| 2021-10-12 18:48:43 |
Corey Bryant |
bug |
|
|
added bug |
| 2021-10-12 18:52:39 |
Corey Bryant |
nominated for series |
|
Ubuntu Impish |
|
| 2021-10-12 18:52:39 |
Corey Bryant |
bug task added |
|
barbican (Ubuntu Impish) |
|
| 2021-10-12 18:52:54 |
Corey Bryant |
barbican (Ubuntu Impish): status |
New |
Triaged |
|
| 2021-10-12 18:52:58 |
Corey Bryant |
barbican (Ubuntu Impish): importance |
Undecided |
High |
|
| 2021-10-12 18:53:30 |
Corey Bryant |
nominated for series |
|
Ubuntu Hirsute |
|
| 2021-10-12 18:53:30 |
Corey Bryant |
bug task added |
|
barbican (Ubuntu Hirsute) |
|
| 2021-10-12 18:53:35 |
Corey Bryant |
barbican (Ubuntu Hirsute): status |
New |
Triaged |
|
| 2021-10-12 18:53:38 |
Corey Bryant |
barbican (Ubuntu Hirsute): importance |
Undecided |
High |
|
| 2021-10-12 18:53:41 |
Corey Bryant |
barbican (Ubuntu Impish): status |
Triaged |
Fix Released |
|
| 2021-10-12 18:53:43 |
Corey Bryant |
barbican (Ubuntu Impish): importance |
High |
Undecided |
|
| 2021-10-12 18:54:03 |
Corey Bryant |
bug task added |
|
cloud-archive |
|
| 2021-10-12 18:54:14 |
Corey Bryant |
nominated for series |
|
cloud-archive/xena |
|
| 2021-10-12 18:54:14 |
Corey Bryant |
bug task added |
|
cloud-archive/xena |
|
| 2021-10-12 18:54:14 |
Corey Bryant |
nominated for series |
|
cloud-archive/wallaby |
|
| 2021-10-12 18:54:14 |
Corey Bryant |
bug task added |
|
cloud-archive/wallaby |
|
| 2021-10-12 18:54:25 |
Corey Bryant |
cloud-archive/xena: status |
New |
Fix Released |
|
| 2021-10-12 18:54:30 |
Corey Bryant |
cloud-archive/wallaby: status |
New |
Triaged |
|
| 2021-10-12 18:54:33 |
Corey Bryant |
cloud-archive/wallaby: importance |
Undecided |
High |
|
| 2021-10-12 19:01:22 |
Corey Bryant |
description |
[Impact]
[Test Case]
[Where things could go wrong] |
[Impact]
This SRU corresponds with the following story for upstream barbican
https://storyboard.openstack.org/#!/story/2008335.
The problem is not all secrets were being stored in plaintext prior to this change, resulting in the inability to decode some payloads.
This is fixed by always storing secrets in plaintext and decoding inconsistently stored data as needed when getting secrets.
[Test Case]
[Where things could go wrong] |
|
| 2021-10-12 19:02:14 |
Corey Bryant |
description |
[Impact]
This SRU corresponds with the following story for upstream barbican
https://storyboard.openstack.org/#!/story/2008335.
The problem is not all secrets were being stored in plaintext prior to this change, resulting in the inability to decode some payloads.
This is fixed by always storing secrets in plaintext and decoding inconsistently stored data as needed when getting secrets.
[Test Case]
[Where things could go wrong] |
[Impact]
This SRU corresponds with the following story for upstream barbican
https://storyboard.openstack.org/#!/story/2008335.
The problem is some secrets were stored in plaintext and some were stored encoded. This resulted in the inability to decode some payloads.
This is fixed by always storing secrets in plaintext and decoding inconsistently stored data as needed when getting secrets.
[Test Case]
[Where things could go wrong] |
|
| 2021-10-12 19:02:25 |
Corey Bryant |
description |
[Impact]
This SRU corresponds with the following story for upstream barbican
https://storyboard.openstack.org/#!/story/2008335.
The problem is some secrets were stored in plaintext and some were stored encoded. This resulted in the inability to decode some payloads.
This is fixed by always storing secrets in plaintext and decoding inconsistently stored data as needed when getting secrets.
[Test Case]
[Where things could go wrong] |
[Impact]
This SRU corresponds with the following story for upstream barbican
https://storyboard.openstack.org/#!/story/2008335.
The problem is some secrets were stored in plaintext and some were stored encoded. This resulted in the inability to decode some secrets.
This is fixed by always storing secrets in plaintext and decoding inconsistently stored data as needed when getting secrets.
[Test Case]
[Where things could go wrong] |
|
| 2021-10-12 19:17:49 |
Corey Bryant |
description |
[Impact]
This SRU corresponds with the following story for upstream barbican
https://storyboard.openstack.org/#!/story/2008335.
The problem is some secrets were stored in plaintext and some were stored encoded. This resulted in the inability to decode some secrets.
This is fixed by always storing secrets in plaintext and decoding inconsistently stored data as needed when getting secrets.
[Test Case]
[Where things could go wrong] |
[Impact]
This SRU corresponds with the following story for upstream barbican
https://storyboard.openstack.org/#!/story/2008335.
The problem is some secrets were stored in plaintext and some were stored encoded. This resulted in the inability to decode some secrets.
This is fixed by always storing secrets in plaintext and decoding inconsistently stored data as needed when getting secrets.
[Test Case]
[Where things could go wrong]
If things were to go wrong it would probably be in the get_secret() method which calls _ensure_legacy_base64(). _ensure_legacy_base64() assumes that anything that is not a key was stored base64 encoded. Presumably this is correct, but there was a path added to catch a UnicodeDecodeError exception to handle unexpected non-base64-encoded secrets. |
|
| 2021-10-12 19:18:34 |
Corey Bryant |
description |
[Impact]
This SRU corresponds with the following story for upstream barbican
https://storyboard.openstack.org/#!/story/2008335.
The problem is some secrets were stored in plaintext and some were stored encoded. This resulted in the inability to decode some secrets.
This is fixed by always storing secrets in plaintext and decoding inconsistently stored data as needed when getting secrets.
[Test Case]
[Where things could go wrong]
If things were to go wrong it would probably be in the get_secret() method which calls _ensure_legacy_base64(). _ensure_legacy_base64() assumes that anything that is not a key was stored base64 encoded. Presumably this is correct, but there was a path added to catch a UnicodeDecodeError exception to handle unexpected non-base64-encoded secrets. |
[Impact]
This SRU corresponds with the following story for upstream barbican
https://storyboard.openstack.org/#!/story/2008335.
The problem is some secrets were stored in plaintext and some were stored encoded. This resulted in the inability to decode some secrets.
This is fixed by always storing secrets in plaintext and decoding inconsistently stored data as needed when getting secrets.
[Test Case]
TBD
[Where things could go wrong]
If things were to go wrong it would probably be in the get_secret() method which calls _ensure_legacy_base64(). _ensure_legacy_base64() assumes that anything that is not a key was stored base64 encoded. Presumably this is correct, but there was a path added to catch a UnicodeDecodeError exception to handle unexpected non-base64-encoded secrets. |
|
| 2021-10-12 19:39:03 |
Corey Bryant |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2021-10-18 15:35:43 |
Edward Hope-Morley |
description |
[Impact]
This SRU corresponds with the following story for upstream barbican
https://storyboard.openstack.org/#!/story/2008335.
The problem is some secrets were stored in plaintext and some were stored encoded. This resulted in the inability to decode some secrets.
This is fixed by always storing secrets in plaintext and decoding inconsistently stored data as needed when getting secrets.
[Test Case]
TBD
[Where things could go wrong]
If things were to go wrong it would probably be in the get_secret() method which calls _ensure_legacy_base64(). _ensure_legacy_base64() assumes that anything that is not a key was stored base64 encoded. Presumably this is correct, but there was a path added to catch a UnicodeDecodeError exception to handle unexpected non-base64-encoded secrets. |
[Impact]
This SRU corresponds with the following story for upstream barbican
https://storyboard.openstack.org/#!/story/2008335.
The problem is some secrets were stored in plaintext and some were stored encoded. This resulted in the inability to decode some secrets.
This is fixed by always storing secrets in plaintext and decoding inconsistently stored data as needed when getting secrets.
[Test Case]
* deploy Openstack with Barbican using Vault as a backend
* openstack volume type create --encryption-provider nova.volume.encryptors.luks.LuksEncryptor --encryption-cipher aes-xts-plain64 --encryption-key-size 256 --encryption-control-location front-end LUKS
* openstack volume create --size 1 --type LUKS luks_vol1
* ensure volume created successfully
* openstack volume show luks_vol1
* create vm and attach volume
* mkfs and mount then test can read/write
[Where things could go wrong]
If things were to go wrong it would probably be in the get_secret() method which calls _ensure_legacy_base64(). _ensure_legacy_base64() assumes that anything that is not a key was stored base64 encoded. Presumably this is correct, but there was a path added to catch a UnicodeDecodeError exception to handle unexpected non-base64-encoded secrets. |
|
| 2021-10-18 18:54:57 |
Edward Hope-Morley |
nominated for series |
|
cloud-archive/ussuri |
|
| 2021-10-18 18:54:57 |
Edward Hope-Morley |
bug task added |
|
cloud-archive/ussuri |
|
| 2021-10-18 18:54:57 |
Edward Hope-Morley |
nominated for series |
|
cloud-archive/victoria |
|
| 2021-10-18 18:54:57 |
Edward Hope-Morley |
bug task added |
|
cloud-archive/victoria |
|
| 2021-10-18 18:55:39 |
Edward Hope-Morley |
nominated for series |
|
Ubuntu Focal |
|
| 2021-10-18 18:55:39 |
Edward Hope-Morley |
bug task added |
|
barbican (Ubuntu Focal) |
|
| 2021-10-19 18:47:19 |
Brian Murray |
barbican (Ubuntu Hirsute): status |
Triaged |
Fix Committed |
|
| 2021-10-19 18:47:22 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
| 2021-10-19 18:47:26 |
Brian Murray |
tags |
|
verification-needed verification-needed-hirsute |
|
| 2021-10-19 21:19:41 |
Corey Bryant |
cloud-archive/wallaby: status |
Triaged |
Fix Committed |
|
| 2021-10-19 21:19:42 |
Corey Bryant |
tags |
verification-needed verification-needed-hirsute |
verification-needed verification-needed-hirsute verification-wallaby-needed |
|
| 2021-10-31 22:09:12 |
Mathew Hodson |
barbican (Ubuntu Focal): importance |
Undecided |
High |
|
| 2021-10-31 22:09:16 |
Mathew Hodson |
barbican (Ubuntu Impish): importance |
Undecided |
High |
|
| 2021-10-31 22:09:22 |
Mathew Hodson |
barbican (Ubuntu): importance |
Undecided |
High |
|
| 2021-11-01 17:43:18 |
Liam Young |
tags |
verification-needed verification-needed-hirsute verification-wallaby-needed |
verification-done-hirsute verification-needed verification-wallaby-needed |
|
| 2021-11-01 18:37:29 |
Liam Young |
tags |
verification-done-hirsute verification-needed verification-wallaby-needed |
verification-done-hirsute verification-needed verification-wallaby-done |
|
| 2021-11-01 19:43:59 |
Launchpad Janitor |
barbican (Ubuntu Hirsute): status |
Fix Committed |
Fix Released |
|
| 2021-11-01 19:44:03 |
Brian Murray |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2021-11-01 19:55:58 |
Corey Bryant |
cloud-archive/wallaby: status |
Fix Committed |
Fix Released |
|
| 2021-11-01 20:25:59 |
Corey Bryant |
cloud-archive/victoria: status |
New |
Fix Committed |
|
| 2021-11-01 20:26:00 |
Corey Bryant |
tags |
verification-done-hirsute verification-needed verification-wallaby-done |
verification-done-hirsute verification-needed verification-victoria-needed verification-wallaby-done |
|
| 2021-11-01 20:39:07 |
Corey Bryant |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2021-11-01 20:39:09 |
Corey Bryant |
barbican (Ubuntu Focal): status |
New |
Triaged |
|
| 2021-11-01 20:39:12 |
Corey Bryant |
cloud-archive/ussuri: status |
New |
Triaged |
|
| 2021-11-01 20:39:16 |
Corey Bryant |
cloud-archive/ussuri: importance |
Undecided |
High |
|
| 2021-11-01 20:39:22 |
Corey Bryant |
cloud-archive/victoria: importance |
Undecided |
High |
|
| 2021-11-01 20:39:25 |
Corey Bryant |
cloud-archive/xena: importance |
Undecided |
High |
|
| 2021-11-01 20:39:27 |
Corey Bryant |
cloud-archive: importance |
Undecided |
High |
|
| 2021-11-01 23:07:10 |
Nobuto Murata |
bug |
|
|
added subscriber Nobuto Murata |
| 2021-11-02 11:43:36 |
Liam Young |
tags |
verification-done-hirsute verification-needed verification-victoria-needed verification-wallaby-done |
verification-done-hirsute verification-needed verification-victoria-done verification-wallaby-done |
|
| 2021-11-05 23:20:29 |
Steve Langasek |
barbican (Ubuntu Focal): status |
Triaged |
Fix Committed |
|
| 2021-11-05 23:20:38 |
Steve Langasek |
tags |
verification-done-hirsute verification-needed verification-victoria-done verification-wallaby-done |
verification-done-hirsute verification-needed verification-needed-focal verification-victoria-done verification-wallaby-done |
|
| 2021-11-08 13:52:06 |
Corey Bryant |
cloud-archive/victoria: status |
Fix Committed |
Fix Released |
|
| 2021-11-08 13:54:11 |
Corey Bryant |
cloud-archive/ussuri: status |
Triaged |
Fix Committed |
|
| 2021-11-08 13:54:13 |
Corey Bryant |
tags |
verification-done-hirsute verification-needed verification-needed-focal verification-victoria-done verification-wallaby-done |
verification-done-hirsute verification-needed verification-needed-focal verification-ussuri-needed verification-victoria-done verification-wallaby-done |
|
| 2021-11-23 11:38:05 |
Edward Hope-Morley |
tags |
verification-done-hirsute verification-needed verification-needed-focal verification-ussuri-needed verification-victoria-done verification-wallaby-done |
verification-done-focal verification-done-hirsute verification-needed verification-ussuri-needed verification-victoria-done verification-wallaby-done |
|
| 2021-11-25 11:01:04 |
Launchpad Janitor |
barbican (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
| 2021-11-25 14:22:01 |
Edward Hope-Morley |
tags |
verification-done-focal verification-done-hirsute verification-needed verification-ussuri-needed verification-victoria-done verification-wallaby-done |
verification-done verification-done-focal verification-done-hirsute verification-ussuri-done verification-victoria-done verification-wallaby-done |
|
| 2021-11-29 14:35:35 |
Corey Bryant |
cloud-archive/ussuri: status |
Fix Committed |
Fix Released |
|
