RPC API Failures when using Okta Private Key Authentication

Question

RPC API Failures when using Okta Private Key Authentication

Joeturbot opened this issue a year ago · 3 comments

Describe the bug
When using private key authentication to Okta, queries on all tables fail with a mysterious error code.

Steampipe version (steampipe -v)
v0.21.1

Plugin version (steampipe plugin list)
hub.steampipe.io/plugins/turbot/okta@latest | 0.10.1

To reproduce
Reproduction Steps:

Have Okta create a new private key for the Steampipe application. Key begins with "-----BEGIN PRIVATE KEY-----". Save to "original.pem"
Convert newline control characters to \n string literals. Key now fits on exactly one line.
Paste private key into private_key field in okta.spc.
Execute steampipe query then one of the basic user table examples from Steampipe Hub.

Error: RSA private key is of the wrong type (SQLSTATE HV000)

+------+----+------+-------------+---------+
| name | id | type | description | profile |
+------+----+------+-------------+---------+
+------+----+------+-------------+---------+

I get the above error messages and zero row results.
5. Execute openssl rsa -in original.pem -out rsa.pem
6. Execute diff original.pem rsa.pem. Every line in the diff shows as different for me. The converted RSA key starts with "-----BEGIN RSA PRIVATE KEY-----". (My mistake earlier was thinking that if I just changed the header, that it would change the key format too. It doesn't.)
7. Execute steampipe query then one of the basic user table examples from Steampipe Hub. The authentication errors have gone but replaced with something not very helpful.

Error: The API returned an error:  (SQLSTATE HV000)

+------+----+------+-------------+---------+
| name | id | type | description | profile |
+------+----+------+-------------+---------+
+------+----+------+-------------+---------+

Bumping the error logging to TRACE doesn't change much. Execute: export STEAMPIPE_LOG_LEVEL=TRACE; steampipe query to up the logging levels.
All I see in the logs is:

2023-11-15 18:07:04.935 UTC [INFO]  hub: goFdwIterateForeignScan Next returned error: rpc error: code = Unknown desc = The API returned an error:  (0xc000001140)
2023-11-15 18:07:04.935 UTC [208163] ERROR:  rpc error: code = Unknown desc = The API returned an error:

It looks like there's supposed to be something after The API returned an error: but there's nothing there.

Expected behavior
The end user reports that when using Okta tokens, the queries work just fine.

Additional context
Turbot Community Slack thread

Answer 1 · 2024-01-14T23:33:47.000Z

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.

Answer 2 · 2024-03-16T23:34:02.000Z

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.

Answer 3 · 2024-04-16T23:33:45.000Z

This issue was closed because it has been stalled for 90 days with no activity.