kubernetes: Fix pod creation fail on long usernames (#526)

* Use authenticated username over normal username for k8s label

* Do not add containerssh_username label if username is 63 chars or over

* Run tests on all branches

.github/workflows/pipeline.yml

@@ -2,7 +2,7 @@ name: Build
 on:
   push:
     branches:
-      - main
+      - '*'
   pull_request:
   schedule:
     - cron: '0 17 * * 2'

internal/kubernetes/networkHandler.go

@@ -90,7 +90,16 @@ func (n *networkHandler) OnHandshakeSuccess(meta metadata.ConnectionAuthenticate
 	}
 	n.labels = map[string]string{
 		"containerssh_connection_id": n.connectionID,
-		"containerssh_username":      r.ReplaceAllString(meta.Username, "-"),
+	}
+	if len(meta.AuthenticatedUsername) <= 63 {
+		n.labels["containerssh_username"] = r.ReplaceAllString(meta.AuthenticatedUsername, "-")
+	} else {
+		n.logger.Warning(message.NewMessage(
+			message.MKubernetesUsernameTooLong,
+			"The users username (%s) is longer than the 63 character limit of kubernetes labels. The containerssh_username label will be unavailable in the users pod",
+			meta.AuthenticatedUsername,
+		),
+		)
 	}
 	for authMetadataName, labelName := range n.config.Pod.ExposeAuthMetadataAsLabels {
 		if value, ok := meta.GetMetadata()[authMetadataName]; ok {

message/kubernetes.go

@@ -21,6 +21,10 @@ const MKubernetesPodCreate = "KUBERNETES_POD_CREATE"
 // MKubernetesPodWait indicates that the ContainerSSH Kubernetes module is waiting for the pod to come up.
 const MKubernetesPodWait = "KUBERNETES_POD_WAIT"
 
+// MKubernetesUsernameTooLong indicates that the users username is too long to be provided as a label in the k8s pod.
+// The containerssh_username label is unavailable on that users pod.
+const MKubernetesUsernameTooLong = "KUBERNETES_USERNAME_TOO_LONG"
+
 // MKubernetesPodWaitFailed indicates that the ContainerSSH Kubernetes module failed to wait for the pod to come up.
 // Check the error message for details.
 const MKubernetesPodWaitFailed = "KUBERNETES_POD_WAIT_FAILED"