openstack
/
puppet-heat
Code Issues Proposed changes

Validate auth_encryption_key by date type 

Change-Id: Ifa45975c23588da8a5f57d30bd0206044fa70d55
This commit is contained in:
Takashi Kajinami 2024-05-07 01:08:50 +09:00
parent b4b323847e
commit e4ec1089c9
4 changed files with 51 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
manifests/engine.pp
View File

@ -3,6 +3,7 @@
# Installs & configure the heat engine service
#
# === Parameters
#
# [*auth_encryption_key*]
# (required) Encryption key used for authentication info in database
# Must be either 16, 24, or 32 bytes long.
@ -194,7 +195,7 @@
# Defaults to undef
#
class heat::engine (
String $auth_encryption_key,
Heat::AuthEncryptionKey $auth_encryption_key,
$package_ensure = 'present',
Boolean $manage_service = true,
Boolean $enabled = true,
@ -236,15 +237,6 @@ class heat::engine (
include heat::deps
# Validate Heat Engine AES key
# must be either 16, 24, or 32 bytes long
# https://bugs.launchpad.net/heat/+bug/1415887
$allowed_sizes = ['16','24','32']
$param_size = size($auth_encryption_key)
if ! (member($allowed_sizes, "${param_size}")) { # lint:ignore:only_variable_string
fail("${param_size} is not a correct size for auth_encryption_key parameter, it must be either 16, 24, 32 bytes long.")
}
include heat
include heat::params

17
spec/classes/heat_engine_spec.rb
View File

@ -33,7 +33,7 @@ describe 'heat::engine' do
}
end
shared_examples_for 'heat-engine' do
shared_examples_for 'heat::engine' do
let :pre_condition do
"class { 'heat::keystone::authtoken':
password => 'password',
@ -41,13 +41,12 @@ describe 'heat::engine' do
end
[
{},
{ :auth_encryption_key => '1234567890AZERTYUIOPMLKJHGFDSQ12' },
{ :auth_encryption_key => '0234567890AZERTYUIOPMLKJHGFDSQ24',
:enabled => false,
:heat_stack_user_role => 'heat_stack_user',
:heat_metadata_server_url => 'http://127.0.0.1:8000',
:heat_waitcondition_server_url => 'http://127.0.0.1:8000/v1/waitcondition',
:heat_metadata_server_url => 'https://127.0.0.1:8000',
:heat_waitcondition_server_url => 'https://127.0.0.1:8000/v1/waitcondition',
:default_software_config_transport => 'POLL_SERVER_CFN',
:default_deployment_signal_transport => 'CFN_SIGNAL',
:default_user_data_format => 'HEAT_CFNTOOLS',
@ -167,14 +166,6 @@ describe 'heat::engine' do
end
it { is_expected.to contain_heat_config('DEFAULT/plugin_dirs').with_value(['/usr/lib/heat,/usr/local/lib/heat']) }
end
context 'with wrong auth_encryption_key parameter size' do
before do
params.merge!({
:auth_encryption_key => 'hello' })
end
it_raises 'a Puppet::Error', /5 is not a correct size for auth_encryption_key parameter, it must be either 16, 24, 32 bytes long./
end
end
on_supported_os({
@ -198,7 +189,7 @@ describe 'heat::engine' do
end
end
it_behaves_like 'heat-engine'
it_behaves_like 'heat::engine'
end
end

40
spec/type_aliases/authencryptionkey_spec.rb Normal file
View File

@ -0,0 +1,40 @@
require 'spec_helper'
describe 'Heat::AuthEncryptionKey' do
describe 'valid types' do
context 'with valid types' do
[
'0123456789abcdef',
'0123456789abcdefghijklmn',
'0123456789abcdefghijklmnopqrstuv'
].each do |value|
describe value.inspect do
it { is_expected.to allow_value(value) }
end
end
end
end
describe 'invalid types' do
context 'with garbage inputs' do
[
1234567890123456,
true,
false,
nil,
{'0123456789abcdefghijklmnopqrstuv' => '0123456789abcdefghijklmnopqrstuv'},
['0123456789abcdefghijklmnopqrstuv'],
'0123456789abcde',
'0123456789abcdefg',
'0123456789abcdefghijklm',
'0123456789abcdefghijklmno',
'0123456789abcdefghijklmnopqrstu',
'0123456789abcdefghijklmnopqrstuvw',
].each do |value|
describe value.inspect do
it { is_expected.not_to allow_value(value) }
end
end
end
end
end

5
types/authencryptionkey.pp Normal file
View File

@ -0,0 +1,5 @@
type Heat::AuthEncryptionKey = Variant[
String[16:16],
String[24:24],
String[32:32]
]