[openstack-dev] [puppet] Adding "IPv6" bracket handling utilities in openstacklib.
Cody Herriges
cody at herriges.org
Fri Jan 8 18:29:17 UTC 2016
Sofer Athlan-Guyot wrote:
> Hi all,
>
> I've got an input from a fellow worker[1]. Basically, transparently
> transforming user data in puppet is opening a big can of worms.
>
> He came up with a rather contrived example, but it's definitively worth
> discussing it.
>
> So in the vncproxy example, if the user does this:
>
> $vncproxy_host => 'ff02::1:ff00:1:80',
> $vncproxy_port => '80'
>
> thinking that vncproxy_host is set to host 'ff02::1:ff00:1' with port
> ":80" (he forgot to add brackets) then the code will transform that to a
> valid uri '[ff02::1:ff00:1:80]:80'
>
> Without the code it would give this 'ff02::1:ff00:1:80:80' which would
> fail as it lacks the brackets and is an invalid uri.
>
> There is no way to make the difference between "wrong ipv6 + port" and
> "valid ipv6", so mangling user input can lead to unexpected result.
>
> I'm going to put the patches on WIP, as maybe, this may not be a good
> idea to have user input transformed at all in puppet as all corner cases
> cannot be detected.
>
> The trade-off, of course, is user convenience.
>
> So what do you think, parse and transform user input or not ?
>
> [1] thanks Lukas
>
Since I was already skeptical and personally shy away from introducing
implicit behavior, then you bring up a concrete example of why it might
be a bad idea...pretty solidly against the transformation now.
To just provided more feedback to the user we could pass the
vncproxy_host value through a couple regexes and report a warning,
maybe? If not regex match IPv4 and not regex match brackets at
beginning and end then tell them it is not valid.
--
Cody
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160108/47c525c7/attachment.pgp>
More information about the OpenStack-dev
mailing list