Bug 2236387: Regenerate ACM Policy Name Resource When Length Exceeds 62 Characters #136
Conversation
|
@raghavendra-talur: No Bugzilla bug is referenced in the title of this pull request. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: raghavendra-talur The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
raghavendra-talur
changed the title
|
@raghavendra-talur: This pull request references Bugzilla bug 2236387, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This commit addresses an issue where the ACM policy name, combined with the
namespace, exceeds the limit of 62 characters. The changes made are:
1. We check whether the concatenation of the policy name and the namespace
exceeds 62 characters.
2. If the total length is within the limit, the name remains unchanged.
3. If the total length exceeds 62 characters, we follow these steps:
- Calculate an MD5 hash of the original name.
- Prepend the hash with `vs-secret-` to create a new name.
- Trim the new name to fit within the limit by removing characters from
the end of the hash, up to (62 characters minus the length of the namespace).
If the end result is less than 14 chars (length of "vs-secret-" plus 3 chars buffer),
then we do nothing.
Signed-off-by: Benamar Mekhissi <[email protected]>
(cherry picked from commit ae7c1ca)
raghavendra-talur
force-pushed
the
rtalur-backport-1060
branch
from
39ebb6f
to
d1cfe0d
Compare
|
/bugzilla refresh |
|
@raghavendra-talur: This pull request references Bugzilla bug 2236387, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@openshift-ci[bot]: GitHub didn't allow me to request PR reviews from the following users: keesturam. Note that only red-hat-storage members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
raghavendra-talur
merged commit e55e62b
into
red-hat-storage:release-4.14
|
@raghavendra-talur: All pull requests linked via external trackers have merged: Bugzilla bug 2236387 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This pull request addresses an issue where the ACM policy name, combined with the namespace, exceeds the limit of 62 characters, as specified here. To comply with this limitation, we introduce logic to regenerate the policy name when necessary.
Changes Made:
We check whether the concatenation of the policy name and the namespace exceeds 62 characters.
If the total length is within the limit, the name remains unchanged.
If the total length exceeds 62 characters, we follow these steps:
Calculate an MD5 hash of the original name.
Prepend the hash with vs-secret- to create a new name.
Trim the new name to fit within the limit by removing characters from the end of the hash, up to (62 characters minus the length of the namespace). If the end result is less than 14 characters (length of vs-secret- plus 3 chars buffer), then we do nothing.
Examples:
Example 1:
Original Name: my-policy-name-vs-secret (24 characters)
Namespace: my-policy-namespace (19 characters)
Total Length: 43 characters (within the 62-character limit)
Result: The name remains unchanged.
Example 2:
Original Name: my-policy-name-pppppppppppppppppppp-vs-secret (45 characters)
Namespace: my-policy-namespace-pppppppppppppppppppp (40 characters)
Total Length: 85 characters (exceeds the 62-character limit)
Result:
MD5 Hash of Original Name: vs-secret-dd7542bf4c870b8b16777913b492e145
New Name: vs-secret-dd7542bf4c87 (22 characters)
Final Result: The name is trimmed to vs-secret-dd7542bf4c87
Example 3:
Original Name: my-policy-name--vs-secret (24 characters)
Namespace: my-policy-namespace-ppppppppppppppppppppaaaaaaaaaaaaaaaaaaaaaa (62 characters)
Total Length: 86 characters (exceeds the 62-character limit)
Result: Both the name and namespace are used as-is, as no changes are enforced, and we expect it to fail as it does today.
Fixes bz 2236387