Make sure lima user fallback uses same validation as template

pvdvreede · pvdvreede · commit 0e67f9e236c4 · 2024-09-26T14:57:52.000+10:00
The regex currently being used is different from the identifier's validation from containerd. The fallback test does allow an `_` but the validation for the identifier does not. This results in a bug where the a user that starts with an `_` will pass fallback validation (ie not be set to lima for the user), but will then fail the cidata validation here: https://github.com/lima-vm/lima/blob/master/pkg/cidata/template.go#L95. Error log shows as: ` ERRO[0000] [hostagent] identifier "_nixbld1" must match ^[A-Za-z0-9]+(?:[._-](?:[A-Za-z0-9]+))*$: invalid argument fields.level=fatal` This PR sets the same validation check in both spots to fix this and make sure they stay in sync in the future. Update warning message to use error msg fix bad err method call. Signed-off-by: pvdvreede <pvdvreede@gmail.com>
diff --git a/pkg/osutil/user.go b/pkg/osutil/user.go
@@ -11,6 +11,7 @@ import (
 	"strings"
 	"sync"
 
+	"github.com/containerd/containerd/identifiers"
 	"github.com/sirupsen/logrus"
 )
 
@@ -32,11 +33,6 @@ var (
 	groups map[string]Group
 )
 
-// regexUsername matches user and group names to be valid for `useradd`.
-// `useradd` allows names with a trailing '$', but it feels prudent to map those
-// names to the fallback user as well, so the regex does not allow them.
-var regexUsername = regexp.MustCompile("^[a-z_][a-z0-9_-]*$")
-
 // regexPath detects valid Linux path.
 var regexPath = regexp.MustCompile("^[/a-zA-Z0-9_-]+$")
 
@@ -111,9 +107,8 @@ func LimaUser(warn bool) (*user.User, error) {
 	cache.Do(func() {
 		cache.u, cache.err = user.Current()
 		if cache.err == nil {
-			if !regexUsername.MatchString(cache.u.Username) {
-				warning := fmt.Sprintf("local user %q is not a valid Linux username (must match %q); using %q username instead",
-					cache.u.Username, regexUsername.String(), fallbackUser)
+			if err := identifiers.Validate(cache.u.Username); err != nil {
+				warning := fmt.Sprintf("%s; using %q username instead", err.Error(), fallbackUser)
 				cache.warnings = append(cache.warnings, warning)
 				cache.u.Username = fallbackUser
 			}
diff --git a/pkg/osutil/user_test.go b/pkg/osutil/user_test.go
@@ -5,6 +5,7 @@ import (
 	"strconv"
 	"testing"
 
+	"github.com/containerd/containerd/identifiers"
 	"gotest.tools/v3/assert"
 )
 
@@ -14,7 +15,7 @@ func TestLimaUserWarn(t *testing.T) {
 }
 
 func validUsername(username string) bool {
-	return regexUsername.MatchString(username)
+	return identifiers.Validate(username) == nil
 }
 
 func TestLimaUsername(t *testing.T) {

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@ import (`
`5`	`5`	`"strconv"`
`6`	`6`	`"testing"`
`7`	`7`
	`8`	`+ "github.com/containerd/containerd/identifiers"`
`8`	`9`	`"gotest.tools/v3/assert"`
`9`	`10`	`)`
`10`	`11`
`@@ -14,7 +15,7 @@ func TestLimaUserWarn(t *testing.T) {`
`14`	`15`	`}`
`15`	`16`
`16`	`17`	`func validUsername(username string) bool {`
`17`		`- return regexUsername.MatchString(username)`
	`18`	`+ return identifiers.Validate(username) == nil`
`18`	`19`	`}`
`19`	`20`
`20`	`21`	`func TestLimaUsername(t *testing.T) {`