Barbican

db-lazy-load-error-encrypteddatum-kekdatum

Bug #1352020 reported by John Wood
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Barbican
Fix Released
High
John Wood
Barbican 2014.2 "juno"

Bug Description

When trying to GET a decrypted secret from Barbican, the exception below is raised. This is due to the KEKDatum record associated with an EncryptedDatum record attempting to be lazy-loaded after the SQLAlchemy session is closed. SQLite does not raise this issue, but PostgreSQL does.

The fix is to change barbican/model/models.py, line #345 in EncryptedDatum from:

kek_meta_tenant = orm.relationship("KEKDatum")

to:

kek_meta_tenant = orm.relationship("KEKDatum", lazy='joined')

-----

2014-08-03 20:26:48.541 11 ERROR barbican.api.controllers [-] Secret retrieval failure seen - please contact site administrator.
2014-08-03 20:26:48.541 11 TRACE barbican.api.controllers Traceback (most recent call last):
2014-08-03 20:26:48.541 11 TRACE barbican.api.controllers File "/usr/lib/python2.6/site-packages/barbican/api/controllers/__init__.py", line 85, in handler
2014-08-03 20:26:48.541 11 TRACE barbican.api.controllers return fn(inst, *args, **kwargs)
2014-08-03 20:26:48.541 11 TRACE barbican.api.controllers File "/usr/lib/python2.6/site-packages/barbican/api/controllers/__init__.py", line 71, in enforcer
2014-08-03 20:26:48.541 11 TRACE barbican.api.controllers return fn(inst, *args, **kwargs)
2014-08-03 20:26:48.541 11 TRACE barbican.api.controllers File "/usr/lib/python2.6/site-packages/barbican/api/controllers/secrets.py", line 97, in index
2014-08-03 20:26:48.541 11 TRACE barbican.api.controllers tenant)
2014-08-03 20:26:48.541 11 TRACE barbican.api.controllers File "/usr/lib/python2.6/site-packages/barbican/plugin/resources.py", line 108, in get_secret
2014-08-03 20:26:48.541 11 TRACE barbican.api.controllers secret_dto = retrieve_plugin.get_secret(secret_metadata, context)
2014-08-03 20:26:48.541 11 TRACE barbican.api.controllers File "/usr/lib/python2.6/site-packages/barbican/plugin/store_crypto.py", line 89, in get_secret
2014-08-03 20:26:48.541 11 TRACE barbican.api.controllers datum_model.kek_meta_tenant.plugin_name)
2014-08-03 20:26:48.541 11 TRACE barbican.api.controllers File "/usr/lib64/python2.6/site-packages/sqlalchemy/orm/attributes.py", line 239, in __get__
2014-08-03 20:26:48.541 11 TRACE barbican.api.controllers return self.impl.get(instance_state(instance), dict_)
2014-08-03 20:26:48.541 11 TRACE barbican.api.controllers File "/usr/lib64/python2.6/site-packages/sqlalchemy/orm/attributes.py", line 591, in get
2014-08-03 20:26:48.541 11 TRACE barbican.api.controllers value = self.callable_(state, passive)
2014-08-03 20:26:48.541 11 TRACE barbican.api.controllers File "/usr/lib64/python2.6/site-packages/sqlalchemy/orm/strategies.py", line 507, in _load_for_state
2014-08-03 20:26:48.541 11 TRACE barbican.api.controllers (orm_util.state_str(state), self.key)
2014-08-03 20:26:48.541 11 TRACE barbican.api.controllers DetachedInstanceError: Parent instance <EncryptedDatum at 0x4723390> is not bound to a Session; lazy load operation of attribute 'kek_meta_tenant' cannot proceed

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to barbican (master)

Reviewed: https://review.openstack.org/111601
Committed: https://git.openstack.org/cgit/openstack/barbican/commit/?id=6002bd54549b23fbf0c12efa7aac647a1ba5a341
Submitter: Jenkins
Branch: master

commit 6002bd54549b23fbf0c12efa7aac647a1ba5a341
Author: jfwood <email address hidden>
Date: Sun Aug 3 17:27:26 2014 -0500

    Eager load KEKDatum record when EncryptedDatum is retrieved

    When trying to GET a decrypted secret from Barbican, an exception is
    raised. This is due to the KEKDatum record associated with an
    EncryptedDatum record attempting to be lazy-loaded after the SQLAlchemy
    session is closed. SQLite does not raise an exception, but Postgres does.
    Also, the lazy='joined' syntax did not make it obvious that an eager
    load was called for, hence this syntax was changed to lazy=False with
    a comment added.

    Change-Id: I728e2052d8a916da5c1023daf8137774ac04f8f5
    Closes-Bug: #1352020

Changed in barbican:
status: New → Fix Committed
Thierry Carrez (ttx)
Changed in barbican:
milestone: none → juno-3
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in barbican:
milestone: juno-3 → 2014.2
Douglas Mendizábal (dougmendizabal)
Changed in barbican:
importance: Undecided → High
assignee: nobody → John Wood (john-wood-w)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.