From 0e67f9e236c4cd3c308ce61d06a2708d15df36ca Mon Sep 17 00:00:00 2001
From: Paul Van de Vreede <pvdvreede@gmail.com>
Date: Thu, 26 Sep 2024 14:35:10 +1000
Subject: [PATCH] Make sure lima user fallback uses same validation as template

The regex currently being used is different from the identifier's validation from containerd. The fallback test does allow an `_` but the validation for the identifier does not.

This results in a bug where the a user that starts with an `_` will pass fallback validation (ie not be set to lima for the user), but will then fail the cidata validation here: https://github.com/lima-vm/lima/blob/master/pkg/cidata/template.go#L95.

Error log shows as:
` ERRO[0000] [hostagent] identifier "_nixbld1" must match ^[A-Za-z0-9]+(?:[._-](?:[A-Za-z0-9]+))*$: invalid argument  fields.level=fatal`

This PR sets the same validation check in both spots to fix this and make sure they stay in sync in the future.

Update warning message to use error msg

fix bad err method call.

Signed-off-by: pvdvreede <pvdvreede@gmail.com>
---
 pkg/osutil/user.go      | 11 +++--------
 pkg/osutil/user_test.go |  3 ++-
 2 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/pkg/osutil/user.go b/pkg/osutil/user.go
index 98a987b7fea..830885fbfb0 100644
--- a/pkg/osutil/user.go
+++ b/pkg/osutil/user.go
@@ -11,6 +11,7 @@ import (
 	"strings"
 	"sync"
 
+	"github.com/containerd/containerd/identifiers"
 	"github.com/sirupsen/logrus"
 )
 
@@ -32,11 +33,6 @@ var (
 	groups map[string]Group
 )
 
-// regexUsername matches user and group names to be valid for `useradd`.
-// `useradd` allows names with a trailing '$', but it feels prudent to map those
-// names to the fallback user as well, so the regex does not allow them.
-var regexUsername = regexp.MustCompile("^[a-z_][a-z0-9_-]*$")
-
 // regexPath detects valid Linux path.
 var regexPath = regexp.MustCompile("^[/a-zA-Z0-9_-]+$")
 
@@ -111,9 +107,8 @@ func LimaUser(warn bool) (*user.User, error) {
 	cache.Do(func() {
 		cache.u, cache.err = user.Current()
 		if cache.err == nil {
-			if !regexUsername.MatchString(cache.u.Username) {
-				warning := fmt.Sprintf("local user %q is not a valid Linux username (must match %q); using %q username instead",
-					cache.u.Username, regexUsername.String(), fallbackUser)
+			if err := identifiers.Validate(cache.u.Username); err != nil {
+				warning := fmt.Sprintf("%s; using %q username instead", err.Error(), fallbackUser)
 				cache.warnings = append(cache.warnings, warning)
 				cache.u.Username = fallbackUser
 			}
diff --git a/pkg/osutil/user_test.go b/pkg/osutil/user_test.go
index 860f0a71db2..7753b8decf7 100644
--- a/pkg/osutil/user_test.go
+++ b/pkg/osutil/user_test.go
@@ -5,6 +5,7 @@ import (
 	"strconv"
 	"testing"
 
+	"github.com/containerd/containerd/identifiers"
 	"gotest.tools/v3/assert"
 )
 
@@ -14,7 +15,7 @@ func TestLimaUserWarn(t *testing.T) {
 }
 
 func validUsername(username string) bool {
-	return regexUsername.MatchString(username)
+	return identifiers.Validate(username) == nil
 }
 
 func TestLimaUsername(t *testing.T) {