Make the OAuth Principals compatible with K8S

The strimzi user entity operator only allows the username to be the same
as the resource name in Kubernetes. Instead of patching the operator we
patch the oauth plugin as that is a supported usecase in Strimzi.

Author: cypres

oauth-common/src/main/java/io/strimzi/kafka/oauth/common/PrincipalExtractor.java

@@ -9,6 +9,8 @@
 
 import static io.strimzi.kafka.oauth.common.JSONUtil.getClaimFromJWT;
 
+import java.util.Locale;
+
 /**
  * An object with logic for extracting a principal name (i.e. a user id) from a JWT token.
  * <p>
@@ -113,12 +115,26 @@ private String extractUsername(Extractor extractor, JsonNode json) {
         if (extractor.getAttributeName() != null) {
             String result = getClaimFromJWT(json, extractor.getAttributeName());
             if (result != null && !result.isEmpty()) {
+                // HACK(cypres): Make the username compatible with Kubernetes names
+                result = result.toLowerCase(Locale.ROOT)
+                        .replace("@", "-at-")
+                        .replaceAll("[^a-z0-9.-]", "-");
+                if (result.length() > 253) {
+                    result = result.substring(0, 253);
+                }
                 return result;
             }
         } else {
             JsonNode queryResult = extractor.getJSONPathQuery().apply(json);
             String result = queryResult == null ? null : queryResult.asText().trim();
             if (result != null && !result.isEmpty()) {
+                // HACK(cypres): Make the username compatible with Kubernetes names
+                result = result.toLowerCase(Locale.ROOT)
+                        .replace("@", "-at-")
+                        .replaceAll("[^a-z0-9.-]", "-");
+                if (result.length() > 253) {
+                    result = result.substring(0, 253);
+                }
                 return result;
             }
         }