From 02b726db02896d79870f20d49996ff0db8e1ca8c Mon Sep 17 00:00:00 2001
From: p4u1 <p4u1_f4u1@riseup.net>
Date: Mon, 4 Dec 2023 09:29:56 +0100
Subject: [PATCH] add comments to better explain how the length modifier gets
 added to the secret

---
 pkg/secret/secret.go | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/pkg/secret/secret.go b/pkg/secret/secret.go
index 947808e7..34c1103c 100644
--- a/pkg/secret/secret.go
+++ b/pkg/secret/secret.go
@@ -78,6 +78,7 @@ func ReadSecretsConfig(appEnvPath string, composeFiles []string, recipeName stri
 	if err != nil {
 		return nil, err
 	}
+	// Read the compose files without injecting environment variables.
 	configWithoutEnv, err := loader.LoadComposefile(opts, map[string]string{}, loader.SkipInterpolation)
 	if err != nil {
 		return nil, err
@@ -111,12 +112,16 @@ func ReadSecretsConfig(appEnvPath string, composeFiles []string, recipeName stri
 		value := SecretValue{Version: secretVersion}
 
 		// Check if the length modifier is set for this secret.
-		for k, v := range appModifiers {
+		for envName, modifierValues := range appModifiers {
 			// configWithoutEnv contains the raw name as defined in the compose.yaml
-			if !strings.Contains(configWithoutEnv.Secrets[secretId].Name, k) {
+			// The name will look something like this:
+			//   name: ${STACK_NAME}_test_pass_two_${SECRET_TEST_PASS_TWO_VERSION}
+			// To check if the current modifier is for the current secret we check
+			// if the raw name contains the env name (e.g. SECRET_TEST_PASS_TWO_VERSION).
+			if !strings.Contains(configWithoutEnv.Secrets[secretId].Name, envName) {
 				continue
 			}
-			lengthRaw, ok := v["length"]
+			lengthRaw, ok := modifierValues["length"]
 			if ok {
 				length, err := strconv.Atoi(lengthRaw)
 				if err != nil {