[openstack-dev] [puppet] Adding "IPv6" bracket handling utilities in openstacklib.
cody at herriges.org
Fri Jan 8 18:29:17 UTC 2016
Sofer Athlan-Guyot wrote:
> Hi all,
> I've got an input from a fellow worker. Basically, transparently
> transforming user data in puppet is opening a big can of worms.
> He came up with a rather contrived example, but it's definitively worth
> discussing it.
> So in the vncproxy example, if the user does this:
> $vncproxy_host => 'ff02::1:ff00:1:80',
> $vncproxy_port => '80'
> thinking that vncproxy_host is set to host 'ff02::1:ff00:1' with port
> ":80" (he forgot to add brackets) then the code will transform that to a
> valid uri '[ff02::1:ff00:1:80]:80'
> Without the code it would give this 'ff02::1:ff00:1:80:80' which would
> fail as it lacks the brackets and is an invalid uri.
> There is no way to make the difference between "wrong ipv6 + port" and
> "valid ipv6", so mangling user input can lead to unexpected result.
> I'm going to put the patches on WIP, as maybe, this may not be a good
> idea to have user input transformed at all in puppet as all corner cases
> cannot be detected.
> The trade-off, of course, is user convenience.
> So what do you think, parse and transform user input or not ?
>  thanks Lukas
Since I was already skeptical and personally shy away from introducing
implicit behavior, then you bring up a concrete example of why it might
be a bad idea...pretty solidly against the transformation now.
To just provided more feedback to the user we could pass the
vncproxy_host value through a couple regexes and report a warning,
maybe? If not regex match IPv4 and not regex match brackets at
beginning and end then tell them it is not valid.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 931 bytes
Desc: OpenPGP digital signature
More information about the OpenStack-dev