Refactor validation of ssh_key parameters by Struct data type

Change-Id: I55d79365ad9686ea9d59597894f6f337b8fedbf6
This commit is contained in:
Takashi Kajinami 2024-09-29 21:16:42 +09:00
parent d997e71d06
commit 17bd61e042
4 changed files with 87 additions and 184 deletions

View File

@ -335,74 +335,74 @@
# Defaults to undef # Defaults to undef
# #
class nova( class nova(
$ensure_package = 'present', $ensure_package = 'present',
$default_transport_url = $facts['os_service_default'], $default_transport_url = $facts['os_service_default'],
$rpc_response_timeout = $facts['os_service_default'], $rpc_response_timeout = $facts['os_service_default'],
$long_rpc_timeout = $facts['os_service_default'], $long_rpc_timeout = $facts['os_service_default'],
$control_exchange = $facts['os_service_default'], $control_exchange = $facts['os_service_default'],
$executor_thread_pool_size = $facts['os_service_default'], $executor_thread_pool_size = $facts['os_service_default'],
$rabbit_use_ssl = $facts['os_service_default'], $rabbit_use_ssl = $facts['os_service_default'],
$rabbit_heartbeat_timeout_threshold = $facts['os_service_default'], $rabbit_heartbeat_timeout_threshold = $facts['os_service_default'],
$rabbit_heartbeat_rate = $facts['os_service_default'], $rabbit_heartbeat_rate = $facts['os_service_default'],
$rabbit_heartbeat_in_pthread = $facts['os_service_default'], $rabbit_heartbeat_in_pthread = $facts['os_service_default'],
$rabbit_qos_prefetch_count = $facts['os_service_default'], $rabbit_qos_prefetch_count = $facts['os_service_default'],
$rabbit_ha_queues = $facts['os_service_default'], $rabbit_ha_queues = $facts['os_service_default'],
$rabbit_quorum_queue = $facts['os_service_default'], $rabbit_quorum_queue = $facts['os_service_default'],
$rabbit_transient_quorum_queue = $facts['os_service_default'], $rabbit_transient_quorum_queue = $facts['os_service_default'],
$rabbit_quorum_delivery_limit = $facts['os_service_default'], $rabbit_quorum_delivery_limit = $facts['os_service_default'],
$rabbit_quorum_max_memory_length = $facts['os_service_default'], $rabbit_quorum_max_memory_length = $facts['os_service_default'],
$rabbit_quorum_max_memory_bytes = $facts['os_service_default'], $rabbit_quorum_max_memory_bytes = $facts['os_service_default'],
$rabbit_enable_cancel_on_failover = $facts['os_service_default'], $rabbit_enable_cancel_on_failover = $facts['os_service_default'],
$rabbit_retry_interval = $facts['os_service_default'], $rabbit_retry_interval = $facts['os_service_default'],
$kombu_ssl_ca_certs = $facts['os_service_default'], $kombu_ssl_ca_certs = $facts['os_service_default'],
$kombu_ssl_certfile = $facts['os_service_default'], $kombu_ssl_certfile = $facts['os_service_default'],
$kombu_ssl_keyfile = $facts['os_service_default'], $kombu_ssl_keyfile = $facts['os_service_default'],
$kombu_ssl_version = $facts['os_service_default'], $kombu_ssl_version = $facts['os_service_default'],
$kombu_reconnect_delay = $facts['os_service_default'], $kombu_reconnect_delay = $facts['os_service_default'],
$kombu_failover_strategy = $facts['os_service_default'], $kombu_failover_strategy = $facts['os_service_default'],
$kombu_compression = $facts['os_service_default'], $kombu_compression = $facts['os_service_default'],
$amqp_durable_queues = $facts['os_service_default'], $amqp_durable_queues = $facts['os_service_default'],
$host = $facts['os_service_default'], $host = $facts['os_service_default'],
$service_down_time = $facts['os_service_default'], $service_down_time = $facts['os_service_default'],
$state_path = '/var/lib/nova', $state_path = '/var/lib/nova',
$lock_path = $::nova::params::lock_path, $lock_path = $::nova::params::lock_path,
$report_interval = $facts['os_service_default'], $report_interval = $facts['os_service_default'],
$periodic_fuzzy_delay = $facts['os_service_default'], $periodic_fuzzy_delay = $facts['os_service_default'],
$rootwrap_config = '/etc/nova/rootwrap.conf', $rootwrap_config = '/etc/nova/rootwrap.conf',
Boolean $use_ssl = false, Boolean $use_ssl = false,
Array[String[1]] $enabled_ssl_apis = ['metadata', 'osapi_compute'], Array[String[1]] $enabled_ssl_apis = ['metadata', 'osapi_compute'],
$ca_file = undef, $ca_file = undef,
$cert_file = undef, $cert_file = undef,
$key_file = undef, $key_file = undef,
Nova::SshKey $nova_public_key = undef, Optional[Nova::SshKey] $nova_public_key = undef,
Nova::SshKey $nova_private_key = undef, Optional[Nova::SshKey] $nova_private_key = undef,
$ssl_only = $facts['os_service_default'], $ssl_only = $facts['os_service_default'],
$cert = $facts['os_service_default'], $cert = $facts['os_service_default'],
$key = $facts['os_service_default'], $key = $facts['os_service_default'],
$console_ssl_ciphers = $facts['os_service_default'], $console_ssl_ciphers = $facts['os_service_default'],
$console_ssl_minimum_version = $facts['os_service_default'], $console_ssl_minimum_version = $facts['os_service_default'],
$notification_transport_url = $facts['os_service_default'], $notification_transport_url = $facts['os_service_default'],
$notification_driver = $facts['os_service_default'], $notification_driver = $facts['os_service_default'],
$notification_topics = $facts['os_service_default'], $notification_topics = $facts['os_service_default'],
$notification_retry = $facts['os_service_default'], $notification_retry = $facts['os_service_default'],
$notification_format = $facts['os_service_default'], $notification_format = $facts['os_service_default'],
$notify_on_state_change = $facts['os_service_default'], $notify_on_state_change = $facts['os_service_default'],
$ovsdb_connection = $facts['os_service_default'], $ovsdb_connection = $facts['os_service_default'],
$upgrade_level_compute = $facts['os_service_default'], $upgrade_level_compute = $facts['os_service_default'],
$upgrade_level_conductor = $facts['os_service_default'], $upgrade_level_conductor = $facts['os_service_default'],
$upgrade_level_scheduler = $facts['os_service_default'], $upgrade_level_scheduler = $facts['os_service_default'],
$cpu_allocation_ratio = $facts['os_service_default'], $cpu_allocation_ratio = $facts['os_service_default'],
$ram_allocation_ratio = $facts['os_service_default'], $ram_allocation_ratio = $facts['os_service_default'],
$disk_allocation_ratio = $facts['os_service_default'], $disk_allocation_ratio = $facts['os_service_default'],
$initial_cpu_allocation_ratio = $facts['os_service_default'], $initial_cpu_allocation_ratio = $facts['os_service_default'],
$initial_ram_allocation_ratio = $facts['os_service_default'], $initial_ram_allocation_ratio = $facts['os_service_default'],
$initial_disk_allocation_ratio = $facts['os_service_default'], $initial_disk_allocation_ratio = $facts['os_service_default'],
Boolean $purge_config = false, Boolean $purge_config = false,
$my_ip = $facts['os_service_default'], $my_ip = $facts['os_service_default'],
$dhcp_domain = $facts['os_service_default'], $dhcp_domain = $facts['os_service_default'],
$instance_name_template = $facts['os_service_default'], $instance_name_template = $facts['os_service_default'],
# DEPRECATED PARAMETERS # DEPRECATED PARAMETERS
$auth_strategy = undef, $auth_strategy = undef,
) inherits nova::params { ) inherits nova::params {
include nova::deps include nova::deps
@ -432,10 +432,6 @@ class nova(
} }
if $nova_public_key { if $nova_public_key {
if ! $nova_public_key['key'] or ! $nova_public_key['type'] {
fail('You must provide both a key type and key data.')
}
ssh_authorized_key { 'nova-migration-public-key': ssh_authorized_key { 'nova-migration-public-key':
ensure => present, ensure => present,
key => $nova_public_key['key'], key => $nova_public_key['key'],
@ -446,25 +442,10 @@ class nova(
} }
if $nova_private_key { if $nova_private_key {
if ! $nova_private_key['key'] or ! $nova_private_key['type'] { $nova_private_key_file = regsubst($nova_private_key['type'], /^ssh-/, 'id_')
fail('You must provide both a key type and key data.')
}
$nova_private_key_file = $nova_private_key['type'] ? { file { "/var/lib/nova/.ssh/${nova_private_key_file}":
'ssh-rsa' => '/var/lib/nova/.ssh/id_rsa', content => $nova_private_key['key'],
'ssh-dsa' => '/var/lib/nova/.ssh/id_dsa',
'ssh-ecdsa' => '/var/lib/nova/.ssh/id_ecdsa',
'ssh-ed25519' => '/var/lib/nova/.ssh/id_ed25519',
default => undef
}
if ! $nova_private_key_file {
fail("Unable to determine name of private key file. Type specified was '${nova_private_key['type']}' \
but should be one of: ssh-rsa, ssh-dsa, ssh-ecdsa, ssh-ed25519.")
}
file { $nova_private_key_file:
content => $nova_private_key[key],
mode => '0600', mode => '0600',
owner => $::nova::params::user, owner => $::nova::params::user,
group => $::nova::params::group, group => $::nova::params::group,

View File

@ -285,40 +285,6 @@ describe 'nova' do
end end
end end
context 'with ssh public key missing key type' do
let :params do
{
:nova_public_key => {'key' => 'keydata'}
}
end
it 'should raise an error' do
expect {
is_expected.to contain_ssh_authorized_key('nova-migration-public-key').with(
:ensure => 'present',
:key => 'keydata'
)
}.to raise_error Puppet::Error, /You must provide both a key type and key data./
end
end
context 'with ssh public key missing key data' do
let :params do
{
:nova_public_key => {'type' => 'ssh-rsa'}
}
end
it 'should raise an error' do
expect {
is_expected.to contain_ssh_authorized_key('nova-migration-public-key').with(
:ensure => 'present',
:key => 'keydata'
)
}.to raise_error Puppet::Error, /You must provide both a key type and key data./
end
end
{ {
'ssh-rsa' => 'id_rsa', 'ssh-rsa' => 'id_rsa',
'ssh-dsa' => 'id_dsa', 'ssh-dsa' => 'id_dsa',
@ -345,55 +311,6 @@ describe 'nova' do
end end
end end
context 'with ssh private key missing key type' do
let :params do
{
:nova_private_key => {'key' => 'keydata'}
}
end
it 'should raise an error' do
expect {
is_expected.to contain_file('/var/lib/nova/.ssh/id_rsa').with(
:content => 'keydata',
)
}.to raise_error Puppet::Error, /You must provide both a key type and key data./
end
end
context 'with ssh private key having incorrect key type' do
let :params do
{
:nova_private_key => {'type' => 'invalid',
'key' => 'keydata'}
}
end
it 'should raise an error' do
expect {
is_expected.to contain_file('/var/lib/nova/.ssh/id_rsa').with(
:content => 'keydata'
)
}.to raise_error Puppet::Error, /Unable to determine name of private key file./
end
end
context 'with ssh private key missing key data' do
let :params do
{
:nova_private_key => {'type' => 'ssh-rsa'}
}
end
it 'should raise an error' do
expect {
is_expected.to contain_file('/var/lib/nova/.ssh/id_rsa').with(
:content => 'keydata'
)
}.to raise_error Puppet::Error, /You must provide both a key type and key data./
end
end
context 'with SSL socket options set' do context 'with SSL socket options set' do
let :params do let :params do
{ {

View File

@ -4,10 +4,10 @@ describe 'Nova::SshKey' do
describe 'valid types' do describe 'valid types' do
context 'with valid types' do context 'with valid types' do
[ [
{'key' => 'foo'}, {'key' => 'foo', 'type' => 'ssh-rsa'},
{'type' => 'bar'}, {'key' => 'foo', 'type' => 'ssh-dsa'},
{'key' => 'foo', 'type' => 'bar'}, {'key' => 'foo', 'type' => 'ssh-ecdsa'},
{}, {'key' => 'foo', 'type' => 'ssh-ed25519'},
].each do |value| ].each do |value|
describe value.inspect do describe value.inspect do
it { is_expected.to allow_value(value) } it { is_expected.to allow_value(value) }
@ -19,13 +19,13 @@ describe 'Nova::SshKey' do
describe 'invalid types' do describe 'invalid types' do
context 'with garbage inputs' do context 'with garbage inputs' do
[ [
{'key' => 1}, {},
{'fookey' => 'foo'}, {'key' => 'foo'},
'foo', {'type' => 'ssh-rsa'},
true, {'key' => 'foo', 'type' => 'ssh-invalid'},
false, {'key' => '', 'type' => 'ssh-rsa'},
1, {'key' => 1, 'type' => 'ssh-rsa'},
1.1, nil,
'<SERVICE DEFAULT>', '<SERVICE DEFAULT>',
].each do |value| ].each do |value|
describe value.inspect do describe value.inspect do

View File

@ -1 +1,6 @@
type Nova::SshKey = Optional[Hash[Enum['key', 'type'], String[1]]] type Nova::SshKey = Struct[
{
key => String[1],
type => Enum['ssh-rsa', 'ssh-dsa', 'ssh-ecdsa', 'ssh-ed25519']
}
]