Merge pull request #6665 from ansible/fallback-test

Reencrypt during data migrations
2024-11-02 01:21:21 +03:00 · 2017-06-21 12:03:09 -04:00 · 2017-06-21 12:03:09 -04:00 · d39dba9892
commit d39dba9892
parent 79a6cabbbc fe3e5a48c3
3 changed files with 14 additions and 23 deletions
--- a/awx/main/migrations/0039_v320_data_migrations.py
+++ b/awx/main/migrations/0039_v320_data_migrations.py
@ -8,6 +8,7 @@ from django.db import migrations
 # AWX
 from awx.main.migrations import _inventory_source as invsrc
 from awx.main.migrations import _migration_utils as migration_utils
+from awx.main.migrations import _reencrypt


 class Migration(migrations.Migration):
@ -22,4 +23,5 @@ class Migration(migrations.Migration):
        migrations.RunPython(invsrc.remove_rax_inventory_sources),
        migrations.RunPython(invsrc.remove_inventory_source_with_no_inventory_link),
        migrations.RunPython(invsrc.rename_inventory_sources),
+        migrations.RunPython(_reencrypt.replace_aesecb_fernet),
    ]
--- a/awx/main/migrations/0044_v320_reencrypt.py
+++ b/awx/main/migrations/0044_v320_reencrypt.py
@ -1,16 +0,0 @@
-# -*- coding: utf-8 -*-
-from __future__ import unicode_literals
-
-from django.db import migrations
-from awx.main.migrations import _reencrypt
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('main', '0043_v320_instancegroups'),
-    ]
-
-    operations = [
-        migrations.RunPython(_reencrypt.replace_aesecb_fernet),
-    ]
--- a/awx/main/migrations/_reencrypt.py
+++ b/awx/main/migrations/_reencrypt.py
@ -1,6 +1,6 @@
+import logging
 from django.utils.translation import ugettext_lazy as _

-from awx.main import utils
 from awx.conf.migrations._reencrypt import (
    decrypt_field,
    should_decrypt_field,
@ -13,7 +13,8 @@ from awx.main.notifications.pagerduty_backend import PagerDutyBackend
 from awx.main.notifications.hipchat_backend import HipChatBackend
 from awx.main.notifications.webhook_backend import WebhookBackend
 from awx.main.notifications.irc_backend import IrcBackend
-from awx.main.models.credential import Credential
+
+logger = logging.getLogger('awx.main.migrations')

 __all__ = ['replace_aesecb_fernet']

@ -27,6 +28,10 @@ NOTIFICATION_TYPES = [('email', _('Email'), CustomEmailBackend),
                      ('irc', _('IRC'), IrcBackend)]


+PASSWORD_FIELDS = ('password', 'security_token', 'ssh_key_data', 'ssh_key_unlock',
+                   'become_password', 'vault_password', 'secret', 'authorize_password')
+
+
 def replace_aesecb_fernet(apps, schema_editor):
    _notification_templates(apps)
    _credentials(apps)
@ -47,16 +52,16 @@ def _notification_templates(apps):


 def _credentials(apps):
-    # TODO: Try to not use the model directly imported from our
-    # source (should use apps.get_model) to make the migration less britle.
-    for credential in Credential.objects.all():
-        for field_name, value in credential.inputs.items():
+    for credential in apps.get_model('main', 'Credential').objects.all():
+        for field_name in PASSWORD_FIELDS:
+            value = getattr(credential, field_name)
            if should_decrypt_field(value):
                value = decrypt_field(credential, field_name)
-                credential.inputs[field_name] = value
+                setattr(credential, field_name, value)
        credential.save()


+
 def _unified_jobs(apps):
    UnifiedJob = apps.get_model('main', 'UnifiedJob')
    for uj in UnifiedJob.objects.all():