From bd52e4bb220986101d76b767ac8c40504baf18ed Mon Sep 17 00:00:00 2001
From: Wayne Witzel III <wayne@riotousliving.com>
Date: Tue, 20 Jun 2017 10:38:34 -0400
Subject: [PATCH] allow conf.settings to fallback to old encryption methods so
 settings work during migrations

---
 awx/conf/settings.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/awx/conf/settings.py b/awx/conf/settings.py
index 68f63070e3..57bd9b26fe 100644
--- a/awx/conf/settings.py
+++ b/awx/conf/settings.py
@@ -22,6 +22,7 @@ from awx.main.utils import encrypt_field, decrypt_field
 from awx.main.utils.db import get_tower_migration_version
 from awx.conf import settings_registry
 from awx.conf.models import Setting
+from awx.conf.migrations._reencrypt import decrypt_field as old_decrypt_field
 
 # FIXME: Gracefully handle when settings are accessed before the database is
 # ready (or during migrations).
@@ -245,7 +246,13 @@ class SettingsWrapper(UserSettingsHolder):
             if settings_to_cache[setting.key] != SETTING_CACHE_NOTSET:
                 continue
             if self.registry.is_setting_encrypted(setting.key):
-                value = decrypt_field(setting, 'value')
+                try:
+                    value = decrypt_field(setting, 'value')
+                except ValueError, e:
+                    #TODO: Remove in Tower 3.3
+                    logger.debug('encountered error decrypting field: %s - attempting fallback to old', e)
+                    value = old_decrypt_field(setting, 'value')
+
             else:
                 value = setting.value
             settings_to_cache[setting.key] = get_cache_value(value)