allow conf.settings to fallback to old encryption methods so settings work during migrations

2026-01-16 20:30:46 -03:30 · 2017-06-20 10:38:34 -04:00 · 2017-06-20 10:38:34 -04:00 · bd52e4bb22
commit bd52e4bb22
parent 7111d9232f
1 changed files with 8 additions and 1 deletions
--- a/awx/conf/settings.py
+++ b/awx/conf/settings.py
@ -22,6 +22,7 @@ from awx.main.utils import encrypt_field, decrypt_field
 from awx.main.utils.db import get_tower_migration_version
 from awx.conf import settings_registry
 from awx.conf.models import Setting
+from awx.conf.migrations._reencrypt import decrypt_field as old_decrypt_field

 # FIXME: Gracefully handle when settings are accessed before the database is
 # ready (or during migrations).
@ -245,7 +246,13 @@ class SettingsWrapper(UserSettingsHolder):
            if settings_to_cache[setting.key] != SETTING_CACHE_NOTSET:
                continue
            if self.registry.is_setting_encrypted(setting.key):
-                value = decrypt_field(setting, 'value')
+                try:
+                    value = decrypt_field(setting, 'value')
+                except ValueError, e:
+                    #TODO: Remove in Tower 3.3
+                    logger.debug('encountered error decrypting field: %s - attempting fallback to old', e)
+                    value = old_decrypt_field(setting, 'value')
+
            else:
                value = setting.value
            settings_to_cache[setting.key] = get_cache_value(value)