From f6c9ab4312a7a4005e5ef6efb6a9c79f3ffae7fb Mon Sep 17 00:00:00 2001
From: Michael Fraenkel <michael.fraenkel@gmail.com>
Date: Wed, 4 Jan 2017 08:26:05 -0500
Subject: [PATCH] Check if key is a valid after prefix is prepended

- Allow invalid keys to become valid by requiring a prefix
---
 pkg/kubelet/kubelet_pods.go      |  7 +++----
 pkg/kubelet/kubelet_pods_test.go | 30 +++++++++++++++++++++++++++++-
 2 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/pkg/kubelet/kubelet_pods.go b/pkg/kubelet/kubelet_pods.go
index 2b4dd49fe1..3487938ec6 100644
--- a/pkg/kubelet/kubelet_pods.go
+++ b/pkg/kubelet/kubelet_pods.go
@@ -437,13 +437,12 @@ func (kl *Kubelet) makeEnvironmentVariables(pod *v1.Pod, container *v1.Container
 				configMaps[name] = configMap
 			}
 			for k, v := range configMap.Data {
-				if errMsgs := utilvalidation.IsCIdentifier(k); len(errMsgs) != 0 {
-					return result, fmt.Errorf("Invalid environment variable name, %v, from configmap %v/%v: %s", k, pod.Namespace, name, errMsgs[0])
-				}
-
 				if len(envFrom.Prefix) > 0 {
 					k = envFrom.Prefix + k
 				}
+				if errMsgs := utilvalidation.IsCIdentifier(k); len(errMsgs) != 0 {
+					return result, fmt.Errorf("Invalid environment variable name, %v, from configmap %v/%v: %s", k, pod.Namespace, name, errMsgs[0])
+				}
 				// Accesses apiserver+Pods.
 				// So, the master may set service env vars, or kubelet may.  In case both are doing
 				// it, we delete the key from the kubelet-generated ones so we don't have duplicate
diff --git a/pkg/kubelet/kubelet_pods_test.go b/pkg/kubelet/kubelet_pods_test.go
index 3ae5c0b462..6f8ae0a673 100644
--- a/pkg/kubelet/kubelet_pods_test.go
+++ b/pkg/kubelet/kubelet_pods_test.go
@@ -728,11 +728,39 @@ func TestMakeEnvironmentVariables(t *testing.T) {
 					Name:      "test-configmap",
 				},
 				Data: map[string]string{
-					"-1234": "abc",
+					"1234": "abc",
 				},
 			},
 			expectedError: true,
 		},
+		{
+			name: "configmap_invalid_keys_valid",
+			ns:   "test",
+			container: &v1.Container{
+				EnvFrom: []v1.EnvFromSource{
+					{
+						Prefix:       "p_",
+						ConfigMapRef: &v1.ConfigMapEnvSource{LocalObjectReference: v1.LocalObjectReference{Name: "test-config-map"}},
+					},
+				},
+			},
+			masterServiceNs: "",
+			configMap: &v1.ConfigMap{
+				ObjectMeta: v1.ObjectMeta{
+					Namespace: "test1",
+					Name:      "test-configmap",
+				},
+				Data: map[string]string{
+					"1234": "abc",
+				},
+			},
+			expectedEnvs: []kubecontainer.EnvVar{
+				{
+					Name:  "p_1234",
+					Value: "abc",
+				},
+			},
+		},
 	}
 
 	for _, tc := range testCases {