policy: Quote single quotes in yaml format

In YAML, when a string is surrounded by single quotes('), any single quote in that string should be prefixed by another single quote('), as is described in the example below GOOD: 'foo': 'this is a ''good'' example' BAD: 'foo': 'this is a 'bad' example' Closes-Bug: #1965338 Change-Id: I0216c2e4ecf75dbdd93d06eae2ebf8e7f2f4ac1a
2022-03-18 09:07:58 +09:00
parent 46b47c77bc
commit eb01261c06
2 changed files with 35 additions and 1 deletions
--- a/manifests/policy/base.pp
+++ b/manifests/policy/base.pp
@@ -83,9 +83,15 @@ define openstacklib::policy::base (
        ~> Augeas<| title == "${file_path}-${key}-${value}" |>
    }
    'yaml': {
+      # NOTE(tkajianm): Currently we use single quotes('') to quote the whole
+      #                 value, thus a single quote in value should be escaped
+      #                 by another single quote (which results in '')
+      # NOTE(tkajinam): Replace '' by ' first in case ' is already escaped
+      $value_real = regsubst(regsubst($value, '\'\'', '\'', 'G'), '\'', '\'\'', 'G')
+
      file_line { "${file_path}-${key}" :
        path  => $file_path,
-        line  => "'${key}': '${value}'",
+        line  => "'${key}': '${value_real}'",
        match => "^['\"]?${key}['\"]?\\s*:.+"
      }
      Openstacklib::Policy::Default<| title == $file_path |>
--- a/spec/defines/openstacklib_policy_base_spec.rb
+++ b/spec/defines/openstacklib_policy_base_spec.rb
@@ -74,6 +74,34 @@ describe 'openstacklib::policy::base' do
        :line  => '\'context_is_admin or owner\': \'foo:bar\'',
        :match => '^[\'"]?context_is_admin or owner[\'"]?\s*:.+'
      ) }
+
+      context 'with single-quotes in value' do
+        before do
+          params.merge!({
+            :value => 'foo:\'bar\''
+          })
+        end
+
+        it { should contain_file_line('/etc/nova/policy.yaml-context_is_admin or owner').with(
+          :path  => '/etc/nova/policy.yaml',
+          :line  => '\'context_is_admin or owner\': \'foo:\'\'bar\'\'\'',
+          :match => '^[\'"]?context_is_admin or owner[\'"]?\s*:.+'
+        ) }
+      end
+
+      context 'with pre-formatted single-quotes in value' do
+        before do
+          params.merge!({
+            :value => 'foo:\'\'bar\'\''
+          })
+        end
+
+        it { should contain_file_line('/etc/nova/policy.yaml-context_is_admin or owner').with(
+          :path  => '/etc/nova/policy.yaml',
+          :line  => '\'context_is_admin or owner\': \'foo:\'\'bar\'\'\'',
+          :match => '^[\'"]?context_is_admin or owner[\'"]?\s*:.+'
+        ) }
+      end
    end

    context 'with purge_config enabled' do