From d40ed5a6199d3630c713cfbcdd15fd057b46fd03 Mon Sep 17 00:00:00 2001 From: Sejal P Date: Sun, 21 Sep 2025 18:50:18 +0530 Subject: [PATCH] Update kube_config.py This issue occurs because parse_rfc3339 in the Kubernetes Python client does not guard against re.search() returning None. When the input string is not a valid RFC3339 timestamp, calling .groups() on None raises an AttributeError, which in kube_config.py is logged only as 'NoneType' object has no attribute 'groups' without showing the problematic string. This makes debugging difficult and allows execution to continue with an invalid expiry value. The fix is to update parse_rfc3339 to raise a clear ValueError when parsing fails and to improve logging in kube_config.py so the invalid string is included in the error message. This will provide clearer errors, prevent silent misconfigurations, and make the client more robust. --- kubernetes/base/config/kube_config.py | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/kubernetes/base/config/kube_config.py b/kubernetes/base/config/kube_config.py index 7077955ca6..91ee77b037 100644 --- a/kubernetes/base/config/kube_config.py +++ b/kubernetes/base/config/kube_config.py @@ -510,14 +510,19 @@ def _load_from_exec_plugin(self): base64_file_content=False, temp_file_path=self._temp_file_path).as_file() else: - logging.error('exec: missing token or clientCertificateData ' - 'field in plugin output') - return None + logging.error("exec: missing token or clientCertificateData " + " field in plugin output") + return None + if 'expirationTimestamp' in status: - self.expiry = parse_rfc3339(status['expirationTimestamp']) + try: + self.expiry = parse_rfc3339(status['expirationTimestamp']) + except Exception as e: + logging.error("Failed to parse expirationTimestamp '%s': %s", + status['expirationTimestamp'], str(e) ) + raise return True - except Exception as e: - logging.error(str(e)) + def _load_user_token(self): base_path = self._get_base_path(self._user.path)