New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Catch exception when creating passwords #14088
Conversation
https://bugzilla.redhat.com/show_bug.cgi?id=1422903 If the password was built using a different key set the password to nil when we get password errors.
@mkanoor Was this a change in behavior? I would think having invalid encryption strings should not silently fail. |
@@ -541,6 +541,13 @@ def self.convert_value_based_on_datatype(value, datatype) | |||
value | |||
end | |||
|
|||
def self.fetch_password(value) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CodeClimate reports: "private
(on line 430) does not make singleton methods private. Use private_class_method
or private
inside a class << self
block instead."
Is this intended to be a private method?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, this should be a private method
@gmcculloug Yes, in previous versions (CloudForms 4.0) the instantiate call would return a valid object however the password property would be nil.
In 4.1 this behavior changed. Now, if there is an instance that contains a password field created with a different key, then the object returned by instantiate is nil.
|
Checked commits mkanoor/manageiq@676bc7c~...1a22bd5 with ruby 2.2.6, rubocop 0.47.1, and haml-lint 0.20.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is good that we are no longer blowing up
But the user should not be storing data in our database encrypted with a different v2_key
.
It is a bug with their process.
I'm surprised that this ever worked in the past.
I think the current behavior is reasonable.
Think we need to give them a way to restore from backup.
(also feel we shouldn't be storing the encrypted passwords in the data they export... but that is a different conversation)
@@ -541,6 +541,13 @@ def self.convert_value_based_on_datatype(value, datatype) | |||
value | |||
end | |||
|
|||
def self.fetch_password(value) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, this should be a private method
@kbrock I completely agree. Silently ignoring data that is encrypted with a different key is the wrong approach. Exporting encrypted data depends on the expected use. You would want to retain it for backup purposes, but not when importing into a different environment. |
@nmaludy [----] E, [2017-03-02T20:23:51.259187 #7329:5cc8fe4] ERROR -- : The following error occurred during method evaluation: When the key is different during the initial decrypt for $evm.instantiate we get |
This pull request is not mergeable. Please rebase and repush. |
Not implementing this solution, since the behavior has not changed when the key is incorrect |
https://bugzilla.redhat.com/show_bug.cgi?id=1422903
If the password was built using a different key set the password
to nil when we get password errors.
Links
Steps for Testing/QA
Documented in BZ