Invalid signature when calling OVH API #5
Comments
|
getting the same issue with k8s version: 1.19.3 Log: Followed the instructions for the API rights and did double check with /me/api/credential/{credential_id} for it to be set correctly. |
|
Hello, We deployed ovh-webhook on our production with these versions : K8s version: 1.17.9 We got this problem because of a base64 encoding error (due to windows). You can use https://www.base64decode.org/ to verify your applicationSecret. Besides, after that we had a Error 403: "This credential does not exist". it came from consumerkey which wasn't link (or didn't exist) to your applicationId. In order to generate a consumerKey link to your application. You can't use the ovh console GUI. But you can try the following curl (cf. https://docs.ovh.com/gb/en/customer/first-steps-with-ovh-api/) : curl -XPOST -H"X-Ovh-Application: $ApplicationID" -H "Content-type: application/json" \
https://eu.api.ovh.com/1.0/auth/credential -d '{"accessRules": [{"method": "GET","path": "/domain/zone/*"},{"method": "PUT","path": "/domain/zone/*"},{"method": "POST","path": "/domain/zone/*"},{"method": "DELETE","path": "/domain/zone/*"}],"redirection":"https://www.mywebsite.com/"}'It produces : {
"validationUrl":"https://eu.api.ovh.com/auth/credentialToken=credt",
"consumerKey":"$ConsumerKeyId",
"state":"pendingValidation"
}Then you can validate your consumerKey by following the validationUrl. Moreover, you can test ovh webhook with your credentials : https://github.com/baarde/cert-manager-webhook-ovh#development. Have a good day, Thomas |
|
Hello, I can reproduce this. I can perfectly do a GET with some python code on "/domain/zone/myzone.com/status" so my API access is working... I double-checked my base64 encoding for the applicationSecret but the test suite keeps on failing.
I have tested different go version, Go 1.12, 1.13 and 1.15. |
When I was executing the test suite I encountered the same issue as described in issue baarde#5. Base64 secret was parsed with an ending \n. I don't know what happened under the hood (I tried with or without breaking line in the Yaml, I tested different line separators for the Yaml file... This seems to be linked with the way base64 decoding is done.).
|
Hello Julien, Are you sure the echo "SwzLFNC7l3yafoBm44NrHMvDY7gHUmjR" | openssl enc -aWhereas, this wouldn't: echo -n "SwzLFNC7l3yafoBm44NrHMvDY7gHUmjR" | openssl enc -aAs the application secret is 32 character-long, the base-64 encoded string should be 44 character-long and end with a |
|
@baarde Wahou thank you so much, this is it! |
|
Hello, thanks @baarde ! can we upgrade the documentation with your example Have a good day. |
|
@julienkosinski I'm glad the problem is solved. @tmarmillot Good idea. I will update the docs. |
When I was executing the test suite I encountered the same issue as described in issue #5. Base64 secret was parsed with an ending \n. I don't know what happened under the hood (I tried with or without breaking line in the Yaml, I tested different line separators for the Yaml file... This seems to be linked with the way base64 decoding is done.).
|
If you are looking for an updated and improved version of this webhook, feel free to head to https://github.com/aureq/cert-manager-webhook-ovh |
Hi,
I want to use DNS01 challenge for wildcard certificate. I have configured my OVH credentials with the right permissions but when calling OVH I have this error: 'Invalid Signature'.
K8s version: 1.19.2
Cert Manager version: 1.0.3
Webhook OVH version: 0.1.0
The text was updated successfully, but these errors were encountered: