github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-21 19:01:49 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #82133 from bclau/windows/run-as-username-fix

Browse Source 
api: Loosens RunAsUserName validation
This commit is contained in:
Kubernetes Prow Robot 2019-08-30 09:40:43 -07:00 committed by GitHub
commit afa979c295
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/apis/core/validation/validation.go
View File

@ -5526,12 +5526,12 @@ func ValidateSecurityContext(sc *core.SecurityContext, fldPath *field.Path) fiel
// is the max character length for the USER itself. Both the DOMAIN and USER have their // is the max character length for the USER itself. Both the DOMAIN and USER have their
// own restrictions, and more information about them can be found here: // own restrictions, and more information about them can be found here:
// https://support.microsoft.com/en-us/help/909264/naming-conventions-in-active-directory-for-computers-domains-sites-and // https://support.microsoft.com/en-us/help/909264/naming-conventions-in-active-directory-for-computers-domains-sites-and
// https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.localaccounts/new-localuser?view=powershell-5.1 // https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/bb726984(v=technet.10)
const ( const (
maxGMSACredentialSpecLengthInKiB = 64 maxGMSACredentialSpecLengthInKiB = 64
maxGMSACredentialSpecLength = maxGMSACredentialSpecLengthInKiB * 1024 maxGMSACredentialSpecLength = maxGMSACredentialSpecLengthInKiB * 1024
maxRunAsUserNameDomainLength = 256 maxRunAsUserNameDomainLength = 256
maxRunAsUserNameUserLength = 21 maxRunAsUserNameUserLength = 104
) )
var ( var (
@ -5612,8 +5612,8 @@ func validateWindowsSecurityContextOptions(windowsOptions *core.WindowsSecurityC
if l := len(user); l == 0 { if l := len(user); l == 0 {
errMsg := fmt.Sprintf("runAsUserName's User cannot be empty") errMsg := fmt.Sprintf("runAsUserName's User cannot be empty")
allErrs = append(allErrs, field.Invalid(fieldPath.Child("runAsUserName"), windowsOptions.RunAsUserName, errMsg)) allErrs = append(allErrs, field.Invalid(fieldPath.Child("runAsUserName"), windowsOptions.RunAsUserName, errMsg))
} else if l >= maxRunAsUserNameUserLength { } else if l > maxRunAsUserNameUserLength {
errMsg := fmt.Sprintf("runAsUserName's User length must be under %d characters", maxRunAsUserNameUserLength) errMsg := fmt.Sprintf("runAsUserName's User length must not be longer than %d characters", maxRunAsUserNameUserLength)
allErrs = append(allErrs, field.Invalid(fieldPath.Child("runAsUserName"), windowsOptions.RunAsUserName, errMsg)) allErrs = append(allErrs, field.Invalid(fieldPath.Child("runAsUserName"), windowsOptions.RunAsUserName, errMsg))
} }

4
pkg/apis/core/validation/validation_test.go
View File

@ -14204,9 +14204,9 @@ func TestValidateWindowsSecurityContextOptions(t *testing.T) {
{ {
testName: "RunAsUserName's User is too long", testName: "RunAsUserName's User is too long",
windowsOptions: &core.WindowsSecurityContextOptions{ windowsOptions: &core.WindowsSecurityContextOptions{
RunAsUserName: toPtr(strings.Repeat("a", maxRunAsUserNameUserLength)), RunAsUserName: toPtr(strings.Repeat("a", maxRunAsUserNameUserLength+1)),
}, },
expectedErrorSubstring: "runAsUserName's User length must be under", expectedErrorSubstring: "runAsUserName's User length must not be longer than",
}, },
{ {
testName: "RunAsUserName's User cannot contain only spaces or periods", testName: "RunAsUserName's User cannot contain only spaces or periods",