ValueError: AES key must be either 16, 24, or 32 bytes long

Bug #1415887 reported by Christian Berendt
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Heat
Fix Released
Medium
rajiv
puppet-heat
Fix Released
Medium
Emilien Macchi

Bug Description

When using a string with a length != 16, 24, or 32 as value for the auth_encryption_key parameter in the /etc/heat/heat.conf file it is not possible to create new stacks. Creating a new stack (and probably anything else) will fail with the following exception:

ValueError: AES key must be either 16, 24, or 32 bytes long

Changing the auth_encryption_key parameter to a string with a length of 16, 24, or 32 solves the issue.

There should be at least a note in the parameter description that it is necessary to use a string with this specific length. A validation of the string value would be nice.

Tested with version 2014.2.1 (Juno).

description: updated
rajiv (rajiv-kumar)
Changed in heat:
assignee: nobody → rajiv (rajiv-kumar)
Revision history for this message
Angus Salkeld (asalkeld) wrote :
Changed in heat:
status: New → Triaged
importance: Undecided → Medium
milestone: none → next
tags: added: kilo-rc-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to heat (master)

Fix proposed to branch: master
Review: https://review.openstack.org/168779

Changed in heat:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to heat (master)

Reviewed: https://review.openstack.org/168779
Committed: https://git.openstack.org/cgit/openstack/heat/commit/?id=1dbb189270cffc0edf0721815582b39ab2776031
Submitter: Jenkins
Branch: master

commit 1dbb189270cffc0edf0721815582b39ab2776031
Author: Rajiv Kumar <email address hidden>
Date: Mon Mar 30 10:32:44 2015 +0530

    auth_encryption_key is being checked to be 16, 24, or 32

    If auth_encryption_key length is not 16 or 24 or 32 in that case
    heat operations such as stack-creates fails. This check has been
    added.

    Change-Id: Ic653d18dbb7523ca5286ae0951eb86ad72cbdb13
    Closes-bug: #1415887

Changed in heat:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
tags: removed: kilo-rc-potential
Revision history for this message
Emilien Macchi (emilienm) wrote :

Tracking the bug in puppet-heat, so we can validate the data provided by Hiera or manifests and make sure it's valid. It will avoid some deployments issues.

Changed in puppet-heat:
importance: Undecided → Medium
status: New → Triaged
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-heat (master)

Fix proposed to branch: master
Review: https://review.openstack.org/178478

Changed in puppet-heat:
assignee: nobody → Emilien Macchi (emilienm)
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-heat (master)

Reviewed: https://review.openstack.org/178478
Committed: https://git.openstack.org/cgit/stackforge/puppet-heat/commit/?id=23d58ec2b61353befd2a324999ea7632a1a40e16
Submitter: Jenkins
Branch: master

commit 23d58ec2b61353befd2a324999ea7632a1a40e16
Author: Emilien Macchi <email address hidden>
Date: Tue Apr 28 22:27:58 2015 -0400

    Engine: validate auth_encryption_key

    When using a string with a length != 16, 24, or 32 as value for the
    auth_encryption_key parameter in the /etc/heat/heat.conf file it is not
    possible to create new stacks. Creating a new stack (and probably
    anything else) will fail with the following exception:

    ValueError: AES key must be either 16, 24, or 32 bytes long.

    Change-Id: I4e35cf0f782f22861319d05a3f028e5784ad26d5
    Closes-bug: #1415887

Changed in puppet-heat:
status: In Progress → Fix Committed
Mathieu Gagné (mgagne)
Changed in puppet-heat:
milestone: none → 6.0.0
Mathieu Gagné (mgagne)
Changed in puppet-heat:
status: Fix Committed → Fix Released
Revision history for this message
Zane Bitter (zaneb) wrote :

Looks like this patch was merged right at the beginning of Liberty but the bug was never targeted for that.

Changed in heat:
milestone: next → liberty-rc2
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in heat:
milestone: liberty-rc2 → 5.0.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers