From 6bdcd55508de858875a7a452a91935118cf85c5d Mon Sep 17 00:00:00 2001 From: cfpipeline Date: Thu, 29 Oct 2020 11:44:41 +0000 Subject: [PATCH] Added Python version validation before update kms decrypt output --- stacker/lookups/handlers/kms.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/stacker/lookups/handlers/kms.py b/stacker/lookups/handlers/kms.py index ba80d2779..1a516f3d9 100644 --- a/stacker/lookups/handlers/kms.py +++ b/stacker/lookups/handlers/kms.py @@ -2,6 +2,7 @@ from __future__ import division from __future__ import absolute_import import codecs +import sys from stacker.session_cache import get_session from . import LookupHandler @@ -63,5 +64,12 @@ def handle(cls, value, **kwargs): # get raw but still encrypted value from base64 version. decoded = codecs.decode(value, 'base64') + # check python version in your system + python3_or_later = sys.version_info[0] >= 3 + # decrypt and return the plain text raw value. - return kms.decrypt(CiphertextBlob=decoded)["Plaintext"] + if python3_or_later: + return kms.decrypt(CiphertextBlob=decoded)["Plaintext"]\ + .decode('utf-8') + else: + return kms.decrypt(CiphertextBlob=decoded)["Plaintext"]