-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow compute/app engine default service account ids in regex (#1390)
- Loading branch information
Showing
2 changed files
with
20 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -20,6 +20,10 @@ const ( | |
|
|
||
| RFC1035NameTemplate = "[a-z](?:[-a-z0-9]{%d,%d}[a-z0-9])" | ||
| CloudIoTIdRegex = "^[a-zA-Z][-a-zA-Z0-9._+~%]{2,254}$" | ||
|
|
||
| // Format of default Compute service accounts created by Google | ||
| // ${PROJECT_ID}[email protected] where PROJECT_ID is an int64 (max 20 digits) | ||
| ComputeServiceAccountNameRegex = "[0-9]{1,20}[email protected]" | ||
| ) | ||
|
|
||
| var ( | ||
|
|
@@ -29,8 +33,20 @@ var ( | |
| // 4 and 28 since the first and last character are excluded. | ||
| ServiceAccountNameRegex = fmt.Sprintf(RFC1035NameTemplate, 4, 28) | ||
|
|
||
| ProjectNameInDNSFormRegex = "[-a-z0-9\\.]{1,63}" | ||
| ServiceAccountLinkRegex = "projects/" + ProjectRegex + "/serviceAccounts/" + ServiceAccountNameRegex + "@" + ProjectNameInDNSFormRegex + "\\.iam\\.gserviceaccount\\.com$" | ||
| ServiceAccountLinkRegexPrefix = "projects/" + ProjectRegex + "/serviceAccounts/" | ||
| PossibleServiceAccountNames = []string{ | ||
| AppEngineServiceAccountNameRegex, | ||
| ComputeServiceAccountNameRegex, | ||
| CreatedServiceAccountNameRegex, | ||
| } | ||
| ServiceAccountLinkRegex = ServiceAccountLinkRegexPrefix + "(" + strings.Join(PossibleServiceAccountNames, "|") + ")" | ||
|
|
||
| // Format of service accounts created through the API | ||
| CreatedServiceAccountNameRegex = fmt.Sprintf(RFC1035NameTemplate, 4, 28) + "@" + ProjectNameInDNSFormRegex + "\\.iam\\.gserviceaccount\\.com$" | ||
| ProjectNameInDNSFormRegex = "[-a-z0-9\\.]{1,63}" | ||
|
|
||
| // Format of default App Engine service accounts created by Google | ||
| AppEngineServiceAccountNameRegex = ProjectRegex + "@appspot.gserviceaccount.com" | ||
| ) | ||
|
|
||
| var rfc1918Networks = []string{ | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -117,6 +117,8 @@ func TestValidateServiceAccountLink(t *testing.T) { | |
| {TestName: "valid with dash", Value: "projects/my-project/serviceAccounts/[email protected]"}, | ||
| {TestName: "valid with colon", Value: "projects/my:project/serviceAccounts/[email protected]"}, | ||
| {TestName: "valid with dot and colon", Value: "projects/my.thing:project/serviceAccounts/[email protected]"}, | ||
| {TestName: "valid with compute default service account", Value: "projects/my-project/serviceAccounts/[email protected]"}, | ||
| {TestName: "valid with app engine default service account", Value: "projects/my-project/serviceAccounts/[email protected]"}, | ||
|
|
||
| // Errors | ||
| {TestName: "multiple colons", Value: "projects/my:project:thing/serviceAccounts/[email protected]", ExpectError: true}, | ||
|
|
||