From e2aaa2afb459be31e6b219fe3e4274a617b57a10 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Wed, 15 Apr 2020 16:34:54 -0400
Subject: [PATCH] Support proper readback of crypted

crypted attributes should be
treated about the same as
passwords.
---
 confluent_server/confluent/messages.py                        | 3 +++
 .../confluent/plugins/configuration/attributes.py             | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/confluent_server/confluent/messages.py b/confluent_server/confluent/messages.py
index b14d12ee..23e7cf4b 100644
--- a/confluent_server/confluent/messages.py
+++ b/confluent_server/confluent/messages.py
@@ -1802,6 +1802,9 @@ class CryptedAttributes(Attributes):
                 if kv[key] is not None and kv[key]['cryptvalue'] != '':
                     nkv[key] = {'isset': True}
                     nkv[key]['inheritedfrom'] = kv[key]['inheritedfrom']
+                elif kv[key] is not None and kv[key]['hashvalue'] != '':
+                    nkv[key] = {'isset': True}
+                    nkv[key]['inheritedfrom'] = kv[key]['inheritedfrom']
             except KeyError:
                 pass
         self.notnode = name is None
diff --git a/confluent_server/confluent/plugins/configuration/attributes.py b/confluent_server/confluent/plugins/configuration/attributes.py
index 04f62f09..170ed15d 100644
--- a/confluent_server/confluent/plugins/configuration/attributes.py
+++ b/confluent_server/confluent/plugins/configuration/attributes.py
@@ -57,7 +57,7 @@ def retrieve_nodegroup(nodegroup, element, configmanager, inputdata):
                 val['desc'] = 'The noderange this group is expanded ' \
                     'to when used in noderange, exclusive with static ' \
                     'nodes'
-            if attribute.startswith('secret.'):
+            if attribute.startswith('secret.') or attribute.startswith('crypted.'):
                 yield msg.CryptedAttributes(
                     kv={attribute: val},
                     desc=allattributes.node[attribute]['description'])
@@ -117,7 +117,7 @@ def retrieve_nodes(nodes, element, configmanager, inputdata):
                     val = []
                 else:  # no setting, provide a blank
                     val = {'value': None}
-                if attribute.startswith('secret.'):
+                if attribute.startswith('secret.') or attribute.startswith('crypted.'):
                     yield msg.CryptedAttributes(
                         node, {attribute: val},
                         allattributes.node.get(