You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The regexp.replace function should correctly handle regular expressions that include curly brackets {} for specifying matches, such as regexp.replace(external.some_external_list, "^str_to_match:(.{0,28}).*$", "usr-$1"). This should truncate the matching string to 28 characters.
Current behavior:
The regexp.replace function fails to process regular expressions with curly brackets {} within role interpolation logic. The template parsing layer treats it as an invalid match.
Bug details:
Teleport version: observed on 15.3.5
Recreation steps:
Define a role with regexp.replace using a regex that includes curly brackets, e.g.:
Inspect the user's generated db_users on the Teleport user's certificate. Any regex that includes a curly bracket produces no output. No user-facing errors surface.
Additional info
While testing, I added this Test case added to TestVariable in parse_test.go:
GOROOT=/usr/local/opt/go/libexec #gosetup
GOPATH=/Users/jeff/go #gosetup
/usr/local/opt/go/libexec/bin/go test -c -o /Users/jeff/Library/Caches/JetBrains/GoLand2024.1/tmp/GoLand/___TestVariable_regexp_replace_with_curly_brackets_in_github_com_gravitational_teleport_lib_utils_parse.test github.com/gravitational/teleport/lib/utils/parse #gosetup
/usr/local/opt/go/libexec/bin/go tool test2json -t /Users/jeff/Library/Caches/JetBrains/GoLand2024.1/tmp/GoLand/___TestVariable_regexp_replace_with_curly_brackets_in_github_com_gravitational_teleport_lib_utils_parse.test -test.v -test.paniconexit0 -test.run ^\QTestVariable\E$/^\Qregexp_replace_with_curly_brackets\E$
=== RUN TestVariable
=== PAUSE TestVariable
=== CONT TestVariable
=== RUN TestVariable/regexp_replace_with_curly_brackets
parse_test.go:202:
Error Trace: /Users/jeff/workspace/teleport/lib/utils/parse/parse_test.go:202
Error: Received unexpected error:
"{{regexp.replace(internal.foo, \"^f.{0,3}.*$\", \"$1\")}}" is using template brackets '{{' or '}}', however expression does not parse, make sure the format is {{expression}}
Test: TestVariable/regexp_replace_with_curly_brackets
Messages:
ERROR REPORT:
Original Error: *trace.BadParameterError "{{regexp.replace(internal.foo, \"^f.{0,3}.*$\", \"$1\")}}" is using template brackets '{{' or '}}', however expression does not parse, make sure the format is {{expression}}
Stack Trace:
/Users/jeff/workspace/teleport/lib/utils/parse/parse.go:82 github.com/gravitational/teleport/lib/utils/parse.NewTraitsTemplateExpression
/Users/jeff/workspace/teleport/lib/utils/parse/parse_test.go:197 github.com/gravitational/teleport/lib/utils/parse.TestVariable.func1
/usr/local/opt/go/libexec/src/testing/testing.go:1689 testing.tRunner
/usr/local/opt/go/libexec/src/runtime/asm_amd64.s:1695 runtime.goexit
User Message: "{{regexp.replace(internal.foo, \"^f.{0,3}.*$\", \"$1\")}}" is using template brackets '{{' or '}}', however expression does not parse, make sure the format is {{expression}}
--- FAIL: TestVariable (0.00s)
--- FAIL: TestVariable/regexp_replace_with_curly_brackets (0.00s)
FAIL
Process finished with the exit code 1
It looks like this is the regex that fails the match:
I think I had this issue once and had to escape the braces:
\{0,28\}
Edit: nope, this doesn't work either.
2024-05-17T18:25:18Z WARN Detected invalid role "test-regex-brace-role": parsing allow.db_users expression: "{{regexp.replace(external.some_external_list, \"^str_to_match:(.\\{0,28\\}).*$\",\"user-$1\")}}" is using template brackets '{{' or '}}', however expression does not parse, make sure the format is {{expression}} services/role.go:265
I tried that, but it didn't help.
That's when I ran that unit test and found the regex validator that
excludes curly braces from being allowed between the `{{ }}` to denote the
template.
Expected behavior:
The
regexp.replace
function should correctly handle regular expressions that include curly brackets{}
for specifying matches, such asregexp.replace(external.some_external_list, "^str_to_match:(.{0,28}).*$", "usr-$1")
. This should truncate the matching string to 28 characters.Current behavior:
The
regexp.replace
function fails to process regular expressions with curly brackets{}
within role interpolation logic. The template parsing layer treats it as an invalid match.Bug details:
regexp.replace
using a regex that includes curly brackets, e.g.:Additional info
While testing, I added this Test case added to
TestVariable
inparse_test.go
:Running the test produces:
It looks like this is the regex that fails the match:
https://github.com/gravitational/teleport/blob/v15.3.1/lib/utils/parse/parse.go#L54-L61
teleport/lib/utils/parse/parse.go
Lines 54 to 61 in 1d048d0
The text was updated successfully, but these errors were encountered: