From 46fd684cbbe71fdd9ac1112d55286705ed47412a Mon Sep 17 00:00:00 2001
From: pycook <pycook@126.com>
Date: Thu, 2 Nov 2023 20:43:39 +0800
Subject: [PATCH] fix(api commands): cmdb-password-data-migrate (#249)

---
 cmdb-api/api/commands/click_cmdb.py | 7 ++++++-
 cmdb-api/api/lib/secrets/inner.py   | 3 ++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/cmdb-api/api/commands/click_cmdb.py b/cmdb-api/api/commands/click_cmdb.py
index 33336541..c382fb39 100644
--- a/cmdb-api/api/commands/click_cmdb.py
+++ b/cmdb-api/api/commands/click_cmdb.py
@@ -329,7 +329,6 @@ def valid_address(address):
         }
         KeyManage.print_response(response)
         return False
-
     return True
 
 
@@ -444,6 +443,7 @@ def cmdb_password_data_migrate():
 
             value_table = CIIndexValueText if attr.is_index else CIValueText
 
+            failed = False
             for i in value_table.get_by(attr_id=attr.id, to_dict=False):
                 if current_app.config.get("SECRETS_ENGINE", 'inner') == 'inner':
                     _, status = InnerCrypt().decrypt(i.value)
@@ -454,6 +454,7 @@ def cmdb_password_data_migrate():
                     if status:
                         CIValueText.create(ci_id=i.ci_id, attr_id=attr.id, value=encrypt_value)
                     else:
+                        failed = True
                         continue
                 elif current_app.config.get("SECRETS_ENGINE") == 'vault':
                     if i.value == '******':
@@ -464,8 +465,12 @@ def cmdb_password_data_migrate():
                         vault.update("/{}/{}".format(i.ci_id, i.attr_id), dict(v=i.value))
                     except Exception as e:
                         print('save password to vault failed: {}'.format(e))
+                        failed = True
                         continue
                 else:
                     continue
 
                 i.delete()
+
+                if not failed and attr.is_index:
+                    attr.update(is_index=False)
diff --git a/cmdb-api/api/lib/secrets/inner.py b/cmdb-api/api/lib/secrets/inner.py
index 60513c46..2b577a68 100644
--- a/cmdb-api/api/lib/secrets/inner.py
+++ b/cmdb-api/api/lib/secrets/inner.py
@@ -65,7 +65,8 @@ def __init__(self, trigger=None, backend=None):
             self.backend = Backend(backend)
 
     def init_app(self, app, backend=None):
-        if sys.argv[0].endswith("gunicorn") or (len(sys.argv) > 1 and sys.argv[1] == "run"):
+        if (sys.argv[0].endswith("gunicorn") or
+                (len(sys.argv) > 1 and sys.argv[1] in ("run", "cmdb-password-data-migrate"))):
             self.trigger = app.config.get("INNER_TRIGGER_TOKEN")
             if not self.trigger:
                 return