Merge pull request #19006 from carbonin/encrypt_cred_queue_params

Encrypt passwords before putting them on the queue as args

app/models/manageiq/providers/embedded_ansible/automation_manager/credential.rb

@@ -26,6 +26,18 @@ def self.raw_create_in_provider(manager, params)
     create!(create_params)
   end
 
+  def self.password_attribute_keys
+    self::API_ATTRIBUTES.map do |k, v|
+      k if v[:type] == :password
+    end.compact
+  end
+
+  def self.encrypt_queue_params(params)
+    encrypted_params = params.slice(*password_attribute_keys)
+    encrypted_params.transform_values! { |v| ManageIQ::Password.try_encrypt(v) }
+    params.merge(encrypted_params)
+  end
+
   def raw_update_in_provider(params)
     update!(self.class.params_to_attributes(params.except(:task_id, :miq_task_id)))
   end

app/models/manageiq/providers/embedded_ansible/crud_common.rb

@@ -45,11 +45,15 @@ def create_in_provider(manager_id, params)
       end
     end
 
+    def encrypt_queue_params(params)
+      params
+    end
+
     def create_in_provider_queue(manager_id, params, auth_user = nil)
       manager = parent.find(manager_id)
       action = "Creating #{self::FRIENDLY_NAME}"
       action << " (name=#{params[:name]})" if params[:name]
-      queue(manager.my_zone, nil, "create_in_provider", [manager_id, params], action, auth_user)
+      queue(manager.my_zone, nil, "create_in_provider", [manager_id, encrypt_queue_params(params)], action, auth_user)
     end
 
     private
@@ -84,8 +88,12 @@ def update_in_provider(params)
     self
   end
 
+  def encrypt_queue_params(params)
+    self.class.encrypt_queue_params(params)
+  end
+
   def update_in_provider_queue(params, auth_user = nil)
-    queue("update_in_provider", [params], "Updating", auth_user)
+    queue("update_in_provider", [encrypt_queue_params(params)], "Updating", auth_user)
   end
 
   def raw_delete_in_provider