External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-13 11:00:03 -03:30
Code Issues Packages Projects Releases Wiki Activity

reencrypt start_args for UnifiedJobs

Browse Source
This commit is contained in:
Wayne Witzel III 2017-06-09 15:13:54 -04:00
parent 8d96d08510
commit 73fe8dd469
2 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
awx/main/migrations/_reencrypt.py
View File

@ -7,6 +7,7 @@ __all__ = ['replace_aesecb_fernet']
def replace_aesecb_fernet(apps, schema_editor):
_notification_templates(apps)
_credentials(apps)
_unified_jobs(apps)
def _notification_templates(apps):
@ -33,3 +34,15 @@ def _credentials(apps):
except ValueError:
continue
credential.save()
def _unified_jobs(apps):
UnifiedJob = apps.get_model('main', 'UnifiedJob')
for uj in UnifiedJob.objects.all():
if uj.start_args is not None:
try:
start_args = decrypt_field(uj, 'start_args')
uj.start_args = start_args
uj.save()
except ValueError:
continue

19
awx/main/tests/functional/test_reencrypt_migration.py
View File

@ -1,9 +1,11 @@
import json
import pytest
import mock
from django.apps import apps
from awx.main.models import (
UnifiedJob,
NotificationTemplate,
Credential,
)
@ -13,6 +15,7 @@ from awx.conf.migrations._reencrypt import encrypt_field
from awx.main.migrations._reencrypt import (
_notification_templates,
_credentials,
_unified_jobs,
)
from awx.main.utils import decrypt_field
@ -41,8 +44,24 @@ def test_credential_migration():
cred = Credential.objects.create(credential_type=cred_type, inputs=dict(password='test'))
assert cred.password.startswith('$encrypted$AES$')
_credentials(apps)
cred.refresh_from_db()
assert cred.password.startswith('$encrypted$AESCBC$')
assert decrypt_field(cred, 'password') == 'test'
@pytest.mark.django_db
def test_unified_job_migration():
with mock.patch('awx.main.models.base.encrypt_field', encrypt_field):
uj = UnifiedJob.objects.create(launch_type='manual', start_args=json.dumps({'test':'value'}))
assert uj.start_args.startswith('$encrypted$AES$')
_unified_jobs(apps)
uj.refresh_from_db()
assert uj.start_args.startswith('$encrypted$AESCBC$')
assert json.loads(decrypt_field(uj, 'start_args')) == {'test':'value'}