diff options
author | Crag Wolfe <cwolfe@redhat.com> | 2016-08-28 20:33:20 -0400 |
---|---|---|
committer | Crag Wolfe <cwolfe@redhat.com> | 2016-11-28 20:31:49 -0800 |
commit | a673ee2d56ec8bc989673a8ef884d2566abf72d1 (patch) | |
tree | 6cfac77657df1b308d40c6aaa544f36713ff8c79 /heat/objects | |
parent | 0925692ecdc4f13526193ee46df2e2f0262d97dd (diff) | |
download | heat-a673ee2d56ec8bc989673a8ef884d2566abf72d1.tar.gz |
Refactor, add encrypt/decrypt data dict functions to crypt
Just a refactor, no change in functionality.
The functions added to crypt are used to encrypt / decrypt resource
properties data dicts. Note that they should not be used for
encrypting / decrypting other things such as params or user creds
(which are just strings). An intermediate json conversion of each
value in a dict takes place before it is encrypted/decrypted.
Change-Id: Id6bcc90cbf430095719315ac7e9d3e8c9e745012
Diffstat (limited to 'heat/objects')
-rw-r--r-- | heat/objects/resource.py | 16 |
1 files changed, 3 insertions, 13 deletions
diff --git a/heat/objects/resource.py b/heat/objects/resource.py index d95f54aca..0c9b34b03 100644 --- a/heat/objects/resource.py +++ b/heat/objects/resource.py @@ -18,7 +18,6 @@ import collections from oslo_config import cfg -from oslo_serialization import jsonutils from oslo_versionedobjects import base from oslo_versionedobjects import fields import six @@ -104,13 +103,8 @@ class Resource( resource[field] = db_resource[field] if resource.properties_data_encrypted and resource.properties_data: - properties_data = {} - for prop_name, prop_value in resource.properties_data.items(): - method, value = prop_value - decrypted_value = crypt.decrypt(method, value) - prop_string = jsonutils.loads(decrypted_value) - properties_data[prop_name] = prop_string - resource.properties_data = properties_data + decrypted_data = crypt.decrypted_dict(resource.properties_data) + resource.properties_data = decrypted_data resource._context = context resource.obj_reset_changes() @@ -237,11 +231,7 @@ class Resource( @staticmethod def encrypt_properties_data(data): if cfg.CONF.encrypt_parameters_and_properties and data: - result = {} - for prop_name, prop_value in data.items(): - prop_string = jsonutils.dumps(prop_value) - encrypted_value = crypt.encrypt(prop_string) - result[prop_name] = encrypted_value + result = crypt.encrypted_dict(data) return (True, result) return (False, data) |