From 1a1b7cc080c8eb7bca57322c3c2989f9eb791c16 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <kajinamit@oss.nttdata.com>
Date: Sun, 29 Sep 2024 20:45:49 +0900
Subject: [PATCH] Add type to validate policy hash input

Change-Id: Ida6b362c6e7ce21aad2789401e676eeb1542eb5e
---
 manifests/policy.pp                |  2 +-
 spec/type_aliases/policies_spec.rb | 36 ++++++++++++++++++++++++++++++
 types/policies.pp                  |  8 +++++++
 3 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 spec/type_aliases/policies_spec.rb
 create mode 100644 types/policies.pp

diff --git a/manifests/policy.pp b/manifests/policy.pp
index 3e805eda..84206a41 100644
--- a/manifests/policy.pp
+++ b/manifests/policy.pp
@@ -53,7 +53,7 @@
 #
 define openstacklib::policy (
   Stdlib::Absolutepath $policy_path  = $name,
-  Hash $policies                     = {},
+  Openstacklib::Policies $policies   = {},
   $file_mode                         = '0640',
   $file_user                         = undef,
   $file_group                        = undef,
diff --git a/spec/type_aliases/policies_spec.rb b/spec/type_aliases/policies_spec.rb
new file mode 100644
index 00000000..be79b1e9
--- /dev/null
+++ b/spec/type_aliases/policies_spec.rb
@@ -0,0 +1,36 @@
+require 'spec_helper'
+
+describe 'Openstacklib::Policies' do
+  describe 'valid types' do
+    context 'with valid types' do
+      [
+        {},
+        {'name' => {'key' => 'mykey', 'value' => 'myvalue'}},
+        {'name' => {'value' => 'myvalue'}},
+      ].each do |value|
+        describe value.inspect do
+          it { is_expected.to allow_value(value) }
+        end
+      end
+    end
+  end
+
+  describe 'invalid types' do
+    context 'with garbage inputs' do
+      [
+        {'name' => {}},
+        {'name' => {'key' => 'mykey'}},
+        {'name' => {'key' => 1, 'value' => 'myvalue'}},
+        {'name' => {'key' => 'mykey', 'value' => 1}},
+        {'name' => {'key' => 'mykey', 'value' => 'myvalue', 'foo' => 'bar'}},
+        {'name' => {'value' => 'myvalue', 'foo' => 'bar'}},
+        {0 => {'key' => 1, 'value' => 'myvalue'}},
+      ].each do |value|
+        describe value.inspect do
+          it { is_expected.not_to allow_value(value) }
+        end
+      end
+    end
+  end
+end
+
diff --git a/types/policies.pp b/types/policies.pp
new file mode 100644
index 00000000..6960bf0e
--- /dev/null
+++ b/types/policies.pp
@@ -0,0 +1,8 @@
+type Openstacklib::Policies = Hash[
+  String[1], Struct[
+    {
+      key   => Optional[String[1]],
+      value => String[1],
+    }
+  ]
+]