Fix base64 padding for kube config

2018-07-30 14:23:18 -04:00 · 2018-07-30 14:23:18 -04:00 · 529a72a2bf
commit 529a72a2bf
parent 24a0ff2b86
2 changed files with 12 additions and 4 deletions
--- a/config/kube_config.py
+++ b/config/kube_config.py
@ -257,13 +257,15 @@ class KubeConfigLoader(object):
        if len(parts) != 3:  # Not a valid JWT
            return None

+        padding = (4 - len(parts[1]) % 4) * '='
+
        if PY3:
            jwt_attributes = json.loads(
-                base64.b64decode(parts[1]).decode('utf-8')
+                base64.b64decode(parts[1] + padding).decode('utf-8')
            )
        else:
            jwt_attributes = json.loads(
-                base64.b64decode(parts[1] + "==")
+                base64.b64decode(parts[1] + padding)
            )

        expire = jwt_attributes.get('exp')
--- a/config/kube_config_test.py
+++ b/config/kube_config_test.py
@ -43,6 +43,10 @@ def _base64(string):
    return base64.encodestring(string.encode()).decode()


+def _unpadded_base64(string):
+    return base64.b64encode(string.encode()).decode().rstrip('=')
+
+
 def _format_expiry_datetime(dt):
    return dt.strftime(EXPIRY_DATETIME_FORMAT)

@ -87,11 +91,13 @@ TEST_CLIENT_CERT_BASE64 = _base64(TEST_CLIENT_CERT)

 TEST_OIDC_TOKEN = "test-oidc-token"
 TEST_OIDC_INFO = "{\"name\": \"test\"}"
-TEST_OIDC_BASE = _base64(TEST_OIDC_TOKEN) + "." + _base64(TEST_OIDC_INFO)
+TEST_OIDC_BASE = _unpadded_base64(
+    TEST_OIDC_TOKEN) + "." + _unpadded_base64(TEST_OIDC_INFO)
 TEST_OIDC_LOGIN = TEST_OIDC_BASE + "." + TEST_CLIENT_CERT_BASE64
 TEST_OIDC_TOKEN = "Bearer %s" % TEST_OIDC_LOGIN
 TEST_OIDC_EXP = "{\"name\": \"test\",\"exp\": 536457600}"
-TEST_OIDC_EXP_BASE = _base64(TEST_OIDC_TOKEN) + "." + _base64(TEST_OIDC_EXP)
+TEST_OIDC_EXP_BASE = _unpadded_base64(
+    TEST_OIDC_TOKEN) + "." + _unpadded_base64(TEST_OIDC_EXP)
 TEST_OIDC_EXPIRED_LOGIN = TEST_OIDC_EXP_BASE + "." + TEST_CLIENT_CERT_BASE64
 TEST_OIDC_CA = _base64(TEST_CERTIFICATE_AUTH)