New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Log encryption failures #127
Conversation
@gmcculloug @tinaafitz |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mkanoor Looks good.
https://bugzilla.redhat.com/show_bug.cgi?id=1518058 Customers might export/import models between different environments. There typically is a different key for each environment. If the export deck has encrypted fields, they are imported into the new environment unchanged. This field cannot be decrypted at runtime in the Automate engine, because of key mismatch. During $evm.instantiate we were not logging any error messages and customer has a tough time debugging the issue. This PR logs the encryption error.
508d259
to
f51eb01
Compare
@gmcculloug Please review. |
MiqAePassword.new(MiqAePassword.decrypt(value)) | ||
rescue MiqPassword::MiqPasswordError => err | ||
$miq_ae_logger.error("Error decrypting password #{err.message}. Is this password imported from a different environment?") | ||
raise err |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do you think about changing the log message to:
"Error decrypting password: [#{err.message}]. Possible cause: Password value was encrypted with a different encryption key."
The logging message from the included test would read:
Error decrypting password: [can not decrypt v0_key encrypted string]. Possible cause: Password value was encrypted with a different encryption key.
Minor but you can just use raise
to re-raise the last error. You do not need to pass the object.
Checked commits mkanoor/manageiq-automation_engine@f51eb01~...3bc9a53 with ruby 2.3.3, rubocop 0.47.1, haml-lint 0.20.0, and yamllint 1.10.0 lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_object.rb
lib/miq_automation_engine/engine/miq_ae_method_service/miq_ae_service.rb
|
@gmcculloug |
Agreed, that it does not need to be refactored in this PR. |
Log encryption failures (cherry picked from commit bcc9490) https://bugzilla.redhat.com/show_bug.cgi?id=1524617
Gaprindashvili backport details:
|
Fine backport (to manageiq repo) details:
|
Euwe backport (to manageiq repo) details:
|
https://bugzilla.redhat.com/show_bug.cgi?id=1518058
Customers might export/import models between different environments.
There typically is a different key for each environment. If the export
deck has encrypted fields, they are imported into the new environment
unchanged. This field cannot be decrypted at runtime in the Automate
engine, because of key mismatch.
During $evm.instantiate we were not logging any error messages and
customer has a tough time debugging the issue.
This PR logs the encryption error.