mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-11-03 20:17:59 +00:00
Mongo doesnt allow periods in usernames (#11872)
* mongo doesnt allow periods in usernames * Update mongodb.mdx Update template in docs * Move replace to the end * Adding a test for dot replacement * Create 11872.txt
This commit is contained in:
mr-miles
3
changelog/11872.txt
Normal file
3
changelog/11872.txt
Normal file
@@ -0,0 +1,3 @@
|
|||||||
|
```release-note:bug
|
||||||
|
mongo-db: default username template now strips invalid '.' characters
|
||||||
|
```
|
||||||
@@ -21,7 +21,7 @@ import (
|
|||||||
const (
|
const (
|
||||||
mongoDBTypeName = "mongodb"
|
mongoDBTypeName = "mongodb"
|
||||||
|
|
||||||
defaultUserNameTemplate = `{{ printf "v-%s-%s-%s-%s" (.DisplayName | truncate 15) (.RoleName | truncate 15) (random 20) (unix_time) | truncate 100 }}`
|
defaultUserNameTemplate = `{{ printf "v-%s-%s-%s-%s" (.DisplayName | truncate 15) (.RoleName | truncate 15) (random 20) (unix_time) | replace "." "-" | truncate 100 }}`
|
||||||
)
|
)
|
||||||
|
|
||||||
// MongoDB is an implementation of Database interface
|
// MongoDB is an implementation of Database interface
|
||||||
|
|||||||
@@ -82,6 +82,23 @@ func TestNewUser_usernameTemplate(t *testing.T) {
|
|||||||
|
|
||||||
expectedUsernameRegex: "^v-token-testrolenamewit-[a-zA-Z0-9]{20}-[0-9]{10}$",
|
expectedUsernameRegex: "^v-token-testrolenamewit-[a-zA-Z0-9]{20}-[0-9]{10}$",
|
||||||
},
|
},
|
||||||
|
"default username template with invalid chars": {
|
||||||
|
usernameTemplate: "",
|
||||||
|
|
||||||
|
newUserReq: dbplugin.NewUserRequest{
|
||||||
|
UsernameConfig: dbplugin.UsernameMetadata{
|
||||||
|
DisplayName: "a.bad.account",
|
||||||
|
RoleName: "a.bad.role",
|
||||||
|
},
|
||||||
|
Statements: dbplugin.Statements{
|
||||||
|
Commands: []string{mongoAdminRole},
|
||||||
|
},
|
||||||
|
Password: "98yq3thgnakjsfhjkl",
|
||||||
|
Expiration: time.Now().Add(time.Minute),
|
||||||
|
},
|
||||||
|
|
||||||
|
expectedUsernameRegex: "^v-a-bad-account-a-bad-role-[a-zA-Z0-9]{20}-[0-9]{10}$",
|
||||||
|
},
|
||||||
"custom username template": {
|
"custom username template": {
|
||||||
usernameTemplate: "{{random 2 | uppercase}}_{{unix_time}}_{{.RoleName | uppercase}}_{{.DisplayName | uppercase}}",
|
usernameTemplate: "{{random 2 | uppercase}}_{{unix_time}}_{{.RoleName | uppercase}}_{{.DisplayName | uppercase}}",
|
||||||
|
|
||||||
|
|||||||
@@ -52,7 +52,7 @@ has a number of parameters to further configure a connection.
|
|||||||
<summary><b>Default Username Template</b></summary>
|
<summary><b>Default Username Template</b></summary>
|
||||||
|
|
||||||
```
|
```
|
||||||
{{ printf "v-%s-%s-%s-%s" (.DisplayName | truncate 15) (.RoleName | truncate 15) (random 20) (unix_time) | truncate 100 }}
|
{{ printf "v-%s-%s-%s-%s" (.DisplayName | truncate 15) (.RoleName | truncate 15) (random 20) (unix_time) | replace "." "-" | truncate 100 }}
|
||||||
```
|
```
|
||||||
|
|
||||||
<details>
|
<details>
|
||||||
|
|||||||
Reference in New Issue
Block a user