-
Ionut Balutoiu authored
The method `Fernet.generate_key()` generates a binary string in Python 3: ``` >>> Fernet.generate_key() b'qSMZlOK23pZUw_Uyy-ZRPUfPskMXKGCGmhG6AHCFiV8=' ``` Unless properly written as a string to the Kolla `passwords.yml` file, the Fernet key will end up in the final Barbican config like this: ``` [simple_crypto_plugin] kek = b'qSMZlOK23pZUw_Uyy-ZRPUfPskMXKGCGmhG6AHCFiV8=' ``` Due to the fact that the key is incorrectly written to the barbican config file (it should be written as a string), every barbican secret store fails with: ``` barbican.api.controllers File "/var/lib/kolla/venv/lib/python3.6/site-packages/barbican/plugin/store_crypto.py", line 83, in store_secret barbican.api.controllers encrypting_plugin, context.project_model) barbican.api.controllers File "/var/lib/kolla/venv/lib/python3.6/site-packages/barbican/plugin/store_crypto.py", line 290, in _find_or_create_kek_objects barbican.api.controllers kek_meta_dto = plugin_inst.bind_kek_metadata(kek_meta_dto) barbican.api.controllers File "/var/lib/kolla/venv/lib/python3.6/site-packages/barbican/plugin/crypto/simple_crypto.py", line 104, in bind_kek_metadata barbican.api.controllers encryptor = fernet.Fernet(self.master_kek) barbican.api.controllers File "/var/lib/kolla/venv/lib/python3.6/site-packages/cryptography/fernet.py", line 38, in __init__ barbican.api.controllers "Fernet key must be 32 url-safe base64-encoded bytes." barbican.api.controllers ValueError: Fernet key must be 32 url-safe base64-encoded bytes. ``` This commit fixes the issue described above by properly writing the Fernet key as a string to the Kolla `passwords.yml` file. Closes-Bug: #1848191 Change-Id: I27fc0159c889bc2e1576fdd69b7d02a320b620f8
Ionut Balutoiu authoredThe method `Fernet.generate_key()` generates a binary string in Python 3: ``` >>> Fernet.generate_key() b'qSMZlOK23pZUw_Uyy-ZRPUfPskMXKGCGmhG6AHCFiV8=' ``` Unless properly written as a string to the Kolla `passwords.yml` file, the Fernet key will end up in the final Barbican config like this: ``` [simple_crypto_plugin] kek = b'qSMZlOK23pZUw_Uyy-ZRPUfPskMXKGCGmhG6AHCFiV8=' ``` Due to the fact that the key is incorrectly written to the barbican config file (it should be written as a string), every barbican secret store fails with: ``` barbican.api.controllers File "/var/lib/kolla/venv/lib/python3.6/site-packages/barbican/plugin/store_crypto.py", line 83, in store_secret barbican.api.controllers encrypting_plugin, context.project_model) barbican.api.controllers File "/var/lib/kolla/venv/lib/python3.6/site-packages/barbican/plugin/store_crypto.py", line 290, in _find_or_create_kek_objects barbican.api.controllers kek_meta_dto = plugin_inst.bind_kek_metadata(kek_meta_dto) barbican.api.controllers File "/var/lib/kolla/venv/lib/python3.6/site-packages/barbican/plugin/crypto/simple_crypto.py", line 104, in bind_kek_metadata barbican.api.controllers encryptor = fernet.Fernet(self.master_kek) barbican.api.controllers File "/var/lib/kolla/venv/lib/python3.6/site-packages/cryptography/fernet.py", line 38, in __init__ barbican.api.controllers "Fernet key must be 32 url-safe base64-encoded bytes." barbican.api.controllers ValueError: Fernet key must be 32 url-safe base64-encoded bytes. ``` This commit fixes the issue described above by properly writing the Fernet key as a string to the Kolla `passwords.yml` file. Closes-Bug: #1848191 Change-Id: I27fc0159c889bc2e1576fdd69b7d02a320b620f8
