Mongo doesnt allow periods in usernames #11872
Conversation
|
@mr-miles The changes looks good to me. Would you be able to add a test to this effect? |
|
@pcman312 Any issues with this change? I also wonder if there are other special characters to avoid. Should it be listed in CHANGES? |
|
Will attempt to add a test. SO says the one other restriction on keys is that they can't start with a dollar so I think the default template is safe |
There was a problem hiding this comment.
This looks good to me. Can you also update the API docs to reflect the updated default template?
https://github.com/hashicorp/vault/blob/master/website/content/api-docs/secret/databases/mongodb.mdx#parameters
Thanks!
plugins/database/mongodb/mongodb.go
Outdated
| @@ -21,7 +21,7 @@ import ( | |||
| const ( | |||
| mongoDBTypeName = "mongodb" | |||
|
|
|||
| defaultUserNameTemplate = `{{ printf "v-%s-%s-%s-%s" (.DisplayName | truncate 15) (.RoleName | truncate 15) (random 20) (unix_time) | truncate 100 }}` | |||
| defaultUserNameTemplate = `{{ printf "v-%s-%s-%s-%s" (.DisplayName | replace "." "-" | truncate 15) (.RoleName | replace "." "-" | truncate 15) (random 20) (unix_time) | truncate 100 }}` | |||
There was a problem hiding this comment.
This looks good! What do you think about moving the replace to the end so it only needs to be done once instead of for each of the two fields?
{{ printf "v-%s-%s-%s-%s" (.DisplayName | truncate 15) (.RoleName | truncate 15) (random 20) (unix_time) | replace "." "-" | truncate 100 }}
There was a problem hiding this comment.
Docs and template updated
Update template in docs
|
Test added also |
|
Thanks for the updates. Can you please add a changelog file to this PR? The /changelog folder has examples. |
|
done (and hopefully correctly!) |
|
Thanks for submitting this! |
We found that the default username template can create invalid usernames which aren't accepted by mongo. Replacing the dots with an allowed character fixes it.