heat : ensure DB user creds aren't written decrypted

Return the decrypted user_creds record as a dict copy and do not decrypt the credentials direct into the sqlalchemy model object, or we can inadvertently end up committing decrypted credentials to the DB Ref #218 Change-Id: I0df9afcb271804557c94cdf0c913f7a26affdc83 Signed-off-by: Steven Hardy <shardy@redhat.com>
2012-09-19 11:48:29 +01:00 · 2012-09-19 11:48:29 +01:00 · 73a8743367
parent 52f5d7c7fe
commit 73a8743367
2 changed files with 8 additions and 6 deletions
--- a/heat/db/sqlalchemy/api.py
+++ b/heat/db/sqlalchemy/api.py
@ -211,11 +211,13 @@ def user_creds_create(values):


 def user_creds_get(user_creds_id):
-    result = model_query(None, models.UserCreds).get(user_creds_id)
-    result.password = auth.decrypt(result.password)
-    result.service_password = auth.decrypt(result.service_password)
-    result.aws_creds = auth.decrypt(result.aws_creds)
-
+    db_result = model_query(None, models.UserCreds).get(user_creds_id)
+    # Return a dict copy of db results, do not decrypt details into db_result
+    # or it can be committed back to the DB in decrypted form
+    result = dict(db_result)
+    result['password'] = auth.decrypt(result['password'])
+    result['service_password'] = auth.decrypt(result['service_password'])
+    result['aws_creds'] = auth.decrypt(result['aws_creds'])
    return result


--- a/heat/engine/manager.py
+++ b/heat/engine/manager.py
@ -443,7 +443,7 @@ class EngineManager(manager.Manager):
            if s and s.status in (parser.Stack.CREATE_COMPLETE,
                                  parser.Stack.UPDATE_COMPLETE):
                user_creds = db_api.user_creds_get(s.user_creds_id)
-                ctxt = ctxtlib.RequestContext.from_dict(dict(user_creds))
+                ctxt = ctxtlib.RequestContext.from_dict(user_creds)
                stack = parser.Stack.load(ctxt, s.id)
                for a in wr.rule[watchrule.WatchRule.ACTION_MAP[new_state]]:
                    greenpool.spawn_n(stack[a].alarm)