[FIX] Secrets substitution issue
Fixed issue with secrets substitution, which have more than one substitution destinations. Change-Id: I6c0e9719cacc7cf4189b57379e9ebf6a8d3a4fd8
This commit is contained in:
parent
82639b443f
commit
e095137766
@ -357,10 +357,12 @@ class SecretsSubstitution(object):
|
|||||||
|
|
||||||
if not isinstance(sub['dest'], list):
|
if not isinstance(sub['dest'], list):
|
||||||
dest_array = [sub['dest']]
|
dest_array = [sub['dest']]
|
||||||
|
dest_is_list = False
|
||||||
else:
|
else:
|
||||||
dest_array = sub['dest']
|
dest_array = sub['dest']
|
||||||
|
dest_is_list = True
|
||||||
|
|
||||||
for each_dest_path in dest_array:
|
for i, each_dest_path in enumerate(dest_array):
|
||||||
dest_path = each_dest_path['path']
|
dest_path = each_dest_path['path']
|
||||||
dest_pattern = each_dest_path.get('pattern', None)
|
dest_pattern = each_dest_path.get('pattern', None)
|
||||||
dest_recurse = each_dest_path.get('recurse', {})
|
dest_recurse = each_dest_path.get('recurse', {})
|
||||||
@ -371,6 +373,9 @@ class SecretsSubstitution(object):
|
|||||||
# where the sensitive data came from.
|
# where the sensitive data came from.
|
||||||
if src_doc.is_encrypted and not self._cleartext_secrets:
|
if src_doc.is_encrypted and not self._cleartext_secrets:
|
||||||
sub['src']['path'] = dd.redact(src_path)
|
sub['src']['path'] = dd.redact(src_path)
|
||||||
|
if dest_is_list:
|
||||||
|
sub['dest'][i]['path'] = dd.redact(dest_path)
|
||||||
|
else:
|
||||||
sub['dest']['path'] = dd.redact(dest_path)
|
sub['dest']['path'] = dd.redact(dest_path)
|
||||||
|
|
||||||
LOG.debug('Substituting from schema=%s layer=%s name=%s '
|
LOG.debug('Substituting from schema=%s layer=%s name=%s '
|
||||||
|
Loading…
Reference in New Issue
Block a user