Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(cli): OS usernames cannot have Unicode characters #10451

Merged
merged 4 commits into from
Sep 22, 2020
Merged

fix(cli): OS usernames cannot have Unicode characters #10451

merged 4 commits into from
Sep 22, 2020

Conversation

rix0rrr
Copy link
Contributor

@rix0rrr rix0rrr commented Sep 21, 2020

When assuming a role for uploading assets in the new-style synthesized
stacks, the OS username was used to build the session name out of.

OS usernames have a character set that is wider than the allowed
characters in RoleSessionName though, so we needed to sanitize
them.

Fixes #10401.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@rix0rrr
fix(cli): OS usernames cannot have Unicode characters
e53a3be 
When assuming a role for uploading assets in the new-style synthesized
stacks, the OS username was used to build the session name out of.

OS usernames have a character set that is wider than the allowed
characters in `RoleSessionName` though, so we needed to sanitize
them.

Fixes #10401.
@rix0rrr rix0rrr requested review from njlynch and a team September 21, 2020 09:39
@rix0rrr rix0rrr self-assigned this Sep 21, 2020
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Sep 21, 2020
njlynch
njlynch suggested changes Sep 21, 2020
View reviewed changes
Copy link
Contributor

@njlynch njlynch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code itself looks good; can we add a test?

nija-at
nija-at previously requested changes Sep 21, 2020
View reviewed changes
packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts
Comment on lines +368 to 374
* Return the username with characters invalid for a RoleSessionName removed
*
* @see https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html#API_AssumeRole_RequestParameters
*/
function safeUsername() {
return os.userInfo().username.replace(/[^\w+=,.@-]/g, '@');
}
Copy link
Contributor

@nija-at nija-at Sep 21, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Move this into a reusable spot? os.ts sounds appropriate.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you are addressing the repetition in this PR, please note that the changes are in 2 different packages and there's no good shared package to put this functionality in otherwise.

If you are addressing potential future reuse, I would argue against optimizing for that beforehand.

@rix0rrr rix0rrr requested review from nija-at and a team September 21, 2020 14:35
njlynch
njlynch approved these changes Sep 22, 2020
View reviewed changes
packages/aws-cdk/lib/api/aws-auth/sdk.ts Outdated Show resolved Hide resolved
@rix0rrr @njlynch
Update packages/aws-cdk/lib/api/aws-auth/sdk.ts
c10c305 
Co-authored-by: Nick Lynch <nlynch@amazon.com>
@rix0rrr rix0rrr dismissed nija-at’s stale review September 22, 2020 10:56

Overridden by the senate -- peace treaty signed

@mergify
Copy link
Contributor

mergify bot commented Sep 22, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 97defc2
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Contributor

mergify bot commented Sep 22, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit 635f0ed into master Sep 22, 2020
@mergify mergify bot deleted the huijbers/username-sessions branch September 22, 2020 11:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@njlynch njlynch njlynch approved these changes

@nija-at nija-at Awaiting requested review from nija-at

Assignees

@rix0rrr rix0rrr

Labels
contribution/core This is a PR that came from AWS.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[cli] cdk deploy using newStyleStackSynthesis cannot handle non-ASCII characters in username
4 participants
@rix0rrr @aws-cdk-automation @njlynch @nija-at