luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Mongo doesnt allow periods in usernames (#11872) 

* mongo doesnt allow periods in usernames

* Update mongodb.mdx

Update template in docs

* Move replace to the end

* Adding a test for dot replacement

* Create 11872.txt
This commit is contained in:
mr-miles 2021-06-24 18:26:31 +01:00 committed by GitHub
parent 3c35a25d36
commit 9e031b5766
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
changelog/11872.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
mongo-db: default username template now strips invalid '.' characters
```

2
plugins/database/mongodb/mongodb.go
View File

@ -21,7 +21,7 @@ import (
const ( const (
mongoDBTypeName = "mongodb" mongoDBTypeName = "mongodb"
defaultUserNameTemplate = `{{ printf "v-%s-%s-%s-%s" (.DisplayName | truncate 15) (.RoleName | truncate 15) (random 20) (unix_time) | truncate 100 }}` defaultUserNameTemplate = `{{ printf "v-%s-%s-%s-%s" (.DisplayName | truncate 15) (.RoleName | truncate 15) (random 20) (unix_time) | replace "." "-" | truncate 100 }}`
) )
// MongoDB is an implementation of Database interface // MongoDB is an implementation of Database interface

17
plugins/database/mongodb/mongodb_test.go
View File

@ -82,6 +82,23 @@ func TestNewUser_usernameTemplate(t *testing.T) {
expectedUsernameRegex: "^v-token-testrolenamewit-[a-zA-Z0-9]{20}-[0-9]{10}$", expectedUsernameRegex: "^v-token-testrolenamewit-[a-zA-Z0-9]{20}-[0-9]{10}$",
}, },
"default username template with invalid chars": {
usernameTemplate: "",
newUserReq: dbplugin.NewUserRequest{
UsernameConfig: dbplugin.UsernameMetadata{
DisplayName: "a.bad.account",
RoleName: "a.bad.role",
},
Statements: dbplugin.Statements{
Commands: []string{mongoAdminRole},
},
Password: "98yq3thgnakjsfhjkl",
Expiration: time.Now().Add(time.Minute),
},
expectedUsernameRegex: "^v-a-bad-account-a-bad-role-[a-zA-Z0-9]{20}-[0-9]{10}$",
},
"custom username template": { "custom username template": {
usernameTemplate: "{{random 2 | uppercase}}_{{unix_time}}_{{.RoleName | uppercase}}_{{.DisplayName | uppercase}}", usernameTemplate: "{{random 2 | uppercase}}_{{unix_time}}_{{.RoleName | uppercase}}_{{.DisplayName | uppercase}}",

2
website/content/api-docs/secret/databases/mongodb.mdx
View File

@ -52,7 +52,7 @@ has a number of parameters to further configure a connection.
<summary><b>Default Username Template</b></summary> <summary><b>Default Username Template</b></summary>
``` ```
{{ printf "v-%s-%s-%s-%s" (.DisplayName | truncate 15) (.RoleName | truncate 15) (random 20) (unix_time) | truncate 100 }} {{ printf "v-%s-%s-%s-%s" (.DisplayName | truncate 15) (.RoleName | truncate 15) (random 20) (unix_time) | replace "." "-" | truncate 100 }}
``` ```
<details> <details>