New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Configs V1 API is faulty when using encryption-plugin #12046
Comments
看了一下,发现在逻辑上确实存在点问题(在存在加密插件情况下): 问题貌似主要在v1版本接口,看下v1版本接口要不要和v2版本接口对齐,都不接受前端传递的 |
Yeah, and I would also like to make some additions about the current strategies for these three situations:
It is possible that the strategies are different due to different versions and services, but currently, there is a problem with the cooperation between console-ui and v1 API, which is this issue. 是的,我想再具体一下你说的这三个情况目前的策略:
有可能因为版本以及面向的服务不同,策略有所不同,但目前看,console-ui和v1 API的配合上,是有问题的。 |
这里v1 v2版本的后端处理接口不一致,是一个问题。 |
Thanks for your answer.According to your reply, can I understand it this way:
感谢,按照这个说法,是否可以这么理解:
|
是应该这样处理,每个接口当前上层调用的入口不一致,所以逻辑没有统一,是需要统一下,我翻了下开源的console-ui的配置更新前端代码,好像没有看到前端会传encryptedDataKey 这个字段,你是修改了前端的代码么 |
No, I just used the official Docker image 没有哦,我用的官方的Docker镜像 |
这里有个问题,目前控制台传递的 |
In his opinion,what I understand is that console-ui do not need to send the 我理解他的意见是 console-ui 传递的 |
理解了。那你能提个pr?做两个事情:
|
OK,I will resolve it. :-) |
…encryption in v2 API (same as the v1 API)
Describe the bug
I have customized an encryption method through encryption SPI. When I create a config on console at first time, I found it work well, but getting error when I update it.
By debugging the code, I find there are some bugs in
com.alibaba.nacos.config.server.controller.ConfigController#publishConfig
when I add a config on console, the request body do not contain
encryptedDataKey
field, so the method will callEncryptionHandler.encryptHandler(dataId, content)
to encrypt data ,then it will obtain the encrypted data andencryptedDataKey
. it can work well.However, when I try to update this config, the console will send
encryptedDataKey
field, and the method only assignencryptedDataKey
toencryptedDataKeyFinal
. In the following logic, data which is unencrypted and theencryptedDataKey
used in previous will be used incom.alibaba.nacos.config.server.service.ConfigOperationService#publishConfig
.because of it, the data is unencrypted when it is stored in database as well as published to the client, and there may be causing exception if the client decrypt the unencrypted data byencryptedDataKey
.This problem can also be repeated by using official plugin(https://github.com/nacos-group/nacos-plugin/tree/develop/nacos-encryption-plugin-ext), which cause
DecoderException
. (Although it does not affect the actual business because of catching, I think it is a problem because the encryption and decryption function is disabled, which is not in line with expectations)By contrast, v2 API(
com.alibaba.nacos.config.server.controller.v2.ConfigControllerV2#publishConfig
) do not have this problem because the data will be encrypted at any time. However, the console UI uses the v1 API.BTW, I try to fix this bug by removing the if condition, but I found it was added on 26 May,2023(Revision Number 505c90b), which was about #10533 ,and the commit message did not explain why change it in this way.
So, is it a bug? If so, what is the community's opinion on how to solve this issue?
Thanks.
Expected behavior
A clear and concise description of what you expected to happen.
Whether I am creating or updating, the encryption plugin should work correctly.
Actually behavior
A clear and concise description of what you actually to happen.
It worked well when creating the config, but it didn't seem to work properly when updating it
How to Reproduce
Steps to reproduce the behavior:
Desktop (please complete the following information):
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: