ceph-validate: add key format validation

If the user provides manually the key value for a specific keyring then there's not valation on the content which could lead to unexpected failures in the ceph_key module. Closes: #5104 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
2020-02-28 09:42:44 -05:00 · 2020-02-28 09:42:44 -05:00 · be8b315102
parent 9d3b49293d
commit be8b315102
1 changed files with 31 additions and 0 deletions
--- a/roles/ceph-validate/tasks/main.yml
+++ b/roles/ceph-validate/tasks/main.yml
@ -239,3 +239,34 @@
    - ceph_docker_registry_auth | bool
    - (ceph_docker_registry_username is not defined or ceph_docker_registry_password is not defined) or
      (ceph_docker_registry_username | length == 0 or ceph_docker_registry_password | length == 0)
+
+- name: validate openstack_keys key format
+  fail:
+    msg: '{{ item.name }} key format invalid'
+  with_items: '{{ openstack_keys }}'
+  when:
+    - osd_group_name in group_names
+    - openstack_keys is defined
+    - openstack_keys | length > 0
+    - item.key is defined
+    - item.key is not match("^[a-zA-Z0-9+/]{38}==$")
+
+- name: validate clients keys key format
+  fail:
+    msg: '{{ item.name }} key format invalid'
+  with_items: '{{ keys }}'
+  when:
+    - client_group_name in group_names
+    - keys is defined
+    - keys | length > 0
+    - item.key is defined
+    - item.key is not match("^[a-zA-Z0-9+/]{38}==$")
+
+- name: validate ceph_nfs_ceph_user key format
+  fail:
+    msg: '{{ ceph_nfs_ceph_user.name }} key format invalid'
+  when:
+    - client_group_name in group_names
+    - ceph_nfs_ceph_user is defined
+    - ceph_nfs_ceph_user.key is defined
+    - ceph_nfs_ceph_user.key is not match("^[a-zA-Z0-9+/]{38}==$")