Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-31947

Rotating Access Key for Azure Blob Store Results in 500 Server Error

    Details

    • Type: Bug
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.38.0, 3.37.3
    • Fix Version/s: None
    • Component/s: Azure, Blobstore
    • Labels:
    • Notability:
      3

      Description

      As a security best practice, Microsoft recommends periodically rotating storage access keys (https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage?tabs=azure-portal#manually-rotate-access-keys), however doing so can result in the Blob Store UI failing to load (see fail_blobstore_ui.png attached) and the following warning in the nexus.log:

      2022-04-27 16:32:30,675+0100 WARN [qtp556198592-771] admin org.sonatype.nexus.siesta.internal.UnexpectedExceptionMapper - (ID 1d243db0-3356-4f2d-9075-c838be0842bd) Response: [500] 'ERROR: (ID 1d243db0-3356-4f2d-9075-c838be0842bd) com.azure.storage.blob.models.BlobStorageException: Status code 403, (empty body)'; mapped from: com.azure.storage.blob.models.BlobStorageException: Status code 403, (empty body)

      To reproduce:
      1. Create an Azure blob store.
      2. Rotate the access keys on the Azure side.
      3. Attempt to access the Blob Stores page in the Nexus UI.

      Expected:

      The Blob Stores page should remain accessible, but the specific Azure blob store can be set to a "failed" state so that admins can still access the config and set the new key.

      Workaround:

      Use the REST API, PUT /v1/blobstores/azure/{blobStoreName} to update and set the new access key. Doing so will resolve the broken UI.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              hardeepn Hardeep Nagra
              Last Updated By:
              Hardeep Nagra Hardeep Nagra
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Date of First Response:

                  tigCommentSecurity.panel-title