IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

SA: Fix name validation so we can prevent creating service account with protected prefix (#94762)

Browse Source 
Fix name validation so we can prevent creating service account with protected prefix
This commit is contained in:
Karl Persson 2024-10-16 10:27:06 +02:00 committed by GitHub
parent bfbbdf5efb
commit 7fba9ba522
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/services/serviceaccounts/proxy/service.go
View File

@ -183,5 +183,5 @@ func (s *ServiceAccountsProxy) SearchOrgServiceAccounts(ctx context.Context, que
}
func isNameValid(name string) bool {
return !strings.HasPrefix(name, serviceaccounts.ExtSvcPrefix)
return !strings.HasPrefix(name, strings.TrimSuffix(serviceaccounts.ExtSvcPrefix, "-"))
}

9
pkg/services/serviceaccounts/proxy/service_test.go
View File

@ -43,12 +43,19 @@ func TestProvideServiceAccount_crudServiceAccount(t *testing.T) {
expectedError: nil,
},
{
description: "should not allow to create a service account with extsvc prefix",
description: "should not allow to create a service account with extsvc- prefix",
form: sa.CreateServiceAccountForm{
Name: "extsvc-my-service-account",
},
expectedError: extsvcaccounts.ErrInvalidName,
},
{
description: "should not allow to create a service account with extsvc prefix",
form: sa.CreateServiceAccountForm{
Name: "extsvc my-service-account",
},
expectedError: extsvcaccounts.ErrInvalidName,
},
}
for _, tc := range testCases {