-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Manage contributor add failure - rolebinding unique name issue #4970
Comments
Issue-Label Bot is automatically applying the labels:
Please mark this comment with 👍 or 👎 to give our bot feedback! |
This is the code that decides the name of RoleBindings/ServiceRoleBindings: kubeflow/components/access-management/kfam/bindings.go Lines 56 to 72 in 8f8e348
We should probably amend that logic. I'm not sure what priority to put on this. We should decide our plans for the contributor UI first, because if we are moving towards a GitOps approach, the contributor UI becomes less valuable. On the other hand, this should be an easy fix if we can decide on what naming rule to use. |
Thank you @yanniszark , I was able to fix this code(with my limited go knowledge) to support numbers in the email address. This changes email address to i397401@zq.msds.kp.org to i397401-zq-msds-kp-org which is being used in the role binding names. //getBindingName returns bindingName, which is combination of user kind, username, RoleRef kind, RoleRef name.
func getBindingName(binding *Binding) (string, error) {
// Only keep lower case letters, replace other with -
reg, err := regexp.Compile("[^a-z0-9]+")
if err != nil {
return "", err
}
nameRaw := strings.ToLower(
strings.Join([]string{
binding.User.Kind,
url.QueryEscape(reg.ReplaceAllString(binding.User.Name, "-")),
binding.RoleRef.Kind,
binding.RoleRef.Name,
}, "-"),
)
return reg.ReplaceAllString(nameRaw, "-"), nil
} |
@yanniszark submitted a pull request - #4979 |
/kind bug
What steps did you take and what happened:
Manage contributor screen. Adding a contributor creates a role binding / service role binding with name including userID's first character by ignoring the digits and not able to add other users with similar numbers.
our Org uses UserIDs as a1234@xx.org, a2345@xx.org.
What did you expect to happen:
rolebinding and service role bindings names to use digits too
Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]
Environment:
kfctl version
):minikube
)kubectl version
):/etc/os-release
):The text was updated successfully, but these errors were encountered: