Skip to content

Conversation

@jkroepke
Copy link
Contributor

@jkroepke jkroepke commented May 8, 2025

Description

This PR fixes a panic, if CLI is authenticated with an invalid Service Account Token.

stackit auth activate-service-account accept any JWT token with an email claim.

However, stackit auth get-access-token panics, because the command checks for an expire date, which is not present.

The underlaying JWT library does not return an error, if the exp claim is not present.

JWT RFC explained that exp is an manatory field. However in any case, an application should never panic.

Ref: https://github.com/golang-jwt/jwt/blob/048854f1b0ac96c0a843d52fc09d7878b853683f/map_claims.go#L48

stackit auth activate-service-account --service-account-token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJkdW1teS11c2VyIiwibmFtZSI6IkpvaG4gRG9lIiwiZW1haWwiOiJqd2RAZXhhbXBsZS5jb20iLCJpYXQiOjE2MDAwMDAwMDB9.dC8oFSpuKo7y1r3zHqPqGXnHTsFf2w0tFt6Iwb3kUpw 
You have been successfully authenticated to the STACKIT CLI!
Service account email: [email protected]

stackit auth get-access-token
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x0 pc=0x102ea1328]

goroutine 1 [running]:
github.com/stackitcloud/stackit-cli/internal/pkg/auth.TokenExpired({0x140004ddc80, 0xbd})
        /Users/runner/work/stackit-cli/stackit-cli/internal/pkg/auth/user_token_flow.go:122 +0x138
github.com/stackitcloud/stackit-cli/internal/cmd/auth/get-access-token.NewCmd.func1(0x14000017800?, {0x10549ec40?, 0x4?, 0x103d8a888?})
        /Users/runner/work/stackit-cli/stackit-cli/internal/cmd/auth/get-access-token/get_access_token.go:37 +0x40
github.com/spf13/cobra.(*Command).execute(0x140001e3b08, {0x10549ec40, 0x0, 0x0})
        /Users/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1015 +0x828
github.com/spf13/cobra.(*Command).ExecuteC(0x140001e2c08)
        /Users/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1148 +0x350
github.com/spf13/cobra.(*Command).Execute(...)
        /Users/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1071
github.com/stackitcloud/stackit-cli/internal/cmd.Execute({0x1040ab348, 0x6}, {0x1040ab6e0, 0x14})
        /Users/runner/work/stackit-cli/stackit-cli/internal/cmd/root.go:208 +0x98
main.main()
        /Users/runner/work/stackit-cli/stackit-cli/main.go:18 +0x40

Checklist

  • Issue was linked above
  • Code format was applied: make fmt
  • Examples were added / adjusted (see e.g. here)
  • Docs are up-to-date: make generate-docs (will be checked by CI)
  • Unit tests got implemented or updated
  • Unit tests are passing: make test (will be checked by CI)
  • No linter issues: make lint (will be checked by CI)

Copy link
Contributor

@Fyusel Fyusel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for submitting this PR 👍

@Fyusel Fyusel merged commit aacb3cb into stackitcloud:main May 13, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants