Several functional tests are failing when Barbican is configured to use the recently updated p11_crypto module. The tests all pass when the old p11_crypto plugin is put back in place.
An example of the tox output (some output has been removed for clarity):
{0} functionaltests.api.v1.functional.test_rsa.RSATestCase.test_rsa_store_and_get_certificate_secret [3.042279s] ... FAILED
==============================
Failed 1 tests - output below:
==============================
functionaltests.api.v1.functional.test_rsa.RSATestCase.test_rsa_store_and_get_certificate_secret
Captured pythonlogging:
~~~~~~~~~~~~~~~~~~~~~~~
2016-01-18 16:34:37,054 21866 INFO [requests.packages.urllib3.connectionpool] Starting new HTTPS connection (1): barbican_ref
2016-01-18 16:34:37,870 21866 DEBUG [requests.packages.urllib3.connectionpool] "POST /v1/secrets HTTP/1.1" 201 109
2016-01-18 16:34:37,872 21866 INFO [functionaltests.common.client] Request (user=barbican-admin) (RSATestCase:test_rsa_store_and_get_certificate_secret)
201 POST https://barbican_ref/v1/secrets
Request Headers: {'Content-Type': 'application/json', 'Connection': 'keep-alive', 'Accept': 'application/json', 'X-Auth-Token': u'AACBlgbKj75km-DQTfF_0eUcEQ7BUgB_r7plXOXJraN5bYqY9PZfA1qKhrOgRwa_uU3owwMx1Jepo9PZGLabtF28VTRyWc6swpNpCnqrQFSxTpzO0MJ17Mwjfwd4BTOjCCI0FCWqbZ4bqg', 'Content-Length': '1628', 'Accept-Encoding': 'gzip, deflate', 'X-Project-Id': u'802958', 'User-Agent': 'python-requests/2.9.1'}
Request Body: {"secret_type": "certificate", "payload": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvekNDQWVlZ0F3SUJBZ0lKQU9McVhLSjlxOS9uTUEwR0NTcUdTSWIzRFFFQkN3VUFNQll4RkRBU0JnTlYKQkFNTUMyVjRZVzF3YkdVdVkyOXRNQjRYRFRFMU1EUXhNVEF5TVRVeU9Wb1hEVEU0TURFd05UQXlNVFV5T1ZvdwpGakVVTUJJR0ExVUVBd3dMWlhoaGJYQnNaUzVqYjIwd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3CmdnRUtBb0lCQVFDemEyVm9EWG1CVU1td2pGdTlGNk1NNXEvQVoxV2puV0EyWU5kTnkyMzdUckdOL25vYkREdjgKRkJCcFVQbUhOWjA0SDFMeXhGY1A4UmVGcmNJWHBpZnNSZXUybEFXYXFSUHhvdnU1Q3VBaGZlY0t2K1JoakxWTApKMEkrTVpJYjcyUk9LcGZaVG1iN2RobEZnR0QzdmtDNTFCQ2ZoR1ZXMzV3NTJPWS8yM3g1TWVPNHl2eDVteVBjCmNueE1WUTQyS3VEcnpLcWpCbFNqbUJuY3BHWXgwSmdDVCtzeUZtSHNsOHJPa3FDUFBGTG8yNFlRbis0L3ByMUEKWXdhWkFiTVRsOXpvTHRFUWo2c3hTY3VIY1M5ZThuaXB0RHhsc2JMUWdxR1ZhR2RFMTE3c3RDOTVRSDdVdklUYgp1WXpkalp3QkZjMVNnejhHWi8yaExTc0h1akppSVFjdkFnTUJBQUdqVURCT01CMEdBMVVkRGdRV0JCU1VxMkEwCmIyWG8rc0t2bUtnTjhXcThsNmo4MmpBZkJnTlZIU01FR0RBV2dCU1VxMkEwYjJYbytzS3ZtS2dOOFdxOGw2ajgKMmpBTUJnTlZIUk1FQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJqaXVxaGx6TlZPVkxySERReQpHcjBmVEFDRkpkRFJFbnVoWnA0ZDkxKytEbU1DVCtiY1RHMCtHQ3AzcmZGT3VFV3BKTExMUGRTT25Jc25pYnNPCnN5S1BYdUJCWDVrbWRZSW9qYmRqVVRTd25oY3g5SlRBZktTbXhYV1NDMHJuS0NlZkFmNDRNbTZmcXZvVHlUYmUKR1NRUDZuSHpjN2VMYUsvZWZjck12WWRjdCtUZVRrSGpxUjhMdTRwalp2UmRVUWFkUUhoRHlOK09OS2RLRDlUcgpqdmZQaW0wYjdBcTg4NVBqU042UW80WjlIWFI2K25LK2JUejlIeVVBVE1mREdOUXQwTDN2eWZWeGJOT3hrQ0JjCllJNGhGdEdma096ZDZCN3Iyc1kxd0dLZFRMSGt1VDRtNC85QS9TT3p2bkgrZXBuSnFJUzlqdysxaVJqOHhjREEKNlBOVAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==", "payload_content_encoding": "base64", "payload_content_type": "application/octet-stream", "name": "mycertificate"}
Response: {"secret_ref": "https://BARBICAN_ENDPOINT/v1/secrets/1657d270-6446-46de-a92c-db51740375e6"}
2016-01-18 16:34:37,873 21866 INFO [requests.packages.urllib3.connectionpool] Starting new HTTPS connection (1): BARBICAN_ENDPOINT
2016-01-18 16:34:38,744 21866 DEBUG [requests.packages.urllib3.connectionpool] "GET /v1/secrets/1657d270-6446-46de-a92c-db51740375e6/payload HTTP/1.1" 500 140
2016-01-18 16:34:38,746 21866 INFO [functionaltests.common.client] Request (user=barbican-admin) (RSATestCase:test_rsa_store_and_get_certificate_secret)
500 GET https://BARBICAN_ENDPOINT/v1/secrets/1657d270-6446-46de-a92c-db51740375e6/payload
Request Headers: {'Content-Type': 'application/json', 'Connection': 'keep-alive', 'Accept': 'application/octet-stream', 'User-Agent': 'python-requests/2.9.1', 'X-Project-Id': u'802958', 'X-Auth-Token': u'AACBlgbKj75km-DQTfF_0eUcEQ7BUgB_r7plXOXJraN5bYqY9PZfA1qKhrOgRwa_uU3owwMx1Jepo9PZGLabtF28VTRyWc6swpNpCnqrQFSxTpzO0MJ17Mwjfwd4BTOjCCI0FCWqbZ4bqg'}
Request Body: None
Response: {"code": 500, "description": "Secret payload retrieval failure seen - please contact site administrator.", "title": "Internal Server Error"}
2016-01-18 16:34:38,749 21866 INFO [requests.packages.urllib3.connectionpool] Starting new HTTPS connection (1): BARBICAN_ENDPOINT
2016-01-18 16:34:39,234 21866 DEBUG [requests.packages.urllib3.connectionpool] "DELETE /v1/secrets/1657d270-6446-46de-a92c-db51740375e6 HTTP/1.1" 204 0
2016-01-18 16:34:39,236 21866 INFO [functionaltests.common.client] Request (user=barbican-admin) (RSATestCase:tearDown)
204 DELETE https://BARBICAN_ENDPOINT/v1/secrets/1657d270-6446-46de-a92c-db51740375e6
Request Headers: {'Content-Type': 'application/json', 'Connection': 'keep-alive', 'Accept': 'application/json', 'X-Auth-Token': u'AACBlgbKj75km-DQTfF_0eUcEQ7BUgB_r7plXOXJraN5bYqY9PZfA1qKhrOgRwa_uU3owwMx1Jepo9PZGLabtF28VTRyWc6swpNpCnqrQFSxTpzO0MJ17Mwjfwd4BTOjCCI0FCWqbZ4bqg', 'Content-Length': '0', 'Accept-Encoding': 'gzip, deflate', 'X-Project-Id': u'802958', 'User-Agent': 'python-requests/2.9.1'}
Request Body: None
Response:
2016-01-18 16:34:39,236 21866 INFO [functionaltests.api.v1.functional.test_rsa:RSATestCase] Finished: test_rsa_store_and_get_certificate_secret
The Barbican log output:
2016-01-18 21:35:15.305 15 INFO barbican.api.controllers.secrets [req-08df6427-a6cd-425c-a42f-21a731f2a327 da6c092657d64fbf99425dc1eef7e0e4 802958 - - -] Created a secret for project: 802958
2016-01-18 21:35:15.312 15 INFO barbican.api.middleware.context [req-08df6427-a6cd-425c-a42f-21a731f2a327 da6c092657d64fbf99425dc1eef7e0e4 802958 - - -] Processed request: 201 Created - POST http://barbican:9311/v1/secrets
172.17.0.3 - - [18/Jan/2016:21:35:15 +0000] "POST /v1/secrets HTTP/1.1" 201 109 "-" "python-requests/2.9.1"
2016-01-18 21:35:16.152 15 ERROR barbican.api.controllers [req-af80365c-bec7-46bc-a037-4699bc84f00b da6c092657d64fbf99425dc1eef7e0e4 802958 - - -] Secret payload retrieval failure seen - please contact site administrator.
2016-01-18 21:35:16.152 15 ERROR barbican.api.controllers Traceback (most recent call last):
2016-01-18 21:35:16.152 15 ERROR barbican.api.controllers File "/usr/lib/python2.7/site-packages/barbican/api/controllers/__init__.py", line 104, in handler
2016-01-18 21:35:16.152 15 ERROR barbican.api.controllers return fn(inst, *args, **kwargs)
2016-01-18 21:35:16.152 15 ERROR barbican.api.controllers File "/usr/lib/python2.7/site-packages/barbican/api/controllers/__init__.py", line 90, in enforcer
2016-01-18 21:35:16.152 15 ERROR barbican.api.controllers return fn(inst, *args, **kwargs)
2016-01-18 21:35:16.152 15 ERROR barbican.api.controllers File "/usr/lib/python2.7/site-packages/barbican/api/controllers/secrets.py", line 168, in payload
2016-01-18 21:35:16.152 15 ERROR barbican.api.controllers **kwargs
2016-01-18 21:35:16.152 15 ERROR barbican.api.controllers File "/usr/lib/python2.7/site-packages/barbican/api/controllers/secrets.py", line 146, in _on_get_secret_payload
2016-01-18 21:35:16.152 15 ERROR barbican.api.controllers transport_key)
2016-01-18 21:35:16.152 15 ERROR barbican.api.controllers File "/usr/lib/python2.7/site-packages/barbican/plugin/resources.py", line 129, in get_secret
2016-01-18 21:35:16.152 15 ERROR barbican.api.controllers retrieve_plugin, secret_metadata, secret_model, project_model)
2016-01-18 21:35:16.152 15 ERROR barbican.api.controllers File "/usr/lib/python2.7/site-packages/barbican/plugin/resources.py", line 311, in _get_secret
2016-01-18 21:35:16.152 15 ERROR barbican.api.controllers context)
2016-01-18 21:35:16.152 15 ERROR barbican.api.controllers File "/usr/lib/python2.7/site-packages/barbican/plugin/store_crypto.py", line 135, in get_secret
2016-01-18 21:35:16.152 15 ERROR barbican.api.controllers context.project_model.external_id)
2016-01-18 21:35:16.152 15 ERROR barbican.api.controllers File "/usr/lib/python2.7/site-packages/barbican/plugin/crypto/p11_crypto.py", line 139, in decrypt
2016-01-18 21:35:16.152 15 ERROR barbican.api.controllers kek, iv, decrypt_dto.encrypted, session
2016-01-18 21:35:16.152 15 ERROR barbican.api.controllers File "/usr/lib/python2.7/site-packages/barbican/plugin/crypto/pkcs11.py", line 427, in decrypt
2016-01-18 21:35:16.152 15 ERROR barbican.api.controllers self._check_error(rv)
2016-01-18 21:35:16.152 15 ERROR barbican.api.controllers File "/usr/lib/python2.7/site-packages/barbican/plugin/crypto/pkcs11.py", line 560, in _check_error
2016-01-18 21:35:16.152 15 ERROR barbican.api.controllers code=ERROR_CODES.get(value, 'CKR_????')))
2016-01-18 21:35:16.152 15 ERROR barbican.api.controllers P11CryptoPluginException: HSM returned response code: 0x150L CKR_BUFFER_TOO_SMALL
2016-01-18 21:35:16.152 15 ERROR barbican.api.controllers
2016-01-18 21:35:16.171 15 INFO barbican.api.middleware.context [req-af80365c-bec7-46bc-a037-4699bc84f00b da6c092657d64fbf99425dc1eef7e0e4 802958 - - -] Processed request: 500 Internal Server Error - GET http://barbican:9311/v1/secrets/1657d270-6446-46de-a92c-db51740375e6/payload
172.17.0.3 - - [18/Jan/2016:21:35:16 +0000] "GET /v1/secrets/1657d270-6446-46de-a92c-db51740375e6/payload HTTP/1.1" 500 140 "-" "-"
2016-01-18 21:35:16.669 15 INFO barbican.api.controllers.secrets [req-33030742-1133-4776-a21f-a5e068dbe090 da6c092657d64fbf99425dc1eef7e0e4 802958 - - -] Deleted secret for project: 802958
2016-01-18 21:35:16.676 15 INFO barbican.api.middleware.context [req-33030742-1133-4776-a21f-a5e068dbe090 da6c092657d64fbf99425dc1eef7e0e4 802958 - - -] Processed request: 204 No Content - DELETE http://barbican:9311/v1/secrets/1657d270-6446-46de-a92c-db51740375e6
172.17.0.3 - - [18/Jan/2016:21:35:16 +0000] "DELETE /v1/secrets/1657d270-6446-46de-a92c-db51740375e6 HTTP/1.1" 204 - "-" "-"
https:/ /review. openstack. org/#/c/ 269913/