Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-20157

Using s3-storage-v3 provider with KMS always search the key in the default AWS region

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: 6.12.1
    • Fix Version/s: 6.13.0
    • Component/s: Binarystore
    • Labels:
      None
    • Environment:

      AWS EC2, S3, KMS

      Description

      The newly introduced s3-storage-v3 templates do not work when I am trying to integrate KMS encryption in S3. I used the following template:

       

      Steps to reproduce:

       

      Create KMS keys in AWS, or create the custom encrypted keys and upload them to AWS KMS in Oregon region(us-west-2)

       

       

      Create S3 bucket in (us-west-2)

      Install Artifactory v.6.12.1 and configure binarystore.xml file with the following template:

       
       <config version="v2">
       <chain template="s3-storage-v3"/>
       <provider id="s3-storage-v3" type="s3-storage-v3">
       <identity>XXXXXXXXXX</identity>
       <credential>XXXXXXXXXXXXXX</credential>
       <region>us-west-2</region>
       <bucketName>timt</bucketName>
       <refreshCredentials>true</refreshCredentials>
       <kmsServerSideEncryptionKeyId>alias/mykms</kmsServerSideEncryptionKeyId>
       <testConnection>true</testConnection>
       </provider>
       </config>

       I get the following ERROR:

      2019-09-20 19:08:47,733 [art-init] [ERROR] (o.a.w.s.ArtifactoryContextConfigListener:96) - Application could not be initialized: Alias arn:aws:kms:us-east-1:035274893828:alias/mykms is not found. (Service: AWSKMS; Status Code: 400; Error Code: NotFoundException; Request ID: 6ffbc785-976f-48b4-a758-948276898e28)
      java.lang.reflect.InvocationTargetException: null

       

      Caused by: com.amazonaws.services.kms.model.NotFoundException: Alias arn:aws:kms:us-east-1:035274893828:alias/mykms is not found. (Service: AWSKMS; Status Code: 400; Error Code: NotFoundException; Request ID: 6ffbc785-976f-48b4-a758-948276898e28)

      As you can see in the binarystore.xml file I specified the region us-west-2(oregon) I also uploaded the keys to that region as well. And the bucket itself is also in us-west-2, but from the error logs for some reason, it defaults to us-east-1. Not sure why it is happening}}

       

      Also, for the sake of this test I also tried to use us-east-1 region, by creating the bucket, KMS keys in that region and explicitly changing the regions in binratystore.xml file and it failed again, but with different errors:

       

      2019-09-20 19:12:14,832 [art-init] [ERROR] (o.a.w.s.ArtifactoryContextConfigListener:96) - Application could not be initialized: Failed to test connection with S3AwsBinaryProvider server. Reason found mismatch between remote file 9842564d-b3c5-42e5-bf45-5f4bde44 and local file: /var/opt/jfrog/artifactory/data/testProvider-startup/9842564d-b3c5-42e5-bf45-5f4bde442a15
      java.lang.reflect.InvocationTargetException: null

      .

      Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'accessConverters' defined in URL [jar:file:/opt/jfrog/artifactory/tomcat/webapps/artifactory/WEB-INF/lib/artifactory-core-6.12.1.jar!/org/artifactory/security/access/emigrate/AccessConverters.class]: Unsatisfied dependency expressed through constructor parameter 3; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'v6600CreateDefaultBuildAcl': Unsatisfied dependency expressed through method 'setInternalBuildService' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'buildServiceImpl': Unsatisfied dependency expressed through method 'setBuildStoreService' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'buildStoreServiceImpl': Unsatisfied dependency expressed through field 'binaryService'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'binaryServiceImpl': Invocation of init method failed; nested exception is java.lang.RuntimeException: Failed to test connection withS3AwsBinaryProvider, container:timt-test1980
      at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:769)
      at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:218)
      at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1341)
      at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1187)
      at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:555)
      at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:515)
      at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:320)
      at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
      at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:318)
      at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)
      at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:277)
      at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1248)
      at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1168)
      at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:593)
      ... 74 common frames omitted.

      Caused by: java.lang.RuntimeException: Failed to test connection withS3AwsBinaryProvider, container:timt-test1980
      at org.artifactory.addon.filestore.type.CommonCloudProviderMethods.test(CommonCloudProviderMethods.java:73)
      at org.artifactory.addon.filestore.type.s3.S3AwsBinaryProvider.initialize(S3AwsBinaryProvider.java:89)
      at org.jfrog.storage.binstore.providers.builder.BinaryProviderFactory.build(BinaryProviderFactory.java:98)
      at org.jfrog.storage.binstore.providers.builder.BinaryProviderFactory.build(BinaryProviderFactory.java:86)
      at org.jfrog.storage.binstore.providers.builder.BinaryProviderFactory.build(BinaryProviderFactory.java:86)

       

      Even if it works only with the us-east-1, it is still unexpected behavior.

          

        Attachments

        1. 1.jpg
          1.jpg
          95 kB
        2. 1.jpg
          1.jpg
          96 kB

          Activity

            People

            Assignee:
            nadavy Nadav Yogev
            Reporter:
            timt Tim Telman
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: