-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
robot account should not have $ (dollar sign) or any special character #9553
Comments
This bit me recently. Using jenkins + kubernetes plugin the injected environment variable with the username kept adding an extra $. I think it is specifically something with the way groovy handles escaping special characters. Ended up just switching to using a service account in our LDAP group. Would be really nice if we could either specify the format of the robot names or change the $ to _ or - |
+1 |
This is such a pain. It has to be escaped in 99% commands. |
This would be great too! |
This would be great!, I also requested this in #8744 |
I've also been bitten by this. Particularly in the context of GitLab multi-project pipelines, even if I escape the I appreciate that the decision was probably made to distinguish robot accounts from normal ones, but |
Got bitten as well by this one, took me a while to figure out the reason of these "401 Unauthorized" a K3D context using Harbor as an external registry... |
We recently switched to using Harbor in production and it has caused a lot of work and support to go through scripts and escape the username properly. My vote is to drop the dollar sign and just prefix with |
Administrators should control the naming of service accounts so they can follow the naming conventions of the organization they are in. Forcing special characters in usernames is a bit callous towards developer experience. |
I recently got bitten by this as well, when trying to push to Harbor's Chart Museum from within a TeamCity job. Please get that |
Same here , using |
Let's think about this in v2.2, there should be a better delimiter to help us distinguish a real user from a robot account without resorting to special chars. It's a small improvement that can really move the needle and help our users save time. I'm tagging this v2.2 @reasonerjt |
Something that has no significance in bash please. |
+1 |
This should be resolved once the work proposed in goharbor/community#148 is delivered. @wy65701436 please dup this issue. |
I had also a hard time to figure this out. There is a workaround for GitLab, which I found somewhere (I will be happy to add the credits if someone finds that again). You can put the robot account user name in a variable in Gitlab and use that one instead. Since the account contains a
|
We can close it as the robot prefix configuration is introduced in v2.2, just try with https://github.com/goharbor/harbor/releases/tag/v2.2.0-rc1. |
In case anyone is looking for a workaround until they upgrade to v2.2 (or there exists a similar problem in the future) you can escape the Reference: https://stackoverflow.com/questions/48870664/escape-char-in-gitlab-secret-variables |
how do we escape this when creating Kubernetes secrets? |
@nbon12 you should be able to just provide your username as a single-quote-wrapped string:
|
Running harbor v2.6.1-2903d593 and $'s are still being used in the robot names. With kubectl, you can escape the |
But - there is now a configuration option available in Harbor where you can change the prefix for Robot accounts in Harbor from "$" to something else like "-". |
@Martin-Weiss aahhh I missed that config option! Thanks! Is that configurable in the API? Looking at swagger and I don't see an option. trying to avoid having to manually configure this on every instance... |
That I do not know - just know it is available in the UI.. and be careful - this will automatically change all existing robot accounts! |
The user name of a robot account currently looks like
robot$account_name
.the $ (dollar sign) leads to escape hell if you want to build some script for authentication with those robot accounts. At least in sh/bash.
Could we have robot accounts without well known special characters in shells like % $ & | ( [ { etc ?
Or I want full control of the given account name, so that I can remove the dollar if I want to.
The text was updated successfully, but these errors were encountered: