Some checks failed
API CI / API Lint (push) Successful in 47s
API CI / API Type Check (push) Failing after 47s
API CI / API Test (push) Successful in 1m0s
API CI / API Build (push) Failing after 50s
API CI / Build Docker Image (push) Has been skipped
Build Crossplane Provider / build (push) Failing after 5m51s
CD Pipeline / Deploy to Staging (push) Failing after 29s
CI Pipeline / Lint and Type Check (push) Failing after 36s
CI Pipeline / Build (push) Has been skipped
CI Pipeline / Test Backend (push) Failing after 1m33s
CI Pipeline / Test Frontend (push) Failing after 30s
CI Pipeline / Security Scan (push) Failing after 1m16s
Crossplane Provider CI / Go Test (push) Failing after 3m23s
Crossplane Provider CI / Go Lint (push) Failing after 7m27s
Crossplane Provider CI / Go Build (push) Failing after 3m27s
Deploy to Staging / Deploy to Staging (push) Failing after 30s
Portal CI / Portal Lint (push) Failing after 21s
Portal CI / Portal Type Check (push) Failing after 21s
Portal CI / Portal Test (push) Failing after 21s
Portal CI / Portal Build (push) Failing after 22s
Test Suite / frontend-tests (push) Failing after 30s
Test Suite / api-tests (push) Failing after 49s
Test Suite / blockchain-tests (push) Failing after 30s
Type Check / type-check (map[directory:. name:root]) (push) Failing after 23s
Type Check / type-check (map[directory:api name:api]) (push) Failing after 21s
Type Check / type-check (map[directory:portal name:portal]) (push) Failing after 19s
Validate Configuration Files / validate (push) Failing after 1m52s
CD Pipeline / Deploy to Production (push) Has been skipped
Co-authored-by: Cursor <cursoragent@cursor.com>
2.6 KiB
2.6 KiB
Authentication Fix Applied ✅
Date: 2025-12-13
Status: ✅ AUTHENTICATION FIX APPLIED
Issue Identified
Problem
- Symptom: "401 permission denied - invalid PVE ticket" errors
- Impact: All node health checks failing, VM creation blocked
- Root Cause: Cookie header format issue
Analysis
The token authentication was using req.AddCookie() which automatically URL-encodes cookie values. However, Proxmox API expects the exact token format tokenid=token-secret without URL encoding.
Fix Applied
Code Change
File: crossplane-provider-proxmox/pkg/proxmox/http_client.go
Before:
if c.token != "" {
req.AddCookie(&http.Cookie{
Name: "PVEAuthCookie",
Value: c.token,
})
}
After:
if c.token != "" {
// Token authentication - Proxmox API tokens use Cookie header
// Use Set() instead of AddCookie() to avoid automatic URL encoding issues
// Proxmox expects the exact token format: "tokenid=token-secret"
req.Header.Set("Cookie", fmt.Sprintf("PVEAuthCookie=%s", c.token))
}
Why This Fix Works
AddCookie(): Automatically URL-encodes cookie values, which can break the token formatHeader.Set(): Sets the Cookie header directly without encoding, preserving the exact token format- Proxmox API: Expects
PVEAuthCookie=tokenid=token-secretexactly as provided
Verification
Build and Deployment
- ✅ Code updated
- ✅ Provider rebuilt
- ✅ Image loaded into kind cluster
- ✅ Provider pod restarted
Expected Results
- ✅ No "invalid PVE ticket" errors
- ✅ Node health checks succeed
- ✅ VM creation proceeds
Monitoring
Check Authentication Status
# Check for authentication errors (should be 0)
kubectl logs -n crossplane-system -l app=crossplane-provider-proxmox --since=5m | grep -i "invalid PVE ticket" | wc -l
# Check for successful operations
kubectl logs -n crossplane-system -l app=crossplane-provider-proxmox --since=5m | grep -i "node.*healthy\|node.*online" | wc -l
Monitor VM Creation
# Watch all VMs
kubectl get proxmoxvm -A -w
# Check VM creation progress
kubectl get proxmoxvm -A -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.status.vmId}{"\n"}{end}' | grep -v "\t$"
Summary
✅ Authentication Fix Applied:
- Changed from
AddCookie()toHeader.Set()for Cookie header - Preserves exact token format required by Proxmox API
- Provider rebuilt and restarted
Status: ✅ FIX APPLIED - VERIFYING RESULTS
Last Updated: 2025-12-13
Status: ✅ AUTHENTICATION FIX APPLIED