fix a bug in AES -> fernet encryption migration

see: #6747
2026-01-11 18:09:57 -03:30 · 2017-06-27 14:13:52 -04:00 · 2017-06-27 14:13:52 -04:00 · 65ace1f446
commit 65ace1f446
parent 78ba96b541
3 changed files with 9 additions and 5 deletions
--- a/awx/conf/migrations/_reencrypt.py
+++ b/awx/conf/migrations/_reencrypt.py
@ -13,12 +13,14 @@ __all__ = ['replace_aesecb_fernet', 'get_encryption_key', 'encrypt_field',


 def replace_aesecb_fernet(apps, schema_editor):
+    from awx.main.utils.encryption import encrypt_field
    Setting = apps.get_model('conf', 'Setting')

    for setting in Setting.objects.filter().order_by('pk'):
        if settings_registry.is_setting_encrypted(setting.key):
            if should_decrypt_field(setting.value):
                setting.value = decrypt_field(setting, 'value')
+                setting.value = encrypt_field(setting, 'value')
            setting.save()


--- a/awx/main/migrations/_credentialtypes.py
+++ b/awx/main/migrations/_credentialtypes.py
@ -1,6 +1,6 @@
 from awx.main import utils
 from awx.main.models import CredentialType
-from awx.conf.migrations._reencrypt import encrypt_field, decrypt_field
+from awx.main.utils.encryption import encrypt_field, decrypt_field
 from django.db.models import Q


--- a/awx/main/migrations/_reencrypt.py
+++ b/awx/main/migrations/_reencrypt.py
@ -5,6 +5,7 @@ from awx.conf.migrations._reencrypt import (
    decrypt_field,
    should_decrypt_field,
 )
+from awx.main.utils.encryption import encrypt_field

 from awx.main.notifications.email_backend import CustomEmailBackend
 from awx.main.notifications.slack_backend import SlackBackend
@ -46,8 +47,8 @@ def _notification_templates(apps):
        for field in filter(lambda x: notification_class.init_parameters[x]['type'] == "password",
                            notification_class.init_parameters):
            if should_decrypt_field(nt.notification_configuration[field]):
-                value = decrypt_field(nt, 'notification_configuration', subfield=field)
-                nt.notification_configuration[field] = value
+                nt.notification_configuration[field] = decrypt_field(nt, 'notification_configuration', subfield=field)
+                nt.notification_configuration[field] = encrypt_field(nt, 'notification_configuration', subfield=field)
        nt.save()


@ -58,6 +59,7 @@ def _credentials(apps):
            if should_decrypt_field(value):
                value = decrypt_field(credential, field_name)
                setattr(credential, field_name, value)
+                setattr(credential, field_name, encrypt_field(credential, field_name))
        credential.save()


@ -67,6 +69,6 @@ def _unified_jobs(apps):
    for uj in UnifiedJob.objects.all():
        if uj.start_args is not None:
            if should_decrypt_field(uj.start_args):
-                start_args = decrypt_field(uj, 'start_args')
-                uj.start_args = start_args
+                uj.start_args = decrypt_field(uj, 'start_args')
+                uj.start_args = encrypt_field(uj, 'start_args')
                uj.save()