Issue #9046 has been reported by David Ballenger.
----------------------------------------
Bug #9046: Problem validating options property of the ssh_authorized_key type.
https://projects.puppetlabs.com/issues/9046
Author: David Ballenger
Status: Unreviewed
Priority: Normal
Assignee:
Category:
Target version:
Affected Puppet version: 2.7.3
Keywords:
Branch:
Puppet 2.7.3 has a bug when trying to validate the options property of the
ssh_authorized_key type. The validation is attempting to make sure that
multiple options are not embedded in a string, they should be specified as an
array. The test does this by simply checking for a comma in the string value of
the option. However, this trips up on options like the `from` option, which
is specified as:
<pre>
from="pattern-list"
</pre>
where pattern-list is a comma-seperated list of patterns. There are several
other options that accept a string argument (e.g. `command`, `environment`)
that could potentially have commas in the string.
The following ssh_autorized_key illustrates the problem:
<pre>
ssh_authorized_key { 'testkey':
ensure => present,
key => 'somereallylongstringhere',
type => ssh-rsa,
user => 'root',
options => [ 'command="/usr/bin/true"',
'from="a.example.com,z.example.com"' ],
}
</pre>
Put this in a test.pp then run `puppet apply`:
<pre>
$ puppet apply --trace ~/test.pp
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/type/ssh_authorized_key.rb:95:in
`unsafe_validate'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/parameter.rb:255:in
`validate'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/property.rb:300:in `should='
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/property.rb:300:in `each'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/property.rb:300:in `should='
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/property.rb:337:in `value='
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/type.rb:436:in `[]='
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/type.rb:1788:in
`set_parameters'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/type.rb:1782:in `each'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/type.rb:1782:in
`set_parameters'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/type.rb:1764:in `initialize'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/resource.rb:285:in `new'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/resource.rb:285:in `to_ral'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/resource/catalog.rb:621:in
`send'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/resource/catalog.rb:621:in
`to_catalog'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/resource/catalog.rb:599:in
`each'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/resource/catalog.rb:599:in
`to_catalog'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/resource/catalog.rb:536:in
`to_ral'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/application/apply.rb:207:in
`main'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/application/apply.rb:135:in
`run_command'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/application.rb:307:in `run'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/application.rb:411:in `hook'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/application.rb:307:in `run'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/application.rb:402:in
`exit_on_fail'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/application.rb:307:in `run'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/util/command_line.rb:69:in
`execute'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/bin/puppet:4
/usr/bin/puppet:19:in `load'
/usr/bin/puppet:19
Parameter options failed: Options must be provided as an array, not a comma
separated list
</pre>
The check for multiple options in the value is at line 95 in:
<pre>
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/type/ssh_authorized_key.rb:95:in
`unsafe_validate'
</pre>
The `value.include?(',')` should be changed to a regular expression test for
multiple options that still allows commas within quotes for options like `from`
that accept a quoted string as a specification for the option.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
