fix: #926 - Base64 encode sp password (#1174)

Azure · Apr 30, 2019 · 55b12ea · 55b12ea
1 parent 2fb12e7
commit 55b12ea
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/parts/k8s/kuberneteswindowssetup.ps1 b/parts/k8s/kuberneteswindowssetup.ps1
@@ -40,7 +40,7 @@ param(
 
  [parameter(Mandatory=$true)]
  [ValidateNotNullOrEmpty()]
- $AADClientSecret
+ $AADClientSecret # base64
 )
 
 
@@ -176,7 +176,7 @@ try
  Write-AzureConfig `
  -KubeDir $global:KubeDir `
  -AADClientId $AADClientId `
- -AADClientSecret $AADClientSecret `
+ -AADClientSecret $([System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($AADClientSecret))) `
  -TenantId $global:TenantId `
  -SubscriptionId $global:SubscriptionId `
  -ResourceGroup $global:ResourceGroup `

diff --git a/pkg/engine/vmextensions.go b/pkg/engine/vmextensions.go
@@ -135,7 +135,7 @@ func createAgentVMASCustomScriptExtension(cs *api.ContainerService, profile *api
  vmExtension.VirtualMachineExtensionProperties.Type = to.StringPtr("CustomScriptExtension")
  vmExtension.TypeHandlerVersion = to.StringPtr("1.8")
  vmExtension.ProtectedSettings = &map[string]interface{}{
- "commandToExecute": "[concat('powershell.exe -ExecutionPolicy Unrestricted -command \"', '$arguments = ', variables('singleQuote'),'-MasterIP ',variables('kubernetesAPIServerIP'),' -KubeDnsServiceIp ',parameters('kubeDnsServiceIp'),' -MasterFQDNPrefix ',variables('masterFqdnPrefix'),' -Location ',variables('location'),' -AgentKey ',parameters('clientPrivateKey'),' -AADClientId ',variables('servicePrincipalClientId'),' -AADClientSecret ',variables('singleQuote'),variables('singleQuote'),variables('servicePrincipalClientSecret'),variables('singleQuote'),variables('singleQuote'), ' ',variables('singleQuote'), ' ; ', variables('windowsCustomScriptSuffix'), '\" > %SYSTEMDRIVE%\\AzureData\\CustomDataSetupScript.log 2>&1')]",
+ "commandToExecute": "[concat('powershell.exe -ExecutionPolicy Unrestricted -command \"', '$arguments = ', variables('singleQuote'),'-MasterIP ',variables('kubernetesAPIServerIP'),' -KubeDnsServiceIp ',parameters('kubeDnsServiceIp'),' -MasterFQDNPrefix ',variables('masterFqdnPrefix'),' -Location ',variables('location'),' -AgentKey ',parameters('clientPrivateKey'),' -AADClientId ',variables('servicePrincipalClientId'),' -AADClientSecret ',variables('singleQuote'),variables('singleQuote'),base64(variables('servicePrincipalClientSecret')),variables('singleQuote'),variables('singleQuote'), ' ',variables('singleQuote'), ' ; ', variables('windowsCustomScriptSuffix'), '\" > %SYSTEMDRIVE%\\AzureData\\CustomDataSetupScript.log 2>&1')]",
  }
  } else {
  vmExtension.Publisher = to.StringPtr("Microsoft.Azure.Extensions")

diff --git a/pkg/engine/vmextensions_test.go b/pkg/engine/vmextensions_test.go
@@ -359,7 +359,7 @@ func TestCreateAgentVMASCustomScriptExtension(t *testing.T) {
  expectedCSE.VirtualMachineExtensionProperties.Type = to.StringPtr("CustomScriptExtension")
  expectedCSE.TypeHandlerVersion = to.StringPtr("1.8")
  expectedCSE.ProtectedSettings = &map[string]interface{}{
- "commandToExecute": "[concat('powershell.exe -ExecutionPolicy Unrestricted -command \"', '$arguments = ', variables('singleQuote'),'-MasterIP ',variables('kubernetesAPIServerIP'),' -KubeDnsServiceIp ',parameters('kubeDnsServiceIp'),' -MasterFQDNPrefix ',variables('masterFqdnPrefix'),' -Location ',variables('location'),' -AgentKey ',parameters('clientPrivateKey'),' -AADClientId ',variables('servicePrincipalClientId'),' -AADClientSecret ',variables('singleQuote'),variables('singleQuote'),variables('servicePrincipalClientSecret'),variables('singleQuote'),variables('singleQuote'), ' ',variables('singleQuote'), ' ; ', variables('windowsCustomScriptSuffix'), '\" > %SYSTEMDRIVE%\\AzureData\\CustomDataSetupScript.log 2>&1')]",
+ "commandToExecute": "[concat('powershell.exe -ExecutionPolicy Unrestricted -command \"', '$arguments = ', variables('singleQuote'),'-MasterIP ',variables('kubernetesAPIServerIP'),' -KubeDnsServiceIp ',parameters('kubeDnsServiceIp'),' -MasterFQDNPrefix ',variables('masterFqdnPrefix'),' -Location ',variables('location'),' -AgentKey ',parameters('clientPrivateKey'),' -AADClientId ',variables('servicePrincipalClientId'),' -AADClientSecret ',variables('singleQuote'),variables('singleQuote'),base64(variables('servicePrincipalClientSecret')),variables('singleQuote'),variables('singleQuote'), ' ',variables('singleQuote'), ' ; ', variables('windowsCustomScriptSuffix'), '\" > %SYSTEMDRIVE%\\AzureData\\CustomDataSetupScript.log 2>&1')]",
  }
 
  diff = cmp.Diff(cse, expectedCSE)