github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-21 02:41:25 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #82133 from bclau/windows/run-as-username-fix

Browse Source 
api: Loosens RunAsUserName validation
This commit is contained in:
Kubernetes Prow Robot 2019-08-30 09:40:43 -07:00 committed by GitHub
commit afa979c295
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/apis/core/validation/validation.go
View File

@ -5526,12 +5526,12 @@ func ValidateSecurityContext(sc *core.SecurityContext, fldPath *field.Path) fiel
// is the max character length for the USER itself. Both the DOMAIN and USER have their
// own restrictions, and more information about them can be found here:
// https://support.microsoft.com/en-us/help/909264/naming-conventions-in-active-directory-for-computers-domains-sites-and
// https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.localaccounts/new-localuser?view=powershell-5.1
// https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/bb726984(v=technet.10)
const (
maxGMSACredentialSpecLengthInKiB = 64
maxGMSACredentialSpecLength = maxGMSACredentialSpecLengthInKiB * 1024
maxRunAsUserNameDomainLength = 256
maxRunAsUserNameUserLength = 21
maxRunAsUserNameUserLength = 104
)
var (
@ -5612,8 +5612,8 @@ func validateWindowsSecurityContextOptions(windowsOptions *core.WindowsSecurityC
if l := len(user); l == 0 {
errMsg := fmt.Sprintf("runAsUserName's User cannot be empty")
allErrs = append(allErrs, field.Invalid(fieldPath.Child("runAsUserName"), windowsOptions.RunAsUserName, errMsg))
} else if l >= maxRunAsUserNameUserLength {
errMsg := fmt.Sprintf("runAsUserName's User length must be under %d characters", maxRunAsUserNameUserLength)
} else if l > maxRunAsUserNameUserLength {
errMsg := fmt.Sprintf("runAsUserName's User length must not be longer than %d characters", maxRunAsUserNameUserLength)
allErrs = append(allErrs, field.Invalid(fieldPath.Child("runAsUserName"), windowsOptions.RunAsUserName, errMsg))
}

4
pkg/apis/core/validation/validation_test.go
View File

@ -14204,9 +14204,9 @@ func TestValidateWindowsSecurityContextOptions(t *testing.T) {
{
testName: "RunAsUserName's User is too long",
windowsOptions: &core.WindowsSecurityContextOptions{
RunAsUserName: toPtr(strings.Repeat("a", maxRunAsUserNameUserLength)),
RunAsUserName: toPtr(strings.Repeat("a", maxRunAsUserNameUserLength+1)),
},
expectedErrorSubstring: "runAsUserName's User length must be under",
expectedErrorSubstring: "runAsUserName's User length must not be longer than",
},
{
testName: "RunAsUserName's User cannot contain only spaces or periods",