Fixes #13870 - encrypts specific settings values in db

[amirfefer]

In the following PR the use case came up.

In order to encrypt a setting value, set its encrypted flag to true:

self.set('root_pass', N_("Default encrypted root password on provisioned hosts"), nil, N_('Root password')), nil, {:encrypted => true})

[amirfefer]

Encryptable module encrypts the whole attribute (column), while in some cases there is a need to encrypt a specific field (instance variable). such use cases can be found in settings, and in parameters.
hence encryptable module has splitted into two modules, the first one is encrypt_field, which can be included to models in case of specific fields encryption, and the encryptable which keeps the logic for attribute encryption.

[domcleal]

Nitpick, can you call this EncryptString or similar? "field" has a similar meaning to "attribute" to me, so I was confused for a while with the terminology.

[xprazak2]

Not sure where it comes from, but I get additional characters attached to my desired setting value, when I try to change it through setter:

[amirfefer]

@domcleal An encrypted flag was added to Setting table, instead of using type attribute.

[amirfefer]

[test]

[domcleal]

The failures are on every combination as DB migration from clean is failing, please take a look at the errors.

[domcleal]

Unit test failures remain, please take a look.

Please remember to comment on PRs when you change them, see https://groups.google.com/d/msg/foreman-dev/poyjF8Ig5UE/jaFyZVGOsEUJ.

[amirfefer]

@domcleal Tests are failing because unrelated issue in host#edit.

[domcleal]

Prefer has_attribute?(:encrypted) perhaps? A comment to say why you're performing this check would be useful - I'm assuming it's to enable DB migrations on older versions?

[domcleal]

Prefer && in an expression instead of and.

[domcleal]

Using _() in this context will store the translated message in the database, so it'll be stored in the language of whoever made the change instead of whoever is viewing it.

I think perhaps you want to use _N('[encrypted]') here to only extract it, store the English and then call _(db_value) in the helper for display purposes (when db_value == '[encrypted]').

[domcleal]

ditto, storing a translated string instead of English

[domcleal]

Thanks, that's better, but there aren't any tests for the functionality - please add to test/models/concerns/audit_extensions_test.rb.

[domcleal]

i18n issue with the stored string, and missing unit test for the audit model changes.

[amirfefer]

@domcleal I fixed i18n issue , and added a unit test into Audit model extension.

[domcleal]

Where does [encrypted] get translated in the UI? My last comment here suggested doing it in a UI helper, but I can't see that in this PR. (See #3230 (comment))

[amirfefer]

I just forgot to commit the changes in audits_helper.

[domcleal]

Remove N_() from here, no need to extract a string in a test.

[domcleal]

Thanks, one last thing: the encrypted column itself is being audited so you see it change when this patch is applied, but since it's an internal field it should be excluded. Add it to the audited :exclude list in app/models/settings.rb please.

[amirfefer]

@domcleal I inserted encrypted field to the audited :except list in setting.

[domcleal]

Merged, thanks @amirfefer.