Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove DNS-1123 validation of usernames and groups #260

Merged
merged 2 commits into from
Jan 7, 2020
Merged

Remove DNS-1123 validation of usernames and groups #260

merged 2 commits into from
Jan 7, 2020

Conversation

richardmarshall
Copy link
Contributor

k8s doesn't require user or group names to be DNS-1123 labels so there isn't a need to enforce or transform these values to conform to that format.

To that end this PR removes the regexp check which validates DNS-1123 and removes the string replacement of @s in SessionName.

Also of note that the current regex is missing start and end of line anchors so the validation is only ensuring that a group or user contains a sub-string that is a valid DNS-1123 label.

The second change does have impacts on existing usage of the {{SessionName}} template value which could break rolebindings for users who are making use of this value and have email addresses for session names.

I see a few ways this could be addressed and am happy to update the PR to reflect a desired path for this.

  • Liberal documentation updates to warn users of the change.
  • Toggle the change on a server flag (something along the lines of --legacy-session-name=true)
  • Creating a new template variable ({{SessionNameRaw}}) that doesn't do the replacement and leave the existing behavior for {{SessionName}} in place.

Related to #80

@k8s-ci-robot
Copy link
Contributor

Welcome @richardmarshall!

It looks like this is your first PR to kubernetes-sigs/aws-iam-authenticator 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/aws-iam-authenticator has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Aug 30, 2019
@k8s-ci-robot k8s-ci-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Aug 30, 2019
@richardmarshall
Copy link
Contributor Author

/assign @mattmoyer

@micahhausler
Copy link
Member

I don't have an issue with removing the regex, but the {{SessionName}} a breaking change is a no-go.

  • Creating a new template variable ({{SessionNameRaw}}) that doesn't do the replacement and leave the existing behavior for {{SessionName}} in place.

I like this idea a lot and would happily accept this

@richardmarshall
Copy link
Contributor Author

breaking change is a no-go.

I expected that but wanted to seed discussion with the lowest effort code change 😄

I like this idea a lot and would happily accept this

Great, will update the code and add some documentation for the new template variable.

@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Aug 31, 2019
@richardmarshall
Copy link
Contributor Author

@micahhausler Updated, PTAL

@nckturner
Copy link
Contributor

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 13, 2019
@richardmarshall
Copy link
Contributor Author

@micahhausler @nckturner Anything else needed on my end to help move this forward?

micahhausler
micahhausler approved these changes Jan 7, 2020
View reviewed changes
Copy link
Member

@micahhausler micahhausler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve
/lgtm

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: micahhausler, richardmarshall

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 7, 2020
@k8s-ci-robot k8s-ci-robot merged commit 1cfe2a9 into kubernetes-sigs:master Jan 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@micahhausler micahhausler micahhausler approved these changes

@christopherhein christopherhein Awaiting requested review from christopherhein

Assignees

@micahhausler micahhausler

@nckturner nckturner

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@richardmarshall @k8s-ci-robot @micahhausler @nckturner @mattmoyer