[SRU] PY3: when uploading file as secret: TypeError: a bytes-like object is required, not 'str'

Bug #1799746 reported by Ryan Beisner on 2018-10-24
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu Cloud Archive
High
Unassigned
Rocky
High
Unassigned
barbican (Ubuntu)
High
Unassigned
Cosmic
Undecided
Unassigned

Bug Description

[Impact]
(clients) ubuntu@beisner-bastion:~/demo$ openstack secret store --name mypubkey2 --file ~/.ssh/id_rsa.pub
5xx Server error: Internal Server Error: Secret creation failure seen - please contact site administrator.
Internal Server Error: Secret creation failure seen - please contact site administrator.

...

dpkubuntu@juju-b7ad6b-beisner-0:~$ dpkg -l | grep barbican
ii barbican-api 1:7.0.0-0ubuntu2~cloud0 all OpenStack Key Management Service - API Server
ii barbican-common 1:7.0.0-0ubuntu2~cloud0 all OpenStack Key Management Service - common files
ii barbican-worker 1:7.0.0-0ubuntu2~cloud0 all OpenStack Key Management Service - Worker Node
ii python3-barbican 1:7.0.0-0ubuntu2~cloud0 all OpenStack Key Management Service - Python 3 files
ii python3-barbicanclient 4.6.0-0ubuntu1 all OpenStack Key Management API client - Python 3.x
ubuntu@juju-b7ad6b-beisner-0:~$ apt-cache policy barbican-common
barbican-common:
  Installed: 1:7.0.0-0ubuntu2~cloud0
  Candidate: 1:7.0.0-0ubuntu2~cloud0
  Version table:
 *** 1:7.0.0-0ubuntu2~cloud0 500
        500 http://ubuntu-cloud.archive.canonical.com/ubuntu bionic-proposed/rocky/main amd64 Packages
        100 /var/lib/dpkg/status
     1:6.0.0-0ubuntu1 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu bionic/main amd64 Packages

...

[Wed Oct 24 16:28:27.617818 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers Traceback (most recent call last):
[Wed Oct 24 16:28:27.617822 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers File "/usr/lib/python3/dist-packages/barbican/plugin/castellan_secret_store.py", line 86, in store_secret
[Wed Oct 24 16:28:27.617825 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers opaque_data.OpaqueData(secret_dto.secret)
[Wed Oct 24 16:28:27.617837 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers File "/usr/lib/python3/dist-packages/castellan/key_manager/vault_key_manager.py", line 319, in store
[Wed Oct 24 16:28:27.617841 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers return self._store_key_value(key_id, key_value)
[Wed Oct 24 16:28:27.617844 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers File "/usr/lib/python3/dist-packages/castellan/key_manager/vault_key_manager.py", line 276, in _store_key_value
[Wed Oct 24 16:28:27.617848 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers 'value': binascii.hexlify(value.get_encoded()).decode('utf-8'),
[Wed Oct 24 16:28:27.617852 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers TypeError: a bytes-like object is required, not 'str'
[Wed Oct 24 16:28:27.617855 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers
[Wed Oct 24 16:28:27.617858 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers During handling of the above exception, another exception occurred:
[Wed Oct 24 16:28:27.617862 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers
[Wed Oct 24 16:28:27.617865 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers Traceback (most recent call last):
[Wed Oct 24 16:28:27.617868 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers File "/usr/lib/python3/dist-packages/barbican/api/controllers/__init__.py", line 108, in handler
[Wed Oct 24 16:28:27.617872 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers return fn(inst, *args, **kwargs)
[Wed Oct 24 16:28:27.617893 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers File "/usr/lib/python3/dist-packages/barbican/api/controllers/__init__.py", line 94, in enforcer
[Wed Oct 24 16:28:27.617897 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers return fn(inst, *args, **kwargs)
[Wed Oct 24 16:28:27.617900 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers File "/usr/lib/python3/dist-packages/barbican/api/controllers/__init__.py", line 156, in content_types_enforcer
[Wed Oct 24 16:28:27.617903 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers return fn(inst, *args, **kwargs)
[Wed Oct 24 16:28:27.617906 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers File "/usr/lib/python3/dist-packages/barbican/api/controllers/secrets.py", line 445, in on_post
[Wed Oct 24 16:28:27.617910 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers transport_key_id=data.get('transport_key_id'))
[Wed Oct 24 16:28:27.617913 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers File "/usr/lib/python3/dist-packages/barbican/plugin/resources.py", line 109, in store_secret
[Wed Oct 24 16:28:27.617917 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers secret_model, project_model)
[Wed Oct 24 16:28:27.617920 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers File "/usr/lib/python3/dist-packages/barbican/plugin/resources.py", line 281, in _store_secret_using_plugin
[Wed Oct 24 16:28:27.617924 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers secret_metadata = store_plugin.store_secret(secret_dto)
[Wed Oct 24 16:28:27.617927 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers File "/usr/lib/python3/dist-packages/barbican/plugin/castellan_secret_store.py", line 92, in store_secret
[Wed Oct 24 16:28:27.617931 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers raise ss.SecretGeneralException(e)
[Wed Oct 24 16:28:27.617938 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers barbican.plugin.interface.secret_store.SecretGeneralException: Problem seen during crypto processing - Reason: a bytes-like object is required, not 'str'
[Wed Oct 24 16:28:27.617944 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.616 20342 ERROR barbican.api.controllers \x1b[00m
[Wed Oct 24 16:28:27.617950 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186]
[Wed Oct 24 16:28:27.619946 2018] [wsgi:error] [pid 20342:tid 140250918270720] [remote 10.5.0.11:46186] 2018-10-24 16:28:27.619 20342 INFO barbican.api.middleware.context [req-983f8362-957b-459c-b21a-d1b2fc64850b 174f3123041f42818318b4ce4d46d755 a5e22ca876884268bf8c2dba92863ecd - 7e87323e783a41a6a9ba9d0763ae3f38 7e87323e783a41a6a9ba9d0763ae3f38] Processed request: 500 Internal Server Error - POST http://10.5.0.11:9311/v1/secrets/\x1b[00m
10.5.0.11 - - [24/Oct/2018:16:28:27 +0000] "POST /v1/secrets/ HTTP/1.1" 500 376 "-" "openstacksdk/0.18.1 keystoneauth1/3.11.0 python-requests/2.20.0 CPython/3.6.5"

[Test Case]
Deploy the rocky release of openstack barbican with python 3 packages. Store a secret in barbican:
    openstack secret store --name mypubkey2 --file ~/.ssh/id_rsa.pub
Ensure secret is successfully stored.

[Regression Potential]
The fix is very minimal and aligns with other code in the affected function. Upstream patch is up for review at: https://review.openstack.org/#/c/613324/.

Corey Bryant (corey.bryant) wrote :

Here's a bit easier version of the traceback in #1 to view: https://paste.ubuntu.com/p/JbrzT4VgFC/

Corey Bryant (corey.bryant) wrote :

At first glance this appears to be an issue in castellan.

Changed in python-castellan (Ubuntu):
status: New → Triaged
importance: Undecided → High
Corey Bryant (corey.bryant) wrote :

Failure is occurring at: https://github.com/openstack/castellan/blob/0.19.0/castellan/key_manager/vault_key_manager.py#L165 (Note: line numbers don't match up with traceback as we are carrying cherry-picked patches in our stable/rocky package).

Corey Bryant (corey.bryant) wrote :

Here's a small test that seems to confirm this is limited to py3:

$ python3
Python 3.6.7rc1 (default, Sep 27 2018, 09:51:25)
[GCC 8.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import binascii
>>> binascii.hexlify('string')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: a bytes-like object is required, not 'str'
>>> quit()

$ python2
Python 2.7.15+ (default, Oct 2 2018, 22:12:08)
[GCC 8.2.0] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import binascii
>>> binascii.hexlify('string')
'737472696e67'
>>>

Corey Bryant (corey.bryant) wrote :

This works better:

corey@corey-ThinkPad-T440s:~/pkg/rocky/upstream/castellan/castellan/key_manager$ python3
Python 3.6.7rc1 (default, Sep 27 2018, 09:51:25)
[GCC 8.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import binascii
>>> binascii.hexlify('string'.encode('utf-8'))
b'737472696e67'
>>> quit()

corey@corey-ThinkPad-T440s:~/pkg/rocky/upstream/castellan/castellan/key_manager$ python2
Python 2.7.15+ (default, Oct 2 2018, 22:12:08)
[GCC 8.2.0] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import binascii
>>> binascii.hexlify('string'.encode('utf-8'))
'737472696e67'

Corey Bryant (corey.bryant) wrote :

If I'm reading the parenthesis in the failing line correctly, it seems that value.get_encoded() is not actually encoded in py3:

'value': binascii.hexlify(value.get_encoded()).decode('utf-8')

Corey Bryant (corey.bryant) wrote :

It's possible this is an issue in barbican. Possibly this call:
  opaque_data.OpaqueData(secret_dto.secret)

needs to be changed to:
  opaque_data.OpaqueData(secret_dto.secret.encode('utf-8'))

https://github.com/openstack/barbican/blob/7.0.0/barbican/plugin/castellan_secret_store.py#L86

no longer affects: barbican
Corey Bryant (corey.bryant) wrote :

barbican upstream doesn't track bugs in LP anymore so I'll open a bug with storyboard

Corey Bryant (corey.bryant) wrote :
summary: - when uploading file as secret: TypeError: a bytes-like object is
+ PY3: when uploading file as secret: TypeError: a bytes-like object is
required, not 'str'

I think comment #8 can be disregarded. It seems like get_encoded() is not getting an encoded value for py3:

'value': binascii.hexlify(value.get_encoded()).decode('utf-8')

Corey Bryant (corey.bryant) wrote :

Which get_encoded() is getting called?

In barbican's store_secret() this line is called:

    opaque_data.OpaqueData(secret_dto.secret)

castellan/common/objects/opaque_data.py
---------------------------------------
class OpaqueData(managed_object.ManagedObject):
    """This class represents opaque data."""

    def __init__(self, data, name=None, created=None, id=None):
        """Create a new OpaqueData object.

        Expected type for data is a bytestring.
        """
        self._data = data
        super(OpaqueData, self).__init__(name=name, created=created, id=id)

    @property
    def format(self):
        """This method returns 'Opaque'."""
        return "Opaque"

    def get_encoded(self):
        """Returns the data in its original format."""
        return self._data

Ok OpaqueData.__init__() expects a bytestring for data so appears it should already be encoded when the object is initialized and get_encoded() should just return the already encoded string.

Corey Bryant (corey.bryant) wrote :

So it would seem that secret_dto.secret is not encoded on the call to:

  opaque_data.OpaqueData(secret_dto.secret)

Corey Bryant (corey.bryant) wrote :

Where doeas secret_dto.secret come from?

barbican/plugin/resources.py
----------------------------
from barbican.plugin.util import translations as tr

def store_secret(unencrypted_raw, content_type_raw, content_encoding,
                 secret_model, project_model,
                 transport_key_needed=False,
                 transport_key_id=None):
  ...
  unencrypted, content_type = tr.normalize_before_encryption(
      unencrypted_raw, content_type_raw, content_encoding,
      secret_model.secret_type, enforce_text_only=True)
  ...
  secret_dto = secret_store.SecretDTO(type=secret_model.secret_type,
                                      secret=unencrypted,
                                      key_spec=key_spec,
                                      content_type=content_type,
                                      transport_key=transport_key)

so secret_dto.secret = unencrypted which is set in tr.normalize_before_encryption

barbican/plugin/util/translations.py
------------------------------------
normalize_before_encryption is defined here:

https://github.com/openstack/barbican/blob/7.0.0/barbican/plugin/util/translations.py#L25

It returns:

    return b64payload, normalized_media_type

It seems that b64payload may not be correctly getting encoded for py3.

Corey Bryant (corey.bryant) wrote :

For some reason this isn't failing for me. I wonder if it comes down to a difference in clients used? Note the Ubuntu Rocky clients won't work with the --file CLI argument due to: https://bugs.launchpad.net/bugs/1799776

So I've used pip-installed clients from pypi. The following paste is against a py3 Rocky deployment. Note the debug logging added to barbican and the path taken in barbican (no encoding of data because id_rsa.pub is already base64 encoded): https://paste.ubuntu.com/p/pvmPCPrrHz/

I have a bionic-rocky barbican version building in the following PPA with the same debug that I used above. Could you run with that and report the barbican-api.log details with CCB prefixes? It may also be worth ensuring the id_rsa.pub is not corrupt, though still that should be a bug, but maybe it's partially b64encoded or something?

Ryan Beisner (1chb1n) wrote :

Upgraded barbican pkgs on the unit, restarted the unit. Client details and output below. I didn't see any CCB entries in the log, but it's attached. I've also clarified with the date > file.txt as a clean example.

ubuntu@juju-b7ad6b-beisner-0:/var/log/barbican$ apt-cache policy barbican-common
barbican-common:
  Installed: 1:7.0.0-0ubuntu3~ubuntu18.04.1~ppa201810241636
  Candidate: 1:7.0.0-0ubuntu3~ubuntu18.04.1~ppa201810241636
  Version table:
 *** 1:7.0.0-0ubuntu3~ubuntu18.04.1~ppa201810241636 500
        500 http://ppa.launchpad.net/corey.bryant/bionic-rocky/ubuntu bionic/main amd64 Packages
        100 /var/lib/dpkg/status
     1:7.0.0-0ubuntu2~cloud0 500
        500 http://ubuntu-cloud.archive.canonical.com/ubuntu bionic-proposed/rocky/main amd64 Packages
     1:6.0.0-0ubuntu1 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu bionic/main amd64 Packages

---

(clients) ubuntu@beisner-bastion:~/demo$ pip freeze | egrep "barbican|openstack"
openstacksdk==0.18.1
python-barbicanclient==4.7.0
python-openstackclient==3.16.1

---

(clients) ubuntu@beisner-bastion:~/demo$ date > file.txt
(clients) ubuntu@beisner-bastion:~/demo$ openstack secret store --name store_bucket --file file.txt
5xx Server error: Internal Server Error: Secret creation failure seen - please contact site administrator.
Internal Server Error: Secret creation failure seen - please contact site administrator.

---

Logs:

http://paste.ubuntu.com/p/hNJKwH6VHt/

James Page (james-page) wrote :
Download full text (3.5 KiB)

Retested with debug enabled:

barbican-api.log:[Wed Oct 24 23:33:07.184924 2018] [wsgi:error] [pid 17477:tid 140505406514944] [remote 10.5.0.11:35220] 2018-10-24 23:33:07.184 17477 DEBUG barbican.plugin.util.translations [req-b53b964f-8541-4f30-b620-aff3bb962969 174f3123041f42818318b4ce4d46d755 a5e22ca876884268bf8c2dba92863ecd - 7e87323e783a41a6a9ba9d0763ae3f38 7e87323e783a41a6a9ba9d0763ae3f38] CCB: entering normalize_before_encryption normalize_before_encryption /usr/lib/python3/dist-packages/barbican/plugin/util/translations.py:46\x1b[00m
barbican-api.log:[Wed Oct 24 23:33:07.185194 2018] [wsgi:error] [pid 17477:tid 140505406514944] [remote 10.5.0.11:35220] 2018-10-24 23:33:07.184 17477 DEBUG barbican.plugin.util.translations [req-b53b964f-8541-4f30-b620-aff3bb962969 174f3123041f42818318b4ce4d46d755 a5e22ca876884268bf8c2dba92863ecd - 7e87323e783a41a6a9ba9d0763ae3f38 7e87323e783a41a6a9ba9d0763ae3f38] CCB: D normalize_before_encryption /usr/lib/python3/dist-packages/barbican/plugin/util/translations.py:70\x1b[00m
barbican-api.log:[Wed Oct 24 23:33:07.185440 2018] [wsgi:error] [pid 17477:tid 140505406514944] [remote 10.5.0.11:35220] 2018-10-24 23:33:07.185 17477 DEBUG barbican.plugin.util.translations [req-b53b964f-8541-4f30-b620-aff3bb962969 174f3123041f42818318b4ce4d46d755 a5e22ca876884268bf8c2dba92863ecd - 7e87323e783a41a6a9ba9d0763ae3f38 7e87323e783a41a6a9ba9d0763ae3f38] CCB: b64payload=c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFDQVFDckphczYvdnZjZzlVVlBDY3RGNUEycjFCODJIMGMvQmg3S3daZHBQN3ZWRy8vcW5iUDljb0V6NUtlOE1IMlkySmRCQ2xhVzBFODZJaWQ4dEhFdnRZaXNPWFNJZWR3Q1R3WThnelkvYjBNdjRzVGxOSkRPV1RzWlFXRTVad0xGVHZkMTVJNld2ZHBrbHl0ZGlmVmRySlZxSjlyWmxnYWsremFtcjNWWjlvdDMrbkhMZGI5MnBhd1IvQ2QvRjQwZStsWHg0TWlyb2RkZDBQY2Z0Z0FBT2U5cngvMThZR2EzVFpTUU5zS3M4SHlZeWQvRVY0Nm5qcktKWGRQcitLUzFZQTZKZmRtd21FSnFOb2o5bkkwQVh0RWwzVmxyQlhwMGJYRHlGYzRlNHZrUDUrMWhJNnB2U29iWnMxWUkyOGlGS3RLbnhPMjFpS2dYOE1aZXVkMlVEa201Qi9ISHJGZU9KYjhQbHNSYUdrcysxbFhDSWFXdnNlOEhvVmdwcEl1SWd4ck9RY3ZHeWxla1NYUHhqWTNCVTBEWENuUGNNUDZzRHR2V3VtOHZXM3grbXlPUzdicEZCYmlidVYrZjQ1V09TL1czcEpKZmNJcDd3dXRidnFGNCt2cWdqczdsclB4UEVoaEQvb25Za3gySmpua0hlM1BoY2FNZkdWdHNVV1dPRTNTaGFVTUxzUVRGV2dRRjVMR2twcUtSSk1NZDVsdk1DTGxuWm5uK0pqZDR5ZGM2S1laa0pySzZSN25WSUMySUc3U1JuZXgrbW1HcjRrUXVHNUp0a3kxajI3VGJNejdyUkhkYkV0N2haNC9BT0JQMjFrcGoyeGN6S0NBZGJta0dQR20vcy9DVzFzRHdyeG04clpEUzlaVk5UamdsOUlETCs5dVFWZlBkU0JZcHc9PSB1YnVudHVAYmVpc25lci1iYXN0aW9uCg== normalize_before_encryption /usr/lib/python3/dist-packages/barbican/plugin/util/translations.py:84\x1b[00m
barbican-api.log:[Wed Oct 24 23:33:07.185625 2018] [wsgi:error] [pid 17477:tid 140505406514944] [remote 10.5.0.11:35220] 2018-10-24 23:33:07.185 17477 DEBUG barbican.plugin.util.translations [req-b53b964f-8541-4f30-b620-aff3bb962969 174f3123041f42818318b4ce4d46d755 a5e22ca876884268bf8c2dba92863ecd - 7e87323e783a41a6a9ba9d0763ae3f38 7e87323e783a41a6a9ba9d0763ae3f38] CCB: type(b64payload)=<class 'str'> normalize_before_encryption /usr/lib/python3/dist-packages/barbican/plugin/util/translations.py:85\x1b[00m
barbican-api.log:[Wed Oct 24 23:33:07.185857 2018] [wsgi:error] [pid 17477:tid 140505406514944] [remote 10.5.0.11:35220] 2018-10-24 23:33:07.185 17477 DEBUG barbican.pl...

Read more...

James Page (james-page) wrote :

Content appears to already be base64 encoded so the raw context is passed back in the b64payload variable

James Page (james-page) wrote :

The code incorrectly assumes that base64 is byte encoded so something like:

        elif content_encoding.lower() == 'base64':
            if not isinstance(unencrypted, six.binary_type):
                b64payload = unencrypted.encode('utf-8')
            else:
                b64payload = unencrypted

does the trick in terms of ensuring binary encoding of the data in this code path.

Corey Bryant (corey.bryant) wrote :

Makes sense! What that code does with plain text for py3 is base64.encode_as_bytes(plaintext) which results in bytes:

  >>> from oslo_serialization import base64
  >>> base64.encode_as_bytes('hello')
  b'aGVsbG8='

Basically what that does is:

  >>> base64.b64encode('hello'.encode('utf-8'))
  b'aGVsbG8='

no longer affects: castellan
Changed in barbican (Ubuntu):
status: New → Triaged
importance: Undecided → High
no longer affects: python-castellan (Ubuntu)
summary: - PY3: when uploading file as secret: TypeError: a bytes-like object is
- required, not 'str'
+ [SRU] PY3: when uploading file as secret: TypeError: a bytes-like object
+ is required, not 'str'
description: updated

Hello Ryan, or anyone else affected,

Accepted barbican into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/barbican/1:7.0.0-0ubuntu3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in barbican (Ubuntu Cosmic):
status: New → Fix Committed
tags: added: verification-needed verification-needed-cosmic
Changed in cloud-archive:
status: Triaged → Fix Committed
Corey Bryant (corey.bryant) wrote :

Verified successfully on cosmic-proposed: https://paste.ubuntu.com/p/gSyMMDdCXd/

Corey Bryant (corey.bryant) wrote :

s/cosmic-proposed/rocky-proposed ^^

Corey Bryant (corey.bryant) wrote :

Verified successfully on cosmic-proposed: https://paste.ubuntu.com/p/BMqSv8rBqJ/

tags: added: verification-done-cosmic
removed: verification-needed-cosmic
tags: added: verification-rocky-done
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package barbican - 1:7.0.0-0ubuntu4

---------------
barbican (1:7.0.0-0ubuntu4) disco; urgency=medium

  * d/tests/barbican-shebangs-py3: Update shebang for Python 3.7.

 -- Corey Bryant <email address hidden> Wed, 07 Nov 2018 09:22:03 -0500

Changed in barbican (Ubuntu):
status: Triaged → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package barbican - 1:7.0.0-0ubuntu3

---------------
barbican (1:7.0.0-0ubuntu3) cosmic; urgency=medium

  * d/p/encode-b64payload.patch: Cherry-pick from upstream review
    (https://review.openstack.org/#/c/613324/) to ensure base64
    payloads are correctly encoded in Python 3 (LP: #1799746).

 -- Corey Bryant <email address hidden> Thu, 25 Oct 2018 09:48:28 -0400

Changed in barbican (Ubuntu Cosmic):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for barbican has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package barbican - 1:7.0.0-0ubuntu3~cloud0
---------------

 barbican (1:7.0.0-0ubuntu3~cloud0) bionic-rocky; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 barbican (1:7.0.0-0ubuntu3) cosmic; urgency=medium
 .
   * d/p/encode-b64payload.patch: Cherry-pick from upstream review
     (https://review.openstack.org/#/c/613324/) to ensure base64
     payloads are correctly encoded in Python 3 (LP: #1799746).

Changed in cloud-archive:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers