From 1967d7794d779a62de2ce4aca22f792927185263 Mon Sep 17 00:00:00 2001 From: Stamatis Katsaounis Date: Sun, 30 Jun 2019 20:09:23 +0300 Subject: [PATCH] Apply validation on designate zone prefix values This patch applies validation on values ipv4-ptr-zone-prefix-size and ipv6-ptr-zone-prefix-size to prevent users from choosing values not supported by Neutron's Designate driver. Change-Id: I6f2d5c9d1a3f16242263f11b1f999ab7ec3a4266 Signed-off-by: Stamatis Katsaounis --- config.yaml | 4 ++++ hooks/neutron_api_utils.py | 27 +++++++++++++++++++++++++++ unit_tests/test_neutron_api_utils.py | 26 ++++++++++++++++++++++++++ 3 files changed, 57 insertions(+) diff --git a/config.yaml b/config.yaml index 4728f3a7..45b81a4d 100755 --- a/config.yaml +++ b/config.yaml @@ -737,6 +737,8 @@ options: default: 24 description: | The size in bits of the prefix for the IPv4 reverse lookup (PTR) zones. + Valid size has to be multiple of 8, with maximum value of 24 and minimum + value of 8. . NOTE: Use only when "reverse-dns-lookup" option is set to "True". ipv6-ptr-zone-prefix-size: @@ -744,6 +746,8 @@ options: default: 64 description: | The size in bits of the prefix for the IPv6 reverse lookup (PTR) zones. + Valid size has to be multiple of 4, with maximum value of 124 and minimum + value of 4. . NOTE: Use only when "reverse-dns-lookup" option is set to "True". dhcp-load-type: diff --git a/hooks/neutron_api_utils.py b/hooks/neutron_api_utils.py index 5fb2bfcc..d87b16ea 100755 --- a/hooks/neutron_api_utils.py +++ b/hooks/neutron_api_utils.py @@ -838,6 +838,33 @@ def check_optional_relations(configs): :param configs: an OSConfigRender() instance. :return 2-tuple: (string, string) = (status, message) """ + if relation_ids('external-dns'): + if config('designate_endpoint') is not None: + if config('reverse-dns-lookup'): + ipv4_prefix_size = config('ipv4-ptr-zone-prefix-size') + valid_ipv4_prefix_size = ( + (8 <= ipv4_prefix_size <= 24) and + (ipv4_prefix_size % 8) == 0) + if not valid_ipv4_prefix_size: + log('Invalid ipv4-ptr-zone-prefix-size. Value of ' + 'ipv4-ptr-zone-prefix-size has to be multiple' + ' of 8, with maximum value of 24 and minimum value ' + 'of 8.', level=DEBUG) + return ('blocked', + 'Invalid configuration: ' + 'ipv4-ptr-zone-prefix-size') + ipv6_prefix_size = config('ipv6-ptr-zone-prefix-size') + valid_ipv6_prefix_size = ( + (4 <= ipv6_prefix_size <= 124) and + (ipv6_prefix_size % 4) == 0) + if not valid_ipv6_prefix_size: + log('Invalid ipv6-ptr-zone-prefix-size. Value of ' + 'ipv6-ptr-zone-prefix-size has to be multiple' + ' of 4, with maximum value of 124 and minimum value ' + 'of 4.', level=DEBUG) + return ('blocked', + 'Invalid configuration: ' + 'ipv6-ptr-zone-prefix-size') if relation_ids('ha'): try: get_hacluster_config() diff --git a/unit_tests/test_neutron_api_utils.py b/unit_tests/test_neutron_api_utils.py index 5c5ea0e2..319245ae 100644 --- a/unit_tests/test_neutron_api_utils.py +++ b/unit_tests/test_neutron_api_utils.py @@ -871,3 +871,29 @@ class TestNeutronAPIUtils(CharmTestCase): "pymysql+mysql://testuser:testpassword@testhost/testdatabase" "?ssl_ca=foo&ssl_cert=bar&ssl_key=baz" ) + + @patch.object(nutils, 'config') + @patch.object(nutils, 'relation_ids') + @patch.object(nutils, 'log') + def test_check_optional_relations_invalid_ipv4(self, + log, + relation_ids, + config): + relation_ids.return_value = True + config.side_effect = [True, True, 23] + self.assertEqual( + nutils.check_optional_relations(None), + ('blocked', 'Invalid configuration: ipv4-ptr-zone-prefix-size')) + + @patch.object(nutils, 'config') + @patch.object(nutils, 'relation_ids') + @patch.object(nutils, 'log') + def test_check_optional_relations_invalid_ipv6(self, + log, + relation_ids, + config): + relation_ids.return_value = True + config.side_effect = [True, True, 24, 63] + self.assertEqual( + nutils.check_optional_relations(None), + ('blocked', 'Invalid configuration: ipv6-ptr-zone-prefix-size'))