-
Bug
-
Resolution: Obsolete
-
Major
-
None
-
quay-v3.2.0
After upgrade from Quay 3.1.2 to 3.2.0, sometimes the username and password are not correctly encrypted. This in turn creates the following Python stack trace:
2020-02-03 11:32:58,830 [538] [ERROR] [gunicorn.error] Error handling request /api/v1/repository/baseimages/eap72-openshift/mirror Traceback (most recent call last): File "/opt/rh/python27/root/usr/lib/python2.7/site-packages/gunicorn/workers/base_async.py", line 56, in handle self.handle_request(listener_name, req, client, addr) File "/opt/rh/python27/root/usr/lib/python2.7/site-packages/gunicorn/workers/ggevent.py", line 160, in handle_request addr) File "/opt/rh/python27/root/usr/lib/python2.7/site-packages/gunicorn/workers/base_async.py", line 107, in handle_request respiter = self.wsgi(environ, resp.start_response) File "/opt/rh/python27/root/usr/lib/python2.7/site-packages/flask/app.py", line 2463, in __call__ return self.wsgi_app(environ, start_response) File "/opt/rh/python27/root/usr/lib/python2.7/site-packages/werkzeug/middleware/proxy_fix.py", line 232, in __call__ return self.app(environ, start_response) File "/opt/rh/python27/root/usr/lib/python2.7/site-packages/flask/app.py", line 2449, in wsgi_app response = self.handle_exception(e) File "/opt/rh/python27/root/usr/lib/python2.7/site-packages/flask_restful/__init__.py", line 269, in error_router return original_handler(e) File "/opt/rh/python27/root/usr/lib/python2.7/site-packages/flask/app.py", line 1866, in handle_exception reraise(exc_type, exc_value, tb) File "/opt/rh/python27/root/usr/lib/python2.7/site-packages/flask_restful/__init__.py", line 266, in error_router return self.handle_error(e) File "/opt/rh/python27/root/usr/lib/python2.7/site-packages/flask_restful/utils/cors.py", line 35, in wrapped_function resp = make_response(f(*args, **kwargs)) File "/quay-registry/endpoints/api/__init__.py", line 57, in handle_error return super(ApiExceptionHandlingApi, self).handle_error(error) File "/opt/rh/python27/root/usr/lib/python2.7/site-packages/flask/app.py", line 2446, in wsgi_app response = self.full_dispatch_request() File "/opt/rh/python27/root/usr/lib/python2.7/site-packages/flask/app.py", line 1951, in full_dispatch_request rv = self.handle_user_exception(e) File "/opt/rh/python27/root/usr/lib/python2.7/site-packages/flask_restful/__init__.py", line 269, in error_router return original_handler(e) File "/opt/rh/python27/root/usr/lib/python2.7/site-packages/flask/app.py", line 1820, in handle_user_exception reraise(exc_type, exc_value, tb) File "/opt/rh/python27/root/usr/lib/python2.7/site-packages/flask_restful/__init__.py", line 266, in error_router return self.handle_error(e) File "/opt/rh/python27/root/usr/lib/python2.7/site-packages/flask_restful/utils/cors.py", line 35, in wrapped_function resp = make_response(f(*args, **kwargs)) File "/quay-registry/endpoints/api/__init__.py", line 57, in handle_error return super(ApiExceptionHandlingApi, self).handle_error(error) File "/opt/rh/python27/root/usr/lib/python2.7/site-packages/flask/app.py", line 1949, in full_dispatch_request rv = self.dispatch_request() File "/opt/rh/python27/root/usr/lib/python2.7/site-packages/flask/app.py", line 1935, in dispatch_request return self.view_functions[rule.endpoint](**req.view_args) File "/quay-registry/endpoints/decorators.py", line 180, in wrapper return func(*args, **kwargs) File "/quay-registry/util/metrics/metricqueue.py", line 226, in wrapper rv = func(*args, **kwargs) File "/quay-registry/auth/decorators.py", line 56, in wrapper return func(*args, **kwargs) File "/opt/rh/python27/root/usr/lib/python2.7/site-packages/flask_restful/utils/cors.py", line 35, in wrapped_function resp = make_response(f(*args, **kwargs)) File "/quay-registry/endpoints/csrf.py", line 69, in wrapper resp = func(*args, **kwargs) File "/opt/rh/python27/root/usr/lib/python2.7/site-packages/flask_restful/__init__.py", line 458, in wrapper resp = resource(*args, **kwargs) File "/opt/rh/python27/root/usr/lib/python2.7/site-packages/flask/views.py", line 89, in view return self.dispatch_request(*args, **kwargs) File "/opt/rh/python27/root/usr/lib/python2.7/site-packages/flask_restful/__init__.py", line 573, in dispatch_request resp = meth(*args, **kwargs) File "/quay-registry/endpoints/decorators.py", line 127, in wrapper return func(*args, **kwargs) File "/quay-registry/endpoints/api/__init__.py", line 238, in wrapper return func(namespace, repository, *args, **kwargs) File "/quay-registry/endpoints/decorators.py", line 107, in wrapper return func(*args, **kwargs) File "/quay-registry/endpoints/api/__init__.py", line 292, in wrapped return func(self, namespace, repository, *args, **kwargs) File "/quay-registry/endpoints/api/__init__.py", line 462, in wrapped resp = func(self, *args, **kwargs) File "/quay-registry/endpoints/api/mirror.py", line 225, in get username = self._decrypt_username(mirror.external_registry_username) File "/quay-registry/endpoints/api/mirror.py", line 535, in _decrypt_username return username.decrypt() File "/quay-registry/data/fields.py", line 105, in decrypt return encrypter.decrypt_value(self.encrypted_value) File "/quay-registry/data/encryption.py", line 90, in decrypt_value return _VERSIONS[version_prefix].decrypt(self._secret_key, data) File "/quay-registry/data/encryption.py", line 46, in _decrypt_ccm raise DecryptionFailureException() DecryptionFailureException
which in turn ends up with a 500 in Quay's UI. The solution would be to clean credentials if they can't be decrypted correctly so that Quay does not return a 500.
- is duplicated by
-
-
- Closed
-
