github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

api: Loosens RunAsUserName validation

Browse Source 
Currently, the character limit for the usernames set in the RunAsUserName is 20,
which is too low, considering that "ContainerAdministrator" is a valid username and
it is longer than 20 characters. A user should be able to run containers as
Administrator, if needed.

According to [1], Logon names can be up to 104 characters. The previous limit
only applies to local user accounts for the local system.

[1] https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/bb726984(v=technet.10)
This commit is contained in:
Claudiu Belu
2019-08-28 10:00:18 -07:00
parent acf5411774
commit cafbfbea9a
2 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/apis/core/validation/validation_test.go
View File

@@ -14204,9 +14204,9 @@ func TestValidateWindowsSecurityContextOptions(t *testing.T) {
{
testName: "RunAsUserName's User is too long",
windowsOptions: &core.WindowsSecurityContextOptions{
RunAsUserName: toPtr(strings.Repeat("a", maxRunAsUserNameUserLength)),
RunAsUserName: toPtr(strings.Repeat("a", maxRunAsUserNameUserLength+1)),
},
expectedErrorSubstring: "runAsUserName's User length must be under",
expectedErrorSubstring: "runAsUserName's User length must not be longer than",
},
{
testName: "RunAsUserName's User cannot contain only spaces or periods",