azure.storage.blob._shared.authentication.AzureSigningError: 错误的填充 – Argo 工作流

huangapple go评论109阅读模式
英文:

azure.storage.blob._shared.authentication.AzureSigningError: Incorrect padding - Argo workflow

问题

我在配置Argo工作流以从我的Flask应用程序运行Python函数来每天更新用户组列表时遇到了“Incorrect padding”错误。以下是错误日志和配置详细信息供参考。

错误信息:

Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/authentication.py", line 129, in _add_authorization_header
    signature = sign_string(self.account_key, string_to_sign)
  File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/__init__.py", line 45, in sign_string
    key = decode_base64_to_bytes(key)
  File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/__init__.py", line 35, in decode_base64_to_bytes
    return base64.b64decode(data)
  File "/usr/local/lib/python3.9/base64.py", line 87, in b64decode
    return binascii.a2b_base64(s)
binascii.Error: Incorrect padding

...

azure.storage.blob._shared.authentication.AzureSigningError: Incorrect padding
time="2023-07-24T08:59:03.472Z" level=info msg="sub-process exited" argo=true error="<nil>"
Error: exit status 1

这是我的argo_workflow配置:

apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
  name: argo-aad
spec:
  entrypoint: aad-groups
  templates:
    - name: aad-groups
      container:
        image: ***.azurecr.io/image:latest
        env:
         - name: sql_db_key
           valueFrom:
             secretKeyRef:
               name: sqldbkey
               key: key
         - name: storage_key
           valueFrom:
             secretKeyRef:
               name: storagekey
               key: key
         - name: client_secret
           valueFrom:
             secretKeyRef:
               name: clientsecret
               key: key
         - name: client_id
           valueFrom:
             secretKeyRef:
               name: clientid
               key: key
         - name: directory_tenant_id
           valueFrom:
             secretKeyRef:
               name: directorytenantid
               key: key
        command: ["python", "-c"]
        args: ["import ***.aad as gaad; gaad.aad_groups('sql_db_key', 'storage_key', 'client_secret', 'client_id', 'directory_tenant_id')"]

我已经使用以下命令创建了所有参数的密钥,并传递了值。

kubectl create secret generic storagekey --from-literal=key=****************************************==

请问有什么建议?

英文:

I'm getting Incorrect padding error while configuring a argo workflow to run a python function from my flask application to update the users group list everyday. Attached error logs and configuration details for the reference.

Error:

Traceback (most recent call last):
  File &quot;/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/authentication.py&quot;, line 129, in _add_authorization_header
    signature = sign_string(self.account_key, string_to_sign)
  File &quot;/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/__init__.py&quot;, line 45, in sign_string
    key = decode_base64_to_bytes(key)
  File &quot;/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/__init__.py&quot;, line 35, in decode_base64_to_bytes
    return base64.b64decode(data)
  File &quot;/usr/local/lib/python3.9/base64.py&quot;, line 87, in b64decode
    return binascii.a2b_base64(s)
binascii.Error: Incorrect padding

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File &quot;&lt;string&gt;&quot;, line 1, in &lt;module&gt;
  File &quot;/usr/local/lib/python3.9/site-packages/***/aad.py&quot;, line 76, in aad_groups
    aad_groups = cr_blob.read_blob(&#39;***&#39;, storage_key, &#39;aad&#39;, &#39;aad_groups.csv&#39;)
  File &quot;/usr/local/lib/python3.9/site-packages/***/data/blob.py&quot;, line 86, in read_blob
    blob_data = pd.read_csv(blob.download_blob())
  File &quot;/usr/local/lib/python3.9/site-packages/azure/core/tracing/decorator.py&quot;, line 78, in wrapper_use_tracer
    return func(*args, **kwargs)
  File &quot;/usr/local/lib/python3.9/site-packages/azure/storage/blob/_blob_client.py&quot;, line 914, in download_blob
    return StorageStreamDownloader(**options)
  File &quot;/usr/local/lib/python3.9/site-packages/azure/storage/blob/_download.py&quot;, line 366, in __init__
    self._response = self._initial_request()
  File &quot;/usr/local/lib/python3.9/site-packages/azure/storage/blob/_download.py&quot;, line 466, in _initial_request
    process_storage_error(error)
  File &quot;/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/response_handlers.py&quot;, line 97, in process_storage_error
    raise storage_error
  File &quot;/usr/local/lib/python3.9/site-packages/azure/storage/blob/_download.py&quot;, line 418, in _initial_request
    location_mode, response = self._clients.blob.download(
  File &quot;/usr/local/lib/python3.9/site-packages/azure/core/tracing/decorator.py&quot;, line 78, in wrapper_use_tracer
    return func(*args, **kwargs)
  File &quot;/usr/local/lib/python3.9/site-packages/azure/storage/blob/_generated/operations/_blob_operations.py&quot;, line 1592, in download
    pipeline_response = self._client._pipeline.run(  # type: ignore # pylint: disable=protected-access
  File &quot;/usr/local/lib/python3.9/site-packages/azure/core/pipeline/_base.py&quot;, line 211, in run
    return first_node.send(pipeline_request)  # type: ignore
  File &quot;/usr/local/lib/python3.9/site-packages/azure/core/pipeline/_base.py&quot;, line 71, in send
    response = self.next.send(request)
  File &quot;/usr/local/lib/python3.9/site-packages/azure/core/pipeline/_base.py&quot;, line 71, in send
    response = self.next.send(request)
  File &quot;/usr/local/lib/python3.9/site-packages/azure/core/pipeline/_base.py&quot;, line 71, in send
    response = self.next.send(request)
  [Previous line repeated 2 more times]
  File &quot;/usr/local/lib/python3.9/site-packages/azure/core/pipeline/policies/_redirect.py&quot;, line 158, in send
    response = self.next.send(request)
  File &quot;/usr/local/lib/python3.9/site-packages/azure/core/pipeline/_base.py&quot;, line 71, in send
    response = self.next.send(request)
  File &quot;/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/policies.py&quot;, line 546, in send
    raise err
  File &quot;/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/policies.py&quot;, line 520, in send
    response = self.next.send(request)
  File &quot;/usr/local/lib/python3.9/site-packages/azure/core/pipeline/_base.py&quot;, line 71, in send
    response = self.next.send(request)
  File &quot;/usr/local/lib/python3.9/site-packages/azure/core/pipeline/_base.py&quot;, line 71, in send
    response = self.next.send(request)
  File &quot;/usr/local/lib/python3.9/site-packages/azure/core/pipeline/_base.py&quot;, line 69, in send
    _await_result(self._policy.on_request, request)
  File &quot;/usr/local/lib/python3.9/site-packages/azure/core/pipeline/_tools.py&quot;, line 34, in await_result
    result = func(*args, **kwargs)
  File &quot;/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/authentication.py&quot;, line 152, in on_request
    self._add_authorization_header(request, string_to_sign)
  File &quot;/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/authentication.py&quot;, line 135, in _add_authorization_header
    raise _wrap_exception(ex, AzureSigningError)
azure.storage.blob._shared.authentication.AzureSigningError: Incorrect padding
time=&quot;2023-07-24T08:59:03.472Z&quot; level=info msg=&quot;sub-process exited&quot; argo=true error=&quot;&lt;nil&gt;&quot;
Error: exit status 1

And here is my argo_workflow config:

apiVersion: argoproj.io/v1alpha1
kind: Workflow                  
metadata:
  name: argo-aad
spec:
  entrypoint: aad-groups          
  templates:
    - name: aad-groups             
      container:
        image: ***.azurecr.io/image:latest
        env:
         - name: sql_db_key
           valueFrom:
             secretKeyRef:
               name: sqldbkey
               key: key
         - name: storage_key
           valueFrom:
             secretKeyRef:
               name: storagekey
               key: key
         - name: client_secret
           valueFrom:
             secretKeyRef:
               name: clientsecret
               key: key
         - name: client_id
           valueFrom:
             secretKeyRef:
               name: clientid
               key: key
         - name: directory_tenant_id
           valueFrom:
             secretKeyRef:
               name: directorytenantid
               key: key
        command: [&quot;python&quot;, &quot;-c&quot;]
        args: [&quot;import ***.aad as gaad; gaad.aad_groups(&#39;sql_db_key&#39;, &#39;storage_key&#39;, &#39;client_secret&#39;, &#39;client_id&#39;, &#39;directory_tenant_id&#39;)&quot;]

I have created all the secrets for the parameters using below command and passing the values.

kubectl create secret generic storagekey --from-literal=key=****************************************==

Any advise please?

答案1

得分: 0

>binascii.Error: 错误的填充

"错误的填充" 通常指的是在解码一个 base64 编码的字符串过程中出现的数据损坏或解密问题。这会发生在用于身份验证的凭据(如帐户密钥或 SAS 令牌)不正确或损坏时。

  • 您正在直接将密钥作为字符串传递,而不是引用密钥的值。您应该引用密钥的实际值。
args: ["import ***.aad as gaad; gaad.aad_groups(
    '{{inputs.parameters.sql_db_key}}', 
    '{{inputs.parameters.storage_key}}', 
    '{{inputs.parameters.client_secret}}', 
    '{{inputs.parameters.client_id}}', 
    '{{inputs.parameters.directory_tenant_id}}'
)"]

同时,将字符串 &#39;sql_db_key&#39; 作为参数传递是不正确的。相反,您应该传递密钥的实际值,因为变量名正在使用。

  • 在使用 kubectl create secret generic 创建密钥时,请检查您为密钥传递的值是否已进行了 base64 编码。

echo -n "your-secret-value" | base64

  • 在工作流模板中替换 args 字段,将密钥的值直接传递给 Python 脚本,而不是传递密钥的名称。

Args 字段:

args: ["import ***.aad as gaad; gaad.aad_groups('{}', '{}', '{}', '{}', '{}')".format(sql_db_key, storage_key, client_secret, client_id, directory_tenant_id)]
英文:

>binascii.Error: Incorrect padding

"Incorrect padding" usually points to a data corruption or decryption issue that occurs during the process of decoding a base64-encoded string. It occurs when the credentials (like account key or SAS token) you're using for authentication are incorrect or corrupted.

  • You are passing the secret keys directly as strings instead of referencing the values of the secrets. You should reference the secret values instead.
args: [&quot;import ***.aad as gaad; gaad.aad_groups(
    &#39;{{inputs.parameters.sql_db_key}}&#39;, 
    &#39;{{inputs.parameters.storage_key}}&#39;, 
    &#39;{{inputs.parameters.client_secret}}&#39;, 
    &#39;{{inputs.parameters.client_id}}&#39;, 
    &#39;{{inputs.parameters.directory_tenant_id}}&#39;
)&quot;]

Also, pass the string &#39;sql_db_key&#39; as an argument. Instead, you should pass the actual value of the secret, as the variable name is being used.

  • When creating secrets using kubectl create secret generic, check that the value you are passing for the key is base64-encoded.

echo -n &quot;your-secret-value&quot; | base64

  • Replace the args field in the workflow template to pass the values of the secrets directly to the Python script, instead of passing the secret names.

Args field:

args: [&quot;import ***.aad as gaad; gaad.aad_groups(&#39;{}&#39;, &#39;{}&#39;, &#39;{}&#39;, &#39;{}&#39;, &#39;{}&#39;)&quot;.format(sql_db_key, storage_key, client_secret, client_id, directory_tenant_id)]

huangapple
  • 本文由 发表于 2023年7月24日 17:30:34
  • 转载请务必保留本文链接:https://go.coder-hub.com/76753111.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定