From: Melissa Li <li.melissa.kun@gmail.com>
Date: Tue, 16 Mar 2021 05:07:31 +0000 (-0400)
Subject: python-common: Validate characters in service_id for container names
X-Git-Tag: v17.1.0~2538^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=8dd2bf85e759072b4af6546e93ef3768ef9b2db8;p=ceph.git

python-common: Validate characters in service_id for container names

Service_ids need to be valid docker and podman container names.

Fixes: https://tracker.ceph.com/issues/46497
Signed-off-by: Melissa Li <li.melissa.kun@gmail.com>
---

diff --git a/src/python-common/ceph/deployment/service_spec.py b/src/python-common/ceph/deployment/service_spec.py
index 8774c91116e..7c1e176b7ae 100644
--- a/src/python-common/ceph/deployment/service_spec.py
+++ b/src/python-common/ceph/deployment/service_spec.py
@@ -603,6 +603,9 @@ class ServiceSpec(object):
         if self.service_type in self.REQUIRES_SERVICE_ID:
             if not self.service_id:
                 raise ServiceSpecValidationError('Cannot add Service: id required')
+            if not re.match('^[a-zA-Z0-9_.-]+$', self.service_id):
+                raise ServiceSpecValidationError('Service id contains invalid characters, '
+                                                 'only [a-zA-Z0-9_.-] allowed')
         elif self.service_id:
             raise ServiceSpecValidationError(
                     f'Service of type \'{self.service_type}\' should not contain a service id')
diff --git a/src/python-common/ceph/tests/test_service_spec.py b/src/python-common/ceph/tests/test_service_spec.py
index 210e63d1307..92963f56bf4 100644
--- a/src/python-common/ceph/tests/test_service_spec.py
+++ b/src/python-common/ceph/tests/test_service_spec.py
@@ -305,3 +305,18 @@ def test_service_name(s_type, s_id, s_name):
     spec = ServiceSpec.from_json(_get_dict_spec(s_type, s_id))
     spec.validate()
     assert spec.service_name() == s_name
+
+@pytest.mark.parametrize(
+    's_type,s_id',
+    [
+        ('mds', 's:id'),
+        ('rgw', '*s_id'),
+        ('nfs', 's/id'),
+        ('iscsi', 's@id'),
+        ('osd', 's;id'),
+    ])
+
+def test_service_id_raises_invalid_char(s_type, s_id):
+    with pytest.raises(ServiceSpecValidationError):
+        spec = ServiceSpec.from_json(_get_dict_spec(s_type, s_id))
+        spec.validate()