fix: handle null lzBmcHostname in ironic HTTPS certificate validation

[maorfr]

Summary

Fixes a bug in validations.sh where the ironic HTTPS certificate validation fails with "Certificate is not valid for name null" when lzBmcHostname is not provided in the configuration (only IP is provided, as with self-signed certificates).

Root Cause

When .lzBmcHostname is not set in the YAML, getValue returns the literal string "null" (jq's output for missing keys), not an empty string. The bash ${lz_bmc_hostname:-$lz_bmc_ip} fallback only triggers for empty/unset variables, so ironic_cert_name was being set to the literal string "null".

Changes

• Line 315: Removed the incorrect 2>/dev/null || echo "" workaround from the getValue call
• Line 316: Added explicit null check [[ "$lz_bmc_hostname" == "null" ]] && lz_bmc_hostname="" to ensure the bash fallback works correctly

This matches the existing pattern used for ironic_https_cert on line 318.

Testing

With this fix, validations.sh should pass when ironicHTTPSCertificate and ironicHTTPSKey are provided but no hostname is provided (only IP), as in the case of self-signed certificates.

Fixes https://github.com/gori-project/GoRI/issues/934

Summary by CodeRabbit

• Bug Fixes
  • Improved handling of the optional BMC hostname value so missing data is treated more reliably.
  • Prevents empty or unavailable hostname values from causing unexpected validation behavior.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: f3d4e230-607c-486a-b7fa-332c54ae5373

📥 Commits

Reviewing files that changed from the base of the PR and between 5497289 and a55507e.

📒 Files selected for processing (1)

• validations.sh

---

Walkthrough

In validations.sh, the initialization of lz_bmc_hostname is updated: the previous pattern of suppressing stderr with 2>/dev/null and falling back with || echo "" is replaced by a direct assignment from getValue .lzBmcHostname followed by an explicit check that converts the string "null" to an empty string.

Changes

BMC Hostname Null Handling Fix

Layer / File(s)	Summary
lz_bmc_hostname null-to-empty conversion validations.sh	Replaces getValue .lzBmcHostname 2>/dev/null || echo "" with a direct assignment and an explicit [ "$lz_bmc_hostname" = "null" ] check that sets the variable to "", surfacing any real getValue errors instead of suppressing them.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

Poem

A null crept in, disguised as a string 🕵️
Silent stderr swallowed a dangerous thing,
But now it's exposed, checked in plain sight,
No shadowed fallback hiding in night.
Risk: LOW — but honesty wins the fight! 🔒

🚥 Pre-merge checks | ✅ 11

✅ Passed checks (11 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	Clear and specific; it directly matches the null-handling fix in ironic HTTPS certificate validation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
No-Hardcoded-Secrets	✅ Passed	Low risk: the changed hunk only normalizes lzBmcHostname; no API keys, tokens, passwords, private keys, embedded-credential URLs, or base64 secret literals were added.
No-Weak-Crypto	✅ Passed	PASS: the change only normalizes a null hostname string; it adds no MD5/SHA1/DES/RC4/3DES/Blowfish/ECB, custom crypto, or secret comparisons.
No-Injection-Vectors	✅ Passed	Low risk: the PR only normalizes a null hostname in shell assignment; it adds no SQL, eval/exec, unsafe YAML, or user-controlled command execution.
Container-Privileges	✅ Passed	PASS: The PR only edits validations.sh; no container/K8s privilege settings were introduced.
No-Sensitive-Data-In-Logs	✅ Passed	Low risk: the patch only normalizes a config value; it adds no new logging and does not expose passwords/tokens/PII/hostnames beyond existing validation messages.
Ai-Attribution	✅ Passed	Low risk: the commit includes Red Hat-style "Assisted-by" attribution and no AI-related Co-Authored-By trailer was found.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/validations-bmc-hostname-null

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}