From 22e4a84cf23658917a6e05913fc53c497f09eb8e Mon Sep 17 00:00:00 2001 From: Jason Dunsmore Date: Tue, 19 May 2015 14:50:55 -0500 Subject: [PATCH] Check for encrypted_param_names key in environment If unencrypted data exists in the database, there will be no 'encrypted_param_names' key in the environment. Check for this key before referencing it. Change-Id: Ie8c593818a64d150e815487e1449a52173f1ab5d Closes-Bug: #1456700 --- heat/objects/raw_template.py | 19 +++++++++++-------- heat/tests/test_stack.py | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 8 deletions(-) diff --git a/heat/objects/raw_template.py b/heat/objects/raw_template.py index 805a6d634..d83bf2eb1 100644 --- a/heat/objects/raw_template.py +++ b/heat/objects/raw_template.py @@ -47,14 +47,17 @@ class RawTemplate( tpl[field] = db_tpl[field] # If any of the parameters were encrypted, then decrypt them - parameters = tpl.environment[env_fmt.PARAMETERS] - encrypted_param_names = tpl.environment[env_fmt.ENCRYPTED_PARAM_NAMES] - for param_name in encrypted_param_names: - decrypt_function_name = parameters[param_name][0] - decrypt_function = getattr(crypt, decrypt_function_name) - decrypted_val = decrypt_function(parameters[param_name][1]) - parameters[param_name] = encodeutils.safe_decode(decrypted_val) - tpl.environment[env_fmt.PARAMETERS] = parameters + if env_fmt.ENCRYPTED_PARAM_NAMES in tpl.environment: + parameters = tpl.environment[env_fmt.PARAMETERS] + encrypted_param_names = tpl.environment[ + env_fmt.ENCRYPTED_PARAM_NAMES] + + for param_name in encrypted_param_names: + decrypt_function_name = parameters[param_name][0] + decrypt_function = getattr(crypt, decrypt_function_name) + decrypted_val = decrypt_function(parameters[param_name][1]) + parameters[param_name] = encodeutils.safe_decode(decrypted_val) + tpl.environment[env_fmt.PARAMETERS] = parameters tpl._context = context tpl.obj_reset_changes() diff --git a/heat/tests/test_stack.py b/heat/tests/test_stack.py index 27bfcb71f..aea40a2b6 100644 --- a/heat/tests/test_stack.py +++ b/heat/tests/test_stack.py @@ -2030,6 +2030,42 @@ class StackTest(common.HeatTestCase): self.assertEqual('foo', params.get('param1')) self.assertEqual('bar', params.get('param2')) + def test_parameters_stored_decrypted_successful_load(self): + ''' + Test stack loading with disabled parameter value validation. + ''' + tmpl = template_format.parse(''' + heat_template_version: 2013-05-23 + parameters: + param1: + type: string + description: value1. + param2: + type: string + description: value2. + hidden: true + resources: + a_resource: + type: GenericResourceType + ''') + env1 = environment.Environment({'param1': 'foo', 'param2': 'bar'}) + self.stack = stack.Stack(self.ctx, 'test', + template.Template(tmpl, env=env1)) + cfg.CONF.set_override('encrypt_parameters_and_properties', False) + + # Verify that hidden parameters are stored decrypted + self.stack.store() + db_tpl = db_api.raw_template_get(self.ctx, self.stack.t.id) + db_params = db_tpl.environment['parameters'] + self.assertEqual('foo', db_params['param1']) + self.assertEqual('bar', db_params['param2']) + + # Verify that stack loads without error + loaded_stack = stack.Stack.load(self.ctx, stack_id=self.stack.id) + params = loaded_stack.t.env.params + self.assertEqual('foo', params.get('param1')) + self.assertEqual('bar', params.get('param2')) + class StackKwargsForCloningTest(common.HeatTestCase): scenarios = [