delete secret fails with http 400

Bug #1377330 reported by Steve Heyman
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Barbican
Fix Released
High
Juan Antonio Osorio Robles

Bug Description

Running a smoke test, test_deleting_a_secret, and its failing on the delete with http 400 because it can't find a suitable plugin due to no metadata.

Stack from server:

2014-10-03 16:51:07.364 96079 ERROR barbican.api.controllers [-] Secret deletion issue seen - No plugin was found that could support your request.
2014-10-03 16:51:07.364 96079 TRACE barbican.api.controllers Traceback (most recent call last):
2014-10-03 16:51:07.364 96079 TRACE barbican.api.controllers File "/Users/step6927/barbican/barbican/api/controllers/__init__.py", line 96, in handler
2014-10-03 16:51:07.364 96079 TRACE barbican.api.controllers return fn(inst, *args, **kwargs)
2014-10-03 16:51:07.364 96079 TRACE barbican.api.controllers File "/Users/step6927/barbican/barbican/api/controllers/__init__.py", line 82, in enforcer
2014-10-03 16:51:07.364 96079 TRACE barbican.api.controllers return fn(inst, *args, **kwargs)
2014-10-03 16:51:07.364 96079 TRACE barbican.api.controllers File "/Users/step6927/barbican/barbican/api/controllers/secrets.py", line 186, in on_delete
2014-10-03 16:51:07.364 96079 TRACE barbican.api.controllers plugin.delete_secret(secret_model, keystone_id, self.repos)
2014-10-03 16:51:07.364 96079 TRACE barbican.api.controllers File "/Users/step6927/barbican/barbican/plugin/resources.py", line 268, in delete_secret
2014-10-03 16:51:07.364 96079 TRACE barbican.api.controllers secret_metadata.get('plugin_name'))
2014-10-03 16:51:07.364 96079 TRACE barbican.api.controllers File "/Users/step6927/barbican/barbican/plugin/interface/secret_store.py", line 422, in _check_plugins_configured
2014-10-03 16:51:07.364 96079 TRACE barbican.api.controllers return plugin_related_function(self, *args, **kwargs)
2014-10-03 16:51:07.364 96079 TRACE barbican.api.controllers File "/Users/step6927/barbican/barbican/plugin/interface/secret_store.py", line 478, in get_plugin_retrieve_delete
2014-10-03 16:51:07.364 96079 TRACE barbican.api.controllers raise SecretStorePluginNotFound(plugin_name)
2014-10-03 16:51:07.364 96079 TRACE barbican.api.controllers SecretStorePluginNotFound: Secret store plugin not found.

This test creates a secret, then deletes it.

The secret create request being passed in contains only name and expiration date, and both are None. This returns 201 as expected. There is no entry in the SECRET_STORE_METADATA table. The entry in the SECRETS table contains:

   id=<the id>
   created_at=<today date>
   updated_at = <today date>
   deleted = 0
   status=ACTIVE

all other fields in the row are null.

The delete comes in and tries to find a plugin to handle the delete. plugin/resources.py method _get_secret_meta gets the secret model (which matches the record in the DB) and tries to find a record in the secret_meta_repo matching the ID of the secret. It can't so it returns an empty dict for the metadata.

That empty metadata is returned to delete_secret which tries to get the data using key 'plugin_name' and it comes back emtpy so no plugin can be found and we get the error.

Tags: verified
Steve Heyman (sheyman)
Changed in barbican:
importance: Undecided → High
status: New → Confirmed
milestone: none → kilo-1
Revision history for this message
John Wood (john-wood-w) wrote :

This is a simple fix, will put up a CR next week (after Juno RC1).

Changed in barbican:
assignee: nobody → John Wood (john-wood-w)
Changed in barbican:
milestone: kilo-1 → none
Changed in barbican:
assignee: John Wood (john-wood-w) → nobody
Changed in barbican:
assignee: nobody → Juan Antonio Osorio Robles (juan-osorio-robles)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to barbican (master)

Fix proposed to branch: master
Review: https://review.openstack.org/141963

Changed in barbican:
status: Confirmed → In Progress
tags: added: verified
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to barbican (master)

Reviewed: https://review.openstack.org/141963
Committed: https://git.openstack.org/cgit/openstack/barbican/commit/?id=3c87f9aab71e7737d98df22db2e000b4c3d58bcb
Submitter: Jenkins
Branch: master

commit 3c87f9aab71e7737d98df22db2e000b4c3d58bcb
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Tue Dec 16 04:23:29 2014 +0200

    Delete secret from plugin only if there's metadata

    If for some reason there is no metadata available for a certain
    secret, the secret deletion will fail, as it tries to delete it from
    the plugin first. This change makes that optional. Thus, now a secret
    with no metadata will either way be deleted from the database.

    Change-Id: Iab6699e300e9688f26dd39d0c947c9a45fb3384f
    Closes-Bug: 1377330

Changed in barbican:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in barbican:
milestone: none → kilo-1
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in barbican:
milestone: kilo-1 → 2015.1.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.