FixAuth for ConfigurationScript#credentials

agrare · Jan 4, 2024 · 3177d2e · 3177d2e
1 parent 0b3d445
commit 3177d2e
Show file tree

Hide file tree

Showing 4 changed files with 65 additions and 2 deletions.
diff --git a/spec/tools/fix_auth/models/fix_configuration_script_spec.rb b/spec/tools/fix_auth/models/fix_configuration_script_spec.rb
@@ -0,0 +1,38 @@
+$LOAD_PATH << Rails.root.join("tools").to_s
+
+require "fix_auth"
+
+RSpec.describe FixAuth::FixConfigurationScript do
+  let!(:configuration_script) { FactoryBot.create(:configuration_script, :credentials => credentials) }
+  let(:legacy_key) { ManageIQ::Password::Key.new }
+  let(:pass)       { "password" }
+  let(:enc_old)    { ManageIQ::Password.encrypt(pass, legacy_key) }
+  let(:options)    { {:legacy_key => legacy_key, :silent => true} }
+
+  context "with nil credentials" do
+    let(:credentials) { nil }
+
+    it "does nothing" do
+      FixAuth::FixConfigurationScript.run(options)
+      expect(configuration_script.credentials).to be_nil
+    end
+  end
+
+  context "with no v2 encrypted passwords in credentials" do
+    let(:credentials) { {} }
+
+    it "does nothing" do
+      FixAuth::FixConfigurationScript.run(options)
+      expect(configuration_script.credentials).to eq({})
+    end
+  end
+
+  context "with v2 encrypted passwords in credentials" do
+    let(:credentials) { {"foo" => enc_old} }
+
+    it "re-encrypts the passwords" do
+      FixAuth::FixConfigurationScript.run(options)
+      expect(configuration_script.reload.credentials["foo"]).to be_encrypted(pass)
+    end
+  end
+end
diff --git a/spec/tools/fix_auth/models_spec.rb → .../fix_auth/models/fix_database_yml_spec.rb b/spec/tools/fix_auth/models_spec.rb → .../fix_auth/models/fix_database_yml_spec.rb
diff --git a/tools/fix_auth/fix_auth.rb b/tools/fix_auth/fix_auth.rb
@@ -34,8 +34,8 @@ def database
     end
 
     def models
-      [FixAuthentication, FixMiqDatabase, FixMiqAeValue, FixMiqAeField,
-       FixSettingsChange, FixMiqRequest, FixMiqRequestTask]
+      [FixAuthentication, FixConfigurationScript, FixMiqDatabase, FixMiqAeValue,
+       FixMiqAeField, FixSettingsChange, FixMiqRequest, FixMiqRequestTask]
     end
 
     def generate_password

diff --git a/tools/fix_auth/models.rb b/tools/fix_auth/models.rb
@@ -10,6 +10,31 @@ class FixAuthentication < ActiveRecord::Base
     self.inheritance_column = :_type_disabled
   end
 
+  class FixConfigurationScript < ActiveRecord::Base
+    include FixAuth::AuthModel
+    self.table_name = "configuration_scripts"
+    self.password_columns = %w[credentials]
+
+    def self.selection_criteria
+      available_columns.collect do |column|
+        "(#{column}::text like '%v2:{%')"
+      end.join(" OR ")
+    end
+
+    def self.fix_passwords(obj, options)
+      available_columns.each do |column|
+        if (old_value = obj.send(column)).present?
+          old_value.each do |key, val|
+            new_value = recrypt(val, options)
+            old_value[key] = new_value if new_value != val
+          end
+          obj.send("#{column}=", old_value)
+        end
+      end
+      obj
+    end
+  end
+
   class FixMiqDatabase < ActiveRecord::Base
     include FixAuth::AuthModel
     self.table_name = "miq_databases"