From 00dc29e8ed594c12624742b7847b538278a84c34 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Tue, 7 May 2024 01:08:50 +0900 Subject: [PATCH] Validate auth_encryption_key by date type Change-Id: Ifa45975c23588da8a5f57d30bd0206044fa70d55 --- manifests/engine.pp | 12 ++----- spec/classes/heat_engine_spec.rb | 17 +++------ spec/type_aliases/authencryptionkey_spec.rb | 40 +++++++++++++++++++++ types/authencryptionkey.pp | 5 +++ 4 files changed, 51 insertions(+), 23 deletions(-) create mode 100644 spec/type_aliases/authencryptionkey_spec.rb create mode 100644 types/authencryptionkey.pp diff --git a/manifests/engine.pp b/manifests/engine.pp index 4bae01b7..65665cc5 100644 --- a/manifests/engine.pp +++ b/manifests/engine.pp @@ -3,6 +3,7 @@ # Installs & configure the heat engine service # # === Parameters +# # [*auth_encryption_key*] # (required) Encryption key used for authentication info in database # Must be either 16, 24, or 32 bytes long. @@ -194,7 +195,7 @@ # Defaults to undef # class heat::engine ( - String $auth_encryption_key, + Heat::AuthEncryptionKey $auth_encryption_key, $package_ensure = 'present', Boolean $manage_service = true, Boolean $enabled = true, @@ -236,15 +237,6 @@ class heat::engine ( include heat::deps - # Validate Heat Engine AES key - # must be either 16, 24, or 32 bytes long - # https://bugs.launchpad.net/heat/+bug/1415887 - $allowed_sizes = ['16','24','32'] - $param_size = size($auth_encryption_key) - if ! (member($allowed_sizes, "${param_size}")) { # lint:ignore:only_variable_string - fail("${param_size} is not a correct size for auth_encryption_key parameter, it must be either 16, 24, 32 bytes long.") - } - include heat include heat::params diff --git a/spec/classes/heat_engine_spec.rb b/spec/classes/heat_engine_spec.rb index e0986017..43db47a8 100644 --- a/spec/classes/heat_engine_spec.rb +++ b/spec/classes/heat_engine_spec.rb @@ -33,7 +33,7 @@ describe 'heat::engine' do } end - shared_examples_for 'heat-engine' do + shared_examples_for 'heat::engine' do let :pre_condition do "class { 'heat::keystone::authtoken': password => 'password', @@ -41,13 +41,12 @@ describe 'heat::engine' do end [ - {}, { :auth_encryption_key => '1234567890AZERTYUIOPMLKJHGFDSQ12' }, { :auth_encryption_key => '0234567890AZERTYUIOPMLKJHGFDSQ24', :enabled => false, :heat_stack_user_role => 'heat_stack_user', - :heat_metadata_server_url => 'http://127.0.0.1:8000', - :heat_waitcondition_server_url => 'http://127.0.0.1:8000/v1/waitcondition', + :heat_metadata_server_url => 'https://127.0.0.1:8000', + :heat_waitcondition_server_url => 'https://127.0.0.1:8000/v1/waitcondition', :default_software_config_transport => 'POLL_SERVER_CFN', :default_deployment_signal_transport => 'CFN_SIGNAL', :default_user_data_format => 'HEAT_CFNTOOLS', @@ -167,14 +166,6 @@ describe 'heat::engine' do end it { is_expected.to contain_heat_config('DEFAULT/plugin_dirs').with_value(['/usr/lib/heat,/usr/local/lib/heat']) } end - - context 'with wrong auth_encryption_key parameter size' do - before do - params.merge!({ - :auth_encryption_key => 'hello' }) - end - it_raises 'a Puppet::Error', /5 is not a correct size for auth_encryption_key parameter, it must be either 16, 24, 32 bytes long./ - end end on_supported_os({ @@ -198,7 +189,7 @@ describe 'heat::engine' do end end - it_behaves_like 'heat-engine' + it_behaves_like 'heat::engine' end end diff --git a/spec/type_aliases/authencryptionkey_spec.rb b/spec/type_aliases/authencryptionkey_spec.rb new file mode 100644 index 00000000..209ae88b --- /dev/null +++ b/spec/type_aliases/authencryptionkey_spec.rb @@ -0,0 +1,40 @@ +require 'spec_helper' + +describe 'Heat::AuthEncryptionKey' do + describe 'valid types' do + context 'with valid types' do + [ + '0123456789abcdef', + '0123456789abcdefghijklmn', + '0123456789abcdefghijklmnopqrstuv' + ].each do |value| + describe value.inspect do + it { is_expected.to allow_value(value) } + end + end + end + end + + describe 'invalid types' do + context 'with garbage inputs' do + [ + 1234567890123456, + true, + false, + nil, + {'0123456789abcdefghijklmnopqrstuv' => '0123456789abcdefghijklmnopqrstuv'}, + ['0123456789abcdefghijklmnopqrstuv'], + '0123456789abcde', + '0123456789abcdefg', + '0123456789abcdefghijklm', + '0123456789abcdefghijklmno', + '0123456789abcdefghijklmnopqrstu', + '0123456789abcdefghijklmnopqrstuvw', + ].each do |value| + describe value.inspect do + it { is_expected.not_to allow_value(value) } + end + end + end + end +end diff --git a/types/authencryptionkey.pp b/types/authencryptionkey.pp new file mode 100644 index 00000000..4fc6bb7a --- /dev/null +++ b/types/authencryptionkey.pp @@ -0,0 +1,5 @@ +type Heat::AuthEncryptionKey = Variant[ + String[16,16], + String[24,24], + String[32,32] +]