diff options
author | Ahmad Mahmoudi <am495p@att.com> | 2018-11-13 09:24:02 -0600 |
---|---|---|
committer | Ahmad Mahmoudi <am495p@att.com> | 2018-11-13 09:24:02 -0600 |
commit | e095137766ca68fac944084f65d8a5da51861090 (patch) | |
tree | 92064e335e54801daf1f438fdf43707943b05f3a | |
parent | 82639b443ffb4796befbf784924b343366bf4ba8 (diff) |
[FIX] Secrets substitution issue
Fixed issue with secrets substitution, which have more than
one substitution destinations.
Change-Id: I6c0e9719cacc7cf4189b57379e9ebf6a8d3a4fd8
Notes
Notes (review):
Code-Review+1: Aaron Sheffield <ajs@sheffieldfamily.net>
Code-Review+2: Felipe Monteiro <felipe.monteiro@att.com>
Code-Review+2: Sean Eagan <sean.eagan@att.com>
Workflow+1: Sean Eagan <sean.eagan@att.com>
Verified+2: Zuul
Submitted-by: Zuul
Submitted-at: Thu, 15 Nov 2018 23:47:23 +0000
Reviewed-on: https://review.openstack.org/617689
Project: openstack/airship-deckhand
Branch: refs/heads/master
-rw-r--r-- | deckhand/engine/secrets_manager.py | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/deckhand/engine/secrets_manager.py b/deckhand/engine/secrets_manager.py index fb52a4c..a4c8f5c 100644 --- a/deckhand/engine/secrets_manager.py +++ b/deckhand/engine/secrets_manager.py | |||
@@ -357,10 +357,12 @@ class SecretsSubstitution(object): | |||
357 | 357 | ||
358 | if not isinstance(sub['dest'], list): | 358 | if not isinstance(sub['dest'], list): |
359 | dest_array = [sub['dest']] | 359 | dest_array = [sub['dest']] |
360 | dest_is_list = False | ||
360 | else: | 361 | else: |
361 | dest_array = sub['dest'] | 362 | dest_array = sub['dest'] |
363 | dest_is_list = True | ||
362 | 364 | ||
363 | for each_dest_path in dest_array: | 365 | for i, each_dest_path in enumerate(dest_array): |
364 | dest_path = each_dest_path['path'] | 366 | dest_path = each_dest_path['path'] |
365 | dest_pattern = each_dest_path.get('pattern', None) | 367 | dest_pattern = each_dest_path.get('pattern', None) |
366 | dest_recurse = each_dest_path.get('recurse', {}) | 368 | dest_recurse = each_dest_path.get('recurse', {}) |
@@ -371,7 +373,10 @@ class SecretsSubstitution(object): | |||
371 | # where the sensitive data came from. | 373 | # where the sensitive data came from. |
372 | if src_doc.is_encrypted and not self._cleartext_secrets: | 374 | if src_doc.is_encrypted and not self._cleartext_secrets: |
373 | sub['src']['path'] = dd.redact(src_path) | 375 | sub['src']['path'] = dd.redact(src_path) |
374 | sub['dest']['path'] = dd.redact(dest_path) | 376 | if dest_is_list: |
377 | sub['dest'][i]['path'] = dd.redact(dest_path) | ||
378 | else: | ||
379 | sub['dest']['path'] = dd.redact(dest_path) | ||
375 | 380 | ||
376 | LOG.debug('Substituting from schema=%s layer=%s name=%s ' | 381 | LOG.debug('Substituting from schema=%s layer=%s name=%s ' |
377 | 'src_path=%s into dest_path=%s, dest_pattern=%s', | 382 | 'src_path=%s into dest_path=%s, dest_pattern=%s', |