From 6eb093f4ecbaea62aa51b1dfd15f68f34d9c2d9b Mon Sep 17 00:00:00 2001 From: Konstantin Voschanov Date: Wed, 16 Dec 2020 15:11:02 +0300 Subject: [PATCH 1/2] ADCM-1331 fix migration witch password encryption --- .../cm/migrations/0058_encrypt_passwords.py | 35 ++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/python/cm/migrations/0058_encrypt_passwords.py b/python/cm/migrations/0058_encrypt_passwords.py index 6036ec9cb2..cf627837ca 100644 --- a/python/cm/migrations/0058_encrypt_passwords.py +++ b/python/cm/migrations/0058_encrypt_passwords.py @@ -12,7 +12,10 @@ import json from django.db import migrations -from cm.adcm_config import process_password, obj_to_dict +from cm.adcm_config import ansible_encrypt_and_format, obj_to_dict + + +from cm.logger import log def get_prototype_config(proto, PrototypeConfig): @@ -32,8 +35,34 @@ def get_prototype_config(proto, PrototypeConfig): return spec +def process_password(spec, conf): + def update_password(passwd): + if '$ANSIBLE_VAULT;' in passwd: + return passwd + return ansible_encrypt_and_format(passwd) + + for key in conf: + if key not in spec: + continue + if 'type' in spec[key]: + if spec[key]['type'] == 'password' and conf[key]: + conf[key] = update_password(conf[key]) + else: + if not conf[key]: + continue + for subkey in conf[key]: + if subkey not in spec[key]: + continue + if spec[key][subkey]['type'] == 'password' and conf[key][subkey]: + conf[key][subkey] = update_password(conf[key][subkey]) + return conf + + + def process_objects(obj, ConfigLog, PrototypeConfig): spec = get_prototype_config(obj.prototype, PrototypeConfig) + if not spec: + return for cl in ConfigLog.objects.filter(obj_ref=obj.config): conf = json.loads(cl.config) process_password(spec, conf) @@ -41,12 +70,16 @@ def process_objects(obj, ConfigLog, PrototypeConfig): cl.save() + + def encrypt_passwords(apps, schema_editor): ConfigLog = apps.get_model('cm', 'ConfigLog') PrototypeConfig = apps.get_model('cm', 'PrototypeConfig') for model_name in 'Cluster', 'ClusterObject', 'HostProvider', 'Host', 'ADCM': + log.debug('QQ model %s', model_name) Model = apps.get_model('cm', model_name) for obj in Model.objects.filter(config__isnull=False): + log.debug('QQ model %s, obj %s', model_name, obj) process_objects(obj, ConfigLog, PrototypeConfig) From 72847e7a34883a9492eba13d9eb1b2379bc3aac0 Mon Sep 17 00:00:00 2001 From: Konstantin Voschanov Date: Wed, 16 Dec 2020 15:39:46 +0300 Subject: [PATCH 2/2] fix linters --- python/cm/migrations/0058_encrypt_passwords.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/python/cm/migrations/0058_encrypt_passwords.py b/python/cm/migrations/0058_encrypt_passwords.py index cf627837ca..335146adf6 100644 --- a/python/cm/migrations/0058_encrypt_passwords.py +++ b/python/cm/migrations/0058_encrypt_passwords.py @@ -58,7 +58,6 @@ def update_password(passwd): return conf - def process_objects(obj, ConfigLog, PrototypeConfig): spec = get_prototype_config(obj.prototype, PrototypeConfig) if not spec: @@ -70,8 +69,6 @@ def process_objects(obj, ConfigLog, PrototypeConfig): cl.save() - - def encrypt_passwords(apps, schema_editor): ConfigLog = apps.get_model('cm', 'ConfigLog') PrototypeConfig = apps.get_model('cm', 'PrototypeConfig')