]> git.apps.os.sepia.ceph.com Git - ceph-ansible.git/commitdiff
projects / ceph-ansible.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9d3b492)
ceph-validate: add key format validation
authorDimitri Savineau <dsavinea@redhat.com>
Fri, 28 Feb 2020 14:42:44 +0000 (09:42 -0500)
committerGuillaume Abrioux <gabrioux@redhat.com>
Tue, 3 Mar 2020 09:01:58 +0000 (10:01 +0100)
If the user provides manually the key value for a specific keyring then
there's not valation on the content which could lead to unexpected
failures in the ceph_key module.

Closes: #5104
Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
roles/ceph-validate/tasks/main.yml patch | blob | history

diff --git a/roles/ceph-validate/tasks/main.yml b/roles/ceph-validate/tasks/main.yml
index 71d5b2a9b48227ffe37839462ce37b97576adb23..58c080422a9c2c7f7c46ea8b5cf150928457398f 100644 (file)
--- a/roles/ceph-validate/tasks/main.yml
+++ b/roles/ceph-validate/tasks/main.yml
@@ -239,3 +239,34 @@
     - ceph_docker_registry_auth | bool
     - (ceph_docker_registry_username is not defined or ceph_docker_registry_password is not defined) or
       (ceph_docker_registry_username | length == 0 or ceph_docker_registry_password | length == 0)
+
+- name: validate openstack_keys key format
+  fail:
+    msg: '{{ item.name }} key format invalid'
+  with_items: '{{ openstack_keys }}'
+  when:
+    - osd_group_name in group_names
+    - openstack_keys is defined
+    - openstack_keys | length > 0
+    - item.key is defined
+    - item.key is not match("^[a-zA-Z0-9+/]{38}==$")
+
+- name: validate clients keys key format
+  fail:
+    msg: '{{ item.name }} key format invalid'
+  with_items: '{{ keys }}'
+  when:
+    - client_group_name in group_names
+    - keys is defined
+    - keys | length > 0
+    - item.key is defined
+    - item.key is not match("^[a-zA-Z0-9+/]{38}==$")
+
+- name: validate ceph_nfs_ceph_user key format
+  fail:
+    msg: '{{ ceph_nfs_ceph_user.name }} key format invalid'
+  when:
+    - client_group_name in group_names
+    - ceph_nfs_ceph_user is defined
+    - ceph_nfs_ceph_user.key is defined
+    - ceph_nfs_ceph_user.key is not match("^[a-zA-Z0-9+/]{38}==$")
Unnamed repository; edit this file 'description' to name the repository.