From 13dbb35c686c73d6690356062f781e2adf3882ca Mon Sep 17 00:00:00 2001 From: Nikos Tsipinakis Date: Thu, 31 Aug 2023 15:20:40 +0200 Subject: [PATCH] kubernetes: Fix pod creation fail on long usernames (#526) * Use authenticated username over normal username for k8s label * Do not add containerssh_username label if username is 63 chars or over * Run tests on all branches --- .github/workflows/pipeline.yml | 2 +- internal/kubernetes/networkHandler.go | 11 ++++++++++- message/kubernetes.go | 4 ++++ 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index ba0aa17d..0d599c2f 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -2,7 +2,7 @@ name: Build on: push: branches: - - main + - '*' pull_request: schedule: - cron: '0 17 * * 2' diff --git a/internal/kubernetes/networkHandler.go b/internal/kubernetes/networkHandler.go index f81f2644..6e1142ad 100644 --- a/internal/kubernetes/networkHandler.go +++ b/internal/kubernetes/networkHandler.go @@ -90,7 +90,16 @@ func (n *networkHandler) OnHandshakeSuccess(meta metadata.ConnectionAuthenticate } n.labels = map[string]string{ "containerssh_connection_id": n.connectionID, - "containerssh_username": r.ReplaceAllString(meta.Username, "-"), + } + if len(meta.AuthenticatedUsername) <= 63 { + n.labels["containerssh_username"] = r.ReplaceAllString(meta.AuthenticatedUsername, "-") + } else { + n.logger.Warning(message.NewMessage( + message.MKubernetesUsernameTooLong, + "The users username (%s) is longer than the 63 character limit of kubernetes labels. The containerssh_username label will be unavailable in the users pod", + meta.AuthenticatedUsername, + ), + ) } for authMetadataName, labelName := range n.config.Pod.ExposeAuthMetadataAsLabels { if value, ok := meta.GetMetadata()[authMetadataName]; ok { diff --git a/message/kubernetes.go b/message/kubernetes.go index b8990619..8bbe0aa4 100644 --- a/message/kubernetes.go +++ b/message/kubernetes.go @@ -21,6 +21,10 @@ const MKubernetesPodCreate = "KUBERNETES_POD_CREATE" // MKubernetesPodWait indicates that the ContainerSSH Kubernetes module is waiting for the pod to come up. const MKubernetesPodWait = "KUBERNETES_POD_WAIT" +// MKubernetesUsernameTooLong indicates that the users username is too long to be provided as a label in the k8s pod. +// The containerssh_username label is unavailable on that users pod. +const MKubernetesUsernameTooLong = "KUBERNETES_USERNAME_TOO_LONG" + // MKubernetesPodWaitFailed indicates that the ContainerSSH Kubernetes module failed to wait for the pod to come up. // Check the error message for details. const MKubernetesPodWaitFailed = "KUBERNETES_POD_WAIT_FAILED"