python-barbicanclient

python-barbicanclient drops base64 encoding from payload

Bug #1419166 reported by Douglas Mendizábal on 2015-02-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	python-barbicanclient	Fix Released	Medium	Douglas Mendizábal	python-barbicanclient 3.0.3

Bug Description

When using python-barbicanclient to store a binary blob, if the user pre-encodes the binary in base64, the client will unexpectedly drop the encoding when retrieving the secret. See code sample below:

my_payload = base64.b64encode(os.urandom(16)) # orignal base64 payload

my_secret = client.secrets.create()
my_secret.payload = my_payload
my_secret.payload_content_type = 'application/octet-stream'
my_secret.payload_content_encoding = 'base64'
my_ref = my_secret.store()

retrieved_secret = client.secrets.get(my_ref)

assert retrieved_secret.payload == my_secret.payload

The assertion fails because the retrieved secret payload is the actual bytes, not the base64 encoded payload we originally give to the client. My expectation is that the thing I give the client should be the same thing I get back, but because of the payload_content_encoding semantics, this is not the case.

A proposed solution would be to deprecate the payload_content_encoding parameter, which will prevent these odd scenarios from happening. This will probably have to be revisited once the content-type blueprint implementation lands.

See original description

Douglas Mendizábal (dougmendizabal) on 2015-02-06

description:	updated
description:	updated

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-02-06: Related fix proposed to python-barbicanclient (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/153711

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-02-09: Related fix merged to python-barbicanclient (master)

Reviewed: https://review.openstack.org/153711
Committed: https://git.openstack.org/cgit/openstack/python-barbicanclient/commit/?id=741550e6e1f8be5211db83b1c46bf06c53924ce0
Submitter: Jenkins
Branch: master

commit 741550e6e1f8be5211db83b1c46bf06c53924ce0
Author: Douglas Mendizábal <email address hidden>
Date: Fri Feb 6 15:52:26 2015 -0600

Change usage example to show plain/text secret

Change the main example to use a plain/text payload because of the
unexpected behavior in the current example.

Change-Id: I7f16e973fdd9e67f7f98267a0067bb795071dc26
Related-Bug: #1419166

Douglas Mendizábal (dougmendizabal) on 2015-03-06

Changed in python-barbicanclient:
status:	New → In Progress
assignee:	nobody → Douglas Mendizábal (dougmendizabal)
importance:	Undecided → Medium
milestone:	none → 3.0.3

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-03-09: Fix proposed to python-barbicanclient (master)

Fix proposed to branch: master
Review: https://review.openstack.org/162777

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-03-13: Fix merged to python-barbicanclient (master)

Reviewed: https://review.openstack.org/162777
Committed: https://git.openstack.org/cgit/openstack/python-barbicanclient/commit/?id=46ef634de8c6867fa0d18fb4c3618cfca8516038
Submitter: Jenkins
Branch: master

commit 46ef634de8c6867fa0d18fb4c3618cfca8516038
Author: Douglas Mendizábal <email address hidden>
Date: Mon Mar 9 16:45:30 2015 -0500

Deprecate setting the payload type and encoding

    Deprecate manually setting the payload_content_type and
    payload_content_encoding properties of a secret. With this CR a user of
    the client only needs to provide the payload, and the client will figure
    out what the correct payload_content_type and payload_content_encoding
    values should be.

    Setting these properties for the user lets us avoid a lot of weird
    behaviors such as the one described in Bug #1419166, and also lets us
    avoid errors that happen when a user mismatches the payload and an
    incorrect content type.

    In the interest of backwards compatibility, these properties are still
    usable, but will log deprecation warnings. They should be removed in a
    future version after current users have had enough time to update their
    code bases.

Change-Id: Ibfe3ad42e11bd83c002d0f1b69fb8a323a7b6f3d
Closes-Bug: #1419166