From ec281aacc7ed71a82294c9f492caf7a5a85decee Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <tkajinam@redhat.com>
Date: Thu, 16 Mar 2023 13:27:04 +0900
Subject: [PATCH] Add strict validation about boolean parameters

This ensures the parameters used by if-else logic accept only boolean
values because non-boolean can result in unexpected behavior.

Change-Id: I491cc86eb105bc5484ed60c605183859b40696c2
---
 manifests/api.pp         | 3 +++
 manifests/conductor.pp   | 3 +++
 manifests/drivers/pxe.pp | 3 +++
 manifests/inspector.pp   | 6 ++++++
 manifests/json_rpc.pp    | 2 ++
 manifests/pxe.pp         | 4 ++++
 6 files changed, 21 insertions(+)

diff --git a/manifests/api.pp b/manifests/api.pp
index 57e60776..0bcf342c 100644
--- a/manifests/api.pp
+++ b/manifests/api.pp
@@ -92,6 +92,9 @@ class ironic::api (
   include ironic::policy
   include ironic::api::authtoken
 
+  validate_legacy(Boolean, 'validate_bool', $manage_service)
+  validate_legacy(Boolean, 'validate_bool', $enabled)
+
   # Configure ironic.conf
   ironic_config {
     'api/host_ip':         value => $host_ip;
diff --git a/manifests/conductor.pp b/manifests/conductor.pp
index cd58d398..35cc6cb1 100644
--- a/manifests/conductor.pp
+++ b/manifests/conductor.pp
@@ -286,6 +286,9 @@ class ironic::conductor (
   include ironic::deps
   include ironic::params
 
+  validate_legacy(Boolean, 'validate_bool', $enabled)
+  validate_legacy(Boolean, 'validate_bool', $manage_service)
+
   # For backward compatibility
   include ironic::glance
 
diff --git a/manifests/drivers/pxe.pp b/manifests/drivers/pxe.pp
index 461267d8..9cd03d9f 100644
--- a/manifests/drivers/pxe.pp
+++ b/manifests/drivers/pxe.pp
@@ -154,6 +154,9 @@ class ironic::drivers::pxe (
 ) inherits ironic::params {
 
   include ironic::deps
+
+  validate_legacy(Boolean, 'validate_bool', $enable_ppc64le)
+
   include ironic::pxe::common
   $tftp_root_real               = pick($::ironic::pxe::common::tftp_root, $tftp_root)
   $ipxe_timeout_real            = pick($::ironic::pxe::common::ipxe_timeout, $ipxe_timeout)
diff --git a/manifests/inspector.pp b/manifests/inspector.pp
index b9363a3c..3cedd17a 100644
--- a/manifests/inspector.pp
+++ b/manifests/inspector.pp
@@ -238,6 +238,12 @@ class ironic::inspector (
   $uefi_ipxe_bootfile_name         = $::ironic::params::uefi_ipxe_bootfile_name,
 ) inherits ironic::params {
 
+  validate_legacy(Boolean, 'validate_bool', $manage_service)
+  validate_legacy(Boolean, 'validate_bool', $enabled)
+  validate_legacy(Boolean, 'validate_bool', $dhcp_debug)
+  validate_legacy(Boolean, 'validate_bool', $dnsmasq_dhcp_sequential_ip)
+  validate_legacy(Boolean, 'validate_bool', $sync_db)
+  validate_legacy(Boolean, 'validate_bool', $enable_ppc64le)
   validate_legacy(Array, 'validate_array', $dnsmasq_ip_subnets)
   validate_legacy(Hash, 'validate_hash', $port_physnet_cidr_map)
 
diff --git a/manifests/json_rpc.pp b/manifests/json_rpc.pp
index d58557c1..2241157b 100644
--- a/manifests/json_rpc.pp
+++ b/manifests/json_rpc.pp
@@ -103,6 +103,8 @@ class ironic::json_rpc (
 
   include ironic::deps
 
+  validate_legacy(Boolean, 'validate_bool', $use_ssl)
+
   if is_service_default($system_scope) {
     $project_name_real = $project_name
     $project_domain_name_real = $project_domain_name
diff --git a/manifests/pxe.pp b/manifests/pxe.pp
index b270a78b..cdcfdcb4 100644
--- a/manifests/pxe.pp
+++ b/manifests/pxe.pp
@@ -113,6 +113,10 @@ class ironic::pxe (
   include ironic::deps
   include ironic::pxe::common
 
+  validate_legacy(Boolean, 'validate_bool', $manage_service)
+  validate_legacy(Boolean, 'validate_bool', $enabled)
+  validate_legacy(Boolean, 'validate_bool', $manage_http_server)
+
   $tftp_root_real = pick($::ironic::pxe::common::tftp_root, $tftp_root)
   $http_root_real = pick($::ironic::pxe::common::http_root, $http_root)
   $http_port_real = pick($::ironic::pxe::common::http_port, $http_port)