英文:
azure.storage.blob._shared.authentication.AzureSigningError: Incorrect padding - Argo workflow
问题
我在配置Argo工作流以从我的Flask应用程序运行Python函数来每天更新用户组列表时遇到了“Incorrect padding”错误。以下是错误日志和配置详细信息供参考。
错误信息:
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/authentication.py", line 129, in _add_authorization_header
signature = sign_string(self.account_key, string_to_sign)
File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/__init__.py", line 45, in sign_string
key = decode_base64_to_bytes(key)
File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/__init__.py", line 35, in decode_base64_to_bytes
return base64.b64decode(data)
File "/usr/local/lib/python3.9/base64.py", line 87, in b64decode
return binascii.a2b_base64(s)
binascii.Error: Incorrect padding
...
azure.storage.blob._shared.authentication.AzureSigningError: Incorrect padding
time="2023-07-24T08:59:03.472Z" level=info msg="sub-process exited" argo=true error="<nil>"
Error: exit status 1
这是我的argo_workflow配置:
apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
name: argo-aad
spec:
entrypoint: aad-groups
templates:
- name: aad-groups
container:
image: ***.azurecr.io/image:latest
env:
- name: sql_db_key
valueFrom:
secretKeyRef:
name: sqldbkey
key: key
- name: storage_key
valueFrom:
secretKeyRef:
name: storagekey
key: key
- name: client_secret
valueFrom:
secretKeyRef:
name: clientsecret
key: key
- name: client_id
valueFrom:
secretKeyRef:
name: clientid
key: key
- name: directory_tenant_id
valueFrom:
secretKeyRef:
name: directorytenantid
key: key
command: ["python", "-c"]
args: ["import ***.aad as gaad; gaad.aad_groups('sql_db_key', 'storage_key', 'client_secret', 'client_id', 'directory_tenant_id')"]
我已经使用以下命令创建了所有参数的密钥,并传递了值。
kubectl create secret generic storagekey --from-literal=key=****************************************==
请问有什么建议?
英文:
I'm getting Incorrect padding error while configuring a argo workflow to run a python function from my flask application to update the users group list everyday. Attached error logs and configuration details for the reference.
Error:
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/authentication.py", line 129, in _add_authorization_header
signature = sign_string(self.account_key, string_to_sign)
File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/__init__.py", line 45, in sign_string
key = decode_base64_to_bytes(key)
File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/__init__.py", line 35, in decode_base64_to_bytes
return base64.b64decode(data)
File "/usr/local/lib/python3.9/base64.py", line 87, in b64decode
return binascii.a2b_base64(s)
binascii.Error: Incorrect padding
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/local/lib/python3.9/site-packages/***/aad.py", line 76, in aad_groups
aad_groups = cr_blob.read_blob('***', storage_key, 'aad', 'aad_groups.csv')
File "/usr/local/lib/python3.9/site-packages/***/data/blob.py", line 86, in read_blob
blob_data = pd.read_csv(blob.download_blob())
File "/usr/local/lib/python3.9/site-packages/azure/core/tracing/decorator.py", line 78, in wrapper_use_tracer
return func(*args, **kwargs)
File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_blob_client.py", line 914, in download_blob
return StorageStreamDownloader(**options)
File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_download.py", line 366, in __init__
self._response = self._initial_request()
File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_download.py", line 466, in _initial_request
process_storage_error(error)
File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/response_handlers.py", line 97, in process_storage_error
raise storage_error
File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_download.py", line 418, in _initial_request
location_mode, response = self._clients.blob.download(
File "/usr/local/lib/python3.9/site-packages/azure/core/tracing/decorator.py", line 78, in wrapper_use_tracer
return func(*args, **kwargs)
File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_generated/operations/_blob_operations.py", line 1592, in download
pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access
File "/usr/local/lib/python3.9/site-packages/azure/core/pipeline/_base.py", line 211, in run
return first_node.send(pipeline_request) # type: ignore
File "/usr/local/lib/python3.9/site-packages/azure/core/pipeline/_base.py", line 71, in send
response = self.next.send(request)
File "/usr/local/lib/python3.9/site-packages/azure/core/pipeline/_base.py", line 71, in send
response = self.next.send(request)
File "/usr/local/lib/python3.9/site-packages/azure/core/pipeline/_base.py", line 71, in send
response = self.next.send(request)
[Previous line repeated 2 more times]
File "/usr/local/lib/python3.9/site-packages/azure/core/pipeline/policies/_redirect.py", line 158, in send
response = self.next.send(request)
File "/usr/local/lib/python3.9/site-packages/azure/core/pipeline/_base.py", line 71, in send
response = self.next.send(request)
File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/policies.py", line 546, in send
raise err
File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/policies.py", line 520, in send
response = self.next.send(request)
File "/usr/local/lib/python3.9/site-packages/azure/core/pipeline/_base.py", line 71, in send
response = self.next.send(request)
File "/usr/local/lib/python3.9/site-packages/azure/core/pipeline/_base.py", line 71, in send
response = self.next.send(request)
File "/usr/local/lib/python3.9/site-packages/azure/core/pipeline/_base.py", line 69, in send
_await_result(self._policy.on_request, request)
File "/usr/local/lib/python3.9/site-packages/azure/core/pipeline/_tools.py", line 34, in await_result
result = func(*args, **kwargs)
File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/authentication.py", line 152, in on_request
self._add_authorization_header(request, string_to_sign)
File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/authentication.py", line 135, in _add_authorization_header
raise _wrap_exception(ex, AzureSigningError)
azure.storage.blob._shared.authentication.AzureSigningError: Incorrect padding
time="2023-07-24T08:59:03.472Z" level=info msg="sub-process exited" argo=true error="<nil>"
Error: exit status 1
And here is my argo_workflow config:
apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
name: argo-aad
spec:
entrypoint: aad-groups
templates:
- name: aad-groups
container:
image: ***.azurecr.io/image:latest
env:
- name: sql_db_key
valueFrom:
secretKeyRef:
name: sqldbkey
key: key
- name: storage_key
valueFrom:
secretKeyRef:
name: storagekey
key: key
- name: client_secret
valueFrom:
secretKeyRef:
name: clientsecret
key: key
- name: client_id
valueFrom:
secretKeyRef:
name: clientid
key: key
- name: directory_tenant_id
valueFrom:
secretKeyRef:
name: directorytenantid
key: key
command: ["python", "-c"]
args: ["import ***.aad as gaad; gaad.aad_groups('sql_db_key', 'storage_key', 'client_secret', 'client_id', 'directory_tenant_id')"]
I have created all the secrets for the parameters using below command and passing the values.
kubectl create secret generic storagekey --from-literal=key=****************************************==
Any advise please?
答案1
得分: 0
>binascii.Error: 错误的填充
"错误的填充" 通常指的是在解码一个 base64 编码的字符串过程中出现的数据损坏或解密问题。这会发生在用于身份验证的凭据(如帐户密钥或 SAS 令牌)不正确或损坏时。
- 您正在直接将密钥作为字符串传递,而不是引用密钥的值。您应该引用密钥的实际值。
args: ["import ***.aad as gaad; gaad.aad_groups(
'{{inputs.parameters.sql_db_key}}',
'{{inputs.parameters.storage_key}}',
'{{inputs.parameters.client_secret}}',
'{{inputs.parameters.client_id}}',
'{{inputs.parameters.directory_tenant_id}}'
)"]
同时,将字符串 'sql_db_key' 作为参数传递是不正确的。相反,您应该传递密钥的实际值,因为变量名正在使用。
- 在使用
kubectl create secret generic创建密钥时,请检查您为密钥传递的值是否已进行了 base64 编码。
echo -n "your-secret-value" | base64
- 在工作流模板中替换
args字段,将密钥的值直接传递给 Python 脚本,而不是传递密钥的名称。
Args 字段:
args: ["import ***.aad as gaad; gaad.aad_groups('{}', '{}', '{}', '{}', '{}')".format(sql_db_key, storage_key, client_secret, client_id, directory_tenant_id)]
英文:
>binascii.Error: Incorrect padding
"Incorrect padding" usually points to a data corruption or decryption issue that occurs during the process of decoding a base64-encoded string. It occurs when the credentials (like account key or SAS token) you're using for authentication are incorrect or corrupted.
- You are passing the secret keys directly as strings instead of referencing the values of the secrets. You should reference the secret values instead.
args: ["import ***.aad as gaad; gaad.aad_groups(
'{{inputs.parameters.sql_db_key}}',
'{{inputs.parameters.storage_key}}',
'{{inputs.parameters.client_secret}}',
'{{inputs.parameters.client_id}}',
'{{inputs.parameters.directory_tenant_id}}'
)"]
Also, pass the string 'sql_db_key' as an argument. Instead, you should pass the actual value of the secret, as the variable name is being used.
- When creating secrets using
kubectl create secret generic, check that the value you are passing for the key is base64-encoded.
echo -n "your-secret-value" | base64
- Replace the
argsfield in the workflow template to pass the values of the secrets directly to the Python script, instead of passing the secret names.
Args field:
args: ["import ***.aad as gaad; gaad.aad_groups('{}', '{}', '{}', '{}', '{}')".format(sql_db_key, storage_key, client_secret, client_id, directory_tenant_id)]
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论