[Bug 1800175] Re: when updating value for an existing kv - Conflict: Secret already has data, cannot modify it

Ryan Beisner 1800175 at bugs.launchpad.net
Fri Oct 26 17:03:42 UTC 2018


This appears to be behavior by-design, ie. secrets are immutable once a
value is set.

Reference (credit: jamespage):

https://github.com/openstack/barbican/blob/1baaacfa3ad9ca4d39c9c5f9a103298758b7d182/barbican/api/controllers/secrets.py#L236

** Changed in: charm-barbican-vault
       Status: New => Invalid

** Changed in: barbican (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to barbican in Ubuntu.
https://bugs.launchpad.net/bugs/1800175

Title:
  when updating value for an existing kv - Conflict: Secret already has
  data, cannot modify it

Status in OpenStack Barbican-Vault Charm:
  Invalid
Status in barbican package in Ubuntu:
  Invalid

Bug description:
  When updating value for an existing kv - "Conflict: Secret already has
  data, cannot modify it"

  1. Create a secret store
  2. Place a value in the secret store successfully
  3. Cannot update the value in the secret store

  
  (clients) 1 ubuntu at beisner-bastion:~/demo$ openstack secret store --name kv_bucket_001
  +---------------+-----------------------------------------------------------------------+
  | Field         | Value                                                                 |
  +---------------+-----------------------------------------------------------------------+
  | Secret href   | http://10.5.0.11:9312/v1/secrets/dfe00045-6adb-4839-9e39-5902a7c966aa |
  | Name          | kv_bucket_001                                                         |
  | Created       | None                                                                  |
  | Status        | None                                                                  |
  | Content types | None                                                                  |
  | Algorithm     | aes                                                                   |
  | Bit length    | 256                                                                   |
  | Secret type   | opaque                                                                |
  | Mode          | cbc                                                                   |
  | Expiration    | None                                                                  |
  +---------------+-----------------------------------------------------------------------+
  (clients) ubuntu at beisner-bastion:~/demo$ openstack secret update http://10.5.0.11:9312/v1/secrets/dfe00045-6adb-4839-9e39-5902a7c966aa "Hello!"
  (clients) ubuntu at beisner-bastion:~/demo$ openstack secret get -d http://10.5.0.11:9312/v1/secrets/dfe00045-6adb-4839-9e39-5902a7c966aa --format value
  Hello!

  (clients) ubuntu at beisner-bastion:~/demo$ openstack secret update http://10.5.0.11:9312/v1/secrets/dfe00045-6adb-4839-9e39-5902a7c966aa "Goodbye!"
  4xx Client error: Conflict: Secret already has data, cannot modify it.
  Conflict: Secret already has data, cannot modify it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-barbican-vault/+bug/1800175/+subscriptions



More information about the Ubuntu-openstack-bugs mailing list