Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TriggerAuthentication & Vault Integration - panic when missing credentials #4964

Closed
BojanZelic opened this issue Sep 12, 2023 · 7 comments · Fixed by #5180
Closed

TriggerAuthentication & Vault Integration - panic when missing credentials #4964

BojanZelic opened this issue Sep 12, 2023 · 7 comments · Fixed by #5180
Assignees
@dttung2905
Labels
bug Something isn't working

Comments

@BojanZelic
Copy link
Contributor

Report

When creating a TriggerAuthentication & using vault authentication, forgetting to set credentials causes the keda operator to panic

Expected Behavior

Expected it to error out or ideally just default to the the standard value that's present on almost all kubernetes pods by default
/var/run/secrets/kubernetes.io/serviceaccount/token

Actual Behavior

Keda operator panic's & starts CrashLoopBackOff()'ing

Steps to Reproduce the Problem

deploy a scaled object & a triggerauthentication without any credentials defined;

ex:

apiVersion: keda.sh/v1alpha1
kind: TriggerAuthentication
metadata:
  name: my-trigger-auth
spec:
  hashiCorpVault:
    address: my-vault-server
    authentication: kubernetes
    #credential:
    #  serviceAccount: /var/run/secrets/kubernetes.io/serviceaccount/token
    mount: my-mount
    role: my-role
    secrets:
      - key: password
        parameter: password
        path: secret_v2/data/path-to-my-secret
...

Logs from KEDA operator

panic: runtime error: invalid memory address or nil pointer dereference [recovered]
        panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x3291935]

goroutine 343 [running]:
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile.func1()
        /workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:115 +0x1fa
panic({0x3837a00, 0x6a73080})
        /usr/local/go/src/runtime/panic.go:884 +0x213
github.com/kedacore/keda/v2/pkg/scaling/resolver.(*HashicorpVaultHandler).token(0xc0c51d1bd8, 0xc0015a7200?)
        /workspace/pkg/scaling/resolver/hashicorpvault_handler.go:110 +0xf5
github.com/kedacore/keda/v2/pkg/scaling/resolver.(*HashicorpVaultHandler).Initialize(0xc0c51d1bd8, {{0x4754ce8?, 0xc0c5385f20?}, 0x2?})
        /workspace/pkg/scaling/resolver/hashicorpvault_handler.go:61 +0x9e
github.com/kedacore/keda/v2/pkg/scaling/resolver.resolveAuthRef({0x474d130, 0xc0c53858c0}, {0x47648a0, 0xc000558480}, {{0x4754ce8?, 0xc0c5385f20?}, 0x40dcca?}, 0xc0c51a8e60, 0xc0c53aa0e8, {0xc000e77d28, ...}, ...)
        /workspace/pkg/scaling/resolver/scale_resolvers.go:243 +0x337
github.com/kedacore/keda/v2/pkg/scaling/resolver.ResolveAuthRefAndPodIdentity({0x474d130, 0xc0c53858c0}, {0x47648a0?, 0xc000558480?}, {{0x4754ce8?, 0xc0c5385f20?}, 0x4754ce8?}, 0xc0c5385f20?, 0xc0c53aa000, {0xc000e77d28, ...}, ...)
        /workspace/pkg/scaling/resolver/scale_resolvers.go:182 +0xc9
github.com/kedacore/keda/v2/pkg/scaling.(*scaleHandler).buildScalers.func1()
        /workspace/pkg/scaling/scalers_builder.go:68 +0x3f4
github.com/kedacore/keda/v2/pkg/scaling.(*scaleHandler).buildScalers(0xc0003759d0, {0x474d130?, 0xc0c53858c0}, 0xc0c53a8140, 0xc0c53aa000, {0x0, 0x0})
        /workspace/pkg/scaling/scalers_builder.go:78 +0x5d6
github.com/kedacore/keda/v2/pkg/scaling.(*scaleHandler).performGetScalersCache(0xc0003759d0, {0x474d130, 0xc0c53858c0}, {0xc0c51fc8c0, 0x37}, {0x3e7de80, 0xc0111a3600}, 0xc0c48248d0, {0x0, 0x0}, ...)
        /workspace/pkg/scaling/scale_handler.go:360 +0x71c
github.com/kedacore/keda/v2/pkg/scaling.(*scaleHandler).GetScalersCache(0xc0111a2c00?, {0x474d130, 0xc0c53858c0}, {0x3e7de80, 0xc0111a3600})
        /workspace/pkg/scaling/scale_handler.go:281 +0xf6
github.com/kedacore/keda/v2/controllers/keda.(*ScaledObjectReconciler).getScaledObjectMetricSpecs(0xc000bf05a0, {0x474d130, 0xc0c53858c0}, {{0x4754ce8?, 0xc0c53858f0?}, 0x3394322?}, 0xc0111a2c00)
        /workspace/controllers/keda/hpa.go:209 +0xda
github.com/kedacore/keda/v2/controllers/keda.(*ScaledObjectReconciler).newHPAForScaledObject(0xc000bf05a0, {0x474d130?, 0xc0c53858c0?}, {{0x4754ce8?, 0xc0c53858f0?}, 0x0?}, 0xc0111a2c00, 0xc0c48250e0)
        /workspace/controllers/keda/hpa.go:75 +0x66
github.com/kedacore/keda/v2/controllers/keda.(*ScaledObjectReconciler).updateHPAIfNeeded(0xc000bf05a0, {0x474d130, 0xc0c53858c0}, {{0x4754ce8?, 0xc0c53858f0?}, 0xc0c53858c0?}, 0xc0111a2c00, 0xc0c51d4540, 0xc0c539c040?)
        /workspace/controllers/keda/hpa.go:153 +0x78
github.com/kedacore/keda/v2/controllers/keda.(*ScaledObjectReconciler).ensureHPAForScaledObjectExists(0xc000bf05a0, {0x474d130, 0xc0c53858c0}, {{0x4754ce8?, 0xc0c53858f0?}, 0x4754ce8?}, 0xc0111a2c00, 0xc000101000?)
        /workspace/controllers/keda/scaledobject_controller.go:417 +0x238
github.com/kedacore/keda/v2/controllers/keda.(*ScaledObjectReconciler).reconcileScaledObject(0xc000bf05a0?, {0x474d130, 0xc0c53858c0}, {{0x4754ce8?, 0xc0c53858f0?}, 0xc000e77d10?}, 0xc0111a2c00, 0xc0c51d17a0)
        /workspace/controllers/keda/scaledobject_controller.go:254 +0x845
github.com/kedacore/keda/v2/controllers/keda.(*ScaledObjectReconciler).Reconcile(0xc000bf05a0, {0x474d130, 0xc0c53858c0}, {{{0xc000e77d28?, 0x0?}, {0xc000e77d10?, 0x40e0a7?}}})
        /workspace/controllers/keda/scaledobject_controller.go:177 +0x555
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile(0x474d130?, {0x474d130?, 0xc0c53858c0?}, {{{0xc000e77d28?, 0x3610820?}, {0xc000e77d10?, 0x472f430?}}})
        /workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:118 +0xc8
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler(0xc000bab860, {0x474d088, 0xc00029bea0}, {0x3a332e0?, 0xc00169c6a0?})
        /workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:314 +0x377
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem(0xc000bab860, {0x474d088, 0xc00029bea0})
        /workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:265 +0x1d9
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2()
        /workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:226 +0x85
created by sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2
        /workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:222 +0x587

KEDA Version

2.11.2

Kubernetes Version

1.26

Platform

Amazon Web Services

Scaler Details

No response

Anything else?

No response
@BojanZelic BojanZelic added the bug Something isn't working label Sep 12, 2023
@JorTurFer
Copy link
Member

Hi,
Definitively KEDA shouldn't panic if the SA isn't provided, thanks for reporting it. Are you willing to draft a PR fixing it?

@JorTurFer JorTurFer moved this from To Triage to To Do in Roadmap - KEDA Core Sep 13, 2023
@zroubalik
Copy link
Member

Thanks for reporting, should be fixed for sure.

@BojanZelic
Copy link
Contributor Author

Yes, would be willing to create a PR to fix this

@zroubalik
Copy link
Member

@BojanZelic awesome, do you think you can also include some unit test with your PR? Hashicorp stuff is missing unit tests and that's something we should improve to prevent problems like this in the future. Thanks!

@stale Stale
Copy link

stale bot commented Nov 12, 2023

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale All issues that are marked as stale due to inactivity label Nov 12, 2023
@dttung2905
Copy link
Contributor

Hi @BojanZelic , are you still working on this ? I could help with making the PR.

Hashicorp stuff is missing unit tests and that's something we should improve to prevent problems like this in the future. Thanks!

Totally agree that there is unit test missing for hashicorp stuff. I'm thinking of creating a separate issue to track the unit test so that I can work on it separately. What do you think ? @zroubalik

@stale stale bot removed the stale All issues that are marked as stale due to inactivity label Nov 12, 2023
@dttung2905 dttung2905 mentioned this issue Nov 12, 2023
Merged
4 tasks
@BojanZelic
Copy link
Contributor Author

Thanks! feel free to take it, haven't had a chance to work in this particular issue

@zroubalik zroubalik assigned dttung2905 and unassigned BojanZelic Nov 13, 2023
@zroubalik zroubalik mentioned this issue Nov 20, 2023
Closed
@github-project-automation github-project-automation bot moved this from To Do to Ready To Ship in Roadmap - KEDA Core Nov 20, 2023
@dttung2905 dttung2905 mentioned this issue Nov 20, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dttung2905 dttung2905

Labels
bug Something isn't working
Projects
Roadmap - KEDA Core
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix operator panic when spec.hashiCorpVault.credential.serviceAccount is not set dttung2905/keda
4 participants
@zroubalik @BojanZelic @dttung2905 @JorTurFer