diff --git a/CHANGES/+enc_task_args.bugfix b/CHANGES/+enc_task_args.bugfix new file mode 100644 index 0000000000..7ecba54cbd --- /dev/null +++ b/CHANGES/+enc_task_args.bugfix @@ -0,0 +1 @@ +Added encryption to task argument fields. diff --git a/pulpcore/app/migrations/0111_task_enc_args_task_enc_kwargs.py b/pulpcore/app/migrations/0111_task_enc_args_task_enc_kwargs.py new file mode 100644 index 0000000000..f8154a6e8a --- /dev/null +++ b/pulpcore/app/migrations/0111_task_enc_args_task_enc_kwargs.py @@ -0,0 +1,28 @@ +# Generated by Django 4.2.4 on 2023-09-04 11:56 + +import django.core.serializers.json +from django.db import migrations +import pulpcore.app.models.fields + + +class Migration(migrations.Migration): + dependencies = [ + ("core", "0110_apiappstatus"), + ] + + operations = [ + migrations.AddField( + model_name="task", + name="enc_args", + field=pulpcore.app.models.fields.EncryptedJSONField( + encoder=django.core.serializers.json.DjangoJSONEncoder, null=True + ), + ), + migrations.AddField( + model_name="task", + name="enc_kwargs", + field=pulpcore.app.models.fields.EncryptedJSONField( + encoder=django.core.serializers.json.DjangoJSONEncoder, null=True + ), + ), + ] diff --git a/pulpcore/app/models/task.py b/pulpcore/app/models/task.py index 05f06a022e..c6bfb5cbdf 100644 --- a/pulpcore/app/models/task.py +++ b/pulpcore/app/models/task.py @@ -19,6 +19,7 @@ GenericRelationModel, ) from pulpcore.app.models.status import BaseAppStatus +from pulpcore.app.models.fields import EncryptedJSONField from pulpcore.constants import TASK_CHOICES, TASK_INCOMPLETE_STATES, TASK_STATES from pulpcore.exceptions import AdvisoryLockError, exception_to_dict from pulpcore.app.util import get_domain_pk, current_task @@ -82,9 +83,15 @@ class Task(BaseModel, AutoAddObjPermsMixin): error = models.JSONField(null=True) + # These fields should finally be removed in 3.40 by a migration that checks all components are + # running at least then copies their values to enc_(kw)args and adds + # pulpcore >= in the modified tasks version_requirements. args = models.JSONField(null=True, encoder=DjangoJSONEncoder) kwargs = models.JSONField(null=True, encoder=DjangoJSONEncoder) + enc_args = EncryptedJSONField(null=True, encoder=DjangoJSONEncoder) + enc_kwargs = EncryptedJSONField(null=True, encoder=DjangoJSONEncoder) + worker = models.ForeignKey("Worker", null=True, related_name="tasks", on_delete=models.SET_NULL) parent_task = models.ForeignKey( diff --git a/pulpcore/tasking/tasks.py b/pulpcore/tasking/tasks.py index ec08af2c5d..25308b3c84 100644 --- a/pulpcore/tasking/tasks.py +++ b/pulpcore/tasking/tasks.py @@ -59,8 +59,8 @@ def _execute_task(task): module_name, function_name = task.name.rsplit(".", 1) module = importlib.import_module(module_name) func = getattr(module, function_name) - args = task.args or () - kwargs = task.kwargs or {} + args = task.enc_args or task.args or () + kwargs = task.enc_kwargs or task.kwargs or {} result = func(*args, **kwargs) if asyncio.iscoroutine(result): _logger.debug(_("Task is coroutine %s"), task.pk) @@ -167,8 +167,8 @@ def dispatch( logging_cid=(get_guid()), task_group=task_group, name=function_name, - args=args, - kwargs=kwargs, + enc_args=args, + enc_kwargs=kwargs, parent_task=Task.current(), reserved_resources_record=resources, versions=versions,