Secret resolution failure breaks work allocation in server #190
Description
This might need more safety on both plugin and server, but decryption failures in file based secrets (e.g due to encryption with wrong key) here propagate back to the server as a RuntimeException which is then not handled properly and leads to a work allocation loop.
Probably needs fixed in both places.
java.lang.RuntimeException: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise i
f a bad key is used during decryption.
at com.thoughtworks.go.plugin.infra.FelixGoPluginOSGiFramework.executeActionOnTheService(FelixGoPluginOSGiFramework.
java:209)
at com.thoughtworks.go.plugin.infra.FelixGoPluginOSGiFramework.doOn(FelixGoPluginOSGiFramework.java:163)
at com.thoughtworks.go.plugin.infra.DefaultPluginManager.submitTo(DefaultPluginManager.java:131)
at com.thoughtworks.go.plugin.access.PluginRequestHelper.submitRequest(PluginRequestHelper.java:49)
at com.thoughtworks.go.plugin.access.secrets.v1.SecretsExtensionV1.lookupSecrets(SecretsExtensionV1.java:100)
at com.thoughtworks.go.plugin.access.secrets.SecretsExtension.lookupSecrets(SecretsExtension.java:81)
at com.thoughtworks.go.server.service.SecretParamResolver.lambda$lookupAndUpdateSecretParamsValue$1(SecretParamResol
ver.java:187)
at java.base/java.util.HashMap.forEach(Unknown Source)
at com.thoughtworks.go.server.service.SecretParamResolver.resolve(SecretParamResolver.java:178)
at com.thoughtworks.go.server.service.SecretParamResolver.resolve(SecretParamResolver.java:117)
at com.thoughtworks.go.server.service.BuildAssignmentService.lambda$createWork$1(BuildAssignmentService.java:320)
at com.thoughtworks.go.server.transaction.TransactionTemplate.lambda$execute$0(TransactionTemplate.java:31)
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:133)
at com.thoughtworks.go.server.transaction.TransactionTemplate.execute(TransactionTemplate.java:28)
at com.thoughtworks.go.server.service.BuildAssignmentService.lambda$createWork$2(BuildAssignmentService.java:302)
at com.thoughtworks.go.server.transaction.TransactionTemplate.transactionSurrounding(TransactionTemplate.java:60)
at com.thoughtworks.go.server.service.BuildAssignmentService.createWork(BuildAssignmentService.java:286)
at com.thoughtworks.go.server.service.BuildAssignmentService.assignWorkToAgent(BuildAssignmentService.java:186)
at com.thoughtworks.go.server.service.BuildAssignmentService.assignWorkToAgent(BuildAssignmentService.java:165)
at com.thoughtworks.go.server.messaging.scheduling.WorkFinder.onMessage(WorkFinder.java:60)
at com.thoughtworks.go.server.messaging.scheduling.WorkFinder.onMessage(WorkFinder.java:32)
at com.thoughtworks.go.server.messaging.activemq.JMSMessageListenerAdapter.runImpl(JMSMessageListenerAdapter.java:83
)
at com.thoughtworks.go.server.messaging.activemq.JMSMessageListenerAdapter.run(JMSMessageListenerAdapter.java:63)
at java.base/java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues
can arise if a bad key is used during decryption.
at cd.go.plugin.secret.filebased.db.SecretsDatabase.lambda$getSecret$0(SecretsDatabase.java:75)
at java.base/java.util.HashMap.computeIfAbsent(Unknown Source)
at cd.go.plugin.secret.filebased.db.SecretsDatabase.getSecret(SecretsDatabase.java:70)
at cd.go.plugin.secret.filebased.executors.LookupSecretsRequestExecutor.execute(LookupSecretsRequestExecutor.java:57
)
at cd.go.plugin.secret.filebased.executors.LookupSecretsRequestExecutor.execute(LookupSecretsRequestExecutor.java:35
)
at cd.go.plugin.base.executors.secrets.LookupExecutor.execute(LookupExecutor.java:28)
at cd.go.plugin.base.dispatcher.RequestDispatcher.dispatch(RequestDispatcher.java:42)
at cd.go.plugin.secret.filebased.FileBasedSecretsPlugin.handle(FileBasedSecretsPlugin.java:53)
at com.thoughtworks.go.plugin.infra.DefaultPluginManager.lambda$submitTo$0(DefaultPluginManager.java:134)
at com.thoughtworks.go.plugin.infra.FelixGoPluginOSGiFramework.executeActionOnTheService(FelixGoPluginOSGiFramework.
Metadata
Metadata
Assignees
Labels
No labels