This repository was archived by the owner on Oct 3, 2020. It is now read-only.
This repository was archived by the owner on Oct 3, 2020. It is now read-only.
Oauth (google auth) crashes kube-ops-view #172
Open
Description
As the title suggests, if you auth with a cluster by oauth token from GApps, the users.user.auth-provider.config.id-token is a JWT auth token, but kube-ops-view attempts to use b64decode on it. This fails with an error like
Traceback (most recent call last):
File "/kube_ops_view/update.py", line 42, in update_clusters
for cluster in clusters:
File "/kube_ops_view/cluster_discovery.py", line 146, in get_clusters
kubernetes.config.load_kube_config(config_file, context=context['name'], client_configuration=config)
File "/usr/lib/python3.6/site-packages/kubernetes/config/kube_config.py", line 476, in load_kube_config
loader.load_and_set(client_configuration)
File "/usr/lib/python3.6/site-packages/kubernetes/config/kube_config.py", line 354, in load_and_set
self._load_authentication()
File "/usr/lib/python3.6/site-packages/kubernetes/config/kube_config.py", line 185, in _load_authentication
if self._load_oid_token():
File "/usr/lib/python3.6/site-packages/kubernetes/config/kube_config.py", line 236, in _load_oid_token
base64.b64decode(parts[1]).decode('utf-8')
File "/usr/lib/python3.6/base64.py", line 87, in b64decode
return binascii.a2b_base64(s)
binascii.Error: Incorrect padding
Which is understandable because JWT is multiple b64 strings concatenated with ., - and _ characters.
Obviously my cluster is accessible with kubectl but this completely breaks kube-ops-view's loading for all the clusters listed in my config.
If k-o-v must decode the values manually, can it at least not crash on this kind of expectation so that the other clusters in my config can be monitored.
Metadata
Metadata
Assignees
Labels
No labels