policy regex matches more than necessary
Bug #1968294 reported by
Jake Yip
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
puppet-openstacklib |
Fix Released
|
High
|
Jake Yip |
Bug Description
The regex in https:/
For example, a policy of 'get_router' can match both 'get_router' and
'get_router:
This can be seen clearly by inputting the following into a regex checker like https:/
regex expression:
^['"]?
data:
'get_router': 'rule:admin_
'get_router:
Changed in puppet-openstacklib: | |
assignee: | nobody → Jake Yip (waipengyip) |
description: | updated |
To post a comment you must log in.
I did some further testing, and created the following test case
A test case is like this
# cat policy.pp :policy: :base { 'is_member': :policy: :base { 'get_router': or_owner" , :policy: :base { 'get_router: distributed' : distributed' ,
openstacklib:
file_path => '/tmp/policy.yaml',
key => 'is_member',
value => 'role:member',
file_format => 'yaml',
}
openstacklib:
file_path => '/tmp/policy.yaml',
key => 'get_router',
value => "rule:admin_
file_format => 'yaml',
}
openstacklib:
file_path => '/tmp/policy.yaml',
key => 'get_router:
value => 'rule:admin_only',
file_format => 'yaml',
}
This creates a file
# cat /tmp/policy.yaml or_owner' distributed' : 'rule:admin_only'
'is_member': 'role:member'
'get_router': 'rule:admin_
'get_router:
However, if you change the 'get_router' rule slightly
'get_router': 'rule:admin_only'
and re-run puppet, you get
# puppet apply policy.pp get_router[ '"]?\s* :.+' main]/Main/ Openstacklib: :Policy: :Base[get_ router] /File_line[ /tmp/policy. yaml-get_ router] /ensure: change from 'absent' to 'present' failed: More than one line in file '/tmp/policy.yaml' matches pattern '^['"]? get_router[ '"]?\s* :.+'
Notice: Compiled catalog for ubuntu2004 in environment production in 0.03 seconds
Error: More than one line in file '/tmp/policy.yaml' matches pattern '^['"]?
Error: /Stage[
Notice: Applied catalog in 0.02 seconds
This happens because the defined file_line doesn't exist anymore, so puppet tries to find a line to replace, and the regex for the 'match' property matched more than one line.