Backport/2.8/57135 (#57137)

* Fix netapp_e_iscsi_target chap secret size and clearing functionality. * Add changelogs fragment for PR #57135
2019-05-29 13:55:59 -05:00 · 2019-05-29 13:55:59 -05:00 · 0365d73102
commit 0365d73102
parent f511bec4ff
3 changed files with 10 additions and 7 deletions
--- a/changelogs/fragments/57135-netapp_e_iscsi_target-fix-chap-secret-size-and-clearing.yaml
+++ b/changelogs/fragments/57135-netapp_e_iscsi_target-fix-chap-secret-size-and-clearing.yaml
@ -0,0 +1,2 @@
+bugfixes:
+  - netapp_e_iscsi_target - fix netapp_e_iscsi_target chap secret size and clearing functionality
--- a/lib/ansible/modules/storage/netapp/netapp_e_iscsi_target.py
+++ b/lib/ansible/modules/storage/netapp/netapp_e_iscsi_target.py
@ -39,7 +39,8 @@ options:
            - When this value is specified, we will always trigger an update (changed=True). We have no way of verifying
              whether or not the password has changed.
            - The chap secret may only use ascii characters with values between 32 and 126 decimal.
-            - The chap secret must be no less than 12 characters, but no more than 16 characters in length.
+            - The chap secret must be no less than 12 characters, but no greater than 57 characters in length.
+            - The chap secret is cleared when not specified or an empty string.
        aliases:
            - chap
            - password
@ -158,9 +159,9 @@ class IscsiTarget(object):
        if not self.url.endswith('/'):
            self.url += '/'

-        if self.chap_secret is not None:
-            if len(self.chap_secret) < 12 or len(self.chap_secret) > 16:
-                self.module.fail_json(msg="The provided CHAP secret is not valid, it must be between 12 and 16"
+        if self.chap_secret:
+            if len(self.chap_secret) < 12 or len(self.chap_secret) > 57:
+                self.module.fail_json(msg="The provided CHAP secret is not valid, it must be between 12 and 57"
                                          " characters in length.")

            for c in self.chap_secret:
@ -226,7 +227,7 @@ class IscsiTarget(object):
            body['alias'] = self.name

        # If the CHAP secret was provided, we trigger an update.
-        if self.chap_secret is not None:
+        if self.chap_secret:
            update = True
            body.update(dict(enableChapAuthentication=True,
                             chapSecret=self.chap_secret))
--- a/test/units/modules/storage/netapp/test_netapp_e_iscsi_target.py
+++ b/test/units/modules/storage/netapp/test_netapp_e_iscsi_target.py
@ -35,13 +35,13 @@ class IscsiTargetTest(ModuleTestCase):

    def test_validate_params(self):
        """Ensure we can pass valid parameters to the module"""
-        for i in range(12, 16):
+        for i in range(12, 57):
            secret = 'a' * i
            self._set_args(dict(chap=secret))
            tgt = IscsiTarget()

    def test_invalid_chap_secret(self):
-        for secret in [11 * 'a', 17 * 'a', u'©' * 12]:
+        for secret in [11 * 'a', 58 * 'a']:
            with self.assertRaisesRegexp(AnsibleFailJson, r'.*?CHAP secret is not valid.*') as result:
                self._set_args(dict(chap=secret))
                tgt = IscsiTarget()