Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DefaultConfigProvider fails to parse encrypted private key while CLI works #533

Open
ak-emphere opened this issue Oct 9, 2024 · 5 comments
Open

DefaultConfigProvider fails to parse encrypted private key while CLI works #533

ak-emphere opened this issue Oct 9, 2024 · 5 comments

Comments

@ak-emphere
Copy link

ak-emphere commented Oct 9, 2024
edited
Loading

The common.DefaultConfigProvider() in the OCI Go SDK is failing to properly read an encrypted private key from the default configuration file, while the OCI CLI works correctly with the same configuration.

Environment

OCI Go SDK Version: v65.75.2
Go Version: go1.22.4 darwin/arm64

Steps to Reproduce

  1. Set up an OCI configuration file at ~/.oci/config with an encrypted private key:
[DEFAULT]
user=<user_ocid>
fingerprint=<fingerprint>
key_file=<path_to_key_file> 
tenancy=<tenancy_ocid>
region=<location>
pass_phrase=<passphrase>
  1. Verify OCI cli works
oci iam compartment list

This command succeeds and returns a list of compartments

  1. Go code
package main

import (
    "fmt"
    "github.com/oracle/oci-go-sdk/v65/common"
    "github.com/oracle/oci-go-sdk/v65/identity"
)

func main() {
    configProvider := common.DefaultConfigProvider()
    ic, err := identity.NewIdentityClientWithConfigurationProvider(configProvider)
    if err != nil {
        fmt.Printf("Failed to create identity client: %v\n", err)
        return
    }
    fmt.Println("Successfully created identity client")
}

Expected Behavior
The Go program should successfully create an identity client, just as the CLI is able to use the same configuration to make API calls.

Actual Behavior
The Go program fails with an error:

can not create client, bad configuration: did not find a proper configuration for private key

Additional Context

  • The private key is encrypted, and the passphrase is provided in the config file.
  • The OCI CLI works correctly with this configuration, indicating that the file paths and permissions are correct.
  • Attempts to use ConfigurationProviderFromFileWithProfile with the passphrase explicitly provided also fail.
  • Attempts to use NewRawConfigurationProvider fails too with private key parsing error.

Questions

  1. Does the SDK need an unencrypted private key file to be passed?
  2. Are there any environment variables that need to be set for the SDK to correctly use the passphrase?
  3. Is there a difference in how the CLI and the SDK read the configuration that could explain this discrepancy?
@jyotisaini
Copy link

Hi @ak-emphere - This is a known issue where Go SDK does not support encrypted PKCS8 keys. Are you also using PKCS8 keys ?

@ak-emphere
Copy link
Author

Yes, its PKCS8 @jyotisaini .
Is there a workaround I can use here?

@jyotisaini
Copy link

No We don't have a workaround. but my team is working on adding this support which is currently in testing phase. We are targeting a release by end of this month.

@ak-emphere
Copy link
Author

Thanks for timeline .
Would it be possible to link this issue to that upcoming release ? Or is there another issue i can subscribe to?

@jyotisaini
Copy link

I don't think there is another issue for this. We can link this issue with the upcoming release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jyotisaini @ak-emphere