Refactor validation of ssh_key parameters by Struct data type
Change-Id: I55d79365ad9686ea9d59597894f6f337b8fedbf6
This commit is contained in:
parent
d997e71d06
commit
17bd61e042
@ -335,74 +335,74 @@
|
|||||||
# Defaults to undef
|
# Defaults to undef
|
||||||
#
|
#
|
||||||
class nova(
|
class nova(
|
||||||
$ensure_package = 'present',
|
$ensure_package = 'present',
|
||||||
$default_transport_url = $facts['os_service_default'],
|
$default_transport_url = $facts['os_service_default'],
|
||||||
$rpc_response_timeout = $facts['os_service_default'],
|
$rpc_response_timeout = $facts['os_service_default'],
|
||||||
$long_rpc_timeout = $facts['os_service_default'],
|
$long_rpc_timeout = $facts['os_service_default'],
|
||||||
$control_exchange = $facts['os_service_default'],
|
$control_exchange = $facts['os_service_default'],
|
||||||
$executor_thread_pool_size = $facts['os_service_default'],
|
$executor_thread_pool_size = $facts['os_service_default'],
|
||||||
$rabbit_use_ssl = $facts['os_service_default'],
|
$rabbit_use_ssl = $facts['os_service_default'],
|
||||||
$rabbit_heartbeat_timeout_threshold = $facts['os_service_default'],
|
$rabbit_heartbeat_timeout_threshold = $facts['os_service_default'],
|
||||||
$rabbit_heartbeat_rate = $facts['os_service_default'],
|
$rabbit_heartbeat_rate = $facts['os_service_default'],
|
||||||
$rabbit_heartbeat_in_pthread = $facts['os_service_default'],
|
$rabbit_heartbeat_in_pthread = $facts['os_service_default'],
|
||||||
$rabbit_qos_prefetch_count = $facts['os_service_default'],
|
$rabbit_qos_prefetch_count = $facts['os_service_default'],
|
||||||
$rabbit_ha_queues = $facts['os_service_default'],
|
$rabbit_ha_queues = $facts['os_service_default'],
|
||||||
$rabbit_quorum_queue = $facts['os_service_default'],
|
$rabbit_quorum_queue = $facts['os_service_default'],
|
||||||
$rabbit_transient_quorum_queue = $facts['os_service_default'],
|
$rabbit_transient_quorum_queue = $facts['os_service_default'],
|
||||||
$rabbit_quorum_delivery_limit = $facts['os_service_default'],
|
$rabbit_quorum_delivery_limit = $facts['os_service_default'],
|
||||||
$rabbit_quorum_max_memory_length = $facts['os_service_default'],
|
$rabbit_quorum_max_memory_length = $facts['os_service_default'],
|
||||||
$rabbit_quorum_max_memory_bytes = $facts['os_service_default'],
|
$rabbit_quorum_max_memory_bytes = $facts['os_service_default'],
|
||||||
$rabbit_enable_cancel_on_failover = $facts['os_service_default'],
|
$rabbit_enable_cancel_on_failover = $facts['os_service_default'],
|
||||||
$rabbit_retry_interval = $facts['os_service_default'],
|
$rabbit_retry_interval = $facts['os_service_default'],
|
||||||
$kombu_ssl_ca_certs = $facts['os_service_default'],
|
$kombu_ssl_ca_certs = $facts['os_service_default'],
|
||||||
$kombu_ssl_certfile = $facts['os_service_default'],
|
$kombu_ssl_certfile = $facts['os_service_default'],
|
||||||
$kombu_ssl_keyfile = $facts['os_service_default'],
|
$kombu_ssl_keyfile = $facts['os_service_default'],
|
||||||
$kombu_ssl_version = $facts['os_service_default'],
|
$kombu_ssl_version = $facts['os_service_default'],
|
||||||
$kombu_reconnect_delay = $facts['os_service_default'],
|
$kombu_reconnect_delay = $facts['os_service_default'],
|
||||||
$kombu_failover_strategy = $facts['os_service_default'],
|
$kombu_failover_strategy = $facts['os_service_default'],
|
||||||
$kombu_compression = $facts['os_service_default'],
|
$kombu_compression = $facts['os_service_default'],
|
||||||
$amqp_durable_queues = $facts['os_service_default'],
|
$amqp_durable_queues = $facts['os_service_default'],
|
||||||
$host = $facts['os_service_default'],
|
$host = $facts['os_service_default'],
|
||||||
$service_down_time = $facts['os_service_default'],
|
$service_down_time = $facts['os_service_default'],
|
||||||
$state_path = '/var/lib/nova',
|
$state_path = '/var/lib/nova',
|
||||||
$lock_path = $::nova::params::lock_path,
|
$lock_path = $::nova::params::lock_path,
|
||||||
$report_interval = $facts['os_service_default'],
|
$report_interval = $facts['os_service_default'],
|
||||||
$periodic_fuzzy_delay = $facts['os_service_default'],
|
$periodic_fuzzy_delay = $facts['os_service_default'],
|
||||||
$rootwrap_config = '/etc/nova/rootwrap.conf',
|
$rootwrap_config = '/etc/nova/rootwrap.conf',
|
||||||
Boolean $use_ssl = false,
|
Boolean $use_ssl = false,
|
||||||
Array[String[1]] $enabled_ssl_apis = ['metadata', 'osapi_compute'],
|
Array[String[1]] $enabled_ssl_apis = ['metadata', 'osapi_compute'],
|
||||||
$ca_file = undef,
|
$ca_file = undef,
|
||||||
$cert_file = undef,
|
$cert_file = undef,
|
||||||
$key_file = undef,
|
$key_file = undef,
|
||||||
Nova::SshKey $nova_public_key = undef,
|
Optional[Nova::SshKey] $nova_public_key = undef,
|
||||||
Nova::SshKey $nova_private_key = undef,
|
Optional[Nova::SshKey] $nova_private_key = undef,
|
||||||
$ssl_only = $facts['os_service_default'],
|
$ssl_only = $facts['os_service_default'],
|
||||||
$cert = $facts['os_service_default'],
|
$cert = $facts['os_service_default'],
|
||||||
$key = $facts['os_service_default'],
|
$key = $facts['os_service_default'],
|
||||||
$console_ssl_ciphers = $facts['os_service_default'],
|
$console_ssl_ciphers = $facts['os_service_default'],
|
||||||
$console_ssl_minimum_version = $facts['os_service_default'],
|
$console_ssl_minimum_version = $facts['os_service_default'],
|
||||||
$notification_transport_url = $facts['os_service_default'],
|
$notification_transport_url = $facts['os_service_default'],
|
||||||
$notification_driver = $facts['os_service_default'],
|
$notification_driver = $facts['os_service_default'],
|
||||||
$notification_topics = $facts['os_service_default'],
|
$notification_topics = $facts['os_service_default'],
|
||||||
$notification_retry = $facts['os_service_default'],
|
$notification_retry = $facts['os_service_default'],
|
||||||
$notification_format = $facts['os_service_default'],
|
$notification_format = $facts['os_service_default'],
|
||||||
$notify_on_state_change = $facts['os_service_default'],
|
$notify_on_state_change = $facts['os_service_default'],
|
||||||
$ovsdb_connection = $facts['os_service_default'],
|
$ovsdb_connection = $facts['os_service_default'],
|
||||||
$upgrade_level_compute = $facts['os_service_default'],
|
$upgrade_level_compute = $facts['os_service_default'],
|
||||||
$upgrade_level_conductor = $facts['os_service_default'],
|
$upgrade_level_conductor = $facts['os_service_default'],
|
||||||
$upgrade_level_scheduler = $facts['os_service_default'],
|
$upgrade_level_scheduler = $facts['os_service_default'],
|
||||||
$cpu_allocation_ratio = $facts['os_service_default'],
|
$cpu_allocation_ratio = $facts['os_service_default'],
|
||||||
$ram_allocation_ratio = $facts['os_service_default'],
|
$ram_allocation_ratio = $facts['os_service_default'],
|
||||||
$disk_allocation_ratio = $facts['os_service_default'],
|
$disk_allocation_ratio = $facts['os_service_default'],
|
||||||
$initial_cpu_allocation_ratio = $facts['os_service_default'],
|
$initial_cpu_allocation_ratio = $facts['os_service_default'],
|
||||||
$initial_ram_allocation_ratio = $facts['os_service_default'],
|
$initial_ram_allocation_ratio = $facts['os_service_default'],
|
||||||
$initial_disk_allocation_ratio = $facts['os_service_default'],
|
$initial_disk_allocation_ratio = $facts['os_service_default'],
|
||||||
Boolean $purge_config = false,
|
Boolean $purge_config = false,
|
||||||
$my_ip = $facts['os_service_default'],
|
$my_ip = $facts['os_service_default'],
|
||||||
$dhcp_domain = $facts['os_service_default'],
|
$dhcp_domain = $facts['os_service_default'],
|
||||||
$instance_name_template = $facts['os_service_default'],
|
$instance_name_template = $facts['os_service_default'],
|
||||||
# DEPRECATED PARAMETERS
|
# DEPRECATED PARAMETERS
|
||||||
$auth_strategy = undef,
|
$auth_strategy = undef,
|
||||||
) inherits nova::params {
|
) inherits nova::params {
|
||||||
|
|
||||||
include nova::deps
|
include nova::deps
|
||||||
@ -432,10 +432,6 @@ class nova(
|
|||||||
}
|
}
|
||||||
|
|
||||||
if $nova_public_key {
|
if $nova_public_key {
|
||||||
if ! $nova_public_key['key'] or ! $nova_public_key['type'] {
|
|
||||||
fail('You must provide both a key type and key data.')
|
|
||||||
}
|
|
||||||
|
|
||||||
ssh_authorized_key { 'nova-migration-public-key':
|
ssh_authorized_key { 'nova-migration-public-key':
|
||||||
ensure => present,
|
ensure => present,
|
||||||
key => $nova_public_key['key'],
|
key => $nova_public_key['key'],
|
||||||
@ -446,25 +442,10 @@ class nova(
|
|||||||
}
|
}
|
||||||
|
|
||||||
if $nova_private_key {
|
if $nova_private_key {
|
||||||
if ! $nova_private_key['key'] or ! $nova_private_key['type'] {
|
$nova_private_key_file = regsubst($nova_private_key['type'], /^ssh-/, 'id_')
|
||||||
fail('You must provide both a key type and key data.')
|
|
||||||
}
|
|
||||||
|
|
||||||
$nova_private_key_file = $nova_private_key['type'] ? {
|
file { "/var/lib/nova/.ssh/${nova_private_key_file}":
|
||||||
'ssh-rsa' => '/var/lib/nova/.ssh/id_rsa',
|
content => $nova_private_key['key'],
|
||||||
'ssh-dsa' => '/var/lib/nova/.ssh/id_dsa',
|
|
||||||
'ssh-ecdsa' => '/var/lib/nova/.ssh/id_ecdsa',
|
|
||||||
'ssh-ed25519' => '/var/lib/nova/.ssh/id_ed25519',
|
|
||||||
default => undef
|
|
||||||
}
|
|
||||||
|
|
||||||
if ! $nova_private_key_file {
|
|
||||||
fail("Unable to determine name of private key file. Type specified was '${nova_private_key['type']}' \
|
|
||||||
but should be one of: ssh-rsa, ssh-dsa, ssh-ecdsa, ssh-ed25519.")
|
|
||||||
}
|
|
||||||
|
|
||||||
file { $nova_private_key_file:
|
|
||||||
content => $nova_private_key[key],
|
|
||||||
mode => '0600',
|
mode => '0600',
|
||||||
owner => $::nova::params::user,
|
owner => $::nova::params::user,
|
||||||
group => $::nova::params::group,
|
group => $::nova::params::group,
|
||||||
|
@ -285,40 +285,6 @@ describe 'nova' do
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with ssh public key missing key type' do
|
|
||||||
let :params do
|
|
||||||
{
|
|
||||||
:nova_public_key => {'key' => 'keydata'}
|
|
||||||
}
|
|
||||||
end
|
|
||||||
|
|
||||||
it 'should raise an error' do
|
|
||||||
expect {
|
|
||||||
is_expected.to contain_ssh_authorized_key('nova-migration-public-key').with(
|
|
||||||
:ensure => 'present',
|
|
||||||
:key => 'keydata'
|
|
||||||
)
|
|
||||||
}.to raise_error Puppet::Error, /You must provide both a key type and key data./
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
context 'with ssh public key missing key data' do
|
|
||||||
let :params do
|
|
||||||
{
|
|
||||||
:nova_public_key => {'type' => 'ssh-rsa'}
|
|
||||||
}
|
|
||||||
end
|
|
||||||
|
|
||||||
it 'should raise an error' do
|
|
||||||
expect {
|
|
||||||
is_expected.to contain_ssh_authorized_key('nova-migration-public-key').with(
|
|
||||||
:ensure => 'present',
|
|
||||||
:key => 'keydata'
|
|
||||||
)
|
|
||||||
}.to raise_error Puppet::Error, /You must provide both a key type and key data./
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
{
|
{
|
||||||
'ssh-rsa' => 'id_rsa',
|
'ssh-rsa' => 'id_rsa',
|
||||||
'ssh-dsa' => 'id_dsa',
|
'ssh-dsa' => 'id_dsa',
|
||||||
@ -345,55 +311,6 @@ describe 'nova' do
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with ssh private key missing key type' do
|
|
||||||
let :params do
|
|
||||||
{
|
|
||||||
:nova_private_key => {'key' => 'keydata'}
|
|
||||||
}
|
|
||||||
end
|
|
||||||
|
|
||||||
it 'should raise an error' do
|
|
||||||
expect {
|
|
||||||
is_expected.to contain_file('/var/lib/nova/.ssh/id_rsa').with(
|
|
||||||
:content => 'keydata',
|
|
||||||
)
|
|
||||||
}.to raise_error Puppet::Error, /You must provide both a key type and key data./
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
context 'with ssh private key having incorrect key type' do
|
|
||||||
let :params do
|
|
||||||
{
|
|
||||||
:nova_private_key => {'type' => 'invalid',
|
|
||||||
'key' => 'keydata'}
|
|
||||||
}
|
|
||||||
end
|
|
||||||
|
|
||||||
it 'should raise an error' do
|
|
||||||
expect {
|
|
||||||
is_expected.to contain_file('/var/lib/nova/.ssh/id_rsa').with(
|
|
||||||
:content => 'keydata'
|
|
||||||
)
|
|
||||||
}.to raise_error Puppet::Error, /Unable to determine name of private key file./
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
context 'with ssh private key missing key data' do
|
|
||||||
let :params do
|
|
||||||
{
|
|
||||||
:nova_private_key => {'type' => 'ssh-rsa'}
|
|
||||||
}
|
|
||||||
end
|
|
||||||
|
|
||||||
it 'should raise an error' do
|
|
||||||
expect {
|
|
||||||
is_expected.to contain_file('/var/lib/nova/.ssh/id_rsa').with(
|
|
||||||
:content => 'keydata'
|
|
||||||
)
|
|
||||||
}.to raise_error Puppet::Error, /You must provide both a key type and key data./
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
context 'with SSL socket options set' do
|
context 'with SSL socket options set' do
|
||||||
let :params do
|
let :params do
|
||||||
{
|
{
|
||||||
|
@ -4,10 +4,10 @@ describe 'Nova::SshKey' do
|
|||||||
describe 'valid types' do
|
describe 'valid types' do
|
||||||
context 'with valid types' do
|
context 'with valid types' do
|
||||||
[
|
[
|
||||||
{'key' => 'foo'},
|
{'key' => 'foo', 'type' => 'ssh-rsa'},
|
||||||
{'type' => 'bar'},
|
{'key' => 'foo', 'type' => 'ssh-dsa'},
|
||||||
{'key' => 'foo', 'type' => 'bar'},
|
{'key' => 'foo', 'type' => 'ssh-ecdsa'},
|
||||||
{},
|
{'key' => 'foo', 'type' => 'ssh-ed25519'},
|
||||||
].each do |value|
|
].each do |value|
|
||||||
describe value.inspect do
|
describe value.inspect do
|
||||||
it { is_expected.to allow_value(value) }
|
it { is_expected.to allow_value(value) }
|
||||||
@ -19,13 +19,13 @@ describe 'Nova::SshKey' do
|
|||||||
describe 'invalid types' do
|
describe 'invalid types' do
|
||||||
context 'with garbage inputs' do
|
context 'with garbage inputs' do
|
||||||
[
|
[
|
||||||
{'key' => 1},
|
{},
|
||||||
{'fookey' => 'foo'},
|
{'key' => 'foo'},
|
||||||
'foo',
|
{'type' => 'ssh-rsa'},
|
||||||
true,
|
{'key' => 'foo', 'type' => 'ssh-invalid'},
|
||||||
false,
|
{'key' => '', 'type' => 'ssh-rsa'},
|
||||||
1,
|
{'key' => 1, 'type' => 'ssh-rsa'},
|
||||||
1.1,
|
nil,
|
||||||
'<SERVICE DEFAULT>',
|
'<SERVICE DEFAULT>',
|
||||||
].each do |value|
|
].each do |value|
|
||||||
describe value.inspect do
|
describe value.inspect do
|
||||||
|
@ -1 +1,6 @@
|
|||||||
type Nova::SshKey = Optional[Hash[Enum['key', 'type'], String[1]]]
|
type Nova::SshKey = Struct[
|
||||||
|
{
|
||||||
|
key => String[1],
|
||||||
|
type => Enum['ssh-rsa', 'ssh-dsa', 'ssh-ecdsa', 'ssh-ed25519']
|
||||||
|
}
|
||||||
|
]
|
||||||
|
Loading…
Reference in New Issue
Block a user