From dbc6ec9ed6edee6bd0b256f14fb602e5afa6c5d5 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <kajinamit@oss.nttdata.com>
Date: Fri, 29 Mar 2024 01:19:38 +0900
Subject: [PATCH] rbd: More strictly validate rbd_ceph_conf

The rbd_ceph_conf parameter accepts a valid path for *.conf file,
because of the internal logic to detect the cluster name.

Change-Id: Ia42f5db1ff701b5ba90dbdb7e80c7b906b406222
---
 manifests/backend/rbd.pp           |  2 +-
 spec/type_aliases/cephconf_spec.rb | 35 ++++++++++++++++++++++++++++++
 types/cephconf.pp                  |  1 +
 3 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 spec/type_aliases/cephconf_spec.rb
 create mode 100644 types/cephconf.pp

diff --git a/manifests/backend/rbd.pp b/manifests/backend/rbd.pp
index c779841b..ddbd58b6 100644
--- a/manifests/backend/rbd.pp
+++ b/manifests/backend/rbd.pp
@@ -121,7 +121,7 @@ define cinder::backend::rbd (
   $backend_availability_zone         = $facts['os_service_default'],
   $reserved_percentage               = $facts['os_service_default'],
   $max_over_subscription_ratio       = $facts['os_service_default'],
-  $rbd_ceph_conf                     = '/etc/ceph/ceph.conf',
+  Cinder::CephConf $rbd_ceph_conf    = '/etc/ceph/ceph.conf',
   $rbd_flatten_volume_from_snapshot  = $facts['os_service_default'],
   $rbd_secret_uuid                   = $facts['os_service_default'],
   $rbd_max_clone_depth               = $facts['os_service_default'],
diff --git a/spec/type_aliases/cephconf_spec.rb b/spec/type_aliases/cephconf_spec.rb
new file mode 100644
index 00000000..80b0b38b
--- /dev/null
+++ b/spec/type_aliases/cephconf_spec.rb
@@ -0,0 +1,35 @@
+require 'spec_helper'
+
+describe 'Cinder::CephConf' do
+  describe 'valid types' do
+    context 'with valid types' do
+      [
+        '/etc/ceph/ceph.conf',
+        '/etc/ceph.conf',
+        '/ceph.conf',
+        '/etc/ceph/foo/ceph.conf',
+        '/etc/ceph/foo.conf',
+      ].each do |value|
+        describe value.inspect do
+          it { is_expected.to allow_value(value) }
+        end
+      end
+    end
+  end
+
+  describe 'invalid types' do
+    context 'with garbage inputs' do
+      [
+        'etc/ceph/ceph.conf',
+        'ceph.conf',
+        '/etc/ceph/ceph.config',
+        '/etc/ceph/ceph',
+        '<SERVICE DEFAULT>',
+      ].each do |value|
+        describe value.inspect do
+          it { is_expected.not_to allow_value(value) }
+        end
+      end
+    end
+  end
+end
diff --git a/types/cephconf.pp b/types/cephconf.pp
new file mode 100644
index 00000000..77a7de7a
--- /dev/null
+++ b/types/cephconf.pp
@@ -0,0 +1 @@
+type Cinder::CephConf = Pattern[/^\/([^\n\/\0]+\/*)*[^\n\/\0]+\.conf$/]