- original report: https://hub.mender.io/t/cant-authorize-devices-auth-set-empty-if-identity-too-long/2173/3
- ways to reproduce: all you need is identity data composed of enough identity attributes. the original set, which is enough to trigger this is:
echo "flash_otherdate=2020-01-20T15:16:58Z"; echo "flash_date=2020-07-10T06:52:46Z"; echo "flash_owner=The original caretaker and device owner"; echo "flash_uuid=0485e482-4257-435a-8613-4798a5a2236a"; echo "hw_hardware=BCM2835"; echo "hw_model=Raspberry Pi 3 Model B Plus Rev 1.3"; echo "hw_revision=000000"; echo "hw_serial=0000000000000000"; echo "mac=a4:42:f3:2f:34:88";
what you see in the deviceauth logs:
time="2020-07-10T20:05:43Z" level=error msg="internal error: failed to store device: multiple write errors: [{write errors: [{WiredTigerIndex::insert: key too large to index, failing 1026 { : \"16c9b960-aaf5-442a-8361-d4b166d8fd42\", : \"{\"flash_date\":\"2020-07-10T06:52:46Z\",\"flash_otherdate\":\"2020-01-20T15:16:58Z\",\"flash_owner\":\"The-original-caretaker-and-device-owner\",\"flash_uuid\":\"04...\", : \"-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAtaQGZYq4EPnNapeBmvC0\nN936XkOwreZstE5V0aBspBNIAhPb0+7XJ1tG0ea1b2Udqt8Wxor6M0HVOh...\" }}]}, {<nil>}]" file=response_helpers.go func=rest_utils.RestErrWithLogMsg line=62 request_id=72100726-7eae-4e9e-a68e-3cf5b2b25946
instead of using the whole identity data as index we should calculate and use some message digest.