Skip to content

No longer able to refresh when search_query is empty #409

Description

@ineednewpajamas

Version:

4.1.10

Scenario:

I rotated my default user key with

chef-server-ctl delete-user-key
chef-server-ctl add-user-key

and am no longer able to access vault items even if i'm an admin and i receive this message:

ERROR: ChefVault::Exceptions::SecretDecryption: vault/item is encrypted for you, but your private key failed to decrypt the contents.  (if you regenerated your client key, have an administrator of the vault run 'knife vault refresh')

When I use an administrator to run knife vault refresh vault item, i get:

ERROR: ChefVault::Exceptions::SearchNotFound: vault/item does not have a stored search_query, probably because it was created with an older version of chef-vault. Use 'knife vault update' to update the databag with the search query.

I've read the docs and it does not mandate that search_query is required when creating a vault item, we have items covering the following scenarios:

  1. no client and no search_query (only admin access)
  2. set clients (using -C) and no search_query
  3. search_query

Expected Result:

Able to refresh (or another method) vault items that have no search_query so that my regenerated knife client key has access.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Status: UntriagedAn issue that has yet to be triaged.Type: BugDoes not work as expected.

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions