[SRU] Fix inconsistent encoding secret encoding
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu Cloud Archive |
Fix Released
|
High
|
Unassigned | ||
Ussuri |
Fix Released
|
High
|
Unassigned | ||
Victoria |
Fix Released
|
High
|
Unassigned | ||
Wallaby |
Fix Released
|
High
|
Unassigned | ||
Xena |
Fix Released
|
High
|
Unassigned | ||
barbican (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Focal |
Fix Released
|
High
|
Unassigned | ||
Hirsute |
Fix Released
|
High
|
Unassigned | ||
Impish |
Fix Released
|
High
|
Unassigned |
Bug Description
[Impact]
This SRU corresponds with the following story for upstream barbican
https:/
The problem is some secrets were stored in plaintext and some were stored encoded. This resulted in the inability to decode some secrets.
This is fixed by always storing secrets in plaintext and decoding inconsistently stored data as needed when getting secrets.
[Test Case]
* deploy Openstack with Barbican using Vault as a backend
* openstack volume type create --encryption-
* openstack volume create --size 1 --type LUKS luks_vol1
* ensure volume created successfully
* openstack volume show luks_vol1
* create vm and attach volume
* mkfs and mount then test can read/write
[Where things could go wrong]
If things were to go wrong it would probably be in the get_secret() method which calls _ensure_
Changed in barbican (Ubuntu Impish): | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in barbican (Ubuntu Hirsute): | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in barbican (Ubuntu Impish): | |
status: | Triaged → Fix Released |
importance: | High → Undecided |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
Changed in barbican (Ubuntu Focal): | |
importance: | Undecided → High |
Changed in barbican (Ubuntu Impish): | |
importance: | Undecided → High |
Changed in barbican (Ubuntu): | |
importance: | Undecided → High |
A new version of barbican with this fix has been uploaded to the hirsute unapproved queue: /launchpad. net/ubuntu/ hirsute/ +queue? queue_state= 1&queue_ text=barbican
https:/