Browse Source

Merge "[FIX] Secrets substitution issue"

changes/99/618599/1
Zuul 7 months ago
parent
commit
cc7e00970d
1 changed files with 7 additions and 2 deletions
  1. 7
    2
      deckhand/engine/secrets_manager.py

+ 7
- 2
deckhand/engine/secrets_manager.py View File

@@ -357,10 +357,12 @@ class SecretsSubstitution(object):
357 357
 
358 358
                 if not isinstance(sub['dest'], list):
359 359
                     dest_array = [sub['dest']]
360
+                    dest_is_list = False
360 361
                 else:
361 362
                     dest_array = sub['dest']
363
+                    dest_is_list = True
362 364
 
363
-                for each_dest_path in dest_array:
365
+                for i, each_dest_path in enumerate(dest_array):
364 366
                     dest_path = each_dest_path['path']
365 367
                     dest_pattern = each_dest_path.get('pattern', None)
366 368
                     dest_recurse = each_dest_path.get('recurse', {})
@@ -371,7 +373,10 @@ class SecretsSubstitution(object):
371 373
                     # where the sensitive data came from.
372 374
                     if src_doc.is_encrypted and not self._cleartext_secrets:
373 375
                         sub['src']['path'] = dd.redact(src_path)
374
-                        sub['dest']['path'] = dd.redact(dest_path)
376
+                        if dest_is_list:
377
+                            sub['dest'][i]['path'] = dd.redact(dest_path)
378
+                        else:
379
+                            sub['dest']['path'] = dd.redact(dest_path)
375 380
 
376 381
                     LOG.debug('Substituting from schema=%s layer=%s name=%s '
377 382
                               'src_path=%s into dest_path=%s, dest_pattern=%s',

Loading…
Cancel
Save