From f44f2c6a7c2e3a8028b31a12f502bf03a869b89d Mon Sep 17 00:00:00 2001 From: mr-miles Date: Tue, 15 Jun 2021 22:08:36 +0100 Subject: [PATCH 1/5] mongo doesnt allow periods in usernames --- plugins/database/mongodb/mongodb.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/database/mongodb/mongodb.go b/plugins/database/mongodb/mongodb.go index 884f17dbe23a..c1a881cc4637 100644 --- a/plugins/database/mongodb/mongodb.go +++ b/plugins/database/mongodb/mongodb.go @@ -21,7 +21,7 @@ import ( const ( mongoDBTypeName = "mongodb" - defaultUserNameTemplate = `{{ printf "v-%s-%s-%s-%s" (.DisplayName | truncate 15) (.RoleName | truncate 15) (random 20) (unix_time) | truncate 100 }}` + defaultUserNameTemplate = `{{ printf "v-%s-%s-%s-%s" (.DisplayName | replace "." "-" | truncate 15) (.RoleName | replace "." "-" | truncate 15) (random 20) (unix_time) | truncate 100 }}` ) // MongoDB is an implementation of Database interface From 81c332e6a6812ef02eb3f0eeeea27b2921299834 Mon Sep 17 00:00:00 2001 From: mr-miles Date: Fri, 18 Jun 2021 09:42:37 +0100 Subject: [PATCH 2/5] Update mongodb.mdx Update template in docs --- website/content/api-docs/secret/databases/mongodb.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/api-docs/secret/databases/mongodb.mdx b/website/content/api-docs/secret/databases/mongodb.mdx index ed6fed843c88..2985608ffe21 100644 --- a/website/content/api-docs/secret/databases/mongodb.mdx +++ b/website/content/api-docs/secret/databases/mongodb.mdx @@ -52,7 +52,7 @@ has a number of parameters to further configure a connection. Default Username Template ``` -{{ printf "v-%s-%s-%s-%s" (.DisplayName | truncate 15) (.RoleName | truncate 15) (random 20) (unix_time) | truncate 100 }} +{{ printf "v-%s-%s-%s-%s" (.DisplayName | truncate 15) (.RoleName | truncate 15) (random 20) (unix_time) | replace "." "-" | truncate 100 }} ```
From e2d4dd0f986cd9cc308ed5f654f07135a0a5766d Mon Sep 17 00:00:00 2001 From: mr-miles Date: Fri, 18 Jun 2021 09:44:06 +0100 Subject: [PATCH 3/5] Move replace to the end --- plugins/database/mongodb/mongodb.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/database/mongodb/mongodb.go b/plugins/database/mongodb/mongodb.go index c1a881cc4637..a28625b5f55f 100644 --- a/plugins/database/mongodb/mongodb.go +++ b/plugins/database/mongodb/mongodb.go @@ -21,7 +21,7 @@ import ( const ( mongoDBTypeName = "mongodb" - defaultUserNameTemplate = `{{ printf "v-%s-%s-%s-%s" (.DisplayName | replace "." "-" | truncate 15) (.RoleName | replace "." "-" | truncate 15) (random 20) (unix_time) | truncate 100 }}` + defaultUserNameTemplate = `{{ printf "v-%s-%s-%s-%s" (.DisplayName | truncate 15) (.RoleName | truncate 15) (random 20) (unix_time) | replace "." "-" | truncate 100 }}` ) // MongoDB is an implementation of Database interface From ef721557256359bca29724e8d707be11f937d251 Mon Sep 17 00:00:00 2001 From: mr-miles Date: Fri, 18 Jun 2021 09:49:05 +0100 Subject: [PATCH 4/5] Adding a test for dot replacement --- plugins/database/mongodb/mongodb_test.go | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/plugins/database/mongodb/mongodb_test.go b/plugins/database/mongodb/mongodb_test.go index 832b0ce1f7d1..250f3083bbce 100644 --- a/plugins/database/mongodb/mongodb_test.go +++ b/plugins/database/mongodb/mongodb_test.go @@ -82,6 +82,23 @@ func TestNewUser_usernameTemplate(t *testing.T) { expectedUsernameRegex: "^v-token-testrolenamewit-[a-zA-Z0-9]{20}-[0-9]{10}$", }, + "default username template with invalid chars": { + usernameTemplate: "", + + newUserReq: dbplugin.NewUserRequest{ + UsernameConfig: dbplugin.UsernameMetadata{ + DisplayName: "a.bad.account", + RoleName: "a.bad.role", + }, + Statements: dbplugin.Statements{ + Commands: []string{mongoAdminRole}, + }, + Password: "98yq3thgnakjsfhjkl", + Expiration: time.Now().Add(time.Minute), + }, + + expectedUsernameRegex: "^v-a-bad-account-a-bad-role-[a-zA-Z0-9]{20}-[0-9]{10}$", + }, "custom username template": { usernameTemplate: "{{random 2 | uppercase}}_{{unix_time}}_{{.RoleName | uppercase}}_{{.DisplayName | uppercase}}", From 05a02ef6f6870ff7df0e0d15ce29391991364fc3 Mon Sep 17 00:00:00 2001 From: mr-miles Date: Fri, 18 Jun 2021 16:35:24 +0100 Subject: [PATCH 5/5] Create 11872.txt --- changelog/11872.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 changelog/11872.txt diff --git a/changelog/11872.txt b/changelog/11872.txt new file mode 100644 index 000000000000..a573559aea47 --- /dev/null +++ b/changelog/11872.txt @@ -0,0 +1,3 @@ +```release-note:bug +mongo-db: default username template now strips invalid '.' characters +```