|
1
|
|
|
# Licensed to the StackStorm, Inc ('StackStorm') under one or more |
|
2
|
|
|
# contributor license agreements. See the NOTICE file distributed with |
|
3
|
|
|
# this work for additional information regarding copyright ownership. |
|
4
|
|
|
# The ASF licenses this file to You under the Apache License, Version 2.0 |
|
5
|
|
|
# (the "License"); you may not use this file except in compliance with |
|
6
|
|
|
# the License. You may obtain a copy of the License at |
|
7
|
|
|
# |
|
8
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0 |
|
9
|
|
|
# |
|
10
|
|
|
# Unless required by applicable law or agreed to in writing, software |
|
11
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS, |
|
12
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
13
|
|
|
# See the License for the specific language governing permissions and |
|
14
|
|
|
# limitations under the License. |
|
15
|
|
|
|
|
16
|
|
|
from oslo_config import cfg |
|
17
|
|
|
|
|
18
|
|
|
from st2common.services.keyvalues import KeyValueLookup |
|
19
|
|
|
from st2common.util.crypto import read_crypto_key, symmetric_decrypt |
|
20
|
|
|
|
|
21
|
|
|
__all__ = [ |
|
22
|
|
|
'decrypt_kv' |
|
23
|
|
|
] |
|
24
|
|
|
|
|
25
|
|
|
|
|
26
|
|
|
def decrypt_kv(value): |
|
27
|
|
|
if isinstance(value, KeyValueLookup): |
|
28
|
|
|
# Since this is a filter the incoming value is still a KeyValueLookup |
|
29
|
|
|
# object as the jinja rendering is not yet complete. So we cast |
|
30
|
|
|
# the KeyValueLookup object to a simple string before decrypting. |
|
31
|
|
|
value = str(value) |
|
32
|
|
|
crypto_key_path = cfg.CONF.keyvalue.encryption_key_path |
|
33
|
|
|
crypto_key = read_crypto_key(key_path=crypto_key_path) |
|
34
|
|
|
return symmetric_decrypt(decrypt_key=crypto_key, ciphertext=value) |
|
35
|
|
|
|
StackStorm /
st2
