mirror of
https://github.com/ansible/awx.git
synced 2026-03-22 03:17:39 -02:30
provide a more helpful error message for secret decryption failures.
see: #6230 see: #6395
This commit is contained in:
Ryan Petrello
@@ -1,14 +1,17 @@
|
|||||||
import base64
|
import base64
|
||||||
import hashlib
|
import hashlib
|
||||||
|
import logging
|
||||||
|
|
||||||
import six
|
import six
|
||||||
from cryptography.fernet import Fernet
|
from cryptography.fernet import Fernet, InvalidToken
|
||||||
|
|
||||||
from django.utils.encoding import smart_str
|
from django.utils.encoding import smart_str
|
||||||
|
|
||||||
|
|
||||||
__all__ = ['get_encryption_key', 'encrypt_field', 'decrypt_field', 'decrypt_value']
|
__all__ = ['get_encryption_key', 'encrypt_field', 'decrypt_field', 'decrypt_value']
|
||||||
|
|
||||||
|
logger = logging.getLogger('awx.main.utils.encryption')
|
||||||
|
|
||||||
|
|
||||||
def get_encryption_key(field_name, pk=None):
|
def get_encryption_key(field_name, pk=None):
|
||||||
'''
|
'''
|
||||||
@@ -83,4 +86,16 @@ def decrypt_field(instance, field_name, subfield=None):
|
|||||||
return value
|
return value
|
||||||
key = get_encryption_key(field_name, getattr(instance, 'pk', None))
|
key = get_encryption_key(field_name, getattr(instance, 'pk', None))
|
||||||
|
|
||||||
return decrypt_value(key, value)
|
try:
|
||||||
|
return decrypt_value(key, value)
|
||||||
|
except InvalidToken:
|
||||||
|
logger.exception(
|
||||||
|
"Failed to decrypt `%s(pk=%s).%s`; if you've recently restored from "
|
||||||
|
"a database backup or are running in a clustered environment, "
|
||||||
|
"check that your `SECRET_KEY` value is correct",
|
||||||
|
instance.__class__.__name__,
|
||||||
|
getattr(instance, 'pk', None),
|
||||||
|
field_name,
|
||||||
|
exc_info=True
|
||||||
|
)
|
||||||
|
raise
|
||||||
|
|||||||
Reference in New Issue
Block a user