def config_changed()

in VMEncryption/main/ExtensionParameter.py [0:0]

• 41 lines of code
• 31 McCabe index (conditional complexity)

    def config_changed(self):
        if (self.command or self.get_command()) and \
           (self.command != self.get_command() and \
           # Even if the commands are not exactly the same, if they're both encrypt commands, don't consider this a change
           not (self._is_encrypt_command(self.command) and self._is_encrypt_command(self.get_command()))):
            self.logger.log('Current config command {0} differs from effective config command {1}'.format(self.command, self.get_command()))
            return True

        if (self.KeyEncryptionKeyURL or self.get_kek_url()) and \
           (self.KeyEncryptionKeyURL != self.get_kek_url()):
            self.logger.log('Current config KeyEncryptionKeyURL {0} differs from effective config KeyEncryptionKeyURL {1}'.format(self.KeyEncryptionKeyURL, self.get_kek_url()))
            return True

        if (self.KeyVaultURL or self.get_keyvault_url()) and \
           (self.KeyVaultURL != self.get_keyvault_url()):
            self.logger.log('Current config KeyVaultURL {0} differs from effective config KeyVaultURL {1}'.format(self.KeyVaultURL, self.get_keyvault_url()))
            return True

        if (self.AADClientID or self.get_aad_client_id()) and \
           (self.AADClientID != self.get_aad_client_id()):
            self.logger.log('Current config AADClientID {0} differs from effective config AADClientID {1}'.format(self.AADClientID, self.get_aad_client_id()))
            return True

        if (self.AADClientSecret or self.get_aad_client_secret()) and \
           (hashlib.sha256(self.AADClientSecret.encode("utf-8")).hexdigest() != self.get_aad_client_secret()):
            self.logger.log('Current config AADClientSecret {0} differs from effective config AADClientSecret {1}'.format(hashlib.sha256(self.AADClientSecret.encode("utf-8")).hexdigest(),
                                                                                                                          self.get_aad_client_secret()))
            return True

        if (self.AADClientCertThumbprint or self.get_aad_client_cert()) and \
           (self.AADClientCertThumbprint != self.get_aad_client_cert()):
            self.logger.log('Current config AADClientCertThumbprint {0} differs from effective config AADClientCertThumbprint {1}'.format(self.AADClientCertThumbprint, self.get_aad_client_cert()))
            return True

        if (self.KeyEncryptionAlgorithm or self.get_kek_algorithm()) and \
           (self.KeyEncryptionAlgorithm != self.get_kek_algorithm()):
            self.logger.log('Current config KeyEncryptionAlgorithm {0} differs from effective config KeyEncryptionAlgorithm {1}'.format(self.KeyEncryptionAlgorithm, self.get_kek_algorithm()))
            return True

        bek_passphrase_file_name = self.bek_util.get_bek_passphrase_file(self.encryption_config)
        bek_passphrase = None
        if bek_passphrase_file_name is not None and os.path.exists(bek_passphrase_file_name):
            bek_passphrase = file(bek_passphrase_file_name).read()

        if (self.passphrase and bek_passphrase) and \
           (self.passphrase != bek_passphrase):
            self.logger.log('Current config passphrase differs from effective config passphrase')
            return True
   
        self.logger.log('Current config is not different from effective config')
        return False