From fe3e5a48c303699ac3afd4ca6127b44b570cc8e7 Mon Sep 17 00:00:00 2001 From: Wayne Witzel III Date: Wed, 21 Jun 2017 10:43:56 -0400 Subject: [PATCH] Reencrypt during data migrations --- .../migrations/0039_v320_data_migrations.py | 2 ++ awx/main/migrations/0044_v320_reencrypt.py | 16 ---------------- awx/main/migrations/_reencrypt.py | 19 ++++++++++++------- 3 files changed, 14 insertions(+), 23 deletions(-) delete mode 100644 awx/main/migrations/0044_v320_reencrypt.py diff --git a/awx/main/migrations/0039_v320_data_migrations.py b/awx/main/migrations/0039_v320_data_migrations.py index 35a91e3171..fa3d6cc768 100644 --- a/awx/main/migrations/0039_v320_data_migrations.py +++ b/awx/main/migrations/0039_v320_data_migrations.py @@ -8,6 +8,7 @@ from django.db import migrations # AWX from awx.main.migrations import _inventory_source as invsrc from awx.main.migrations import _migration_utils as migration_utils +from awx.main.migrations import _reencrypt class Migration(migrations.Migration): @@ -22,4 +23,5 @@ class Migration(migrations.Migration): migrations.RunPython(invsrc.remove_rax_inventory_sources), migrations.RunPython(invsrc.remove_inventory_source_with_no_inventory_link), migrations.RunPython(invsrc.rename_inventory_sources), + migrations.RunPython(_reencrypt.replace_aesecb_fernet), ] diff --git a/awx/main/migrations/0044_v320_reencrypt.py b/awx/main/migrations/0044_v320_reencrypt.py deleted file mode 100644 index dc72811b71..0000000000 --- a/awx/main/migrations/0044_v320_reencrypt.py +++ /dev/null @@ -1,16 +0,0 @@ -# -*- coding: utf-8 -*- -from __future__ import unicode_literals - -from django.db import migrations -from awx.main.migrations import _reencrypt - - -class Migration(migrations.Migration): - - dependencies = [ - ('main', '0043_v320_instancegroups'), - ] - - operations = [ - migrations.RunPython(_reencrypt.replace_aesecb_fernet), - ] diff --git a/awx/main/migrations/_reencrypt.py b/awx/main/migrations/_reencrypt.py index 03fc2e3d93..ccce05901b 100644 --- a/awx/main/migrations/_reencrypt.py +++ b/awx/main/migrations/_reencrypt.py @@ -1,6 +1,6 @@ +import logging from django.utils.translation import ugettext_lazy as _ -from awx.main import utils from awx.conf.migrations._reencrypt import ( decrypt_field, should_decrypt_field, @@ -13,7 +13,8 @@ from awx.main.notifications.pagerduty_backend import PagerDutyBackend from awx.main.notifications.hipchat_backend import HipChatBackend from awx.main.notifications.webhook_backend import WebhookBackend from awx.main.notifications.irc_backend import IrcBackend -from awx.main.models.credential import Credential + +logger = logging.getLogger('awx.main.migrations') __all__ = ['replace_aesecb_fernet'] @@ -27,6 +28,10 @@ NOTIFICATION_TYPES = [('email', _('Email'), CustomEmailBackend), ('irc', _('IRC'), IrcBackend)] +PASSWORD_FIELDS = ('password', 'security_token', 'ssh_key_data', 'ssh_key_unlock', + 'become_password', 'vault_password', 'secret', 'authorize_password') + + def replace_aesecb_fernet(apps, schema_editor): _notification_templates(apps) _credentials(apps) @@ -47,16 +52,16 @@ def _notification_templates(apps): def _credentials(apps): - # TODO: Try to not use the model directly imported from our - # source (should use apps.get_model) to make the migration less britle. - for credential in Credential.objects.all(): - for field_name, value in credential.inputs.items(): + for credential in apps.get_model('main', 'Credential').objects.all(): + for field_name in PASSWORD_FIELDS: + value = getattr(credential, field_name) if should_decrypt_field(value): value = decrypt_field(credential, field_name) - credential.inputs[field_name] = value + setattr(credential, field_name, value) credential.save() + def _unified_jobs(apps): UnifiedJob = apps.get_model('main', 'UnifiedJob') for uj in UnifiedJob.objects.all():