From af0b27d762f76ef35d39f26847afeaec6bdbee25 Mon Sep 17 00:00:00 2001 From: git_admin Date: Mon, 27 Apr 2026 08:15:46 +0000 Subject: [PATCH] Tower: upload cetmix_tower_server 16.0.3.0.1 (via marketplace) --- .../migrations/16.0.2.0.0/post-migration.py | 119 ++++++++++++++++++ 1 file changed, 119 insertions(+) create mode 100644 addons/cetmix_tower_server/migrations/16.0.2.0.0/post-migration.py diff --git a/addons/cetmix_tower_server/migrations/16.0.2.0.0/post-migration.py b/addons/cetmix_tower_server/migrations/16.0.2.0.0/post-migration.py new file mode 100644 index 0000000..3c193b6 --- /dev/null +++ b/addons/cetmix_tower_server/migrations/16.0.2.0.0/post-migration.py @@ -0,0 +1,119 @@ +import logging + +from odoo import SUPERUSER_ID, api + +_logger = logging.getLogger(__name__) + + +def migrate(cr, version): + """ + Move SSH credentials, host keys, SSH keys, and secret values + to the vault-backed storage. + + """ + + # 1. SSH password and host key are now stored in secrets + _logger.info("Moving SSH password and host key to vault.") + env = api.Environment(cr, SUPERUSER_ID, {}) + # Read SSH password and host key from servers using SQL query + cr.execute( + """ + SELECT id, ssh_password, host_key + FROM cx_tower_server + WHERE ssh_password IS NOT NULL OR host_key IS NOT NULL + """ + ) + server_records = cr.fetchall() + server_model = env["cx.tower.server"] + success = False + try: + for record in server_records: + _logger.info( + f"Moving SSH password and host key to vault for server {record[0]}" + ) + server_model.browse(record[0]).write( + {"ssh_password": record[1], "host_key": record[2]} + ) + _logger.info("Moving SSH password and host key to vault completed.") + success = True + # Clear SSH password and host key from servers + except Exception as e: + _logger.error(f"Error moving SSH password and host key to vault: {e}") + raise e + finally: + if success: + cr.execute( + """ + UPDATE cx_tower_server + SET ssh_password = NULL, host_key = NULL + WHERE ssh_password IS NOT NULL OR host_key IS NOT NULL + """ + ) + _logger.info("Cleared SSH password and host key from servers.") + + # 2. SSH keys are now stored in secrets + _logger.info("Moving SSH keys to vault.") + success = False + # Read SSH keys from keys using SQL query + cr.execute( + """ + SELECT id, secret_value + FROM cx_tower_key + WHERE key_type = 'k' + """ + ) + ssh_key_records = cr.fetchall() + ssh_key_model = env["cx.tower.key"] + try: + for record in ssh_key_records: + _logger.info(f"Moving SSH key to vault record {record[0]}") + ssh_key_model.browse(record[0]).write({"secret_value": record[1]}) + _logger.info("Moving SSH keys to vault completed.") + success = True + except Exception as e: + _logger.error(f"Error moving SSH keys to vault: {e}") + raise e + finally: + if success: + # Clear SSH key from keys + cr.execute( + """ + UPDATE cx_tower_key + SET secret_value = NULL + WHERE secret_value IS NOT NULL + """ + ) + _logger.info("Cleared SSH key from keys.") + + # 3. Secret values are now stored in secrets + _logger.info("Moving secret values to vault.") + success = False + # Read secret values from key values using SQL query + cr.execute( + """ + SELECT id, secret_value + FROM cx_tower_key_value + """ + ) + secret_value_records = cr.fetchall() + secret_value_model = env["cx.tower.key.value"] + try: + for record in secret_value_records: + _logger.info(f"Moving secret value to vault record {record[0]}") + secret_value_model.browse(record[0]).write({"secret_value": record[1]}) + _logger.info("Moving secret values to vault completed.") + success = True + except Exception as e: + _logger.error(f"Error moving secret values to vault: {e}") + raise e + finally: + if success: + # Clear secret value from key values + cr.execute( + """ + UPDATE cx_tower_key_value + SET secret_value = NULL + WHERE secret_value IS NOT NULL + """ + ) + _logger.info("Cleared secret value from key values.")