def validate(self) -> None:
self.scope_identity() # raises value error if scope invalid
- validation.check_id(self.name)
+ validation.check_fscrypt_key_name(self.name)
@resourcelib.component()
smb.validation.check_share_name(value)
+@pytest.mark.parametrize(
+ "value,valid",
+ [
+ ("x", True),
+ ("aa", True),
+ ("test-key-1", True),
+ ("mem-scope-key", True),
+ ("kmip0123456789", True),
+ ("A" * 63, True), # max allowed
+ ("A" * 64, False), # invalid >63
+ ("-bad", False),
+ ("bad-", False),
+ ("", False),
+ ("bad$key", False),
+ ],
+)
+def test_valid_fscrypt_key_name(value, valid):
+ assert smb.validation.valid_fscrypt_key_name(value) == valid
+ if valid:
+ smb.validation.check_fscrypt_key_name(value)
+ else:
+ with pytest.raises(ValueError):
+ smb.validation.check_fscrypt_key_name(value)
+
+
@pytest.mark.parametrize(
"value,valid",
[
# but as above it's easier to start strict.
_share_re = re.compile('^[a-zA-Z0-9_][a-zA-Z0-9. _-]{,63}$')
+_fscrypt_key_name_re = re.compile(
+ '^[a-zA-Z0-9]($|[a-zA-Z0-9-]{,61}[a-zA-Z0-9]$)'
+)
+
def valid_id(value: str) -> bool:
"""Return true if value is a valid (cluster|share|etc) ID."""
raise ValueError(f"{value!r} is not a valid share name")
+def valid_fscrypt_key_name(value: str) -> bool:
+ """Return true if value is a valid fscrypt key name."""
+ return bool(_fscrypt_key_name_re.match(value))
+
+
+def check_fscrypt_key_name(value: str) -> None:
+ """Raise ValueError if value is not a valid fscrypt key name."""
+ if not valid_fscrypt_key_name(value):
+ raise ValueError(f"{value!r} is not a valid fscrypt key name")
+
+
# alias for normpath so other smb libs can just import validation module
normalize_path = posixpath.normpath
projects / ceph-ci.git / commitdiff