jnjpng
@@ -28,30 +28,30 @@ class EnvironmentVariableBase(OrmMetadataBase):
|
||||
# This validator syncs `value` and `value_enc` for backward compatibility:
|
||||
# - If `value_enc` is set but `value` is empty -> populate `value` from decrypted `value_enc`
|
||||
# - If `value` is set but `value_enc` is empty -> populate `value_enc` from encrypted `value`
|
||||
@model_validator(mode="after")
|
||||
def sync_value_and_value_enc(self):
|
||||
"""Sync deprecated `value` field with `value_enc` for backward compatibility."""
|
||||
if self.value_enc and not self.value:
|
||||
# ERROR: This should not happen - all code paths should populate value via async decryption
|
||||
# Log error with stack trace to identify the caller that bypassed async decryption
|
||||
logger.warning(
|
||||
f"Sync decryption fallback triggered for env var key={self.key}. "
|
||||
f"This indicates a code path that bypassed async decryption. Stack trace:\n{''.join(traceback.format_stack())}"
|
||||
)
|
||||
# Decrypt value_enc -> value (for API responses)
|
||||
plaintext = self.value_enc.get_plaintext()
|
||||
if plaintext:
|
||||
self.value = plaintext
|
||||
elif self.value and not self.value_enc:
|
||||
# WARNING: This triggers sync encryption - should use async encryption where possible
|
||||
# Log warning with stack trace to identify the caller
|
||||
logger.warning(
|
||||
f"Sync encryption fallback triggered for env var key={self.key}. "
|
||||
f"This indicates a code path that bypassed async encryption. Stack trace:\n{''.join(traceback.format_stack())}"
|
||||
)
|
||||
# Encrypt value -> value_enc (for backward compat when value is provided directly)
|
||||
self.value_enc = Secret.from_plaintext(self.value)
|
||||
return self
|
||||
# @model_validator(mode="after")
|
||||
# def sync_value_and_value_enc(self):
|
||||
# """Sync deprecated `value` field with `value_enc` for backward compatibility."""
|
||||
# if self.value_enc and not self.value:
|
||||
# # ERROR: This should not happen - all code paths should populate value via async decryption
|
||||
# # Log error with stack trace to identify the caller that bypassed async decryption
|
||||
# logger.warning(
|
||||
# f"Sync decryption fallback triggered for env var key={self.key}. "
|
||||
# f"This indicates a code path that bypassed async decryption. Stack trace:\n{''.join(traceback.format_stack())}"
|
||||
# )
|
||||
# # Decrypt value_enc -> value (for API responses)
|
||||
# plaintext = self.value_enc.get_plaintext()
|
||||
# if plaintext:
|
||||
# self.value = plaintext
|
||||
# elif self.value and not self.value_enc:
|
||||
# # WARNING: This triggers sync encryption - should use async encryption where possible
|
||||
# # Log warning with stack trace to identify the caller
|
||||
# logger.warning(
|
||||
# f"Sync encryption fallback triggered for env var key={self.key}. "
|
||||
# f"This indicates a code path that bypassed async encryption. Stack trace:\n{''.join(traceback.format_stack())}"
|
||||
# )
|
||||
# # Encrypt value -> value_enc (for backward compat when value is provided directly)
|
||||
# self.value_enc = Secret.from_plaintext(self.value)
|
||||
# return self
|
||||
|
||||
|
||||
class EnvironmentVariableCreateBase(LettaBase):
|
||||
|
||||
Reference in New Issue
Block a user