Merge pull request #31318 from adityakali/gci53

Automatic merge from submit-queue

Add validation for KUBE_USER

Malformed KUBE_USER causes error in cluster setup.

cc/ @kubernetes/goog-image 
@Q-Lee @Amey-D  Can you please review?

cluster/common.sh

@@ -257,6 +257,16 @@ function load-or-gen-kube-basicauth() {
   if [[ -z "${KUBE_USER:-}" || -z "${KUBE_PASSWORD:-}" ]]; then
     gen-kube-basicauth
   fi
+
+  # Make sure they don't contain any funny characters.
+  if ! [[ "${KUBE_USER}" =~ ^[-._@a-zA-Z0-9]+$ ]]; then
+    echo "Bad KUBE_USER string."
+    exit 1
+  fi
+  if ! [[ "${KUBE_PASSWORD}" =~ ^[-._@#%/a-zA-Z0-9]+$ ]]; then
+    echo "Bad KUBE_PASSWORD string."
+    exit 1
+  fi
 }
 
 function load-or-gen-kube-bearertoken() {

cluster/gce/gci/configure-helper.sh

@@ -755,7 +755,7 @@ function start-kube-apiserver {
   if [[ -n "${KUBE_USER:-}" ]]; then
     local -r abac_policy_json="${src_dir}/abac-authz-policy.jsonl"
     remove-salt-config-comments "${abac_policy_json}"
-    sed -i -e "s@{{kube_user}}@${KUBE_USER}@g" "${abac_policy_json}"
+    sed -i -e "s/{{kube_user}}/${KUBE_USER}/g" "${abac_policy_json}"
     cp "${abac_policy_json}" /etc/srv/kubernetes/
   fi
 
@@ -1115,6 +1115,14 @@ if [[ ! -e "${KUBE_HOME}/kube-env" ]]; then
 fi
 
 source "${KUBE_HOME}/kube-env"
+
+if [[ -n "${KUBE_USER:-}" ]]; then
+  if ! [[ "${KUBE_USER}" =~ ^[-._@a-zA-Z0-9]+$ ]]; then
+    echo "Bad KUBE_USER format."
+    exit 1
+  fi
+fi
+
 config-ip-firewall
 create-dirs
 ensure-local-ssds