Skip to content

Commit

Permalink
fix: enforce vault GCP service account minimum name length
Browse files Browse the repository at this point in the history 
Signed-off-by: joshuasimon-taulia <[email protected]>
  • Loading branch information
@roulettedares @jenkins-x-bot
roulettedares authored and jenkins-x-bot committed Apr 3, 2020
1 parent bedc53b commit 5a162e8
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 4 deletions.
4 changes: 2 additions & 2 deletions .secrets.baseline
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"files": "^pkg/jenkins/test_data/update_center.json.*$|^.secrets.baseline$|^.*test.*$",
"lines": null
},
"generated_at": "2020-03-30T20:19:03Z",
"generated_at": "2020-04-03T04:31:46Z",
"plugins_used": [
{
"name": "AWSKeyDetector"
Expand Down Expand Up @@ -119,7 +119,7 @@
{
"hashed_secret": "2978f389a32111504f1c3b39df2123be5c453020",
"is_secret": false,
"line_number": 1385,
"line_number": 1386,
"type": "Secret Keyword"
}
],
Expand Down
3 changes: 2 additions & 1 deletion pkg/cloud/gke/gcloud.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (

osUser "os/user"

"github.com/jenkins-x/jx/pkg/kube/naming"
"github.com/jenkins-x/jx/pkg/log"
"github.com/jenkins-x/jx/pkg/util"
"github.com/pkg/errors"
Expand Down Expand Up @@ -1361,7 +1362,7 @@ func (g *GCloud) CreateGCPServiceAccount(kubeClient kubernetes.Interface, servic
}
defer os.RemoveAll(serviceAccountDir)

serviceAccountName := ServiceAccountName(clusterName, serviceAbbreviation)
serviceAccountName := naming.ToValidGCPServiceAccount(ServiceAccountName(clusterName, serviceAbbreviation))

serviceAccountPath, err := g.GetOrCreateServiceAccount(serviceAccountName, projectID, serviceAccountDir, serviceAccountRoles)
if err != nil {
Expand Down
3 changes: 2 additions & 1 deletion pkg/cmd/deletecmd/delete_vault.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
"github.com/jenkins-x/jx/pkg/cmd/opts"
"github.com/jenkins-x/jx/pkg/cmd/templates"
"github.com/jenkins-x/jx/pkg/kube"
"github.com/jenkins-x/jx/pkg/kube/naming"
"github.com/jenkins-x/jx/pkg/kube/serviceaccount"
kubevault "github.com/jenkins-x/jx/pkg/kube/vault"
"github.com/jenkins-x/jx/pkg/log"
Expand Down Expand Up @@ -174,7 +175,7 @@ func (o *DeleteVaultOptions) removeGCPResources(vaultName string) error {
o.GKEZone = zone
}

sa := gke.ServiceAccountName(vaultName, gkevault.DefaultVaultAbbreviation)
sa := naming.ToValidGCPServiceAccount(gke.ServiceAccountName(vaultName, gkevault.DefaultVaultAbbreviation))
err = o.GCloud().DeleteServiceAccount(sa, o.GKEProjectID, gkevault.ServiceAccountRoles)
if err != nil {
return errors.Wrapf(err, "deleting the GCP service account '%s'", sa)
Expand Down

0 comments on commit 5a162e8

Please sign in to comment.