Remove unencrypted task args from database

fixes pulp#4546
mdellweg · Oct 27, 2023 · 295c95b · 295c95b
1 parent 4c4d6aa
commit 295c95b
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 8 deletions.
diff --git a/CHANGES/4546.removal b/CHANGES/4546.removal
@@ -0,0 +1 @@
+Removed old unencrypted task arguments from database.
diff --git a/pulpcore/app/migrations/0114_remove_task_args_remove_task_kwargs.py b/pulpcore/app/migrations/0114_remove_task_args_remove_task_kwargs.py
@@ -0,0 +1,47 @@
+# Generated by Django 4.2.4 on 2023-09-11 13:26
+
+from django.db import migrations
+from django.db.models import Q
+from packaging.version import parse as parse_version
+
+from pulpcore.migrations import RequireVersion
+
+
+def encrypt_task_args_up(apps, schema_editor):
+    Task = apps.get_model("core", "Task")
+    batch = []
+    for task in Task.objects.filter(Q(args__is_null=False) | Q(kwargs__is_null=False)):
+        task.enc_args = task.args
+        task.enc_kwargs = task.kwargs
+        coreversion = task.versions.get("core")
+        if coreversion is None or parse_version(coreversion) < parse_version("3.34.0"):
+            task.versions["core"] = "3.34.0"
+
+        batch.append(task)
+        if len(batch) >= 500:
+            Task.bulk_update(batch, fields=["enc_args", "enc_kwargs", "versions"])
+    if batch:
+        Task.bulk_update(batch, fields=["enc_args", "enc_kwargs", "versions"])
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("core", "0113_headercontentguard"),
+    ]
+
+    operations = [
+        RequireVersion("core", "3.34.0"),
+        migrations.RunPython(
+            code=encrypt_task_args_up,
+            reverse_code=migrations.RunPython.noop,
+            elidable=True,
+        ),
+        migrations.RemoveField(
+            model_name="task",
+            name="args",
+        ),
+        migrations.RemoveField(
+            model_name="task",
+            name="kwargs",
+        ),
+    ]
diff --git a/pulpcore/app/models/task.py b/pulpcore/app/models/task.py
@@ -83,12 +83,6 @@ class Task(BaseModel, AutoAddObjPermsMixin):
 
     error = models.JSONField(null=True)
 
-    # These fields should finally be removed in 3.40 by a migration that checks all components are
-    # running at least <version this landed> then copies their values to enc_(kw)args and adds
-    # pulpcore >= <version this landed> in the modified tasks version_requirements.
-    args = models.JSONField(null=True, encoder=DjangoJSONEncoder)
-    kwargs = models.JSONField(null=True, encoder=DjangoJSONEncoder)
-
     enc_args = EncryptedJSONField(null=True, encoder=DjangoJSONEncoder)
     enc_kwargs = EncryptedJSONField(null=True, encoder=DjangoJSONEncoder)
 

diff --git a/pulpcore/tasking/tasks.py b/pulpcore/tasking/tasks.py
@@ -56,8 +56,8 @@ def _execute_task(task):
         module_name, function_name = task.name.rsplit(".", 1)
         module = importlib.import_module(module_name)
         func = getattr(module, function_name)
-        args = task.enc_args or task.args or ()
-        kwargs = task.enc_kwargs or task.kwargs or {}
+        args = task.enc_args or ()
+        kwargs = task.enc_kwargs or {}
         result = func(*args, **kwargs)
         if asyncio.iscoroutine(result):
             _logger.debug(_("Task is coroutine %s"), task.pk)