英文:
azure.storage.blob._shared.authentication.AzureSigningError: Incorrect padding - Argo workflow
问题
我在配置Argo工作流以从我的Flask应用程序运行Python函数来每天更新用户组列表时遇到了“Incorrect padding”错误。以下是错误日志和配置详细信息供参考。
错误信息:
Traceback (most recent call last):File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/authentication.py", line 129, in _add_authorization_headersignature = sign_string(self.account_key, string_to_sign)File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/__init__.py", line 45, in sign_stringkey = decode_base64_to_bytes(key)File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/__init__.py", line 35, in decode_base64_to_bytesreturn base64.b64decode(data)File "/usr/local/lib/python3.9/base64.py", line 87, in b64decodereturn binascii.a2b_base64(s)binascii.Error: Incorrect padding...azure.storage.blob._shared.authentication.AzureSigningError: Incorrect paddingtime="2023-07-24T08:59:03.472Z" level=info msg="sub-process exited" argo=true error="<nil>"Error: exit status 1
这是我的argo_workflow配置:
apiVersion: argoproj.io/v1alpha1kind: Workflowmetadata:name: argo-aadspec:entrypoint: aad-groupstemplates:- name: aad-groupscontainer:image: ***.azurecr.io/image:latestenv:- name: sql_db_keyvalueFrom:secretKeyRef:name: sqldbkeykey: key- name: storage_keyvalueFrom:secretKeyRef:name: storagekeykey: key- name: client_secretvalueFrom:secretKeyRef:name: clientsecretkey: key- name: client_idvalueFrom:secretKeyRef:name: clientidkey: key- name: directory_tenant_idvalueFrom:secretKeyRef:name: directorytenantidkey: keycommand: ["python", "-c"]args: ["import ***.aad as gaad; gaad.aad_groups('sql_db_key', 'storage_key', 'client_secret', 'client_id', 'directory_tenant_id')"]
我已经使用以下命令创建了所有参数的密钥,并传递了值。
kubectl create secret generic storagekey --from-literal=key=****************************************==
请问有什么建议?
英文:
I'm getting Incorrect padding error while configuring a argo workflow to run a python function from my flask application to update the users group list everyday. Attached error logs and configuration details for the reference.
Error:Traceback (most recent call last):File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/authentication.py", line 129, in _add_authorization_headersignature = sign_string(self.account_key, string_to_sign)File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/__init__.py", line 45, in sign_stringkey = decode_base64_to_bytes(key)File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/__init__.py", line 35, in decode_base64_to_bytesreturn base64.b64decode(data)File "/usr/local/lib/python3.9/base64.py", line 87, in b64decodereturn binascii.a2b_base64(s)binascii.Error: Incorrect paddingDuring handling of the above exception, another exception occurred:Traceback (most recent call last):File "<string>", line 1, in <module>File "/usr/local/lib/python3.9/site-packages/***/aad.py", line 76, in aad_groupsaad_groups = cr_blob.read_blob('***', storage_key, 'aad', 'aad_groups.csv')File "/usr/local/lib/python3.9/site-packages/***/data/blob.py", line 86, in read_blobblob_data = pd.read_csv(blob.download_blob())File "/usr/local/lib/python3.9/site-packages/azure/core/tracing/decorator.py", line 78, in wrapper_use_tracerreturn func(*args, **kwargs)File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_blob_client.py", line 914, in download_blobreturn StorageStreamDownloader(**options)File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_download.py", line 366, in __init__self._response = self._initial_request()File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_download.py", line 466, in _initial_requestprocess_storage_error(error)File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/response_handlers.py", line 97, in process_storage_errorraise storage_errorFile "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_download.py", line 418, in _initial_requestlocation_mode, response = self._clients.blob.download(File "/usr/local/lib/python3.9/site-packages/azure/core/tracing/decorator.py", line 78, in wrapper_use_tracerreturn func(*args, **kwargs)File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_generated/operations/_blob_operations.py", line 1592, in downloadpipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-accessFile "/usr/local/lib/python3.9/site-packages/azure/core/pipeline/_base.py", line 211, in runreturn first_node.send(pipeline_request) # type: ignoreFile "/usr/local/lib/python3.9/site-packages/azure/core/pipeline/_base.py", line 71, in sendresponse = self.next.send(request)File "/usr/local/lib/python3.9/site-packages/azure/core/pipeline/_base.py", line 71, in sendresponse = self.next.send(request)File "/usr/local/lib/python3.9/site-packages/azure/core/pipeline/_base.py", line 71, in sendresponse = self.next.send(request)[Previous line repeated 2 more times]File "/usr/local/lib/python3.9/site-packages/azure/core/pipeline/policies/_redirect.py", line 158, in sendresponse = self.next.send(request)File "/usr/local/lib/python3.9/site-packages/azure/core/pipeline/_base.py", line 71, in sendresponse = self.next.send(request)File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/policies.py", line 546, in sendraise errFile "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/policies.py", line 520, in sendresponse = self.next.send(request)File "/usr/local/lib/python3.9/site-packages/azure/core/pipeline/_base.py", line 71, in sendresponse = self.next.send(request)File "/usr/local/lib/python3.9/site-packages/azure/core/pipeline/_base.py", line 71, in sendresponse = self.next.send(request)File "/usr/local/lib/python3.9/site-packages/azure/core/pipeline/_base.py", line 69, in send_await_result(self._policy.on_request, request)File "/usr/local/lib/python3.9/site-packages/azure/core/pipeline/_tools.py", line 34, in await_resultresult = func(*args, **kwargs)File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/authentication.py", line 152, in on_requestself._add_authorization_header(request, string_to_sign)File "/usr/local/lib/python3.9/site-packages/azure/storage/blob/_shared/authentication.py", line 135, in _add_authorization_headerraise _wrap_exception(ex, AzureSigningError)azure.storage.blob._shared.authentication.AzureSigningError: Incorrect paddingtime="2023-07-24T08:59:03.472Z" level=info msg="sub-process exited" argo=true error="<nil>"Error: exit status 1
And here is my argo_workflow config:
apiVersion: argoproj.io/v1alpha1kind: Workflowmetadata:name: argo-aadspec:entrypoint: aad-groupstemplates:- name: aad-groupscontainer:image: ***.azurecr.io/image:latestenv:- name: sql_db_keyvalueFrom:secretKeyRef:name: sqldbkeykey: key- name: storage_keyvalueFrom:secretKeyRef:name: storagekeykey: key- name: client_secretvalueFrom:secretKeyRef:name: clientsecretkey: key- name: client_idvalueFrom:secretKeyRef:name: clientidkey: key- name: directory_tenant_idvalueFrom:secretKeyRef:name: directorytenantidkey: keycommand: ["python", "-c"]args: ["import ***.aad as gaad; gaad.aad_groups('sql_db_key', 'storage_key', 'client_secret', 'client_id', 'directory_tenant_id')"]
I have created all the secrets for the parameters using below command and passing the values.
kubectl create secret generic storagekey --from-literal=key=****************************************==
Any advise please?
答案1
得分: 0
>binascii.Error: 错误的填充
"错误的填充" 通常指的是在解码一个 base64 编码的字符串过程中出现的数据损坏或解密问题。这会发生在用于身份验证的凭据(如帐户密钥或 SAS 令牌)不正确或损坏时。
- 您正在直接将密钥作为字符串传递,而不是引用密钥的值。您应该引用密钥的实际值。
args: ["import ***.aad as gaad; gaad.aad_groups('{{inputs.parameters.sql_db_key}}','{{inputs.parameters.storage_key}}','{{inputs.parameters.client_secret}}','{{inputs.parameters.client_id}}','{{inputs.parameters.directory_tenant_id}}')"]
同时,将字符串 'sql_db_key' 作为参数传递是不正确的。相反,您应该传递密钥的实际值,因为变量名正在使用。
- 在使用
kubectl create secret generic创建密钥时,请检查您为密钥传递的值是否已进行了 base64 编码。
echo -n "your-secret-value" | base64
- 在工作流模板中替换
args字段,将密钥的值直接传递给 Python 脚本,而不是传递密钥的名称。
Args 字段:
args: ["import ***.aad as gaad; gaad.aad_groups('{}', '{}', '{}', '{}', '{}')".format(sql_db_key, storage_key, client_secret, client_id, directory_tenant_id)]
英文:
>binascii.Error: Incorrect padding
"Incorrect padding" usually points to a data corruption or decryption issue that occurs during the process of decoding a base64-encoded string. It occurs when the credentials (like account key or SAS token) you're using for authentication are incorrect or corrupted.
- You are passing the secret keys directly as strings instead of referencing the values of the secrets. You should reference the secret values instead.
args: ["import ***.aad as gaad; gaad.aad_groups('{{inputs.parameters.sql_db_key}}','{{inputs.parameters.storage_key}}','{{inputs.parameters.client_secret}}','{{inputs.parameters.client_id}}','{{inputs.parameters.directory_tenant_id}}')"]
Also, pass the string 'sql_db_key' as an argument. Instead, you should pass the actual value of the secret, as the variable name is being used.
- When creating secrets using
kubectl create secret generic, check that the value you are passing for the key is base64-encoded.
echo -n "your-secret-value" | base64
- Replace the
argsfield in the workflow template to pass the values of the secrets directly to the Python script, instead of passing the secret names.
Args field:
args: ["import ***.aad as gaad; gaad.aad_groups('{}', '{}', '{}', '{}', '{}')".format(sql_db_key, storage_key, client_secret, client_id, directory_tenant_id)]
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论