Secrets are decoded from Base64

[matthew-walker-prolucid]

Hello,

I used F# code similar to the following to retrieve a secret from the k8s API:

open k8s
open k8s.Models
open System.IO
open System.Threading

let retrieveSecret (client: IKubernetes) (nspace: string) (secret: string) : Async<string> =
    async {
        let! v1Secret = client.ReadNamespacedSecretAsync (secret, nspace, "false", CancellationToken.None) |> Async.AwaitTask
        return Yaml.SaveToString v1Secret
    }

[<EntryPoint>]
let main argv =
    let kClientConfig = KubernetesClientConfiguration.BuildDefaultConfig()
    use kClient = new Kubernetes(kClientConfig)
    
    async {
        let! secretText = retrieveSecret kClient "mynamespace" "mysecret"
        return printfn "%s" secretText
    } |> Async.RunSynchronously

    0

Which will print the secret mysecret from the namespace mynamespace. The issue is that the secret is printed with a data field, which is assumed to be base64-encoded, but is instead printed as plain text, making the secret printed ill-formed.

As a workaround, I have replaced "\ndata:" with "\nstringData:" in the output, but this is obviously less than ideal and the secret returned should be of the correct form.

Unfortunately, I do not currently have the time to offer to help fix this.

Versions:

k8s server: tested on 1.17.6
KubernetesClient for .NET: 5.0.4

[tg123]

the api call returns a V1Secret with a Data field type IDictionary<string, byte[]>
the []byte is the data from your base64 string which is by design

[brendandburns]

Is the issue that we we serialize to Yaml we don't re-serialize it to base64?

[matthew-walker-prolucid]

Is the issue that we we serialize to Yaml we don't re-serialize it to base64?

Yes, this is the issue. The issue is with serialization using the Yaml class; it produces secrets that aren't base64 encoded and so can't be consumed by anything following the kubernetes API.

[k8s-triage-robot]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue or PR with /reopen
• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

[k8s-ci-robot]

@k8s-triage-robot: Closing this issue.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue or PR with /reopen
• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.