[openstack-dev] [puppet] Adding "IPv6" bracket handling utilities in openstacklib.

Cody Herriges cody at herriges.org
Fri Jan 8 18:29:17 UTC 2016


Sofer Athlan-Guyot wrote:
> Hi all,
> 
> I've got an input from a fellow worker[1].  Basically, transparently
> transforming user data in puppet is opening a big can of worms.
> 
> He came up with a rather contrived example, but it's definitively worth
> discussing it.
> 
> So in the vncproxy example, if the user does this:
> 
>    $vncproxy_host => 'ff02::1:ff00:1:80',
>    $vncproxy_port => '80'
> 
> thinking that vncproxy_host is set to host 'ff02::1:ff00:1' with port
> ":80" (he forgot to add brackets) then the code will transform that to a
> valid uri '[ff02::1:ff00:1:80]:80'
> 
> Without the code it would give this 'ff02::1:ff00:1:80:80' which would
> fail as it lacks the brackets and is an invalid uri.
> 
> There is no way to make the difference between "wrong ipv6 + port" and
> "valid ipv6", so mangling user input can lead to unexpected result.
> 
> I'm going to put the patches on WIP, as maybe, this may not be a good
> idea to have user input transformed at all in puppet as all corner cases
> cannot be detected.
> 
> The trade-off, of course, is user convenience.
> 
> So what do you think, parse and transform user input or not ?
> 
> [1] thanks Lukas
> 

Since I was already skeptical and personally shy away from introducing
implicit behavior, then you bring up a concrete example of why it might
be a bad idea...pretty solidly against the transformation now.

To just provided more feedback to the user we could pass the
vncproxy_host value through a couple regexes and report a warning,
maybe?  If not regex match IPv4 and not regex match brackets at
beginning and end then tell them it is not valid.

-- 
Cody

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160108/47c525c7/attachment.pgp>


More information about the OpenStack-dev mailing list