Merge pull request #2931 from Poor12/automated-cherry-pick-of-#2919-u…

…pstream-release-1.4 Automated cherry pick of #2919: replace colon with point in the rbac resource name
karmada-io · Dec 9, 2022 · 1a61b30 · 1a61b30
2 parents 0e6f6eb + 5b7a976
commit 1a61b30
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/pkg/util/names/names.go b/pkg/util/names/names.go
@@ -154,5 +154,15 @@ func GeneratePolicyName(namespace, name, gvk string) string {
 	hash := fnv.New32a()
 	hashutil.DeepHashObject(hash, namespace+gvk)
 
+	// The name of resources, like 'Role'/'ClusterRole'/'RoleBinding'/'ClusterRoleBinding',
+	// may contain symbols(like ':') that are not allowed by CRD resources which require the
+	// name can be used as a DNS subdomain name. So, we need to replace it.
+	// These resources may also allow for other characters(like '&','$') that are not allowed
+	// by CRD resources, we only handle the most common ones now for performance concerns.
+	// For more information about the DNS subdomain name, please refer to
+	// https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-subdomain-names.
+	if strings.Contains(name, ":") {
+		name = strings.ReplaceAll(name, ":", ".")
+	}
 	return strings.ToLower(fmt.Sprintf("%s-%s", name, rand.SafeEncodeString(fmt.Sprint(hash.Sum32()))))
 }
diff --git a/pkg/util/names/names_test.go b/pkg/util/names/names_test.go
@@ -413,6 +413,13 @@ func TestGeneratePolicyName(t *testing.T) {
 			gvk:          "rand",
 			expected:     "foo-b4978784",
 		},
+		{
+			name:         "generate policy name with :",
+			namespace:    "ns-foo",
+			resourcename: "system:foo",
+			gvk:          "rand",
+			expected:     "system.foo-b4978784",
+		},
 	}
 	for _, test := range tests {
 		got := GeneratePolicyName(test.namespace, test.resourcename, test.gvk)