From 9867823388d9c3cde12cd0c6987415daf3ee8399 Mon Sep 17 00:00:00 2001 From: Steve Traylen Date: Fri, 1 Jul 2022 15:47:17 +0200 Subject: [PATCH] Make Systemd::Unit type stricter Previously lots of unit names like ``` this is a service with spaces in.service ``` were permitted for instance. From systemd.unit > Valid unit names consist of a "name prefix" and a dot and a suffix specifying the unit type. The "unit prefix" must consist of one or more valid characters (ASCII letters, digits, ":", "-", "_", ".", and "\"). The total length of the unit name including the suffix must not exceed 256 characters. The type suffix must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".slice", or ".scope". in addition we allow `@` to cover the case of template or template instance. --- REFERENCE.md | 9 ++++++--- spec/type_aliases/unit_spec.rb | 32 ++++++++++++++++++++++++++++++++ types/unit.pp | 6 ++++-- 3 files changed, 42 insertions(+), 5 deletions(-) create mode 100644 spec/type_aliases/unit_spec.rb diff --git a/REFERENCE.md b/REFERENCE.md index 1f3c5f2e..83e9ae31 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -58,7 +58,7 @@ * [`Systemd::MachineInfoSettings`](#systemdmachineinfosettings): Matches Systemd machine-info (hostnamectl) file Struct * [`Systemd::OomdSettings`](#systemdoomdsettings): Configurations for oomd.conf * [`Systemd::ServiceLimits`](#systemdservicelimits): Matches Systemd Service Limit Struct -* [`Systemd::Unit`](#systemdunit): custom datatype that validates different filenames for systemd units +* [`Systemd::Unit`](#systemdunit): custom datatype that validates different filenames for systemd units and unit templates ## Classes @@ -1803,11 +1803,14 @@ Struct[{ ### `Systemd::Unit` -custom datatype that validates different filenames for systemd units +custom datatype that validates different filenames for systemd units and unit templates + +* **See also** + * https://www.freedesktop.org/software/systemd/man/systemd.unit.html Alias of ```puppet -Pattern['^[^/]+\.(service|socket|device|mount|automount|swap|target|path|timer|slice|scope)$'] +Pattern[/^[[a-z][A-Z][0-9]:\-_.\\@]+\.(service|socket|device|mount|automount|swap|target|path|timer|slice|scope)$/] ``` diff --git a/spec/type_aliases/unit_spec.rb b/spec/type_aliases/unit_spec.rb new file mode 100644 index 00000000..1e7012c0 --- /dev/null +++ b/spec/type_aliases/unit_spec.rb @@ -0,0 +1,32 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'Systemd::Unit' do + context 'with a permitted unit name' do + [ + 'foo.service', + 'foo.socket', + 'atemplate@.service', + 'atemplate@instance.service', + 'backward\slash.swap', + 'extra.dot.scope', + 'a:colon.path', + 'an_underscore.device', + 'a-dash.slice', + ].each do |unit| + it { is_expected.to allow_value(unit.to_s) } + end + end + + context 'with a illegal unit name' do + [ + 'a space.service', + 'noending', + 'wrong.ending', + 'forward/slash.unit', + ].each do |unit| + it { is_expected.not_to allow_value(unit.to_s) } + end + end +end diff --git a/types/unit.pp b/types/unit.pp index 3357956a..5d597b5e 100644 --- a/types/unit.pp +++ b/types/unit.pp @@ -1,2 +1,4 @@ -# @summary custom datatype that validates different filenames for systemd units -type Systemd::Unit = Pattern['^[^/]+\.(service|socket|device|mount|automount|swap|target|path|timer|slice|scope)$'] +# @summary custom datatype that validates different filenames for systemd units and unit templates +# @see https://www.freedesktop.org/software/systemd/man/systemd.unit.html +type Systemd::Unit = Pattern[/^[[a-z][A-Z][0-9]:\-_.\\@]+\.(service|socket|device|mount|automount|swap|target|path|timer|slice|scope)$/] +