From e095137766ca68fac944084f65d8a5da51861090 Mon Sep 17 00:00:00 2001
From: Ahmad Mahmoudi <am495p@att.com>
Date: Tue, 13 Nov 2018 09:24:02 -0600
Subject: [PATCH] [FIX] Secrets substitution issue

Fixed issue with secrets substitution, which have more than
one substitution destinations.

Change-Id: I6c0e9719cacc7cf4189b57379e9ebf6a8d3a4fd8
---
 deckhand/engine/secrets_manager.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/deckhand/engine/secrets_manager.py b/deckhand/engine/secrets_manager.py
index fb52a4cd..a4c8f5c8 100644
--- a/deckhand/engine/secrets_manager.py
+++ b/deckhand/engine/secrets_manager.py
@@ -357,10 +357,12 @@ class SecretsSubstitution(object):
 
                 if not isinstance(sub['dest'], list):
                     dest_array = [sub['dest']]
+                    dest_is_list = False
                 else:
                     dest_array = sub['dest']
+                    dest_is_list = True
 
-                for each_dest_path in dest_array:
+                for i, each_dest_path in enumerate(dest_array):
                     dest_path = each_dest_path['path']
                     dest_pattern = each_dest_path.get('pattern', None)
                     dest_recurse = each_dest_path.get('recurse', {})
@@ -371,7 +373,10 @@ class SecretsSubstitution(object):
                     # where the sensitive data came from.
                     if src_doc.is_encrypted and not self._cleartext_secrets:
                         sub['src']['path'] = dd.redact(src_path)
-                        sub['dest']['path'] = dd.redact(dest_path)
+                        if dest_is_list:
+                            sub['dest'][i]['path'] = dd.redact(dest_path)
+                        else:
+                            sub['dest']['path'] = dd.redact(dest_path)
 
                     LOG.debug('Substituting from schema=%s layer=%s name=%s '
                               'src_path=%s into dest_path=%s, dest_pattern=%s',