Azure-cli: az aks get-credentials downloads invalid json

Created on 1 Mar 2018  路  6Comments  路  Source: Azure/azure-cli

Wasted a huge amount of time tonight only to find out that aks downloads invalid credentials that just happen to work because kubectl's yaml parser is incredibly generous.

$ pip install --upgrade --user azure-cli
$ rm -rf ~/.kube
$ az aks get-credentials --resource-group foo --name bar
$ cat ~/.kube/config

observe the invalid json!

ACS Service Attention
Source
picture colemickens

Most helpful comment

Some of this issue might be that the CLI defaults to using YAML flow style for non-nested collections, which is an unhappy surprise to humans reading it. I fixed that with #5751.

I do think there are issues with the merge logic--it seems to silently skip merging sections based on a shallow key comparison, for example. I wonder if we could just outsource the merge logic to kubectl view --flatten.

picture mboersma on 8 Mar 2018
👍3

All 6 comments

Note, I may have misspoken. I don't know if it downloads invalid json, but the CLI seems to merge, even when the specified location doesn't exist. So it's possible the bug is in the merge logic.

colemickens picture colemickens on 1 Mar 2018

Note, I checked with --debug. The kubeConfig comes down as base64 encoded. When I decode it, I get a proper, valid YAML file. Signs point to the bug being in the merge logic?

(Note, this is also easier than trying to repair the file by hand...)

colemickens picture colemickens on 1 Mar 2018

I have put my nose in the merge logic before and wondered if it could use something built-in such as :

KUBECONFIG=newconfig.yml:~/.kube/config kubectl config view --flatten > ~/.kube/config

or is that short-sighted?

serbrech picture serbrech on 1 Mar 2018

+1 for getting that fixed.

squillace picture squillace on 1 Mar 2018

Some of this issue might be that the CLI defaults to using YAML flow style for non-nested collections, which is an unhappy surprise to humans reading it. I fixed that with #5751.

I do think there are issues with the merge logic--it seems to silently skip merging sections based on a shallow key comparison, for example. I wonder if we could just outsource the merge logic to kubectl view --flatten.

mboersma picture mboersma on 8 Mar 2018
👍3

After #5751 and #6529, az aks get-credentials is working well and has unit tests. I'm not aware of any current YAML or merge bugs.

@tjprescott I think we can close this issue. If anyone finds a problem with get-credentials, please open a new issue with steps to reproduce.

mboersma picture mboersma on 25 Jul 2018
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

FumiakiNagano picture FumiakiNagano  路  3Comments
derekbekoe picture derekbekoe  路  3Comments
cicorias picture cicorias  路  3Comments
troydai picture troydai  路  3Comments
amarzavery picture amarzavery  路  3Comments