Fail more gracefully when passed an empty ip

Introduce a new function called is_ip_addresses which will verify
if a string or an array of strings are composed of correct ip addresses.

We do this in order to fail a bit more clearly if we are passed an empty
or broken ip address. Without this the failure will be in pacemaker
failing to start a VIP called 'ip-'.

Also convert the only use of legacy is_ip_address stdlib function in
mysql::client to this new function (for consistency reasons).

Suggested-by: Rhys Oxenham <roxenham@redhat.com>

Change-Id: Ie15c585a9a902b577f35a75de191bfa91c132668

lib/puppet/parser/functions/is_ip_addresses.rb

@@ -0,0 +1,25 @@
+require 'ipaddr'
+
+# Custom function to verify if the parameter is a string representing an ip address
+# or an array of strings representing an ip address
+# Returns true if all elements are proper ip addresses and false otherwise
+module Puppet::Parser::Functions
+  newfunction(:is_ip_addresses, :type => :rvalue, :doc => "Verify if a string or an array of strings are all IP addresses.") do |arg|
+    if arg[0].class != String and arg[0].class != Array
+      raise Puppet::ParseError, "Syntax error: #{arg[0]} must be a String or an Array"
+    end
+    if arg[0].class == String
+      ips = [arg[0]]
+    else
+      ips = arg[0]
+    end
+    ips.each do |ip|
+      begin
+        tmpip = IPAddr.new ip
+      rescue
+        return false
+      end
+    end
+    return true
+  end
+end

manifests/haproxy.pp

@@ -97,8 +97,8 @@
 #  Public IP or group of IPs to bind the pools
 #  Can be a string or an array.
 #  Defaults to undef
-# [*haproxy_stats_user*]
 #
+# [*haproxy_stats_user*]
 #  Username for haproxy stats authentication.
 #  A string.
 #  Defaults to 'admin'
@@ -752,6 +752,13 @@ class tripleo::haproxy (
   }
   $ports = merge($default_service_ports, $service_ports)
 
+  if !is_ip_addresses($controller_virtual_ip) {
+    fail("controller_virtual_ip param: ${controller_virtual_ip}, is not a proper IP address.")
+  }
+  if !is_ip_addresses($public_virtual_ip) {
+    fail("public_virtual_ip: ${public_virtual_ip}, is not a proper IP address.")
+  }
+
   if $enable_internal_tls {
     $base_internal_tls_member_options = ['ssl', 'verify required', "ca-file ${ca_bundle}"]
 

manifests/pacemaker/haproxy_with_vip.pp

@@ -57,6 +57,9 @@ define tripleo::pacemaker::haproxy_with_vip(
   $ensure        = true)
 {
   if($ensure) {
+    if !is_ip_addresses($ip_address) {
+      fail("Haproxy VIP: ${ip_address} is not a proper IP address.")
+    }
     # NB: Until the IPaddr2 RA has a fix for https://bugzilla.redhat.com/show_bug.cgi?id=1445628
     # we need to specify the nic when creating the ipv6 vip.
     if is_ipv6_address($ip_address) {

manifests/profile/base/database/mysql/client.pp

@@ -53,7 +53,7 @@ class tripleo::profile::base::database::mysql::client (
   $step                      = Integer(hiera('step')),
 ) {
   if $step >= 1 {
-    if is_ip_address($mysql_client_bind_address) {
+    if is_ip_addresses($mysql_client_bind_address) {
       $client_bind_changes = [
         "set ${mysql_read_default_group}/bind-address '${mysql_client_bind_address}'"
       ]

spec/functions/is_ip_addresses_spec.rb

@@ -0,0 +1,12 @@
+require 'spec_helper'
+require 'puppet'
+
+describe 'is_ip_addresses' do
+  it { should run.with_params('192.168.2.1').and_return(true) }
+  it { should run.with_params('::1').and_return(true) }
+  it { should run.with_params('192.168.2.256').and_return(false) }
+  it { should run.with_params(['192.168.2.1']).and_return(true) }
+  it { should run.with_params(['192.168.2.1', '5a40:79cf:8251:5dc5:1624:3c03:3c04:9ba8', 'fe80::204:acff:fe17:bf38', '::1:2']).and_return(true) }
+  it { should run.with_params(['192.168.2.1', 'a.b.c.d']).and_return(false) }
+  it { should run.with_params(['c.d.d.e', 'a.b.c.d']).and_return(false) }
+end