Hi Djimeli, Thanks for working through this issues. It's a problem indeed with the existing metadata not being set.
I think the solution you propose sounds fair -- let's see if existing non-encrypted metadata can be encrypted whenever the key has been set. I do however, want us to ensure that it does not break the API call and hopefully doesn't make it any slower. You can go ahead with prototyping a solution, we may need to discuss this over a lite-spec (I will explain later) and on your review when it's up. Thanks again. On 5/19/16 7:29 PM, Djimeli Konrad wrote: > Hello Nikhil, > > On 19 May 2016 at 04:11, Nikhil Komawar <[email protected] > <mailto:[email protected]>> wrote: > > > Here's something to get started: > > * Change your tests here glance/tests/functional/__init__.py to > metadata_encryption_key to the value you want to set. > > * See if they pass or fail. > > > I made the change to the test as you suggested and the test still passes. > > I have just found out that "ValueError: Input strings must be a > multiple of 16 in length" and "TypeError: Incorrect padding" are > caused by calling crypt.urlsafe_decrypt(...) on a data that was not > previously encrypted. For example when the metadata_encryption_key is > set, and there is existing data which had not been encrypted, "glance > image-list" would invoke the decrypt function on the data which was > not previously encrypted leading to errors. > > A solution to this may be to encrypt existing data when > metadata_encryption_key is set and decrypt the data if it is reset. I > would like get some more ideas/opinions in this issue. > > Thanks > Konrad -- Thanks, Nikhil
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
