Page MenuHomePhabricator
Create Task
Maniphest T167931

Fatal error when adding a duplicate SSH key
Closed, ResolvedPublic
Actions

Description

LDAP smartly rejects duplicate SSH keys, but we are not catching the error that results so the user sees a fatal instead of a nice message that the key already exists. Probably needs two layers of fixing: check for dups before sending to LDAP and also handle the LDAP errors more gracefully.

2017-06-14T19:39:46Z [138e475e1a324dba8523c9cd63e04dbb] django.request ERROR: Internal Server Error: /profile/settings/ssh-keys/add
Traceback (most recent call last):
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/django/core/handlers/base.py", line 132, in get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/django/contrib/auth/decorators.py", line 22, in _wrapped_view
    return view_func(request, *args, **kwargs)
  File "./striker/profile/views.py", line 120, in ssh_key_add
    ldapuser.save()
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/ldapdb/models/base.py", line 122, in save
    connection.modify_s(self.dn, modlist)
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/ldapdb/backends/ldap/base.py", line 249, in modify_s
    return cursor.connection.modify_s(dn, modlist)
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/ldap/ldapobject.py", line 566, in modify_s
    return self.result(msgid,all=1,timeout=self.timeout)
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/ldap/ldapobject.py", line 669, in result
    resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/ldap/ldapobject.py", line 673, in result2
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/ldap/ldapobject.py", line 680, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/ldap/ldapobject.py", line 687, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/ldap/ldapobject.py", line 263, in _ldap_call
    result = func(*args,**kwargs)
ldap.TYPE_OR_VALUE_EXISTS: {'info': 'sshPublicKey: value #0 provided more than once', 'desc': 'Type or value exists'}

Details

SubjectRepoBranchLines +/-
Tool account creation and morelabs/striker/deploymaster+234 -3
Check to see if ssh key is a duplicatelabs/strikermaster+28 -9
Customize query in gerrit

Related Objects

Event Timeline

bd808 created this task.Jun 14 2017, 10:33 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 14 2017, 10:33 PM
bd808 moved this task from Backlog to Ready on the Striker board.Jul 9 2017, 11:05 PM
gerritbot subscribed.Jul 10 2017, 12:27 AM

Change 364139 had a related patch set uploaded (by BryanDavis; owner: Bryan Davis):
[labs/striker@master] Check to see if ssh key is a duplicate

https://gerrit.wikimedia.org/r/364139

gerritbot added a project: Patch-For-Review.Jul 10 2017, 12:27 AM
bd808 claimed this task.Jul 10 2017, 12:27 AM
bd808 added a project: cloud-services-team (Kanban).
Restricted Application added a project: User-bd808. · View Herald TranscriptJul 10 2017, 12:27 AM
bd808 moved this task from Inbox to Doing on the cloud-services-team (Kanban) board.Jul 10 2017, 12:28 AM
bd808 moved this task from Ready to Doing on the Striker board.
gerritbot added a comment.Aug 13 2017, 7:16 PM

Change 364139 merged by BryanDavis:
[labs/striker@master] Check to see if ssh key is a duplicate

https://gerrit.wikimedia.org/r/364139

gerritbot added a comment.Aug 13 2017, 7:38 PM

Change 370139 had a related patch set uploaded (by BryanDavis; owner: Bryan Davis):
[labs/striker/deploy@master] Tool account creation and more

https://gerrit.wikimedia.org/r/370139

gerritbot added a comment.Aug 23 2017, 3:32 PM

Change 370139 merged by jenkins-bot:
[labs/striker/deploy@master] Tool account creation and more

https://gerrit.wikimedia.org/r/370139

Stashbot mentioned this in T128400: Unable to add service group to service groups.Aug 23 2017, 4:23 PM
Stashbot mentioned this in T149458: Manage shared tool accounts via Striker.
Stashbot mentioned this in T159044: Replace deprecated phabricator conduit api calls in phabricator.py file.
Stashbot mentioned this in T164847: Striker gives fatal error when a SUL account already in use tries to attach to a second LDAP account.
Stashbot subscribed.

Mentioned in SAL (#wikimedia-operations) [2017-08-23T16:23:46Z] <bd808@tin> Started deploy [striker/deploy@2f2dd7c]: Deploying 2f2dd7c "Tool account creation and more" (T128400, T149458, T159044, T164847, T167931, T168480, T173845)

Stashbot mentioned this in T168480: Perform core Cloud Services rebranding.Aug 23 2017, 4:23 PM
Stashbot mentioned this in T173845: Make potential for others to see IP Address for ssh sessions explicit in Toolforge membership request process.

Mentioned in SAL (#wikimedia-operations) [2017-08-23T16:24:26Z] <bd808@tin> Finished deploy [striker/deploy@2f2dd7c]: Deploying 2f2dd7c "Tool account creation and more" (T128400, T149458, T159044, T164847, T167931, T168480, T173845) (duration: 00m 39s)

bd808 closed this task as Resolved.Aug 23 2017, 5:54 PM

Now gives error message "Public key SHA256:<fingerprint> already in use."

bd808 moved this task from Doing to Done on the cloud-services-team (Kanban) board.Aug 24 2017, 12:58 AM
bd808 moved this task from Doing to Done on the Striker board.Aug 24 2017, 7:29 PM
bd808 moved this task from To Do to Done on the User-bd808 board.Jul 15 2020, 9:17 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits