Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AZURE_CLIENT_SECRET with quotes causes cluster failure. #672

Closed
voor opened this issue Jun 3, 2020 · 6 comments
Closed

AZURE_CLIENT_SECRET with quotes causes cluster failure. #672

voor opened this issue Jun 3, 2020 · 6 comments
Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/bug Categorizes issue or PR as related to a bug.

Comments

@voor
Copy link
Member

voor commented Jun 3, 2020
edited
Loading

/kind bug

Creating an Azure Service Principal where the randomly generated secret contains a ".

This secret then goes into AZURE_CLIENT_SECRET and creates issues, because the output into /etc/kubernetes/azure.json will not properly escape the ", resulting in kubelet failures:

Jun 03 00:03:26 capi-quickstart-control-plane-pvzh4 kubelet[76379]: F0603 00:03:26.581514   76379 server.go:274] failed to run Kubelet: could not init cloud provider "azure": error converting YAML to JSON: yaml: line 5: did not find expected ',' or '}'

What did you expect to happen:

There should be some sort of logic to escape the quotes prior to them going into /etc/kubernetes/azure.json or Azure should stop using " in its randomly generated passwords.

Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]

Environment:

  • cluster-api-provider-azure version:
  • Kubernetes version: (use kubectl version):
  • OS (e.g. from /etc/os-release):
@k8s-ci-robot k8s-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Jun 3, 2020
@CecileRobertMichon
Copy link
Contributor

There should be some sort of logic to escape the quotes prior to them going into /etc/kubernetes/azure.json or Azure should stop using " in its randomly generated passwords.

We won't be able to make "Azure should stop using " in its randomly generated passwords" happen so let's focus on ways we can document escaping special quotes in the CAPZ documentation about SPs or even better, automate escaping special chars.

/help

@k8s-ci-robot
Copy link
Contributor

@CecileRobertMichon:
This request has been marked as needing help from a contributor.

Please ensure the request meets the requirements listed here.

If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-help command.

In response to this:

There should be some sort of logic to escape the quotes prior to them going into /etc/kubernetes/azure.json or Azure should stop using " in its randomly generated passwords.

We won't be able to make "Azure should stop using " in its randomly generated passwords" happen so let's focus on ways we can document escaping special quotes in the CAPZ documentation about SPs or even better, automate escaping special chars.

/help

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. label Jun 3, 2020
@CecileRobertMichon CecileRobertMichon added this to the next milestone Jun 4, 2020
@CecileRobertMichon CecileRobertMichon mentioned this issue Jul 16, 2020
Merged
3 tasks
@alexeldeib
Copy link
Contributor

We won't be able to make "Azure should stop using " in its randomly generated passwords" happen

Azure/azure-cli#13625 (comment)
Azure/azure-cli#13643

it's fixed in new CLI versions

@alexeldeib
Copy link
Contributor

alexeldeib commented Jul 22, 2020
edited
Loading

It's reasonable to escape these, but IMO the CLI introducing it was the real problem

@CecileRobertMichon
Copy link
Contributor

Awesome, I think we can close this then. For anyone running into this, please update to the latest Azure CLI.

/close

@k8s-ci-robot
Copy link
Contributor

@CecileRobertMichon: Closing this issue.

In response to this:

Awesome, I think we can close this then. For anyone running into this, please update to the latest Azure CLI.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@CecileRobertMichon CecileRobertMichon removed this from the next milestone May 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@voor @alexeldeib @CecileRobertMichon @k8s-ci-robot