Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ejson secret base64 encoding issue #192

Closed
mleklund opened this issue Oct 26, 2017 · 3 comments
Closed

ejson secret base64 encoding issue #192

mleklund opened this issue Oct 26, 2017 · 3 comments
Labels
👋 new contributor Good for newcomers

Comments

@mleklund
Copy link

Secret generation code is calling Base64.encode(value) which which is inserting a newline which breaks the yaml that is being fed to kubectl.

{
  "_public_key": "XXXXX",
  "kubernetes_secrets": {
    "mydata": {
      "_type": "Opaque",
      "data": {
        "mypassword": "mypass",
        "mypassword2": "mypass"}
    }
  }
}

results in the following yaml:

---
kind: Secret
apiVersion: v1
type: Opaque
metadata:
  name: mydata
  labels:
    name: mydata
  namespace: production
  annotations:
    kubernetes-deploy.shopify.io/ejson-secret: 'true'
data:
  mypassword: 'bXlwYXNz

'
  mypassword2: 'bXlwYXNz

'

resulting in the following error:

Creation of kubernetes secrets from ejson failed: error from server (badrequest): error when creating "/var/folders/6g/t31p0nvn02l3236fm3v07xsr0000gn/t/mydata20171026-34510-1mbtgtg": secret in version "v1" cannot be handled as a secret: v1.secret: data: decode base64: illegal base64 data at input byte 8, parsing 56 ...xlwyxnz\n"... at {"apiversion":"v1","data":{"mypassword":"bxlwyxnz\n","mypassword2":"bxlwyxnz\n"},"kind":"secret","metadata":{"annotations":{"kubectl.kubernetes.io/last-applied-configuration":"{\"apiversion\":\"v1\",\"data\":{\"mypassword\":\"bxlwyxnz\\n\",\"mypassword2\":\"bxlwyxnz\\n\"},\"kind\":\"secret\",\"metadata\":{\"annotations\":{\"kubernetes-deploy.shopify.io/ejson-secret\":\"true\"},\"labels\":{\"name\":\"mydata\"},\"name\":\"mydata\",\"namespace\":\"production\"},\"type\":\"opaque\"}\n","kubernetes-deploy.shopify.io/ejson-secret":"true"},"labels":{"name":"mydata"},"name":"mydata","namespace":"production"},"type":"opaque"}
@KnVerey KnVerey added the 👋 new contributor Good for newcomers label Oct 30, 2017
@jshapiro26
Copy link

jshapiro26 commented Oct 31, 2017
edited
Loading

I've just run into this issue as well. Running GKE: 1.8.1-gke.0. The error looks like kubernetes-deploy is appending a new line \n onto the value of each secret.

@alexcurtin
Copy link

alexcurtin commented Oct 31, 2017
edited
Loading

This can be fixed by using Ruby's Base64 strict_encode which produces the values but without new lines per http://ruby-doc.org/stdlib-2.4.2/libdoc/base64/rdoc/Base64.html#method-i-strict_encode64

:007 > str = "aooajsdjadad"
 => "aooajsdjadad"
 :008 > Base64.encode64(str)
 => "YW9vYWpzZGphZGFk\n"
 :009 > Base64.strict_encode64(str)
 => "YW9vYWpzZGphZGFk"```

I will attempt to open a PR for this change.

@alexcurtin alexcurtin mentioned this issue Oct 31, 2017
Merged
@KnVerey
Copy link
Contributor

KnVerey commented Oct 31, 2017

Thanks to everyone who reported and contributed to fixing this issue! I've released v0.12.11 containing the fix.

@KnVerey KnVerey closed this as completed Oct 31, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
👋 new contributor Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mleklund @jshapiro26 @KnVerey @alexcurtin