Token Authentication Fails, Token in Config isn't base64 encoded
See original GitHub issueI’ve got a microk8s cluster and by default the admin user is set up for basic username/password authentication. Since this client doesn’t support username/password authentication I generated a token for authentication and changed my user entry to use the token.
I got the token by running the following PowerShell script:
$secrets = kubectl -n kube-system get secret -o=json | ConvertFrom-Json;
$admin = $secrets.items.Where( { $_.metadata.name -like 'admin-user*' });
$token = [Text.Encoding]::ASCII.GetString([Convert]::FromBase64String($admin.data.token));
If I take the value from that script, I can use the token to log into the dashboard, and placing the token in the kubernetes config file, kubectl get all
works as expected but the token doesn’t seem to be base64 encoded (It has non-base64 characters). If I try to use this kubernetes client, I get this exception:
System.FormatException : The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters.
at System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
at System.Convert.FromBase64String(String s)
at KubeClient.Extensions.KubeConfig.Models.UserIdentityConfig.GetRawToken() in C:\code\gh\dotnet-kube-client\src\KubeClient.Extensions.KubeConfig\Models\UserIdentityConfig.cs:line 64
at KubeClient.K8sConfig.ConfigureKubeClientOptions(KubeClientOptions kubeClientOptions, String kubeContextName, String defaultKubeNamespace) in C:\code\gh\dotnet-kube-client\src\KubeClient.Extensions.KubeConfig\K8sConfig.cs:line 200
at KubeClient.K8sConfig.ToKubeClientOptions(String kubeContextName, String defaultKubeNamespace, ILoggerFactory loggerFactory) in C:\code\gh\dotnet-kube-client\src\KubeClient.Extensions.KubeConfig\K8sConfig.cs:line 150
at KubeClient.Extensions.KubeConfig.Tests.K8sConfigLocationTests.ConnectToHome() in C:\code\gh\dotnet-kube-client\test\KubeClient.Extensions.KubeConfig.Tests\K8sConfigLocationTests.cs:line 81
--- End of stack trace from previous location where exception was thrown ---
So I tried to base64 encode the value. More Powershell:
[Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes('TOKEN_GOES_HERE')
And replaced the token value in my config file with the encoded value. When I do that, kubectl get all fails to authenticate and so does this client.
My assumption is that only http bearer strings are base64 encoded. If so, a change like the following seems like it would make sense. Does this look right? My assumption could obviously be wrong and this might break something. I tried looking through the kubectl code, but the phrases bearer and token show up a ton in the code so I wasn’t able to find what I was looking for.
Issue Analytics
- State:
- Created 4 years ago
- Comments:11 (9 by maintainers)
Top GitHub Comments
Oh, sorry I just have misread the build log. It’s 12am here but I’ll give this a look first thing tomorrow 😃
Ok I think we’re good to go 🙂