From 73fe8dd4697c95cce8a246761b3af9e7aa8adbee Mon Sep 17 00:00:00 2001
From: Wayne Witzel III <wayne@riotousliving.com>
Date: Fri, 9 Jun 2017 15:13:54 -0400
Subject: [PATCH] reencrypt start_args for UnifiedJobs

---
 awx/main/migrations/_reencrypt.py             | 13 +++++++++++++
 .../functional/test_reencrypt_migration.py    | 19 +++++++++++++++++++
 2 files changed, 32 insertions(+)

diff --git a/awx/main/migrations/_reencrypt.py b/awx/main/migrations/_reencrypt.py
index d115c02943..87c9bbfbe4 100644
--- a/awx/main/migrations/_reencrypt.py
+++ b/awx/main/migrations/_reencrypt.py
@@ -7,6 +7,7 @@ __all__ = ['replace_aesecb_fernet']
 def replace_aesecb_fernet(apps, schema_editor):
     _notification_templates(apps)
     _credentials(apps)
+    _unified_jobs(apps)
 
 
 def _notification_templates(apps):
@@ -33,3 +34,15 @@ def _credentials(apps):
                 except ValueError:
                     continue
         credential.save()
+
+
+def _unified_jobs(apps):
+    UnifiedJob = apps.get_model('main', 'UnifiedJob')
+    for uj in UnifiedJob.objects.all():
+        if uj.start_args is not None:
+            try:
+                start_args = decrypt_field(uj, 'start_args')
+                uj.start_args = start_args
+                uj.save()
+            except ValueError:
+                continue
diff --git a/awx/main/tests/functional/test_reencrypt_migration.py b/awx/main/tests/functional/test_reencrypt_migration.py
index 96cdd49f07..4b54cdbbb6 100644
--- a/awx/main/tests/functional/test_reencrypt_migration.py
+++ b/awx/main/tests/functional/test_reencrypt_migration.py
@@ -1,9 +1,11 @@
+import json
 import pytest
 import mock
 
 from django.apps import apps
 
 from awx.main.models import (
+    UnifiedJob,
     NotificationTemplate,
     Credential,
 )
@@ -13,6 +15,7 @@ from awx.conf.migrations._reencrypt import encrypt_field
 from awx.main.migrations._reencrypt import (
     _notification_templates,
     _credentials,
+    _unified_jobs,
 )
 
 from awx.main.utils import decrypt_field
@@ -41,8 +44,24 @@ def test_credential_migration():
 
         cred = Credential.objects.create(credential_type=cred_type, inputs=dict(password='test'))
 
+    assert cred.password.startswith('$encrypted$AES$')
+
     _credentials(apps)
     cred.refresh_from_db()
 
     assert cred.password.startswith('$encrypted$AESCBC$')
     assert decrypt_field(cred, 'password') == 'test'
+
+
+@pytest.mark.django_db
+def test_unified_job_migration():
+    with mock.patch('awx.main.models.base.encrypt_field', encrypt_field):
+        uj = UnifiedJob.objects.create(launch_type='manual', start_args=json.dumps({'test':'value'}))
+
+    assert uj.start_args.startswith('$encrypted$AES$')
+
+    _unified_jobs(apps)
+    uj.refresh_from_db()
+
+    assert uj.start_args.startswith('$encrypted$AESCBC$')
+    assert json.loads(decrypt_field(uj, 'start_args')) == {'test':'value'}