Changing encryption root secret causes container listings to 500
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Object Storage (swift) |
Confirmed
|
Low
|
Unassigned |
Bug Description
I know, I know -- we don't support key rotation. But we really ought to be able to do better than this:
HTTP/1.1 500 Internal Error
Content-Length: 17
Content-Type: text/plain
X-Openstack-
X-Trans-Id: tx737d1aab7d744
Date: Fri, 03 Nov 2017 19:30:51 GMT
An error occurred
Looking at logs, there's an uncaught UnicodeDecodeError when we try to reserialize:
File ".../swift/
return handler(req, start_response)
File ".../swift/
app_resp = handler(
File ".../swift/
for obj_dict in body_json])
File ".../python2.
return _default_
File ".../python2.
chunks = self.iterencode(o, _one_shot=True)
File ".../python2.
return _iterencode(o, 0)
UnicodeDecodeError: 'utf8' codec can't decode byte 0xce in position 1: invalid continuation byte
Probably as simple as trying to decode obj_dict['hash'] around https:/
Hitting a similar issue (without changing the encryption root secret)
Steps to reproduce:
1. Enable encryption
2. Create container and enable versioning X-Versions-Location (pop on delete)
3. Enable object expiry (for test setting expiry to five minutes and changing object-expirer interval to 5 minutes)
4. Write object three times
5. Wait for the object to be expired
6. After that get on the container fails with error 500.
HTTP/1.1 500 Internal Error 0f6a1a41- 005cd1288e
Content-Length: 17
Content-Type: text/plain
X-Trans-Id: tx513cc4805d3e4
Date: Tue, 07 May 2019 06:41:19 GMT
An error occurred
7. Get on the object succeeds but shows ßeä–—˜œ' üçToi Meta-S3B- Last-Modified: ^GZ>“ë¯Të55¢ß?
HTTP/1.1 200 OK
Etag: ªâ¸ÚŸE`
X-Object-
Partial Stack trace: python2. 7/dist- packages/ swift/common/ wsgi.py" , line 1196, in _app_call#012 resp = self.app(env, self._start_ response) #012 File "/usr/lib/ python2. 7/dist- packages/ swift/common/ middleware/ crypto/ decrypter. py", line 463, in __call__#012 return handler(req, start_response)#012 File "/usr/lib/ python2. 7/dist- packages/ swift/common/ middleware/ crypto/ decrypter. py", line 384, in handle_get#012 app_resp = handler(req, app_resp)#012 File "/usr/lib/ python2. 7/dist- packages/ swift/common/ middleware/ crypto/ decrypter. py", line 408, in process_ json_resp# 012 for obj_dict in body_json])#012 File "/usr/lib/ python2. 7/json/ __init_ _.py", line 244, in dumps#012 return _default_ encoder. encode( obj)#012 File "/usr/lib/ python2. 7/json/ encoder. py", line 207, in encode#012 chunks = self.iterencode(o, _one_shot=True)#012 File "/usr/lib/ python2. 7/json/ encoder. py", line 270, in iterencode#012 return _iterencode(o, 0)#012UnicodeDe codeError: 'utf8' codec can't decode byte 0xa9 in position 2: invalid start byte (client_ip: 150.50.2.137)
File "/usr/lib/
Note: This doesn't happen if user deletes the object. This only happens when the object expires. Maybe something to do with the internal_client object expirer uses to delete object.