Refactor validation of ssh_key parameters by Struct data type

Change-Id: I55d79365ad9686ea9d59597894f6f337b8fedbf6
This commit is contained in:
Takashi Kajinami 2024-09-29 21:16:42 +09:00
parent d997e71d06
commit 17bd61e042
4 changed files with 87 additions and 184 deletions

View File

@ -335,74 +335,74 @@
# Defaults to undef
#
class nova(
$ensure_package = 'present',
$default_transport_url = $facts['os_service_default'],
$rpc_response_timeout = $facts['os_service_default'],
$long_rpc_timeout = $facts['os_service_default'],
$control_exchange = $facts['os_service_default'],
$executor_thread_pool_size = $facts['os_service_default'],
$rabbit_use_ssl = $facts['os_service_default'],
$rabbit_heartbeat_timeout_threshold = $facts['os_service_default'],
$rabbit_heartbeat_rate = $facts['os_service_default'],
$rabbit_heartbeat_in_pthread = $facts['os_service_default'],
$rabbit_qos_prefetch_count = $facts['os_service_default'],
$rabbit_ha_queues = $facts['os_service_default'],
$rabbit_quorum_queue = $facts['os_service_default'],
$rabbit_transient_quorum_queue = $facts['os_service_default'],
$rabbit_quorum_delivery_limit = $facts['os_service_default'],
$rabbit_quorum_max_memory_length = $facts['os_service_default'],
$rabbit_quorum_max_memory_bytes = $facts['os_service_default'],
$rabbit_enable_cancel_on_failover = $facts['os_service_default'],
$rabbit_retry_interval = $facts['os_service_default'],
$kombu_ssl_ca_certs = $facts['os_service_default'],
$kombu_ssl_certfile = $facts['os_service_default'],
$kombu_ssl_keyfile = $facts['os_service_default'],
$kombu_ssl_version = $facts['os_service_default'],
$kombu_reconnect_delay = $facts['os_service_default'],
$kombu_failover_strategy = $facts['os_service_default'],
$kombu_compression = $facts['os_service_default'],
$amqp_durable_queues = $facts['os_service_default'],
$host = $facts['os_service_default'],
$service_down_time = $facts['os_service_default'],
$state_path = '/var/lib/nova',
$lock_path = $::nova::params::lock_path,
$report_interval = $facts['os_service_default'],
$periodic_fuzzy_delay = $facts['os_service_default'],
$rootwrap_config = '/etc/nova/rootwrap.conf',
Boolean $use_ssl = false,
Array[String[1]] $enabled_ssl_apis = ['metadata', 'osapi_compute'],
$ca_file = undef,
$cert_file = undef,
$key_file = undef,
Nova::SshKey $nova_public_key = undef,
Nova::SshKey $nova_private_key = undef,
$ssl_only = $facts['os_service_default'],
$cert = $facts['os_service_default'],
$key = $facts['os_service_default'],
$console_ssl_ciphers = $facts['os_service_default'],
$console_ssl_minimum_version = $facts['os_service_default'],
$notification_transport_url = $facts['os_service_default'],
$notification_driver = $facts['os_service_default'],
$notification_topics = $facts['os_service_default'],
$notification_retry = $facts['os_service_default'],
$notification_format = $facts['os_service_default'],
$notify_on_state_change = $facts['os_service_default'],
$ovsdb_connection = $facts['os_service_default'],
$upgrade_level_compute = $facts['os_service_default'],
$upgrade_level_conductor = $facts['os_service_default'],
$upgrade_level_scheduler = $facts['os_service_default'],
$cpu_allocation_ratio = $facts['os_service_default'],
$ram_allocation_ratio = $facts['os_service_default'],
$disk_allocation_ratio = $facts['os_service_default'],
$initial_cpu_allocation_ratio = $facts['os_service_default'],
$initial_ram_allocation_ratio = $facts['os_service_default'],
$initial_disk_allocation_ratio = $facts['os_service_default'],
Boolean $purge_config = false,
$my_ip = $facts['os_service_default'],
$dhcp_domain = $facts['os_service_default'],
$instance_name_template = $facts['os_service_default'],
$ensure_package = 'present',
$default_transport_url = $facts['os_service_default'],
$rpc_response_timeout = $facts['os_service_default'],
$long_rpc_timeout = $facts['os_service_default'],
$control_exchange = $facts['os_service_default'],
$executor_thread_pool_size = $facts['os_service_default'],
$rabbit_use_ssl = $facts['os_service_default'],
$rabbit_heartbeat_timeout_threshold = $facts['os_service_default'],
$rabbit_heartbeat_rate = $facts['os_service_default'],
$rabbit_heartbeat_in_pthread = $facts['os_service_default'],
$rabbit_qos_prefetch_count = $facts['os_service_default'],
$rabbit_ha_queues = $facts['os_service_default'],
$rabbit_quorum_queue = $facts['os_service_default'],
$rabbit_transient_quorum_queue = $facts['os_service_default'],
$rabbit_quorum_delivery_limit = $facts['os_service_default'],
$rabbit_quorum_max_memory_length = $facts['os_service_default'],
$rabbit_quorum_max_memory_bytes = $facts['os_service_default'],
$rabbit_enable_cancel_on_failover = $facts['os_service_default'],
$rabbit_retry_interval = $facts['os_service_default'],
$kombu_ssl_ca_certs = $facts['os_service_default'],
$kombu_ssl_certfile = $facts['os_service_default'],
$kombu_ssl_keyfile = $facts['os_service_default'],
$kombu_ssl_version = $facts['os_service_default'],
$kombu_reconnect_delay = $facts['os_service_default'],
$kombu_failover_strategy = $facts['os_service_default'],
$kombu_compression = $facts['os_service_default'],
$amqp_durable_queues = $facts['os_service_default'],
$host = $facts['os_service_default'],
$service_down_time = $facts['os_service_default'],
$state_path = '/var/lib/nova',
$lock_path = $::nova::params::lock_path,
$report_interval = $facts['os_service_default'],
$periodic_fuzzy_delay = $facts['os_service_default'],
$rootwrap_config = '/etc/nova/rootwrap.conf',
Boolean $use_ssl = false,
Array[String[1]] $enabled_ssl_apis = ['metadata', 'osapi_compute'],
$ca_file = undef,
$cert_file = undef,
$key_file = undef,
Optional[Nova::SshKey] $nova_public_key = undef,
Optional[Nova::SshKey] $nova_private_key = undef,
$ssl_only = $facts['os_service_default'],
$cert = $facts['os_service_default'],
$key = $facts['os_service_default'],
$console_ssl_ciphers = $facts['os_service_default'],
$console_ssl_minimum_version = $facts['os_service_default'],
$notification_transport_url = $facts['os_service_default'],
$notification_driver = $facts['os_service_default'],
$notification_topics = $facts['os_service_default'],
$notification_retry = $facts['os_service_default'],
$notification_format = $facts['os_service_default'],
$notify_on_state_change = $facts['os_service_default'],
$ovsdb_connection = $facts['os_service_default'],
$upgrade_level_compute = $facts['os_service_default'],
$upgrade_level_conductor = $facts['os_service_default'],
$upgrade_level_scheduler = $facts['os_service_default'],
$cpu_allocation_ratio = $facts['os_service_default'],
$ram_allocation_ratio = $facts['os_service_default'],
$disk_allocation_ratio = $facts['os_service_default'],
$initial_cpu_allocation_ratio = $facts['os_service_default'],
$initial_ram_allocation_ratio = $facts['os_service_default'],
$initial_disk_allocation_ratio = $facts['os_service_default'],
Boolean $purge_config = false,
$my_ip = $facts['os_service_default'],
$dhcp_domain = $facts['os_service_default'],
$instance_name_template = $facts['os_service_default'],
# DEPRECATED PARAMETERS
$auth_strategy = undef,
$auth_strategy = undef,
) inherits nova::params {
include nova::deps
@ -432,10 +432,6 @@ class nova(
}
if $nova_public_key {
if ! $nova_public_key['key'] or ! $nova_public_key['type'] {
fail('You must provide both a key type and key data.')
}
ssh_authorized_key { 'nova-migration-public-key':
ensure => present,
key => $nova_public_key['key'],
@ -446,25 +442,10 @@ class nova(
}
if $nova_private_key {
if ! $nova_private_key['key'] or ! $nova_private_key['type'] {
fail('You must provide both a key type and key data.')
}
$nova_private_key_file = regsubst($nova_private_key['type'], /^ssh-/, 'id_')
$nova_private_key_file = $nova_private_key['type'] ? {
'ssh-rsa' => '/var/lib/nova/.ssh/id_rsa',
'ssh-dsa' => '/var/lib/nova/.ssh/id_dsa',
'ssh-ecdsa' => '/var/lib/nova/.ssh/id_ecdsa',
'ssh-ed25519' => '/var/lib/nova/.ssh/id_ed25519',
default => undef
}
if ! $nova_private_key_file {
fail("Unable to determine name of private key file. Type specified was '${nova_private_key['type']}' \
but should be one of: ssh-rsa, ssh-dsa, ssh-ecdsa, ssh-ed25519.")
}
file { $nova_private_key_file:
content => $nova_private_key[key],
file { "/var/lib/nova/.ssh/${nova_private_key_file}":
content => $nova_private_key['key'],
mode => '0600',
owner => $::nova::params::user,
group => $::nova::params::group,

View File

@ -285,40 +285,6 @@ describe 'nova' do
end
end
context 'with ssh public key missing key type' do
let :params do
{
:nova_public_key => {'key' => 'keydata'}
}
end
it 'should raise an error' do
expect {
is_expected.to contain_ssh_authorized_key('nova-migration-public-key').with(
:ensure => 'present',
:key => 'keydata'
)
}.to raise_error Puppet::Error, /You must provide both a key type and key data./
end
end
context 'with ssh public key missing key data' do
let :params do
{
:nova_public_key => {'type' => 'ssh-rsa'}
}
end
it 'should raise an error' do
expect {
is_expected.to contain_ssh_authorized_key('nova-migration-public-key').with(
:ensure => 'present',
:key => 'keydata'
)
}.to raise_error Puppet::Error, /You must provide both a key type and key data./
end
end
{
'ssh-rsa' => 'id_rsa',
'ssh-dsa' => 'id_dsa',
@ -345,55 +311,6 @@ describe 'nova' do
end
end
context 'with ssh private key missing key type' do
let :params do
{
:nova_private_key => {'key' => 'keydata'}
}
end
it 'should raise an error' do
expect {
is_expected.to contain_file('/var/lib/nova/.ssh/id_rsa').with(
:content => 'keydata',
)
}.to raise_error Puppet::Error, /You must provide both a key type and key data./
end
end
context 'with ssh private key having incorrect key type' do
let :params do
{
:nova_private_key => {'type' => 'invalid',
'key' => 'keydata'}
}
end
it 'should raise an error' do
expect {
is_expected.to contain_file('/var/lib/nova/.ssh/id_rsa').with(
:content => 'keydata'
)
}.to raise_error Puppet::Error, /Unable to determine name of private key file./
end
end
context 'with ssh private key missing key data' do
let :params do
{
:nova_private_key => {'type' => 'ssh-rsa'}
}
end
it 'should raise an error' do
expect {
is_expected.to contain_file('/var/lib/nova/.ssh/id_rsa').with(
:content => 'keydata'
)
}.to raise_error Puppet::Error, /You must provide both a key type and key data./
end
end
context 'with SSL socket options set' do
let :params do
{

View File

@ -4,10 +4,10 @@ describe 'Nova::SshKey' do
describe 'valid types' do
context 'with valid types' do
[
{'key' => 'foo'},
{'type' => 'bar'},
{'key' => 'foo', 'type' => 'bar'},
{},
{'key' => 'foo', 'type' => 'ssh-rsa'},
{'key' => 'foo', 'type' => 'ssh-dsa'},
{'key' => 'foo', 'type' => 'ssh-ecdsa'},
{'key' => 'foo', 'type' => 'ssh-ed25519'},
].each do |value|
describe value.inspect do
it { is_expected.to allow_value(value) }
@ -19,13 +19,13 @@ describe 'Nova::SshKey' do
describe 'invalid types' do
context 'with garbage inputs' do
[
{'key' => 1},
{'fookey' => 'foo'},
'foo',
true,
false,
1,
1.1,
{},
{'key' => 'foo'},
{'type' => 'ssh-rsa'},
{'key' => 'foo', 'type' => 'ssh-invalid'},
{'key' => '', 'type' => 'ssh-rsa'},
{'key' => 1, 'type' => 'ssh-rsa'},
nil,
'<SERVICE DEFAULT>',
].each do |value|
describe value.inspect do

View File

@ -1 +1,6 @@
type Nova::SshKey = Optional[Hash[Enum['key', 'type'], String[1]]]
type Nova::SshKey = Struct[
{
key => String[1],
type => Enum['ssh-rsa', 'ssh-dsa', 'ssh-ecdsa', 'ssh-ed25519']
}
]