From 14c6cfde0761e910b6c3c1924d51cf915ba96e9d Mon Sep 17 00:00:00 2001
From: Chris Brinker <chris.brinker@gmail.com>
Date: Thu, 24 Apr 2014 14:58:15 -0700
Subject: Default to only (En|De)crypt vars that need it

For both Encrypting and Decrypting of Properties
files, we should by default only attempt to execute
on elements that have an "encrypted" attribute defined.

The code will already attempt to encrypt every element
if nothing in the current document matches this xpath,
which catches the case of a user trying to fully
encrypt a completely new properties file.

Conflicts:
	src/lib/Bcfg2/Server/Encryption.py
---
 src/sbin/bcfg2-crypt | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/sbin/bcfg2-crypt b/src/sbin/bcfg2-crypt
index 5641732cd..2212c2360 100755
--- a/src/sbin/bcfg2-crypt
+++ b/src/sbin/bcfg2-crypt
@@ -200,7 +200,7 @@ class CfgDecryptor(Decryptor):
 
 class PropertiesCryptoMixin(object):
     """ Mixin to provide some common methods for Properties crypto """
-    default_xpath = '//*'
+    default_xpath = '//*[@encrypted]'
 
     def _get_elements(self, xdata):
         """ Get the list of elements to encrypt or decrypt """
@@ -288,7 +288,6 @@ class PropertiesEncryptor(Encryptor, PropertiesCryptoMixin):
 
 class PropertiesDecryptor(Decryptor, PropertiesCryptoMixin):
     """ decryptor class for Properties files """
-    default_xpath = '//*[@encrypted]'
 
     def decrypt(self):
         decrypted_any = False
-- 
cgit v1.2.3-1-g7c22