Skip to content

Commit

Permalink
fix: validate key names dont have spaces (#1449) (#1490)
Browse files Browse the repository at this point in the history 
- validate key names dont have spaces
- migrate existing keys with spaces
- validate key name in CLI before create
  • Loading branch information
@BruceMacD
BruceMacD authored Apr 6, 2022
1 parent c5d529b commit b080ca2
Show file tree
Hide file tree
Showing 7 changed files with 35 additions and 5 deletions.
2 changes: 1 addition & 1 deletion api/access_key.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ type ListAccessKeysRequest struct {

type CreateAccessKeyRequest struct {
IdentityID uid.ID `json:"identityID" validate:"required"`
Name string `json:"name" validate:"required"`
Name string `json:"name" validate:"required,excludes= "`
TTL Duration `json:"ttl" validate:"required" note:"maximum time valid"`
ExtensionDeadline Duration `json:"extensionDeadline,omitempty" validate:"required" note:"How long the key is active for before it needs to be renewed. The access key must be used within this amount of time to renew validity"`
}
Expand Down
2 changes: 1 addition & 1 deletion internal/access/setup.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ func Setup(c *gin.Context) (string, *models.AccessKey, error) {
}

key := &models.AccessKey{
Name: fmt.Sprintf("%s access key", name),
Name: fmt.Sprintf("%s-access-key", name),
IssuedFor: identity.ID,
ExpiresAt: time.Now().Add(math.MaxInt64).UTC(),
}
Expand Down
5 changes: 5 additions & 0 deletions internal/cmd/keys.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package cmd

import (
"fmt"
"strings"
"time"

"github.com/spf13/cobra"
Expand Down Expand Up @@ -53,6 +54,10 @@ infra keys create main wall-e 12h --extension-deadline=1h
keyName := args[0]
machineName := args[1]

if strings.Contains(keyName, " ") {
return fmt.Errorf("key name cannot contain spaces")
}

client, err := defaultAPIClient()
if err != nil {
return err
Expand Down
2 changes: 1 addition & 1 deletion internal/server/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -546,7 +546,7 @@ func (s *Server) importAccessKeys() error {
}
}

name := fmt.Sprintf("default %s access key", k)
name := fmt.Sprintf("default-%s-access-key", k)

accessKey, err := data.GetAccessKey(s.db, data.ByIssuedFor(machine.ID))
if err != nil {
Expand Down
25 changes: 25 additions & 0 deletions internal/server/data/migrations.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -289,6 +289,31 @@ func migrate(db *gorm.DB) error {
},
// this change cannot be rolled back
},
// #1449: access key name can't have whitespace
{
ID: "202204061643",
Migrate: func(tx *gorm.DB) error {
if tx.Migrator().HasTable("access_keys") {
keys, err := ListAccessKeys(db)
if err != nil {
return err
}

for i := range keys {
if strings.Contains(keys[i].Name, " ") {
keys[i].Name = strings.ReplaceAll(keys[i].Name, " ", "-")
err := SaveAccessKey(db, &keys[i])
if err != nil {
return err
}
}
}
}

return nil
},
// context lost, cannot roll back
},
// next one here
})

Expand Down
2 changes: 1 addition & 1 deletion internal/server/models/access_key.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ var (
// AccessKey is a session token presented to the Infra server as proof of authentication
type AccessKey struct {
Model
Name string `gorm:"uniqueIndex:,where:deleted_at is NULL"`
Name string `gorm:"uniqueIndex:,where:deleted_at is NULL" validate:"excludes= "`
IssuedFor uid.ID `validate:"required"`

ExpiresAt time.Time `validate:"required"`
Expand Down
2 changes: 1 addition & 1 deletion internal/server/server_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -875,7 +875,7 @@ func TestImportAccessKeysUpdate(t *testing.T) {
err = s.importAccessKeys()
assert.NilError(t, err)

accessKey, err := data.GetAccessKey(s.db, data.ByName("default admin access key"))
accessKey, err := data.GetAccessKey(s.db, data.ByName("default-admin-access-key"))
assert.NilError(t, err)
assert.Equal(t, accessKey.KeyID, "EKoHADINYX")
}
Expand Down

0 comments on commit b080ca2

Please sign in to comment.