max_allowed_secret_in_bytes is too low and can't be tuned
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Barbican Charm |
Fix Released
|
High
|
Felipe Reyes | ||
OpenStack Charm Guide |
Fix Released
|
Undecided
|
Felipe Reyes |
Bug Description
env: focal/ussuri, cs:barbican-41
I have tried to create a TLS-terminated loadbalancer, following the https:/
> openstack secret store --name=
But the above command failed with the following error:
https:/
RESP: [413] Connection: close Content-Length: 110 Content-Type: application/json Date: Mon, 04 Oct 2021 16:47:04 GMT Server: Apache/2.4.41 (Ubuntu) x-openstack-
RESP BODY: {"code": 413, "title": "Request Entity Too Large", "description": "Provided information too large to process"}
POST call to key-manager for https:/
Response status 413
4xx Client error: Request Entity Too Large: Provided information too large to process
Request Entity Too Large: Provided information too large to process
Traceback (most recent call last):
File "/snap/
result = cmd.run(
File "/snap/
column_names, data = self.take_
File "/snap/
entity.store()
File "/snap/
return func(self, *args)
File "/snap/
response = self._api.
File "/snap/
return super(_HTTPClient, self).post(path, *args, **kwargs).json()
File "/snap/
return self.request(url, 'POST', **kwargs)
File "/snap/
self.
File "/snap/
status
barbicanclient.
clean_up StoreSecret: Request Entity Too Large: Provided information too large to process
END return value: 1
After looking at the Barbican logs, I was able to identify the place where it's being raised:
[Mon Oct 04 16:30:52.798339 2021] [wsgi:error] [pid 1187998:tid 140681750877952] [remote 127.0.0.1:55908] 2021-10-04 16:30:52.797 1187998 ERROR barbican.
[Mon Oct 04 16:30:52.798345 2021] [wsgi:error] [pid 1187998:tid 140681750877952] [remote 127.0.0.1:55908] 2021-10-04 16:30:52.797 1187998 ERROR barbican.
[Mon Oct 04 16:30:52.798348 2021] [wsgi:error] [pid 1187998:tid 140681750877952] [remote 127.0.0.1:55908] 2021-10-04 16:30:52.797 1187998 ERROR barbican.
[Mon Oct 04 16:30:52.798350 2021] [wsgi:error] [pid 1187998:tid 140681750877952] [remote 127.0.0.1:55908] 2021-10-04 16:30:52.797 1187998 ERROR barbican.
[Mon Oct 04 16:30:52.798353 2021] [wsgi:error] [pid 1187998:tid 140681750877952] [remote 127.0.0.1:55908] 2021-10-04 16:30:52.797 1187998 ERROR barbican.
https:/
Given the above, I might be able to workaround this issue by increasing the CONF.max_
summary: |
- Charm does not support custom parameters injection in DEFAULT section of - barbican.conf + max_allowed_secret_in_bytes is too low and can't be tuned |
Changed in charm-guide: | |
assignee: | nobody → Felipe Reyes (freyes) |
Changed in charm-barbican: | |
milestone: | none → 21.10 |
Changed in charm-guide: | |
milestone: | none → 21.10 |
Changed in charm-barbican: | |
status: | Fix Committed → Fix Released |
Adding field-high as discussed with Corey:
> maybe that should get subscribed to field. I'd say it falls into a gray area between feature and bug.
> but the default is just too small so more of a bug