infisical icon indicating copy to clipboard operation
infisical copied to clipboard
verified publisher icon Infisical

Can't upgrade KMS

Open atropos112 opened this issue 1 year ago • 1 comments

Describe the bug

Seeing a

Infisical secrets engine is now 10x faster and allows you to encrypt secrets with your own KMS. Upgrade your project to receive these improvements.

message and attempting to upgrade (as suggested) on self hosted version. Running using a helm chart with infisical standalone on version v0.78.1-postgres and am seeing the following in the logs

{
  "level": 50,
  "time": 1723415468323,
  "pid": 1,
  "hostname": "infisical-infisical-standalone-infisical-786b7f496c-4bxv9",
  "severity": "ERROR",
  "err": {
    "type": "DatabaseError",
    "message": "Failed to execute db ops",
    "stack": "Find by id: Failed to execute db ops\n    at Object.findByIdWithAssociatedKms (file:///backend/dist/services/kms/kms-key-dal.mjs:38:13)\n    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n    at async encryptWithKmsKey (file:///backend/dist/services/kms/kms-service.mjs:189:20)\n    at async file:///backend/dist/services/kms/kms-service.mjs:381:34\n    at async file:///backend/dist/lib/knex/index.mjs:36:17",
    "name": "Find by id",
    "error": {
      "type": "DatabaseError",
      "message": "select \"kms_keys\".*, \"internal_kms\".\"id\" as \"internalKmsId\", \"internal_kms\".\"encryptedKey\" as \"internalKmsEncryptedKey\", \"internal_kms\".\"encryptionAlgorithm\" as \"internalKmsEncryptionAlgorithm\", \"internal_kms\".\"version\" as \"internalKmsVersion\", \"internal_kms\".\"id\" as \"internalKmsId\", \"external_kms\".\"id\" as \"externalKmsId\", \"external_kms\".\"provider\" as \"externalKmsProvider\", \"external_kms\".\"encryptedProviderInputs\" as \"externalKmsEncryptedProviderInput\", \"external_kms\".\"status\" as \"externalKmsStatus\", \"external_kms\".\"statusDetails\" as \"externalKmsStatusDetails\", \"organizations\".\"kmsDefaultKeyId\" as \"orgKmsDefaultKeyId\", \"organizations\".\"kmsEncryptedDataKey\" as \"orgKmsEncryptedDataKey\" from \"kms_keys\" inner join \"organizations\" on \"kms_keys\".\"orgId\" = \"organizations\".\"id\" left join \"internal_kms\" on \"kms_keys\".\"id\" = \"internal_kms\".\"kmsKeyId\" left join \"external_kms\" on \"kms_keys\".\"id\" = \"external_kms\".\"kmsKeyId\" where \"kms_keys\".\"id\" = $1 limit $2 - column organizations.kmsEncryptedDataKey does not exist",
      "stack": "error: select \"kms_keys\".*, \"internal_kms\".\"id\" as \"internalKmsId\", \"internal_kms\".\"encryptedKey\" as \"internalKmsEncryptedKey\", \"internal_kms\".\"encryptionAlgorithm\" as \"internalKmsEncryptionAlgorithm\", \"internal_kms\".\"version\" as \"internalKmsVersion\", \"internal_kms\".\"id\" as \"internalKmsId\", \"external_kms\".\"id\" as \"externalKmsId\", \"external_kms\".\"provider\" as \"externalKmsProvider\", \"external_kms\".\"encryptedProviderInputs\" as \"externalKmsEncryptedProviderInput\", \"external_kms\".\"status\" as \"externalKmsStatus\", \"external_kms\".\"statusDetails\" as \"externalKmsStatusDetails\", \"organizations\".\"kmsDefaultKeyId\" as \"orgKmsDefaultKeyId\", \"organizations\".\"kmsEncryptedDataKey\" as \"orgKmsEncryptedDataKey\" from \"kms_keys\" inner join \"organizations\" on \"kms_keys\".\"orgId\" = \"organizations\".\"id\" left join \"internal_kms\" on \"kms_keys\".\"id\" = \"internal_kms\".\"kmsKeyId\" left join \"external_kms\" on \"kms_keys\".\"id\" = \"external_kms\".\"kmsKeyId\" where \"kms_keys\".\"id\" = $1 limit $2 - column organizations.kmsEncryptedDataKey does not exist\n    at Parser.parseErrorMessage (/backend/node_modules/pg-protocol/dist/parser.js:287:98)\n    at Parser.handlePacket (/backend/node_modules/pg-protocol/dist/parser.js:126:29)\n    at Parser.parse (/backend/node_modules/pg-protocol/dist/parser.js:39:38)\n    at Socket.<anonymous> (/backend/node_modules/pg-protocol/dist/index.js:11:42)\n    at Socket.emit (node:events:519:28)\n    at Socket.emit (node:domain:488:12)\n    at addChunk (node:internal/streams/readable:559:12)\n    at readableAddChunkPushByteMode (node:internal/streams/readable:510:3)\n    at Readable.push (node:internal/streams/readable:390:5)\n    at TCP.onStreamRead (node:internal/stream_base_commons:191:23)",
      "length": 132,
      "name": "error",
      "severity": "ERROR",
      "code": "42703",
      "position": "628",
      "file": "parse_relation.c",
      "line": "3722",
      "routine": "errorMissingColumn"
    }
  },
  "msg": "Failed to migrate project to v3: dd5d783a-1610-4c7a-84a1-92f44c06509b"
}

To Reproduce

Steps to reproduce the behavior:

  1. Update to v0.78.1-postgres
  2. Go to UI
  3. Press "Upgrade Project", tick all the boxes and press "Confirm Upgrade"

Expected behavior

For the upgrade to go through smoothly.

Screenshots

n/a

Platform you are having the issue on:

Kubernetes, helm chart, self hosted.

atropos112 avatar Aug 11 '24 22:08 atropos112

@atropos112 It seems your migration have not run. Please ensure the particular version migrations have executed

akhilmhdh avatar Aug 12 '24 07:08 akhilmhdh

You are 100% correct, I.... didn't rtfd's, I am sorry for taking your time.

atropos112 avatar Aug 12 '24 18:08 atropos112