Check Ceph*Key value format and halt on error

The CephX keys secret is expected to have a specific format, this
adds a constraint in the templates to ensure it has the correct
format.

Change-Id: Ic12c3c287a921d696de1395bc887691c48146359
Closes-Bug: 1864185
(cherry picked from commit 0940dfd95e)
(cherry picked from commit 33ce60d6ac)
(cherry picked from commit 98652da2ab)

docker/services/ceph-ansible/ceph-base.yaml

@@ -120,6 +120,8 @@ parameters:
     description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
     type: string
     hidden: true
+    constraints:
+    - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
   CephClientUserName:
     default: openstack
     type: string
@@ -131,6 +133,8 @@ parameters:
                  with ceph-authtool --gen-print-key.
     type: string
     hidden: true
+    constraints:
+    - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
   CephPoolDefaultSize:
     description: default minimum replication for RBD copies
     type: number
@@ -158,6 +162,8 @@ parameters:
     description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
     type: string
     hidden: true
+    constraints:
+    - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
   CephIPv6:
     default: False
     type: boolean

docker/services/ceph-ansible/ceph-mon.yaml

@@ -34,11 +34,15 @@ parameters:
     description: The Ceph monitors key. Can be created with ceph-authtool --gen-print-key.
     type: string
     hidden: true
+    constraints:
+    - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
   CephAdminKey:
     default: ''
     description: The Ceph admin client key. Can be created with ceph-authtool --gen-print-key.
     type: string
     hidden: true
+    constraints:
+    - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
   CephValidationRetries:
     type: number
     default: 40

docker/services/nova-libvirt.yaml

@@ -70,6 +70,8 @@ parameters:
     description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
     type: string
     hidden: true
+    constraints:
+    - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
   CephClusterFSID:
     type: string
     description: The Ceph cluster FSID. Must be a UUID.

puppet/services/manila-backend-cephfs.yaml

@@ -76,6 +76,8 @@ parameters:
     description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
     type: string
     hidden: true
+    constraints:
+    - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
 
 outputs:
   role_data:

puppet/services/nova-compute.yaml

@@ -52,6 +52,8 @@ parameters:
     description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
     type: string
     hidden: true
+    constraints:
+    - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
   CephClusterFSID:
     type: string
     description: The Ceph cluster FSID. Must be a UUID.

puppet/services/nova-libvirt.yaml

@@ -46,6 +46,8 @@ parameters:
     description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
     type: string
     hidden: true
+    constraints:
+    - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
   CephClusterFSID:
     type: string
     description: The Ceph cluster FSID. Must be a UUID.