[OPENAM-14172] Amster Export - Persistent cookie Keystore Mapping inconsistency after upgrade to 6.5.0 - ForgeRock JIRA

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 6.5.0
Fix Version/s: 6.5.1, 7.0.0
Component/s: Amster, secrets
Labels:
- EDISON
- UPGRADE

Target Version/s:

6.5.1, 7.0.0

Sprint:
AM Sustaining Sprint 58, AM Sustaining Sprint 59
Story Points:
5
Needs backport:

No

Support Ticket IDs:

Verified Version/s:

6.5.1
Needs QA verification:

Yes
Functional tests:

No
Are the reproduction steps defined?:

Yes and I used the same an in the description

Description

Bug description

am.default.authentication.modules.persistentcookie.encryption changes after upgrade to 6.5 and returns as id code instead of its name. Also am.default.authentication.modules.persistentcookie.signing is missing after upgrade.

How to reproduce the issue

Install 6.5.0 and do an Amster export

Navigate to export650/global/KeyStoreSecretStore/default-keystore/KeyStoreMappings and open the am.default.authentication.modules.persistentcookie.encryption.json

{
  "metadata" : {
    "realm" : null,
    "amsterVersion" : "6.5.0",
    "entityType" : "KeyStoreMappings",
    "entityId" : "am.default.authentication.modules.persistentcookie.encryption",
    "pathParams" : {
      "KeyStoreSecretStore" : "default-keystore"
    }
  },
  "data" : {
    "_id" : "am.default.authentication.modules.persistentcookie.encryption",
    "secretId" : "am.default.authentication.modules.persistentcookie.encryption",
    "aliases" : [ "test" ],
    "_type" : {
      "_id" : "mappings",
      "name" : "Mappings",
      "collection" : true
    }
  }
}

Now install an 5.5.1 instance, upgrade to 6.5.0 and do another amster export

Look for the same secret as before, the file is now named out of the id 49537ca3-dddc-4068-ace0-43c8008e593f.json

{
  "metadata" : {
    "realm" : null,
    "amsterVersion" : "6.5.0",
    "entityType" : "KeyStoreMappings",
    "entityId" : "49537ca3-dddc-4068-ace0-43c8008e593f",
    "pathParams" : {
      "KeyStoreSecretStore" : "default-keystore"
    }
  },
  "data" : {
    "_id" : "49537ca3-dddc-4068-ace0-43c8008e593f",
    "secretId" : "am.default.authentication.modules.persistentcookie.encryption",
    "aliases" : [ "test" ],
    "_type" : {
      "_id" : "mappings",
      "name" : "Mappings",
      "collection" : true
    }
  }
}

Now if you use this export in order to import it to another AM (target instance) with --clean (this fails due to ~~OPENAM-14265~~)

Failed to import /opt/export650/global/KeyStoreSecretStore/default-keystore/KeyStoreMappings/49537ca3-dddc-4068-ace0-43c8008e593f.json  : 400 Bad Request: Invalid config: A mapping for the provided secret ID already exists

Expected behaviour

The entityId of the secret id name should remain the same

Current behaviour

the entityId of the secret id returns as code

Workaround

The workaround when importing the am.default.authentication.modules.persistentcookie.encryption secret (or other secrets) is to delete the secrets from the target instance as --clean doesn't work with secrets ~~OPENAM-14265~~).
It appears that the ID of the entityId and id don't create any issue during or after the import. If you export the secret again, it keeps the entityId and Id as before (e.g 49537ca3-dddc-4068-ace0-43c8008e593 as above).
This JIRA is about fixing the inconsistency of the am.default.authentication.modules.persistentcookie.encryption secret during the upgrade.

Attachments

Issue Links

is duplicated by

OPENAM-14323 Amster Export - Realm Secrets are exported with random UUIDs as filenames

Closed

Activity

People

Assignee:

Kamal Sivanandam

Reporter:

Tasos Kampas

Votes:

0 Vote for this issue

Watchers:

10 Start watching this issue

Dates

Created:

24/Dec/18 4:15 PM

Updated:

25/Mar/19 8:07 AM

Resolved:

05/Feb/19 9:32 PM