Skip to content
Permalink
Browse files

Backport/2.8/57135 (#57137)

* Fix netapp_e_iscsi_target chap secret size and clearing functionality.

* Add changelogs fragment for PR #57135
  • Loading branch information...
ndswartz authored and abadger committed May 29, 2019
1 parent f511bec commit 0365d7310231b6c4212723cc20603474cecc00c1
@@ -0,0 +1,2 @@
bugfixes:
- netapp_e_iscsi_target - fix netapp_e_iscsi_target chap secret size and clearing functionality
@@ -39,7 +39,8 @@
- When this value is specified, we will always trigger an update (changed=True). We have no way of verifying
whether or not the password has changed.
- The chap secret may only use ascii characters with values between 32 and 126 decimal.
- The chap secret must be no less than 12 characters, but no more than 16 characters in length.
- The chap secret must be no less than 12 characters, but no greater than 57 characters in length.
- The chap secret is cleared when not specified or an empty string.
aliases:
- chap
- password
@@ -158,9 +159,9 @@ def __init__(self):
if not self.url.endswith('/'):
self.url += '/'

if self.chap_secret is not None:
if len(self.chap_secret) < 12 or len(self.chap_secret) > 16:
self.module.fail_json(msg="The provided CHAP secret is not valid, it must be between 12 and 16"
if self.chap_secret:
if len(self.chap_secret) < 12 or len(self.chap_secret) > 57:
self.module.fail_json(msg="The provided CHAP secret is not valid, it must be between 12 and 57"
" characters in length.")

for c in self.chap_secret:
@@ -226,7 +227,7 @@ def apply_iscsi_settings(self):
body['alias'] = self.name

# If the CHAP secret was provided, we trigger an update.
if self.chap_secret is not None:
if self.chap_secret:
update = True
body.update(dict(enableChapAuthentication=True,
chapSecret=self.chap_secret))
@@ -35,13 +35,13 @@ def _set_args(self, args=None):

def test_validate_params(self):
"""Ensure we can pass valid parameters to the module"""
for i in range(12, 16):
for i in range(12, 57):
secret = 'a' * i
self._set_args(dict(chap=secret))
tgt = IscsiTarget()

def test_invalid_chap_secret(self):
for secret in [11 * 'a', 17 * 'a', u'©' * 12]:
for secret in [11 * 'a', 58 * 'a']:
with self.assertRaisesRegexp(AnsibleFailJson, r'.*?CHAP secret is not valid.*') as result:
self._set_args(dict(chap=secret))
tgt = IscsiTarget()

0 comments on commit 0365d73

Please sign in to comment.
You can’t perform that action at this time.