From ce1169cae83901376ed6c14f89f4b4af9ec1a0a5 Mon Sep 17 00:00:00 2001 From: Norihiro Seto Date: Sun, 18 Jun 2023 14:21:47 +0900 Subject: [PATCH 1/4] Fix long auth helper cache file name --- pkg/commands/helpers/kubectl_auth.go | 17 ++------------ pkg/commands/helpers/kubectl_auth_test.go | 28 +++++++++++++++++++++++ 2 files changed, 30 insertions(+), 15 deletions(-) create mode 100644 pkg/commands/helpers/kubectl_auth_test.go diff --git a/pkg/commands/helpers/kubectl_auth.go b/pkg/commands/helpers/kubectl_auth.go index bbadf2d2ce2da..18dee73c40012 100644 --- a/pkg/commands/helpers/kubectl_auth.go +++ b/pkg/commands/helpers/kubectl_auth.go @@ -27,7 +27,6 @@ import ( "os" "os/user" "path/filepath" - "strings" "time" "github.com/spf13/cobra" @@ -174,20 +173,8 @@ func cacheFilePath(kopsStateStore string, clusterName string) string { b.WriteString(clusterName) b.WriteByte(0) - hash := fmt.Sprintf("%x", sha256.New().Sum(b.Bytes())) - sanitizedName := strings.Map(func(r rune) rune { - switch { - case r >= 'a' && r <= 'z': - return r - case r >= 'A' && r <= 'Z': - return r - case r >= '0' && r <= '9': - return r - default: - return '_' - } - }, clusterName) - return filepath.Join(homedir.HomeDir(), ".kube", "cache", "kops-authentication", sanitizedName+"_"+hash) + hash := fmt.Sprintf("%x", sha256.Sum256(b.Bytes())) + return filepath.Join(homedir.HomeDir(), ".kube", "cache", "kops-authentication", hash) } func loadCachedExecCredential(cacheFilePath string) (*ExecCredential, error) { diff --git a/pkg/commands/helpers/kubectl_auth_test.go b/pkg/commands/helpers/kubectl_auth_test.go new file mode 100644 index 0000000000000..7ea6314504c66 --- /dev/null +++ b/pkg/commands/helpers/kubectl_auth_test.go @@ -0,0 +1,28 @@ +package helpers + +import ( + "path" + "testing" +) + +func Test_cacheFilePath(t *testing.T) { + inputs := []struct { + kopsStateStore string + clusterName string + }{ + { + kopsStateStore: "s3://abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijk", + clusterName: "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde." + + "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijk." + + "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijk." + + "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijk.com", + }, + } + + output1 := cacheFilePath(inputs[0].kopsStateStore, inputs[0].clusterName) + _, file := path.Split(output1) + + if len(file) > 64 { + t.Errorf("cacheFilePath() got %v, too long(%v)", output1, len(file)) + } +} From 969bd8f0b5508e472e6de3f65bd56ca14e50f623 Mon Sep 17 00:00:00 2001 From: Norihiro Seto Date: Tue, 27 Jun 2023 20:48:16 +0900 Subject: [PATCH 2/4] fix: update header --- pkg/commands/helpers/kubectl_auth_test.go | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/pkg/commands/helpers/kubectl_auth_test.go b/pkg/commands/helpers/kubectl_auth_test.go index 7ea6314504c66..967a76e118033 100644 --- a/pkg/commands/helpers/kubectl_auth_test.go +++ b/pkg/commands/helpers/kubectl_auth_test.go @@ -1,3 +1,19 @@ +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + package helpers import ( From 00a0deb8e6835e7e088508e9791476c5816f848f Mon Sep 17 00:00:00 2001 From: Norihiro Seto Date: Sun, 9 Jul 2023 21:52:17 +0900 Subject: [PATCH 3/4] Update to use sha224 and base62 text. --- pkg/commands/helpers/kubectl_auth.go | 7 ++++++- pkg/commands/helpers/kubectl_auth_test.go | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/pkg/commands/helpers/kubectl_auth.go b/pkg/commands/helpers/kubectl_auth.go index 18dee73c40012..efb69f0c3c207 100644 --- a/pkg/commands/helpers/kubectl_auth.go +++ b/pkg/commands/helpers/kubectl_auth.go @@ -24,6 +24,7 @@ import ( "encoding/json" "fmt" "io" + "math/big" "os" "os/user" "path/filepath" @@ -173,7 +174,11 @@ func cacheFilePath(kopsStateStore string, clusterName string) string { b.WriteString(clusterName) b.WriteByte(0) - hash := fmt.Sprintf("%x", sha256.Sum256(b.Bytes())) + var i big.Int + hb := sha256.Sum224(b.Bytes()) + i.SetBytes(hb[:]) + + hash := i.Text(62) return filepath.Join(homedir.HomeDir(), ".kube", "cache", "kops-authentication", hash) } diff --git a/pkg/commands/helpers/kubectl_auth_test.go b/pkg/commands/helpers/kubectl_auth_test.go index 967a76e118033..ad0ccb2f9324c 100644 --- a/pkg/commands/helpers/kubectl_auth_test.go +++ b/pkg/commands/helpers/kubectl_auth_test.go @@ -38,7 +38,7 @@ func Test_cacheFilePath(t *testing.T) { output1 := cacheFilePath(inputs[0].kopsStateStore, inputs[0].clusterName) _, file := path.Split(output1) - if len(file) > 64 { + if len(file) > 38 { t.Errorf("cacheFilePath() got %v, too long(%v)", output1, len(file)) } } From 7bc1ac648e7c8057da3f9d53776418be45a837ff Mon Sep 17 00:00:00 2001 From: Norihiro Seto Date: Tue, 18 Jul 2023 12:44:30 +0900 Subject: [PATCH 4/4] Restore sanitizedName with maximum length limitation --- pkg/commands/helpers/kubectl_auth.go | 20 ++++++++++++++++++-- pkg/commands/helpers/kubectl_auth_test.go | 2 +- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/pkg/commands/helpers/kubectl_auth.go b/pkg/commands/helpers/kubectl_auth.go index efb69f0c3c207..f40f742348168 100644 --- a/pkg/commands/helpers/kubectl_auth.go +++ b/pkg/commands/helpers/kubectl_auth.go @@ -28,6 +28,7 @@ import ( "os" "os/user" "path/filepath" + "strings" "time" "github.com/spf13/cobra" @@ -177,9 +178,24 @@ func cacheFilePath(kopsStateStore string, clusterName string) string { var i big.Int hb := sha256.Sum224(b.Bytes()) i.SetBytes(hb[:]) - hash := i.Text(62) - return filepath.Join(homedir.HomeDir(), ".kube", "cache", "kops-authentication", hash) + + sanitizedName := strings.Map(func(r rune) rune { + switch { + case r >= 'a' && r <= 'z': + return r + case r >= 'A' && r <= 'Z': + return r + case r >= '0' && r <= '9': + return r + default: + return '_' + } + }, clusterName) + if len(sanitizedName) > 32 { + sanitizedName = sanitizedName[:32] + } + return filepath.Join(homedir.HomeDir(), ".kube", "cache", "kops-authentication", sanitizedName+"_"+hash) } func loadCachedExecCredential(cacheFilePath string) (*ExecCredential, error) { diff --git a/pkg/commands/helpers/kubectl_auth_test.go b/pkg/commands/helpers/kubectl_auth_test.go index ad0ccb2f9324c..34950d0e22adc 100644 --- a/pkg/commands/helpers/kubectl_auth_test.go +++ b/pkg/commands/helpers/kubectl_auth_test.go @@ -38,7 +38,7 @@ func Test_cacheFilePath(t *testing.T) { output1 := cacheFilePath(inputs[0].kopsStateStore, inputs[0].clusterName) _, file := path.Split(output1) - if len(file) > 38 { + if len(file) > 71 { t.Errorf("cacheFilePath() got %v, too long(%v)", output1, len(file)) } }