secret/postgres: Ensure sane username length. Fixes #326

2015-06-17 13:31:56 -07:00 · 2015-06-17 13:31:56 -07:00 · 30de4ea80d
parent 3331950d7e
commit 30de4ea80d
1 changed files with 9 additions and 5 deletions
--- a/builtin/logical/postgresql/path_role_create.go
+++ b/builtin/logical/postgresql/path_role_create.go
@ -2,7 +2,6 @@ package postgresql

 import (
 	"fmt"
-	"math/rand"
 	"time"

 	"github.com/hashicorp/vault/logical"
@ -51,10 +50,15 @@ func (b *backend) pathRoleCreateRead(
 		lease = &configLease{Lease: 1 * time.Hour}
 	}

-	// Generate the username, password and expiration
-	username := fmt.Sprintf(
-		"vault-%s-%d-%d",
-		req.DisplayName, time.Now().Unix(), rand.Int31n(10000))
+	// Generate the username, password and expiration. PG limits user to 63 characters
+	displayName := req.DisplayName
+	if len(displayName) > 26 {
+		displayName = displayName[:26]
+	}
+	username := fmt.Sprintf("%s-%s", displayName, generateUUID())
+	if len(username) > 63 {
+		username = username[:63]
+	}
 	password := generateUUID()
 	expiration := time.Now().UTC().
 		Add(lease.Lease + time.Duration((float64(lease.Lease) * 0.1))).