Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improvement/osis 147 stop osis failure on decryption 7.10 #142

Merged
merged 3 commits into from
May 22, 2024
Merged

Improvement/osis 147 stop osis failure on decryption 7.10 #142

merged 3 commits into from
May 22, 2024

Conversation

anurag4DSB
Copy link
Contributor

@anurag4DSB anurag4DSB commented May 22, 2024
edited
Loading

We need this in 7.10.9 as well now so cherry picking from #141

I also changed the codeowners to match that of main

  • Removed user not part of scality
  • Changed mandatory review from Object Squad leads to object Squad

@anurag4DSB
OSIS-147: handle decryption failure for secret key
f9840a0 
Adds the capability of handling decryption faulire for secret key data
stored in redis sentinel by the method `retrieveSecretKey` used by get
and get credentials APIs.
- Does not throw any error for any decryption failure
- Logs all decryption failures
- Removes the keys from Redis automatically for any decryption failure,
  the keys remain in vault and can be used the user if secret key is
  accessible

(cherry picked from commit a76452e)
@anurag4DSB
OSIS-147: bump-OSIS-to-v2.1.3
d88c6ce
@anurag4DSB anurag4DSB requested a review from a team as a code owner May 22, 2024 09:12
fredmnl
fredmnl approved these changes May 22, 2024
View reviewed changes
osis-core/src/main/java/com/scality/osis/service/impl/ScalityOsisServiceImpl.java
} catch (Exception e) {
logger.error("Error: Unable to decrypt secret key data for Redis key: {}. Error details: {}", repoKey, e.getMessage());
logger.debug("Full stack trace:", e);
deleteSecretKey(repoKey);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure this is relevant but should we log something in case this fails?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes we should, in fact we do not log anything for any redis operations.
I created a ticket for this tech debt: https://scality.atlassian.net/browse/S3C-8885

@anurag4DSB anurag4DSB merged commit d2d41a0 into development/2.1 May 22, 2024
3 checks passed
@anurag4DSB anurag4DSB deleted the improvement/OSIS-147-stop-osis-failure-on-decryption-7.10 branch May 22, 2024 09:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nicolas2bert nicolas2bert nicolas2bert approved these changes

@fredmnl fredmnl fredmnl approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@anurag4DSB @nicolas2bert @fredmnl