Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: 🐛 Replace simple strings.Contains match with regex #320

Merged
merged 1 commit into from
Apr 18, 2022

Conversation

daniel-anova
Copy link
Contributor

@daniel-anova daniel-anova commented Feb 14, 2022

Use a more refined regex to match valid injectable secret names.

Argo Workflows passes an environment variable with the workflow manifest in JSON, this was being picked up by strings.Contains match causing it to fail.

The regex match is a lot stricter only trying to replace environment variables that only have a injectable secret name.

Resolves #281

@daniel-anova daniel-anova changed the title fix: 🐛 Replace simple string.Contains match with regex fix: 🐛 Replace simple strings.Contains match with regex Feb 14, 2022
Use a more refined regex to match valid injectable secret names.

Argo Workflow passes a enviromnet variable with the workflow manifest in JSON, this was being picked up by string.contains match causing it to fail.

The regex match is a lot stricter only trying to replace enviroment variables that only have a injectable secret name.

refactor: ♻️ Compile the regex only once

Regex was being compiled every for loop instead of only once

refactor: ♻️ Use raw strings for regex

fix: 🐛 Correct condition

refactor: ♻️ Use for each instead of checking the len and getting 0 element

fix: 🐛 Correct regex to make ? optional

fix: 🐛 Correct return for akvsName
@daniel-anova daniel-anova force-pushed the fix/secret-inject-match branch from cf2454d to 445cec2 Compare February 14, 2022 14:29
@181192 181192 merged commit 109dc0b into SparebankenVest:master Apr 18, 2022
@181192
Copy link
Collaborator

181192 commented Apr 18, 2022

Thank you very much @daniel-anova!

@srmars
Copy link

srmars commented Oct 2, 2022

@daniel-anova can you please check this issue - #415

@daniel-anova
Copy link
Contributor Author

daniel-anova commented Oct 6, 2022

@daniel-anova can you please check this issue - #415

The mentioned fix in #415 does resolve the issue with certificates, however, I also realized my initial regex was "naive" and doesn't match RFC 1123 DNS names.

A more correct regex would be:

^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)@azurekeyvault([\?]?[a-z-\d\.]*)$

Copying the regex used by kubectl to validate resource names. That said I'm still unsure [a-z-\d\.]* covers all valid values after ?.

@daniel-anova daniel-anova deleted the fix/secret-inject-match branch October 6, 2022 09:51
181192 added a commit that referenced this pull request Feb 12, 2023
Add tests to validate different formats
Fixes #320 #415 #456
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[BUG] ARGO_TEMPLATE env var gets parsed by akv2k8s halting pod startup
3 participants