From 12e491c92693b88f09af5066d51081601f77b4a0 Mon Sep 17 00:00:00 2001 From: Jake Smith Date: Sat, 12 Dec 2020 02:45:19 +0000 Subject: [PATCH] Allow colon in RBAC resource names Signed-off-by: Jake Smith --- pkg/lint/rules/template.go | 6 ++++++ pkg/lint/rules/template_test.go | 12 ++++++++++++ 2 files changed, 18 insertions(+) diff --git a/pkg/lint/rules/template.go b/pkg/lint/rules/template.go index 0bb9f8671..3ae15673c 100644 --- a/pkg/lint/rules/template.go +++ b/pkg/lint/rules/template.go @@ -203,6 +203,12 @@ func validateMetadataName(obj *K8sYamlStruct) error { if len(obj.Metadata.Name) == 0 || len(obj.Metadata.Name) > 253 { return fmt.Errorf("object name must be between 0 and 253 characters: %q", obj.Metadata.Name) } + + switch obj.Kind { + case "ClusterRole", "Role", "ClusterRoleBinding", "RoleBinding": + obj.Metadata.Name = strings.ReplaceAll(obj.Metadata.Name, ":", "") + } + // This will return an error if the characters do not abide by the standard OR if the // name is left empty. if err := chartutil.ValidateMetadataName(obj.Metadata.Name); err != nil { diff --git a/pkg/lint/rules/template_test.go b/pkg/lint/rules/template_test.go index eb076a1bf..7a68b9946 100644 --- a/pkg/lint/rules/template_test.go +++ b/pkg/lint/rules/template_test.go @@ -134,6 +134,7 @@ func TestValidateMetadataName(t *testing.T) { "one_two": false, "a..b": false, "%^&#$%*@^*@&#^": false, + "example:com": false, } // The length checker should catch this first. So this is not true fuzzing. @@ -156,6 +157,17 @@ func TestValidateMetadataName(t *testing.T) { } } } + + md := &K8sYamlStruct{ + Kind: "Role", + Metadata: k8sYamlMetadata{ + Name: "system::kube-scheduler", + }, + } + + if err := validateMetadataName(md); err != nil { + t.Error(err) + } } func TestDeprecatedAPIFails(t *testing.T) {