NAS-132265 / 25.04 / VM Device attributes should be encrypted (by Qub…

…ad786) (#14895) * Make vm devices encrypted (cherry picked from commit 5173ee7) * Merge migration --------- Co-authored-by: M. Rehan <[email protected]>
truenas · Nov 7, 2024 · 8c146c7 · 8c146c7
1 parent d125a8a
commit 8c146c7
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 1 deletion.
diff --git a/...iddlewared/alembic/versions/24.10/2024-11-06_12-49_make_vm_device_attributes_encrypted.py b/...iddlewared/alembic/versions/24.10/2024-11-06_12-49_make_vm_device_attributes_encrypted.py
@@ -0,0 +1,39 @@
+"""Make vm device attributes encrypted
+
+Revision ID: b5829f78cec3
+Revises: 8eacd2bb3e18
+Create Date: 2024-11-06 12:49:18.684987+00:00
+
+"""
+import json
+
+from alembic import op
+
+from middlewared.plugins.pwenc import encrypt
+
+# revision identifiers, used by Alembic.
+revision = 'b5829f78cec3'
+down_revision = '8eacd2bb3e18'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+
+    conn = op.get_bind()
+    for device in conn.execute("SELECT * FROM vm_device").fetchall():
+        attributes = json.loads(device['attributes'])
+
+        conn.execute(
+            "UPDATE vm_device SET attributes = ? WHERE id = ?",
+            (encrypt(json.dumps(attributes)), device['id'])
+        )
+
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    pass
+    # ### end Alembic commands ###
diff --git a/src/middlewared/middlewared/alembic/versions/25.04/2024-11-07_20-25_merge.py b/src/middlewared/middlewared/alembic/versions/25.04/2024-11-07_20-25_merge.py
@@ -0,0 +1,20 @@
+"""
+Merge
+
+Revision ID: f077d0ae123d
+Revises: 0ec74f350c66, b5829f78cec3
+Create Date: 2024-11-07 20:25:59.547731+00:00
+"""
+
+revision = 'f077d0ae123d'
+down_revision = ('0ec74f350c66', 'b5829f78cec3')
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    pass
+
+
+def downgrade():
+    pass
diff --git a/src/middlewared/middlewared/plugins/vm/vm_devices.py b/src/middlewared/middlewared/plugins/vm/vm_devices.py
@@ -22,7 +22,7 @@ class VMDeviceModel(sa.Model):
 
     id = sa.Column(sa.Integer(), primary_key=True)
     dtype = sa.Column(sa.String(50))
-    attributes = sa.Column(sa.JSON())
+    attributes = sa.Column(sa.JSON(encrypted=True))
     vm_id = sa.Column(sa.ForeignKey('vm_vm.id'), index=True)
     order = sa.Column(sa.Integer(), nullable=True)