generate an OKE (Oracle Kubernetes Engine) access token programmatically #316
Description
We are encountering issues while trying to generate an OKE (Oracle Kubernetes Engine) access token programmatically using C#.
We are using the popular KubernetesClient NuGet package for interacting with the OKE cluster. For generating the access token, we are mimicking the behavior of the oci ce cluster generate-token CLI command in our .NET code. This approach works successfully for some clusters, but consistently fails with a 401 Unauthorized error for clusters located in certain regions (for example eu-frankfurt-1).
What We've Tried and Observed:
- The process for generating the token is based on constructing a signed HTTP request to the OKE API, similar to what the CLI does.
- We have reviewed the OCI SDK for both Python and C#, and noticed that the Python SDK includes a PatchedHeaderSigner which modifies the Authorization header format. We suspect that this difference in signing logic might be causing our implementation to fail in specific regions.
- All requests are signed using valid credentials and tenancy information, and the same credentials work from CLI (oci ce cluster generate-token) in the failing regions.
- Our requests are built using the standard OCI signing process in C#, but the discrepancy in the Authorization header (versus the Python SDK or CLI) might be the root cause.
Questions:
Can you confirm if the CLI or Python SDK uses a special signing method (e.g., PatchedHeaderSigner), if so there is any reason why it won't be available at C# SDK?