java icon indicating copy to clipboard operation
java copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-client

OpenidApi and WellKnownApi

Open balsemindevis opened this issue 3 years ago • 4 comments
trafficstars

Describe the bug OpenidApi and WellKnownApi have coded the wrongLocalPath. String localVarPath = "/openid/v1/jwks/";

and String localVarPath = "/.well-known/openid-configuration/";

The last "/" generate an 403 Response.

I have remove Last "/" in both file and works fine

Client Version 15.0.1

Java Version

Java 17

To Reproduce

httpStatus:403 curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/.well-known/openid-configuration/

httpStatus:200 curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/.well-known/openid-configuration

balsemindevis avatar Jun 27 '22 15:06 balsemindevis

@balsemindevis i cant reproduce that in my local kind cluster, is that a vendor-specific issue?

yue9944882 avatar Jun 28 '22 05:06 yue9944882

@balsemindevis i cant reproduce that in my local kind cluster, is that a vendor-specific issue?

the same thing happens on both minikube and k8s. The "issue" can be replicate also outside client-java because with last "/" character corrupt the request.

image

image

it's wrong last "/".

balsemindevis avatar Jun 28 '22 06:06 balsemindevis

it should be fixed in the upstream kubernetes repo, so i opened https://github.com/kubernetes/kubernetes/pull/110861. a walkaround is to add the following non-resource urls to the ClusterRole named "system:service-account-issuer-discovery":

...
rules:
- nonResourceURLs:
  - /.well-known/openid-configuration
  - /openid/v1/jwks
  - /.well-known/openid-configuration/ # ADD THESE
  - /openid/v1/jwks/                                 #
  verbs:
  - get

yue9944882 avatar Jun 29 '22 11:06 yue9944882

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Sep 27 '22 11:09 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot avatar Oct 27 '22 11:10 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue with /reopen
  • Mark this issue as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

k8s-triage-robot avatar Nov 26 '22 12:11 k8s-triage-robot

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue with /reopen
  • Mark this issue as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot avatar Nov 26 '22 12:11 k8s-ci-robot