config: add error logging when fail to decrypt a encrypted global configuration

weizhouapache · weizhouapache · commit 043482e1352f · 2026-05-19T14:34:50.000+02:00
diff --git a/framework/config/src/main/java/org/apache/cloudstack/framework/config/dao/ConfigurationDaoImpl.java b/framework/config/src/main/java/org/apache/cloudstack/framework/config/dao/ConfigurationDaoImpl.java
@@ -174,7 +174,17 @@ public boolean update(String name, String category, String value) {
     @Override
     public String getValue(String name) {
         ConfigurationVO config = findByName(name);
-        return (config == null) ? null : config.getValue();
+        if (config == null) {
+            return null;
+        }
+        try {
+            return config.getValue();
+        } catch (CloudRuntimeException ex) {
+            logger.error("Unable to get global configuration {}: {}. " +
+                    "We expect the value of setting to be encrypted in the database with the Management Server's key, " +
+                    "but we were unable to decrypt it using this key", name, ex.getMessage());
+            throw ex;
+        }
     }
 
     @Override
diff --git a/framework/config/src/main/java/org/apache/cloudstack/framework/config/impl/ConfigDepotImpl.java b/framework/config/src/main/java/org/apache/cloudstack/framework/config/impl/ConfigDepotImpl.java
@@ -286,11 +286,7 @@ protected String getConfigStringValueInternal(Ternary<String, ConfigKey.Scope, L
             }
             return scopedConfigStorage.getConfigValue(scopeId, key);
         }
-        ConfigurationVO configurationVO = _configDao.findById(key);
-        if (configurationVO != null) {
-            return configurationVO.getValue();
-        }
-        return null;
+        return _configDao.getValue(key);
     }
 
     protected Ternary<String, ConfigKey.Scope, Long> getConfigCacheKey(String key, ConfigKey.Scope scope, Long scopeId) {
diff --git a/framework/config/src/main/java/org/apache/cloudstack/framework/config/impl/ConfigurationVO.java b/framework/config/src/main/java/org/apache/cloudstack/framework/config/impl/ConfigurationVO.java
@@ -155,7 +155,7 @@ public void setName(String name) {
 
     @Override
     public String getValue() {
-        if(isEncrypted()) {
+        if (isEncrypted()) {
             return DBEncryptionUtil.decrypt(value);
         } else {
             return value;
diff --git a/framework/config/src/test/java/org/apache/cloudstack/framework/config/impl/ConfigDepotImplTest.java b/framework/config/src/test/java/org/apache/cloudstack/framework/config/impl/ConfigDepotImplTest.java
@@ -77,9 +77,7 @@ public void testIsNewConfig() {
     }
 
     private void runTestGetConfigStringValue(String key, String value) {
-        ConfigurationVO configurationVO = Mockito.mock(ConfigurationVO.class);
-        Mockito.when(configurationVO.getValue()).thenReturn(value);
-        Mockito.when(_configDao.findById(key)).thenReturn(configurationVO);
+        Mockito.when(_configDao.getValue(key)).thenReturn(value);
         String result = configDepotImpl.getConfigStringValue(key, ConfigKey.Scope.Global, null);
         Assert.assertEquals(value, result);
     }
@@ -106,7 +104,7 @@ private void runTestGetConfigStringValueExpiry(long wait, int configDBRetrieval)
         }
         String result = configDepotImpl.getConfigStringValue(key, ConfigKey.Scope.Global, null);
         Assert.assertEquals(value, result);
-        Mockito.verify(_configDao, Mockito.times(configDBRetrieval)).findById(key);
+        Mockito.verify(_configDao, Mockito.times(configDBRetrieval)).getValue(key);
     }
 
     @Test

Original file line number	Diff line number	Diff line change
`@@ -286,11 +286,7 @@ protected String getConfigStringValueInternal(Ternary<String, ConfigKey.Scope, L`
`286`	`286`	`}`
`287`	`287`	`return scopedConfigStorage.getConfigValue(scopeId, key);`
`288`	`288`	`}`
`289`		`- ConfigurationVO configurationVO = _configDao.findById(key);`
`290`		`- if (configurationVO != null) {`
`291`		`- return configurationVO.getValue();`
`292`		`- }`
`293`		`- return null;`
	`289`	`+ return _configDao.getValue(key);`
`294`	`290`	`}`
`295`	`291`
`296`	`292`	`protected Ternary<String, ConfigKey.Scope, Long> getConfigCacheKey(String key, ConfigKey.Scope scope, Long scopeId) {`
Original file line number	Diff line number	Diff line change
`@@ -77,9 +77,7 @@ public void testIsNewConfig() {`
`77`	`77`	`}`
`78`	`78`
`79`	`79`	`private void runTestGetConfigStringValue(String key, String value) {`
`80`		`- ConfigurationVO configurationVO = Mockito.mock(ConfigurationVO.class);`
`81`		`- Mockito.when(configurationVO.getValue()).thenReturn(value);`
`82`		`- Mockito.when(_configDao.findById(key)).thenReturn(configurationVO);`
	`80`	`+ Mockito.when(_configDao.getValue(key)).thenReturn(value);`
`83`	`81`	`String result = configDepotImpl.getConfigStringValue(key, ConfigKey.Scope.Global, null);`
`84`	`82`	`Assert.assertEquals(value, result);`
`85`	`83`	`}`
`@@ -106,7 +104,7 @@ private void runTestGetConfigStringValueExpiry(long wait, int configDBRetrieval)`
`106`	`104`	`}`
`107`	`105`	`String result = configDepotImpl.getConfigStringValue(key, ConfigKey.Scope.Global, null);`
`108`	`106`	`Assert.assertEquals(value, result);`
`109`		`- Mockito.verify(_configDao, Mockito.times(configDBRetrieval)).findById(key);`
	`107`	`+ Mockito.verify(_configDao, Mockito.times(configDBRetrieval)).getValue(key);`
`110`	`108`	`}`
`111`	`109`
`112`	`110`	`@Test`