openstack/puppet-nova
Code Issues Proposed changes

Refactor validation of ssh_key parameters by Struct data type

Browse Source 
Change-Id: I55d79365ad9686ea9d59597894f6f337b8fedbf6
This commit is contained in:
Takashi Kajinami
2024-09-29 21:16:42 +09:00
parent d997e71d06
commit 17bd61e042
4 changed files with 87 additions and 184 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
manifests/init.pp
View File

@@ -374,8 +374,8 @@ class nova(
$ca_file = undef,
$cert_file = undef,
$key_file = undef,
Nova::SshKey $nova_public_key = undef,
Nova::SshKey $nova_private_key = undef,
Optional[Nova::SshKey] $nova_public_key = undef,
Optional[Nova::SshKey] $nova_private_key = undef,
$ssl_only = $facts['os_service_default'],
$cert = $facts['os_service_default'],
$key = $facts['os_service_default'],
@@ -432,10 +432,6 @@ class nova(
}
if $nova_public_key {
if ! $nova_public_key['key'] or ! $nova_public_key['type'] {
fail('You must provide both a key type and key data.')
}
ssh_authorized_key { 'nova-migration-public-key':
ensure => present,
key => $nova_public_key['key'],
@@ -446,25 +442,10 @@ class nova(
}
if $nova_private_key {
if ! $nova_private_key['key'] or ! $nova_private_key['type'] {
fail('You must provide both a key type and key data.')
}
$nova_private_key_file = regsubst($nova_private_key['type'], /^ssh-/, 'id_')
$nova_private_key_file = $nova_private_key['type'] ? {
'ssh-rsa' => '/var/lib/nova/.ssh/id_rsa',
'ssh-dsa' => '/var/lib/nova/.ssh/id_dsa',
'ssh-ecdsa' => '/var/lib/nova/.ssh/id_ecdsa',
'ssh-ed25519' => '/var/lib/nova/.ssh/id_ed25519',
default => undef
}
if ! $nova_private_key_file {
fail("Unable to determine name of private key file. Type specified was '${nova_private_key['type']}' \
but should be one of: ssh-rsa, ssh-dsa, ssh-ecdsa, ssh-ed25519.")
}
file { $nova_private_key_file:
content => $nova_private_key[key],
file { "/var/lib/nova/.ssh/${nova_private_key_file}":
content => $nova_private_key['key'],
mode => '0600',
owner => $::nova::params::user,
group => $::nova::params::group,

83
spec/classes/nova_init_spec.rb
View File

@@ -285,40 +285,6 @@ describe 'nova' do
end
end
context 'with ssh public key missing key type' do
let :params do
{
:nova_public_key => {'key' => 'keydata'}
}
end
it 'should raise an error' do
expect {
is_expected.to contain_ssh_authorized_key('nova-migration-public-key').with(
:ensure => 'present',
:key => 'keydata'
)
}.to raise_error Puppet::Error, /You must provide both a key type and key data./
end
end
context 'with ssh public key missing key data' do
let :params do
{
:nova_public_key => {'type' => 'ssh-rsa'}
}
end
it 'should raise an error' do
expect {
is_expected.to contain_ssh_authorized_key('nova-migration-public-key').with(
:ensure => 'present',
:key => 'keydata'
)
}.to raise_error Puppet::Error, /You must provide both a key type and key data./
end
end
{
'ssh-rsa' => 'id_rsa',
'ssh-dsa' => 'id_dsa',
@@ -345,55 +311,6 @@ describe 'nova' do
end
end
context 'with ssh private key missing key type' do
let :params do
{
:nova_private_key => {'key' => 'keydata'}
}
end
it 'should raise an error' do
expect {
is_expected.to contain_file('/var/lib/nova/.ssh/id_rsa').with(
:content => 'keydata',
)
}.to raise_error Puppet::Error, /You must provide both a key type and key data./
end
end
context 'with ssh private key having incorrect key type' do
let :params do
{
:nova_private_key => {'type' => 'invalid',
'key' => 'keydata'}
}
end
it 'should raise an error' do
expect {
is_expected.to contain_file('/var/lib/nova/.ssh/id_rsa').with(
:content => 'keydata'
)
}.to raise_error Puppet::Error, /Unable to determine name of private key file./
end
end
context 'with ssh private key missing key data' do
let :params do
{
:nova_private_key => {'type' => 'ssh-rsa'}
}
end
it 'should raise an error' do
expect {
is_expected.to contain_file('/var/lib/nova/.ssh/id_rsa').with(
:content => 'keydata'
)
}.to raise_error Puppet::Error, /You must provide both a key type and key data./
end
end
context 'with SSL socket options set' do
let :params do
{

22
spec/type_aliases/sshkey_spec.rb
View File

@@ -4,10 +4,10 @@ describe 'Nova::SshKey' do
describe 'valid types' do
context 'with valid types' do
[
{'key' => 'foo'},
{'type' => 'bar'},
{'key' => 'foo', 'type' => 'bar'},
{},
{'key' => 'foo', 'type' => 'ssh-rsa'},
{'key' => 'foo', 'type' => 'ssh-dsa'},
{'key' => 'foo', 'type' => 'ssh-ecdsa'},
{'key' => 'foo', 'type' => 'ssh-ed25519'},
].each do |value|
describe value.inspect do
it { is_expected.to allow_value(value) }
@@ -19,13 +19,13 @@ describe 'Nova::SshKey' do
describe 'invalid types' do
context 'with garbage inputs' do
[
{'key' => 1},
{'fookey' => 'foo'},
'foo',
true,
false,
1,
1.1,
{},
{'key' => 'foo'},
{'type' => 'ssh-rsa'},
{'key' => 'foo', 'type' => 'ssh-invalid'},
{'key' => '', 'type' => 'ssh-rsa'},
{'key' => 1, 'type' => 'ssh-rsa'},
nil,
'<SERVICE DEFAULT>',
].each do |value|
describe value.inspect do

7
types/sshkey.pp
View File

@@ -1 +1,6 @@
type Nova::SshKey = Optional[Hash[Enum['key', 'type'], String[1]]]
type Nova::SshKey = Struct[
{
key => String[1],
type => Enum['ssh-rsa', 'ssh-dsa', 'ssh-ecdsa', 'ssh-ed25519']
}
]