From 909d57ccc140964ce3347d9353e2efc8c785a882 Mon Sep 17 00:00:00 2001 From: Giulio Fidente Date: Fri, 21 Feb 2020 11:33:17 +0100 Subject: [PATCH] Check Ceph*Key value format and halt on error The CephX keys secret is expected to have a specific format, this adds a constraint in the templates to ensure it has the correct format. Change-Id: Ic12c3c287a921d696de1395bc887691c48146359 Closes-Bug: 1864185 (cherry picked from commit 0940dfd95ef64cb4d1d87edfe74374b08db9c9f2) (cherry picked from commit 33ce60d6acafc8e06b42366a7ef873871597a736) (cherry picked from commit 98652da2ab272c8919a31348a4e7f6f33b8321c9) --- docker/services/ceph-ansible/ceph-base.yaml | 6 ++++++ docker/services/ceph-ansible/ceph-mon.yaml | 4 ++++ docker/services/nova-libvirt.yaml | 2 ++ puppet/services/manila-backend-cephfs.yaml | 2 ++ puppet/services/nova-compute.yaml | 2 ++ puppet/services/nova-libvirt.yaml | 2 ++ 6 files changed, 18 insertions(+) diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml index dc800b5961..ca7d4cbd5c 100644 --- a/docker/services/ceph-ansible/ceph-base.yaml +++ b/docker/services/ceph-ansible/ceph-base.yaml @@ -120,6 +120,8 @@ parameters: description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true + constraints: + - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$" CephClientUserName: default: openstack type: string @@ -131,6 +133,8 @@ parameters: with ceph-authtool --gen-print-key. type: string hidden: true + constraints: + - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$" CephPoolDefaultSize: description: default minimum replication for RBD copies type: number @@ -158,6 +162,8 @@ parameters: description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true + constraints: + - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$" CephIPv6: default: False type: boolean diff --git a/docker/services/ceph-ansible/ceph-mon.yaml b/docker/services/ceph-ansible/ceph-mon.yaml index 8cb0fe2c10..ef3267f326 100644 --- a/docker/services/ceph-ansible/ceph-mon.yaml +++ b/docker/services/ceph-ansible/ceph-mon.yaml @@ -34,11 +34,15 @@ parameters: description: The Ceph monitors key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true + constraints: + - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$" CephAdminKey: default: '' description: The Ceph admin client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true + constraints: + - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$" CephValidationRetries: type: number default: 40 diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index 7efba96381..d9b398e853 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -70,6 +70,8 @@ parameters: description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true + constraints: + - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$" CephClusterFSID: type: string description: The Ceph cluster FSID. Must be a UUID. diff --git a/puppet/services/manila-backend-cephfs.yaml b/puppet/services/manila-backend-cephfs.yaml index 27a1f82f1c..ad9b69163b 100644 --- a/puppet/services/manila-backend-cephfs.yaml +++ b/puppet/services/manila-backend-cephfs.yaml @@ -76,6 +76,8 @@ parameters: description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true + constraints: + - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$" outputs: role_data: diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index 1677604759..d687f1192b 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -52,6 +52,8 @@ parameters: description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true + constraints: + - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$" CephClusterFSID: type: string description: The Ceph cluster FSID. Must be a UUID. diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index c086496f0d..9471e450e7 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -46,6 +46,8 @@ parameters: description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true + constraints: + - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$" CephClusterFSID: type: string description: The Ceph cluster FSID. Must be a UUID.