Validate keys for nova_public_key/nova_private_key

We use only the specific keys from these hash values. This updates
the type definition for these parameters to ensure users are not giving
unsupported keys.

Change-Id: Ie3e30b0bf807dbf113de47a76144ead5e4bceeb7

manifests/init.pp

@@ -423,8 +423,8 @@ class nova(
   $ca_file                                = false,
   $cert_file                              = false,
   $key_file                               = false,
-  Optional[Hash] $nova_public_key         = undef,
-  Optional[Hash] $nova_private_key        = undef,
+  Nova::SshKey $nova_public_key           = undef,
+  Nova::SshKey $nova_private_key          = undef,
   $ssl_only                               = $facts['os_service_default'],
   $cert                                   = $facts['os_service_default'],
   $key                                    = $facts['os_service_default'],

spec/type_aliases/sshkey_spec.rb

@@ -0,0 +1,37 @@
+require 'spec_helper'
+
+describe 'Nova::SshKey' do
+  describe 'valid types' do
+    context 'with valid types' do
+      [
+        {'key' => 'foo'},
+        {'type' => 'bar'},
+        {'key' => 'foo', 'type' => 'bar'},
+        {},
+      ].each do |value|
+        describe value.inspect do
+          it { is_expected.to allow_value(value) }
+        end
+      end
+    end
+  end
+
+  describe 'invalid types' do
+    context 'with garbage inputs' do
+      [
+        {'key' => 1},
+        {'fookey' => 'foo'},
+        'foo',
+        true,
+        false,
+        1,
+        1.1,
+        '<SERVICE DEFAULT>',
+      ].each do |value|
+        describe value.inspect do
+          it { is_expected.not_to allow_value(value) }
+        end
+      end
+    end
+  end
+end

types/sshkey.pp

@@ -0,0 +1 @@
+type Nova::SshKey = Optional[Hash[Enum['key', 'type'], String[1]]]