQBHCbtT6APDHhAA5W00cBchwkQjh3dkKsyPjw==', )} end context 'when using cephx but disabling ephemeral storage' do before do params.merge!( - :libvirt_rbd_secret_uuid => 'UUID', - :libvirt_rbd_secret_key => 'LIBVIRT/SECRET/KEY', + :libvirt_rbd_secret_uuid => '4f515eff-47e4-425c-b24d-9c6adc56401c', + :libvirt_rbd_secret_key => 'AQBHCbtT6APDHhAA5W00cBchwkQjh3dkKsyPjw==', :ephemeral_storage => false ) end @@ -112,12 +112,12 @@ describe 'nova::compute::rbd' do is_expected.to contain_nova_config('libvirt/rbd_destroy_volume_retry_interval').with_ensure('absent') is_expected.to contain_nova_config('libvirt/rbd_destroy_volume_retries').with_ensure('absent') is_expected.to contain_nova_config('libvirt/rbd_user').with_value('nova') - is_expected.to contain_nova_config('libvirt/rbd_secret_uuid').with_value('UUID') + is_expected.to contain_nova_config('libvirt/rbd_secret_uuid').with_value('4f515eff-47e4-425c-b24d-9c6adc56401c') end - it { is_expected.to contain_nova__compute__libvirt__secret_ceph('UUID').with( - :uuid => params[:libvirt_rbd_secret_uuid], - :value => params[:libvirt_rbd_secret_key], + it { is_expected.to contain_nova__compute__libvirt__secret_ceph('4f515eff-47e4-425c-b24d-9c6adc56401c').with( + :uuid => '4f515eff-47e4-425c-b24d-9c6adc56401c', + :value => 'AQBHCbtT6APDHhAA5W00cBchwkQjh3dkKsyPjw==', )} end