Fix rabbit_pbe and rabbit_control_pbe to take credentials-obfuscation 2.0 into account

2 files changed, 9 insertions, 10 deletions

diff --git a/src/rabbit_control_pbe.erl b/src/rabbit_control_pbe.erl
index 9c3de53c91..8e39ef351e 100644
--- a/src/rabbit_control_pbe.erl
+++ b/src/rabbit_control_pbe.erl
@@ -52,10 +52,9 @@ encode(Cipher, Hash, Iterations, Args) ->
             [Value, PassPhrase] = Args,
             try begin
                     TermValue = evaluate_input_as_term(Value),
-                    Result = rabbit_pbe:encrypt_term(Cipher, Hash, Iterations,
-                                                     list_to_binary(PassPhrase),
-                                                     TermValue),
-                    {ok, io_lib:format("~p", [{encrypted, Result}])}
+                    Result = {encrypted, _} = rabbit_pbe:encrypt_term(Cipher, Hash, Iterations,
+                                                                      list_to_binary(PassPhrase), TermValue),
+                    {ok, io_lib:format("~p", [Result])}
                 end
             catch
                 _:Msg -> {error, io_lib:format("Error during cipher operation: ~p", [Msg])}
@@ -70,10 +69,10 @@ decode(Cipher, Hash, Iterations, Args) ->
             try begin
                     TermValue = evaluate_input_as_term(Value),
                     TermToDecrypt = case TermValue of
-                        {encrypted, EncryptedTerm} ->
+                        {encrypted, _}=EncryptedTerm ->
                             EncryptedTerm;
                         _ ->
-                            TermValue
+                            {encrypted, TermValue}
                     end,
                     Result = rabbit_pbe:decrypt_term(Cipher, Hash, Iterations,
                                                      list_to_binary(PassPhrase),
diff --git a/test/unit_config_value_encryption_SUITE.erl b/test/unit_config_value_encryption_SUITE.erl
index 1d808c4993..53e809b95e 100644
--- a/test/unit_config_value_encryption_SUITE.erl
+++ b/test/unit_config_value_encryption_SUITE.erl
@@ -83,14 +83,14 @@ do_decrypt_config(Algo = {C, H, I, P}) ->
         msg_store_credit_disc_bound]],
     %% Special case: encrypt a value in a list.
     {ok, [LoopbackUser]} = application:get_env(rabbit, loopback_users),
-    EncLoopbackUser = rabbit_pbe:encrypt_term(C, H, I, P, LoopbackUser),
+    {encrypted, EncLoopbackUser} = rabbit_pbe:encrypt_term(C, H, I, P, LoopbackUser),
     application:set_env(rabbit, loopback_users, [{encrypted, EncLoopbackUser}]),
     %% Special case: encrypt a value in a key/value list.
     {ok, TCPOpts} = application:get_env(rabbit, tcp_listen_options),
     {_, Backlog} = lists:keyfind(backlog, 1, TCPOpts),
     {_, Linger} = lists:keyfind(linger, 1, TCPOpts),
-    EncBacklog = rabbit_pbe:encrypt_term(C, H, I, P, Backlog),
-    EncLinger = rabbit_pbe:encrypt_term(C, H, I, P, Linger),
+    {encrypted, EncBacklog} = rabbit_pbe:encrypt_term(C, H, I, P, Backlog),
+    {encrypted, EncLinger} = rabbit_pbe:encrypt_term(C, H, I, P, Linger),
     TCPOpts1 = lists:keyreplace(backlog, 1, TCPOpts, {backlog, {encrypted, EncBacklog}}),
     TCPOpts2 = lists:keyreplace(linger, 1, TCPOpts1, {linger, {encrypted, EncLinger}}),
     application:set_env(rabbit, tcp_listen_options, TCPOpts2),
@@ -103,7 +103,7 @@ do_decrypt_config(Algo = {C, H, I, P}) ->
 
 encrypt_value(Key, {C, H, I, P}) ->
     {ok, Value} = application:get_env(rabbit, Key),
-    EncValue = rabbit_pbe:encrypt_term(C, H, I, P, Value),
+    {encrypted, EncValue} = rabbit_pbe:encrypt_term(C, H, I, P, Value),
     application:set_env(rabbit, Key, {encrypted, EncValue}).
 
 decrypt_start_app(Config) ->