From 5232b7c9c401dae77b7cb867abe604531f3442ea Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Wed, 22 Apr 2020 08:58:38 -0400
Subject: [PATCH] Fix passwords with {} in them

The input handler erroneously
tried to make an expression out
of values that did not support
expressions.
---
 confluent_server/confluent/config/configmanager.py | 7 +++++++
 confluent_server/confluent/messages.py             | 2 ++
 2 files changed, 9 insertions(+)

diff --git a/confluent_server/confluent/config/configmanager.py b/confluent_server/confluent/config/configmanager.py
index 440eaf6c..5ec302f0 100644
--- a/confluent_server/confluent/config/configmanager.py
+++ b/confluent_server/confluent/config/configmanager.py
@@ -112,6 +112,13 @@ _attraliases = {
 }
 _validroles = ('Administrator', 'Operator', 'Monitor')
 
+
+def attrib_supports_expression(attrib):
+    attrib = _attraliases.get(attrib, attrib)
+    if attrib.startswith('secret.') or attrib.startswith('crypted.'):
+        return False
+
+
 def _mkpath(pathname):
     try:
         os.makedirs(pathname)
diff --git a/confluent_server/confluent/messages.py b/confluent_server/confluent/messages.py
index b14d12ee..b9f40571 100644
--- a/confluent_server/confluent/messages.py
+++ b/confluent_server/confluent/messages.py
@@ -674,6 +674,8 @@ class InputAttributes(ConfluentMessage):
         if nodes is None:
             self.attribs = inputdata
             for attrib in self.attribs:
+                if not cfm.attrib_supports_expression(attrib):
+                    continue
                 if type(self.attribs[attrib]) in (bytes, unicode):
                     try:
                         # ok, try to use format against the string