Make regex matching policy key stricter
There is a bug where this regex can match multiple lines if a policy contains ':'. Make this regex stricter by making sure the key doesn't end with a ':' within the quotes. Closes-Bug: #1968294 Change-Id: I4090d6831db8ddc4fba294f181085b657e2b3345
This commit is contained in:
parent
59c3e5b9fd
commit
33fb90326f
@ -92,7 +92,7 @@ define openstacklib::policy::base (
|
|||||||
file_line { "${file_path}-${key}" :
|
file_line { "${file_path}-${key}" :
|
||||||
path => $file_path,
|
path => $file_path,
|
||||||
line => "'${key}': '${value_real}'",
|
line => "'${key}': '${value_real}'",
|
||||||
match => "^['\"]?${key}['\"]?\\s*:.+"
|
match => "^['\"]?${key}(?!:)['\"]?\\s*:.+"
|
||||||
}
|
}
|
||||||
Openstacklib::Policy::Default<| title == $file_path |>
|
Openstacklib::Policy::Default<| title == $file_path |>
|
||||||
-> File_line<| title == "${file_path}-${key}" |>
|
-> File_line<| title == "${file_path}-${key}" |>
|
||||||
|
@ -18,6 +18,18 @@ describe 'policy file management' do
|
|||||||
value => 'role:member',
|
value => 'role:member',
|
||||||
file_format => 'yaml',
|
file_format => 'yaml',
|
||||||
}
|
}
|
||||||
|
openstacklib::policy::base { 'get_router':
|
||||||
|
file_path => '/tmp/policy.yaml',
|
||||||
|
key => 'get_router',
|
||||||
|
value => 'rule:admin_or_owner',
|
||||||
|
file_format => 'yaml',
|
||||||
|
}
|
||||||
|
openstacklib::policy::base { 'get_router:distributed':
|
||||||
|
file_path => '/tmp/policy.yaml',
|
||||||
|
key => 'get_router:distributed',
|
||||||
|
value => 'rule:admin_only',
|
||||||
|
file_format => 'yaml',
|
||||||
|
}
|
||||||
|
|
||||||
EOS
|
EOS
|
||||||
|
|
||||||
@ -30,6 +42,8 @@ describe 'policy file management' do
|
|||||||
it { should exist }
|
it { should exist }
|
||||||
it { should contain("'is_admin': 'role:admin'") }
|
it { should contain("'is_admin': 'role:admin'") }
|
||||||
it { should contain("'is_member': 'role:member'") }
|
it { should contain("'is_member': 'role:member'") }
|
||||||
|
it { should contain("'get_router': 'rule:admin_or_owner'") }
|
||||||
|
it { should contain("'get_router:distributed': 'rule:admin_only'") }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -72,7 +72,7 @@ describe 'openstacklib::policy::base' do
|
|||||||
it { should contain_file_line('/etc/nova/policy.yaml-context_is_admin or owner').with(
|
it { should contain_file_line('/etc/nova/policy.yaml-context_is_admin or owner').with(
|
||||||
:path => '/etc/nova/policy.yaml',
|
:path => '/etc/nova/policy.yaml',
|
||||||
:line => '\'context_is_admin or owner\': \'foo:bar\'',
|
:line => '\'context_is_admin or owner\': \'foo:bar\'',
|
||||||
:match => '^[\'"]?context_is_admin or owner[\'"]?\s*:.+'
|
:match => '^[\'"]?context_is_admin or owner(?!:)[\'"]?\s*:.+'
|
||||||
) }
|
) }
|
||||||
|
|
||||||
context 'with single-quotes in value' do
|
context 'with single-quotes in value' do
|
||||||
@ -85,7 +85,7 @@ describe 'openstacklib::policy::base' do
|
|||||||
it { should contain_file_line('/etc/nova/policy.yaml-context_is_admin or owner').with(
|
it { should contain_file_line('/etc/nova/policy.yaml-context_is_admin or owner').with(
|
||||||
:path => '/etc/nova/policy.yaml',
|
:path => '/etc/nova/policy.yaml',
|
||||||
:line => '\'context_is_admin or owner\': \'foo:\'\'bar\'\'\'',
|
:line => '\'context_is_admin or owner\': \'foo:\'\'bar\'\'\'',
|
||||||
:match => '^[\'"]?context_is_admin or owner[\'"]?\s*:.+'
|
:match => '^[\'"]?context_is_admin or owner(?!:)[\'"]?\s*:.+'
|
||||||
) }
|
) }
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -99,7 +99,7 @@ describe 'openstacklib::policy::base' do
|
|||||||
it { should contain_file_line('/etc/nova/policy.yaml-context_is_admin or owner').with(
|
it { should contain_file_line('/etc/nova/policy.yaml-context_is_admin or owner').with(
|
||||||
:path => '/etc/nova/policy.yaml',
|
:path => '/etc/nova/policy.yaml',
|
||||||
:line => '\'context_is_admin or owner\': \'foo:\'\'bar\'\'\'',
|
:line => '\'context_is_admin or owner\': \'foo:\'\'bar\'\'\'',
|
||||||
:match => '^[\'"]?context_is_admin or owner[\'"]?\s*:.+'
|
:match => '^[\'"]?context_is_admin or owner(?!:)[\'"]?\s*:.+'
|
||||||
) }
|
) }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
Loading…
Reference in New Issue
Block a user