Merge pull request #127 from mkanoor/log_decryption_error

Log encryption failures
ManageIQ · Dec 11, 2017 · bcc9490 · bcc9490
2 parents 4c47675 + 3bc9a53
commit bcc9490
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 1 deletion.
diff --git a/lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_object.rb b/lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_object.rb
@@ -545,7 +545,7 @@ def self.convert_value_based_on_datatype(value, datatype)
       return value.to_i                                      if datatype == 'integer' || datatype == 'Fixnum'
       return value.to_f                                      if datatype == 'float' || datatype == 'Float'
       return value.gsub(/[\[\]]/, '').strip.split(/\s*,\s*/)  if datatype == 'array' && value.class == String
-      return MiqAePassword.new(MiqAePassword.decrypt(value)) if datatype == 'password'
+      return decrypt_password(value) if datatype == 'password'
 
       if datatype &&
          (service_model = "MiqAeMethodService::MiqAeService#{SM_LOOKUP[datatype]}".safe_constantize)
@@ -558,6 +558,14 @@ def self.convert_value_based_on_datatype(value, datatype)
       value
     end
 
+    def self.decrypt_password(value)
+      MiqAePassword.new(MiqAePassword.decrypt(value))
+    rescue MiqPassword::MiqPasswordError => err
+      $miq_ae_logger.error("Error decrypting password #{err.message}. Possible cause: Password value was encrypted with a different encryption key")
+      raise
+    end
+    private_class_method :decrypt_password
+
     def process_assertion(f, message, args)
       Benchmark.current_realtime[:assertion_count] += 1
       Benchmark.realtime_block(:assertion_time) do

diff --git a/lib/miq_automation_engine/engine/miq_ae_method_service/miq_ae_service.rb b/lib/miq_automation_engine/engine/miq_ae_method_service/miq_ae_service.rb
@@ -91,6 +91,7 @@ def instantiate(uri)
       return nil if obj.nil?
       MiqAeServiceObject.new(obj, self)
     rescue => e
+      $miq_ae_logger.error("instantiate failed : #{e.message}")
       return nil
     end
 

diff --git a/spec/miq_ae_object_spec.rb b/spec/miq_ae_object_spec.rb
@@ -300,3 +300,20 @@ def value_match(value, xml_value)
     end
   end
 end
+
+describe MiqAeEngine::MiqAeObject do
+  context "password" do
+    let(:p45) { "Pneumonoultramicroscopicsilicovolcanoconiosis" }
+    let(:p45_encrypted) { MiqAePassword.encrypt(p45) }
+
+    it "can decrypt passwords" do
+      expect(described_class.convert_value_based_on_datatype(p45_encrypted, 'password').encStr).to eq(p45_encrypted)
+    end
+
+    it "raises exception for bogus passwords" do
+      expect do
+        described_class.convert_value_based_on_datatype('gobbledygook', 'password')
+      end.to raise_exception(MiqPassword::MiqPasswordError)
+    end
+  end
+end