Skip to content

Commit

Permalink
Merge pull request #1869 from marcolan018/ocm-6879
Browse files Browse the repository at this point in the history
OCM-6879 | fix: allow user specify `cluster-admin` as admin username in day-1
  • Loading branch information
openshift-merge-bot[bot] authored and gdbranco committed Apr 1, 2024
1 parent 2f619ab commit 5766cad
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 13 deletions.
37 changes: 24 additions & 13 deletions cmd/create/idp/htpasswd.go
Original file line number Diff line number Diff line change
Expand Up @@ -185,20 +185,24 @@ func getUserList(cmd *cobra.Command, r *rosa.Runtime) (userList map[string]strin

func GetUserDetails(cmd *cobra.Command, r *rosa.Runtime,
usernameKey, passwordKey, defaultUsername, defaultPassword string) (string, string) {
return GetIdpUserNameFromPrompt(cmd, r, usernameKey, defaultUsername),
return GetIdpUserNameFromPrompt(cmd, r, usernameKey, defaultUsername, false),
GetIdpPasswordFromPrompt(cmd, r, passwordKey, defaultPassword)
}

func GetIdpUserNameFromPrompt(cmd *cobra.Command, r *rosa.Runtime,
usernameKey, defaultUsername string) string {
usernameKey, defaultUsername string, acceptClusterAdmin bool) string {
validators := []interactive.Validator{
UsernameValidator,
}
if !acceptClusterAdmin {
validators = append(validators, clusterAdminValidator)
}
username, err := interactive.GetString(interactive.Input{
Question: "Username",
Help: cmd.Flags().Lookup(usernameKey).Usage,
Default: defaultUsername,
Required: true,
Validators: []interactive.Validator{
UsernameValidator,
},
Question: "Username",
Help: cmd.Flags().Lookup(usernameKey).Usage,
Default: defaultUsername,
Required: true,
Validators: validators,
})
if err != nil {
exitHTPasswdCreate("Expected a valid username: %s", r.ClusterKey, err, r)
Expand Down Expand Up @@ -244,10 +248,6 @@ func exitHTPasswdCreate(format, clusterKey string, err error, r *rosa.Runtime) {

func UsernameValidator(val interface{}) error {
if username, ok := val.(string); ok {
if username == ClusterAdminUsername {
return fmt.Errorf("username '%s' is not allowed. It is preserved for cluster admin creation. "+
"Run `rosa create admin -c <cluster_id>` to create user '%s'", username, username)
}
if strings.ContainsAny(username, "/:%") {
return fmt.Errorf("invalid username '%s': "+
"username must not contain /, :, or %%", username)
Expand All @@ -257,6 +257,17 @@ func UsernameValidator(val interface{}) error {
return fmt.Errorf("can only validate strings, got '%v'", val)
}

func clusterAdminValidator(val interface{}) error {
if username, ok := val.(string); ok {
if username == ClusterAdminUsername {
return fmt.Errorf("username '%s' is not allowed. It is preserved for cluster admin creation. "+
"Run `rosa create admin -c <cluster_id>` to create user '%s'", username, username)
}
return nil
}
return fmt.Errorf("can only validate strings, got '%v'", val)
}

func parseHtpasswordFile(usersList *map[string]string, filePath string) error {

//A standard wellformed htpasswd file has rows of colon separated usernames and passwords
Expand Down
16 changes: 16 additions & 0 deletions cmd/create/idp/htpasswd_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,22 @@ var _ = Describe("IDP Tests", func() {
)
})

Describe("Username Validators Tests", func() {
It("username with `:` cannot pass clusterAdminValidator", func() {
username := "my:admin"
err := UsernameValidator(username)
Expect(err).To(HaveOccurred())
err = clusterAdminValidator(username)
Expect(err).NotTo(HaveOccurred())
})
It("username `cluster-admin` cannot pass clusterAdminValidator", func() {
username := "cluster-admin"
err := UsernameValidator(username)
Expect(err).NotTo(HaveOccurred())
err = clusterAdminValidator(username)
Expect(err).To(HaveOccurred())
})
})
})

func CreateTmpFile(content string) (*os.File, error) {
Expand Down

0 comments on commit 5766cad

Please sign in to comment.