summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAhmad Mahmoudi <am495p@att.com>2018-11-13 09:24:02 -0600
committerAhmad Mahmoudi <am495p@att.com>2018-11-13 09:24:02 -0600
commite095137766ca68fac944084f65d8a5da51861090 (patch)
tree92064e335e54801daf1f438fdf43707943b05f3a
parent82639b443ffb4796befbf784924b343366bf4ba8 (diff)
[FIX] Secrets substitution issue
Fixed issue with secrets substitution, which have more than one substitution destinations. Change-Id: I6c0e9719cacc7cf4189b57379e9ebf6a8d3a4fd8
Notes
Notes (review): Code-Review+1: Aaron Sheffield <ajs@sheffieldfamily.net> Code-Review+2: Felipe Monteiro <felipe.monteiro@att.com> Code-Review+2: Sean Eagan <sean.eagan@att.com> Workflow+1: Sean Eagan <sean.eagan@att.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Thu, 15 Nov 2018 23:47:23 +0000 Reviewed-on: https://review.openstack.org/617689 Project: openstack/airship-deckhand Branch: refs/heads/master
-rw-r--r--deckhand/engine/secrets_manager.py9
1 files changed, 7 insertions, 2 deletions
diff --git a/deckhand/engine/secrets_manager.py b/deckhand/engine/secrets_manager.py
index fb52a4c..a4c8f5c 100644
--- a/deckhand/engine/secrets_manager.py
+++ b/deckhand/engine/secrets_manager.py
@@ -357,10 +357,12 @@ class SecretsSubstitution(object):
357 357
358 if not isinstance(sub['dest'], list): 358 if not isinstance(sub['dest'], list):
359 dest_array = [sub['dest']] 359 dest_array = [sub['dest']]
360 dest_is_list = False
360 else: 361 else:
361 dest_array = sub['dest'] 362 dest_array = sub['dest']
363 dest_is_list = True
362 364
363 for each_dest_path in dest_array: 365 for i, each_dest_path in enumerate(dest_array):
364 dest_path = each_dest_path['path'] 366 dest_path = each_dest_path['path']
365 dest_pattern = each_dest_path.get('pattern', None) 367 dest_pattern = each_dest_path.get('pattern', None)
366 dest_recurse = each_dest_path.get('recurse', {}) 368 dest_recurse = each_dest_path.get('recurse', {})
@@ -371,7 +373,10 @@ class SecretsSubstitution(object):
371 # where the sensitive data came from. 373 # where the sensitive data came from.
372 if src_doc.is_encrypted and not self._cleartext_secrets: 374 if src_doc.is_encrypted and not self._cleartext_secrets:
373 sub['src']['path'] = dd.redact(src_path) 375 sub['src']['path'] = dd.redact(src_path)
374 sub['dest']['path'] = dd.redact(dest_path) 376 if dest_is_list:
377 sub['dest'][i]['path'] = dd.redact(dest_path)
378 else:
379 sub['dest']['path'] = dd.redact(dest_path)
375 380
376 LOG.debug('Substituting from schema=%s layer=%s name=%s ' 381 LOG.debug('Substituting from schema=%s layer=%s name=%s '
377 'src_path=%s into dest_path=%s, dest_pattern=%s', 382 'src_path=%s into dest_path=%s, dest_pattern=%s',