diff options
author | Jenkins <jenkins@review.openstack.org> | 2017-01-04 16:43:34 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-01-04 16:43:34 +0000 |
commit | 0bfe7c9279f407c525527103a79e5002adfdc01b (patch) | |
tree | f075d9b5f9e3bf0d0321d6c96d0d9fd08b74d06c /tools/yaml-validate.py | |
parent | d43d7579269a60e89eae0e23b6fecd7452265c6d (diff) | |
parent | 56ebc7e58d117743363c4a251395d710bf511a2c (diff) |
Merge "DB connection: prevent src address from binding to a VIP"
Diffstat (limited to 'tools/yaml-validate.py')
-rwxr-xr-x | tools/yaml-validate.py | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index 95c7d025..fd1f47de 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -24,6 +24,45 @@ def exit_usage(): sys.exit(1) +def validate_mysql_connection(settings): + no_op = lambda *args: False + error_status = [0] + + def mysql_protocol(items): + return items == ['EndpointMap', 'MysqlInternal', 'protocol'] + + def client_bind_address(item): + return 'bind_address' in item + + def validate_mysql_uri(key, items): + # Only consider a connection if it targets mysql + if key.endswith('connection') and \ + search(items, mysql_protocol, no_op): + # Assume the "bind_address" option is one of + # the token that made up the uri + if not search(items, client_bind_address, no_op): + error_status[0] = 1 + return False + + def search(item, check_item, check_key): + if check_item(item): + return True + elif isinstance(item, list): + for i in item: + if search(i, check_item, check_key): + return True + elif isinstance(item, dict): + for k in item.keys(): + if check_key(k, item[k]): + return True + elif search(item[k], check_item, check_key): + return True + return False + + search(settings, no_op, validate_mysql_uri) + return error_status[0] + + def validate_service(filename, tpl): if 'outputs' in tpl and 'role_data' in tpl['outputs']: if 'value' not in tpl['outputs']['role_data']: @@ -41,6 +80,12 @@ def validate_service(filename, tpl): print('ERROR: service_name should match file name for service: %s.' % filename) return 1 + # if service connects to mysql, the uri should use option + # bind_address to avoid issues with VIP failover + if 'config_settings' in role_data and \ + validate_mysql_connection(role_data['config_settings']): + print('ERROR: mysql connection uri should use option bind_address') + return 1 if 'parameters' in tpl: for param in required_params: if param not in tpl['parameters']: |