generated secret names should be unique and rfc1123 compliant
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Kubernetes Control Plane Charm |
Fix Released
|
High
|
Kevin W Monroe |
Bug Description
We need to validate the 'name' field in k8s-master user actions. We use the name as part of the secret id, and that must be a valid rfc1123 string:
https:/
Today, things like 'user-create' allow invalid input, and while k8s throws an error, the action succeeds. Example with an invalid name (capital letters are invalid):
-----
$ juju run-action --wait kubernetes-master/0 user-create name=Bob
unit-kubernetes
UnitId: kubernetes-master/0
id: "3"
results:
Stderr: |
The Secret "Bob-token-auth" is invalid: metadata.name: Invalid value: "Bob-token-auth": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-
Stdout: |
Cluster "juju-cluster" set.
Property "users" unset.
User "Bob" set.
Context "juju-context" created.
Switched to context "juju-context".
kubeconfig: juju scp kubernetes-
msg: User "Bob" created.
users: admin, system:
system:
system:
status: completed
-----
No secret has been created, but users might not realize that since the action appears to have succeeded.
Changed in charm-kubernetes-master: | |
assignee: | nobody → Kevin W Monroe (kwmonroe) |
importance: | Undecided → High |
status: | New → In Progress |
milestone: | none → 1.20+ck1 |
summary: |
- validate user-* action input + generated secret names should be unique and rfc1123 compliant |
tags: | added: review-needed |
Changed in charm-kubernetes-master: | |
status: | In Progress → Fix Committed |
tags: | removed: review-needed |
Changed in charm-kubernetes-master: | |
status: | Fix Committed → Fix Released |
PR for review:
https:/ /github. com/charmed- kubernetes/ charm-kubernete s-master/ pull/138