Details
-
Type:
Bug
-
Status: New
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 3.38.0, 3.37.3
-
Fix Version/s: None
-
Labels:
-
Notability:3
Description
As a security best practice, Microsoft recommends periodically rotating storage access keys (https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage?tabs=azure-portal#manually-rotate-access-keys), however doing so can result in the Blob Store UI failing to load (see fail_blobstore_ui.png attached) and the following warning in the nexus.log:
2022-04-27 16:32:30,675+0100 WARN [qtp556198592-771] admin org.sonatype.nexus.siesta.internal.UnexpectedExceptionMapper - (ID 1d243db0-3356-4f2d-9075-c838be0842bd) Response: [500] 'ERROR: (ID 1d243db0-3356-4f2d-9075-c838be0842bd) com.azure.storage.blob.models.BlobStorageException: Status code 403, (empty body)'; mapped from: com.azure.storage.blob.models.BlobStorageException: Status code 403, (empty body)
To reproduce:
1. Create an Azure blob store.
2. Rotate the access keys on the Azure side.
3. Attempt to access the Blob Stores page in the Nexus UI.
Expected:
The Blob Stores page should remain accessible, but the specific Azure blob store can be set to a "failed" state so that admins can still access the config and set the new key.
Workaround:
Use the REST API, PUT /v1/blobstores/azure/{blobStoreName} to update and set the new access key. Doing so will resolve the broken UI.
Attachments
Issue Links
- relates
-
-
- Closed
-