From b534278280efe620b22c997ee08cba7d2cf90155 Mon Sep 17 00:00:00 2001 From: aschumann-virtualcable Date: Wed, 5 Nov 2025 13:06:39 +0100 Subject: [PATCH 1/2] refactor: Enhance VM name sanitization in OpenshiftProvider and update tests --- .../services/OpenShift/openshift/client.py | 28 ++++++++----------- server/src/uds/services/OpenShift/provider.py | 10 +++++-- .../tests/services/openshift/test_provider.py | 2 ++ 3 files changed, 22 insertions(+), 18 deletions(-) diff --git a/server/src/uds/services/OpenShift/openshift/client.py b/server/src/uds/services/OpenShift/openshift/client.py index 2fc27efe0..98296de47 100644 --- a/server/src/uds/services/OpenShift/openshift/client.py +++ b/server/src/uds/services/OpenShift/openshift/client.py @@ -34,7 +34,6 @@ import logging import requests import time -import token from uds.core.util import security from uds.core.util.cache import Cache @@ -42,10 +41,8 @@ from . import types, consts, exceptions - logger = logging.getLogger(__name__) - class OpenshiftClient: cluster_url: str api_url: str @@ -89,20 +86,7 @@ def __init__( def session(self) -> requests.Session: return self.connect() - def connect(self, force: bool = False) -> requests.Session: - # For testing, always use the fixed token - session = self._session = security.secure_requests_session(verify=self._verify_ssl) - session.headers.update( - { - 'Accept': 'application/json', - 'Content-Type': 'application/json', - 'Authorization': 'Bearer sha256~m4wPsB2IKXszCMtEW3Fdngebm-sSuuuBxAd4x74n1IA', - } - ) - return session - def get_token(self) -> str | None: - return "sha256~m4wPsB2IKXszCMtEW3Fdngebm-sSuuuBxAd4x74n1IA" try: url = ( f"{self.cluster_url}/oauth/authorize?client_id=openshift-challenging-client&response_type=token" @@ -118,6 +102,18 @@ def get_token(self) -> str | None: logging.error(f"Could not obtain token: {ex}") raise + def connect(self, force: bool = False) -> requests.Session: + # For testing, always use the fixed token + session = self._session = security.secure_requests_session(verify=self._verify_ssl) + session.headers.update( + { + 'Accept': 'application/json', + 'Content-Type': 'application/json', + 'Authorization': f'Bearer {self.get_token()}', + } + ) + return session + def get_api_url(self, path: str, *parameters: tuple[str, str]) -> str: url = self.api_url + path if parameters: diff --git a/server/src/uds/services/OpenShift/provider.py b/server/src/uds/services/OpenShift/provider.py index 7cfc4cda4..872779458 100644 --- a/server/src/uds/services/OpenShift/provider.py +++ b/server/src/uds/services/OpenShift/provider.py @@ -128,9 +128,15 @@ def sanitized_name(self, name: str) -> str: Sanitizes the VM name to comply with RFC 1123: - Converts to lowercase - Replaces any character not in [a-z0-9.-] with '-' + - Collapses multiple '-' into one - Removes leading/trailing non-alphanumeric characters - - Trims leading/trailing '-' or '.' - Limits length to 63 characters """ - name = re.sub(r'^[^a-z0-9]+|[^a-z0-9]+$|[^a-z0-9.-]', '-', name.lower()).strip('-.') + name = name.lower() + # Replace any character not allowed with '-' + name = re.sub(r'[^a-z0-9.-]', '-', name) + # Collapse multiple '-' into one + name = re.sub(r'-{2,}', '-', name) + # Remove leading/trailing non-alphanumeric characters + name = re.sub(r'^[^a-z0-9]+|[^a-z0-9]+$', '', name) return name[:63] diff --git a/server/tests/services/openshift/test_provider.py b/server/tests/services/openshift/test_provider.py index 25202b45b..69abc0d9f 100644 --- a/server/tests/services/openshift/test_provider.py +++ b/server/tests/services/openshift/test_provider.py @@ -135,6 +135,8 @@ def test_sanitized_name(self) -> None: ('Test-VM-1', 'test-vm-1'), ('Test_VM@2', 'test-vm-2'), ('My Test VM!!!', 'my-test-vm'), + ('Test !!! this is', 'test-this-is'), + ('UDS-Pub-Hello World!!--2025065122-v1', 'uds-pub-hello-world-2025065122-v1'), ('a' * 100, 'a' * 63), # Test truncation ] for input_name, expected in test_cases: From 01d70fc510d1907cd3f8821acb769cbff1a4db51 Mon Sep 17 00:00:00 2001 From: aschumann-virtualcable Date: Tue, 11 Nov 2025 16:56:31 +0100 Subject: [PATCH 2/2] changes in sanitized_name --- server/src/uds/services/OpenShift/provider.py | 16 ++-------------- server/tests/services/openshift/test_provider.py | 6 +++--- 2 files changed, 5 insertions(+), 17 deletions(-) diff --git a/server/src/uds/services/OpenShift/provider.py b/server/src/uds/services/OpenShift/provider.py index 3b8cb203b..d9c42610b 100644 --- a/server/src/uds/services/OpenShift/provider.py +++ b/server/src/uds/services/OpenShift/provider.py @@ -125,18 +125,6 @@ def test( # Utility def sanitized_name(self, name: str) -> str: """ - Sanitizes the VM name to comply with RFC 1123: - - Converts to lowercase - - Replaces any character not in [a-z0-9.-] with '-' - - Collapses multiple '-' into one - - Removes leading/trailing non-alphanumeric characters - - Limits length to 63 characters + OpenShift only allows machine names with [a-zA-Z0-9_-] """ - name = name.lower() - # Replace any character not allowed with '-' - name = re.sub(r'[^a-z0-9.-]', '-', name) - # Collapse multiple '-' into one - name = re.sub(r'-{2,}', '-', name) - # Remove leading/trailing non-alphanumeric characters - name = re.sub(r'^[^a-z0-9]+|[^a-z0-9]+$', '', name) - return name[:63] + return re.sub(r'[^a-zA-Z0-9-]', '-', name).lower()[:63] diff --git a/server/tests/services/openshift/test_provider.py b/server/tests/services/openshift/test_provider.py index 69abc0d9f..797f56477 100644 --- a/server/tests/services/openshift/test_provider.py +++ b/server/tests/services/openshift/test_provider.py @@ -134,9 +134,9 @@ def test_sanitized_name(self) -> None: test_cases = [ ('Test-VM-1', 'test-vm-1'), ('Test_VM@2', 'test-vm-2'), - ('My Test VM!!!', 'my-test-vm'), - ('Test !!! this is', 'test-this-is'), - ('UDS-Pub-Hello World!!--2025065122-v1', 'uds-pub-hello-world-2025065122-v1'), + ('My Test VM!!!', 'my-test-vm---'), + ('Test !!! this is', 'test-----this-is'), + ('UDS-Pub-Hello World!!--2025065122-v1', 'uds-pub-hello-world----2025065122-v1'), ('a' * 100, 'a' * 63), # Test truncation ] for input_name, expected in test_cases: