From 9803da2eb8b51d21b77259747b665aef754b4e5b Mon Sep 17 00:00:00 2001
From: mkanoor <mkanoor@redhat.com>
Date: Fri, 13 Oct 2017 17:43:28 -0400
Subject: [PATCH 1/2] Automate Workspace encrypt/decrypt support

---
 .../engine/miq_ae_engine/miq_ae_reference.rb       |  4 ++--
 spec/miq_ae_reference_spec.rb                      | 14 ++++++++++++--
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_reference.rb b/lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_reference.rb
index 0a7d2c8c0..10b1d46ee 100644
--- a/lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_reference.rb
+++ b/lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_reference.rb
@@ -8,7 +8,7 @@ def self.encode(value)
       elsif /MiqAeMethodService::/ =~ value.class.to_s
         "href_slug::#{value.href_slug}"
       elsif /MiqAePassword/ =~ value.class.to_s
-        "password::#{value}"
+        "password::#{value.encStr}"
       else
         value
       end
@@ -23,7 +23,7 @@ def self.decode(value, user)
         obj = Api::Utils.resource_search_by_href_slug($1, user)
         MiqAeMethodService::MiqAeServiceModelBase.wrap_results(obj)
       elsif value.kind_of?(String) && /password::(.*)/.match(value)
-        MiqAePassword.new(value)
+        MiqAePassword.new(MiqAePassword.decrypt($1))
       else
         value
       end
diff --git a/spec/miq_ae_reference_spec.rb b/spec/miq_ae_reference_spec.rb
index e2d5fcbe5..a007da1a8 100644
--- a/spec/miq_ae_reference_spec.rb
+++ b/spec/miq_ae_reference_spec.rb
@@ -19,10 +19,20 @@
   end
 
   context "passwords" do
-    let(:password) { MiqAePassword.new("smartvm") }
+    let(:user) do
+      FactoryGirl.create(:user_with_group, :userid   => "admin",
+                                           :settings => {:display => { :timezone => "UTC"}})
+    end
+    let(:password) { "ca$hc0w" }
+    let(:miq_password) { MiqAePassword.new(password) }
+    let(:enc_password) { "password::#{miq_password.encStr}" }
 
     it "#encodes a password field" do
-      expect(::MiqAeEngine::MiqAeReference.encode(password)).to eq("password::#{password}")
+      expect(::MiqAeEngine::MiqAeReference.encode(miq_password)).to eq(enc_password)
+    end
+
+    it "#decodes a password field" do
+      expect(::MiqAeEngine::MiqAeReference.decode(enc_password, user).encStr).to eq(miq_password.encStr)
     end
   end
 end

From e5bfc872a089223267bc3f70fff83edee37f2c1d Mon Sep 17 00:00:00 2001
From: mkanoor <mkanoor@redhat.com>
Date: Wed, 25 Oct 2017 16:10:42 -0400
Subject: [PATCH 2/2] Added anchor to regexp

---
 .../engine/miq_ae_engine/miq_ae_reference.rb                  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_reference.rb b/lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_reference.rb
index 10b1d46ee..87d05f399 100644
--- a/lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_reference.rb
+++ b/lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_reference.rb
@@ -19,10 +19,10 @@ def self.decode(value, user)
         value.map { |v| decode(v, user) }
       elsif value.kind_of?(Hash)
         value.each_with_object({}) { |(k, v), hash| hash[k] = decode(v, user) }
-      elsif value.kind_of?(String) && /href_slug::(.*)/.match(value)
+      elsif value.kind_of?(String) && /^href_slug::(.*)/.match(value)
         obj = Api::Utils.resource_search_by_href_slug($1, user)
         MiqAeMethodService::MiqAeServiceModelBase.wrap_results(obj)
-      elsif value.kind_of?(String) && /password::(.*)/.match(value)
+      elsif value.kind_of?(String) && /^password::(.*)/.match(value)
         MiqAePassword.new(MiqAePassword.decrypt($1))
       else
         value