KusionStack · SparkYuan · Nov 21, 2023 · Nov 21, 2023
diff --git a/pkg/cmd/apply/options.go b/pkg/cmd/apply/options.go
@@ -194,19 +194,12 @@ func Apply(
 	changes *opsmodels.Changes,
 	out io.Writer,
 ) error {
-	// Validate secret stores
-	project := changes.Project()
-	if !project.SecretStores.IsValid() {
-		return fmt.Errorf("no secret store is provided")
-	}
-
 	// Construct the apply operation
 	ac := &operation.ApplyOperation{
 		Operation: opsmodels.Operation{
 			Stack:        changes.Stack(),
 			StateStorage: storage,
 			MsgCh:        make(chan opsmodels.Message),
-			SecretStores: project.SecretStores,
 			IgnoreFields: o.IgnoreFields,
 		},
 	}

diff --git a/pkg/cmd/preview/options.go b/pkg/cmd/preview/options.go
@@ -232,11 +232,6 @@ func Preview(
 ) (*opsmodels.Changes, error) {
 	log.Info("Start compute preview changes ...")
 
-	// Validate secret stores
-	if !project.SecretStores.IsValid() {
-		return nil, fmt.Errorf("no secret store is provided")
-	}
-
 	// Construct the preview operation
 	pc := &operation.PreviewOperation{
 		Operation: opsmodels.Operation{
@@ -245,7 +240,6 @@ func Preview(
 			StateStorage:  storage,
 			IgnoreFields:  o.IgnoreFields,
 			ChangeOrder:   &opsmodels.ChangeOrder{StepKeys: []string{}, ChangeSteps: map[string]*opsmodels.ChangeStep{}},
-			SecretStores:  project.SecretStores,
 		},
 	}
 

diff --git a/pkg/engine/operation/apply.go b/pkg/engine/operation/apply.go
@@ -114,7 +114,6 @@ func (ao *ApplyOperation) Apply(request *ApplyRequest) (rsp *ApplyResponse, st s
 			MsgCh:                   o.MsgCh,
 			ResultState:             resultState,
 			Lock:                    &sync.Mutex{},
-			SecretStores:            o.SecretStores,
 		},
 	}
 

diff --git a/pkg/engine/operation/graph/resource_node.go b/pkg/engine/operation/graph/resource_node.go
@@ -15,7 +15,6 @@ import (
 	"kusionstack.io/kusion/pkg/util"
 	"kusionstack.io/kusion/pkg/util/diff"
 	jsonutil "kusionstack.io/kusion/pkg/util/json"
-	"kusionstack.io/kusion/pkg/vals"
 )
 
 type ResourceNode struct {
@@ -39,13 +38,13 @@ func (rn *ResourceNode) PreExecute(o *opsmodels.Operation) status.Status {
 	case opsmodels.ApplyPreview:
 		// first time apply. Do not replace implicit dependency ref
 		if len(o.PriorStateResourceIndex) == 0 {
-			_, replaced, s = ReplaceSecretRef(value, o.SecretStores)
+			_, replaced, s = ReplaceSecretRef(value)
 		} else {
-			_, replaced, s = ReplaceRef(value, o.CtxResourceIndex, OptionalImplicitReplaceFun, o.SecretStores, vals.ParseSecretRef)
+			_, replaced, s = ReplaceRef(value, o.CtxResourceIndex, OptionalImplicitReplaceFun)
 		}
 	case opsmodels.Apply:
 		// replace secret ref and implicit ref
-		_, replaced, s = ReplaceRef(value, o.CtxResourceIndex, MustImplicitReplaceFun, o.SecretStores, vals.ParseSecretRef)
+		_, replaced, s = ReplaceRef(value, o.CtxResourceIndex, MustImplicitReplaceFun)
 	default:
 		return nil
 	}
@@ -296,8 +295,8 @@ func updateChangeOrder(ops *opsmodels.Operation, rn *ResourceNode, plan, live in
 	order.ChangeSteps[rn.ID] = opsmodels.NewChangeStep(rn.ID, rn.Action, plan, live)
 }
 
-func ReplaceSecretRef(v reflect.Value, ss *vals.SecretStores) ([]string, reflect.Value, status.Status) {
-	return ReplaceRef(v, nil, nil, ss, vals.ParseSecretRef)
+func ReplaceSecretRef(v reflect.Value) ([]string, reflect.Value, status.Status) {
+	return ReplaceRef(v, nil, nil)
 }
 
 var MustImplicitReplaceFun = func(resourceIndex map[string]*models.Resource, refPath string) (reflect.Value, status.Status) {
@@ -352,15 +351,13 @@ func ReplaceImplicitRef(
 	resourceIndex map[string]*models.Resource,
 	replaceFun func(map[string]*models.Resource, string) (reflect.Value, status.Status),
 ) ([]string, reflect.Value, status.Status) {
-	return ReplaceRef(v, resourceIndex, replaceFun, nil, nil)
+	return ReplaceRef(v, resourceIndex, replaceFun)
 }
 
 func ReplaceRef(
 	v reflect.Value,
 	resourceIndex map[string]*models.Resource,
 	repImplDepFunc func(map[string]*models.Resource, string) (reflect.Value, status.Status),
-	ss *vals.SecretStores,
-	repSecretFunc func(string, string, *vals.SecretStores) (string, error),
 ) ([]string, reflect.Value, status.Status) {
 	var result []string
 	if !v.IsValid() {
@@ -372,7 +369,7 @@ func ReplaceRef(
 		if v.IsNil() {
 			return nil, v, nil
 		}
-		return ReplaceRef(v.Elem(), resourceIndex, repImplDepFunc, ss, repSecretFunc)
+		return ReplaceRef(v.Elem(), resourceIndex, repImplDepFunc)
 	case reflect.String:
 		vStr := v.String()
 		if repImplDepFunc != nil {
@@ -391,18 +388,6 @@ func ReplaceRef(
 				v = tv
 			}
 		}
-
-		if ss != nil && repSecretFunc != nil {
-			if prefix, ok := vals.IsSecured(vStr); ok {
-				tStr, err := repSecretFunc(prefix, vStr, ss)
-				if err != nil {
-					return nil, v, status.NewErrorStatus(err)
-				}
-				tv := reflect.New(v.Type()).Elem()
-				tv.SetString(tStr)
-				v = tv
-			}
-		}
 	case reflect.Slice, reflect.Array:
 		if v.Len() == 0 {
 			return nil, v, nil
@@ -411,7 +396,7 @@ func ReplaceRef(
 		vs := reflect.MakeSlice(v.Type(), 0, 0)
 
 		for i := 0; i < v.Len(); i++ {
-			ref, tv, s := ReplaceRef(v.Index(i), resourceIndex, repImplDepFunc, ss, repSecretFunc)
+			ref, tv, s := ReplaceRef(v.Index(i), resourceIndex, repImplDepFunc)
 			if status.IsErr(s) {
 				return nil, tv, s
 			}
@@ -429,7 +414,7 @@ func ReplaceRef(
 
 		iter := v.MapRange()
 		for iter.Next() {
-			ref, tv, s := ReplaceRef(iter.Value(), resourceIndex, repImplDepFunc, ss, repSecretFunc)
+			ref, tv, s := ReplaceRef(iter.Value(), resourceIndex, repImplDepFunc)
 			if status.IsErr(s) {
 				return nil, tv, s
 			}

diff --git a/pkg/engine/operation/models/operation_context.go b/pkg/engine/operation/models/operation_context.go
@@ -13,7 +13,6 @@ import (
 	"kusionstack.io/kusion/pkg/projectstack"
 	"kusionstack.io/kusion/pkg/util"
 	jsonutil "kusionstack.io/kusion/pkg/util/json"
-	"kusionstack.io/kusion/pkg/vals"
 )
 
 // Operation is the base model for all operations
@@ -54,9 +53,6 @@ type Operation struct {
 
 	// ResultState is the final State build by this operation, and this State will be saved in the StateStorage
 	ResultState *states.State
-
-	// SecretStores contains all available secret stores
-	SecretStores *vals.SecretStores
 }
 
 type Message struct {

diff --git a/pkg/engine/operation/preview.go b/pkg/engine/operation/preview.go
@@ -104,7 +104,6 @@ func (po *PreviewOperation) Preview(request *PreviewRequest) (rsp *PreviewRespon
 			Stack:                   o.Stack,
 			ResultState:             resultState,
 			Lock:                    &sync.Mutex{},
-			SecretStores:            o.SecretStores,
 		},
 	}
 

diff --git a/pkg/projectstack/types.go b/pkg/projectstack/types.go
@@ -8,7 +8,6 @@ import (
 
 	"kusionstack.io/kusion/pkg/engine/backend"
 	"kusionstack.io/kusion/pkg/log"
-	"kusionstack.io/kusion/pkg/vals"
 )
 
 var (
@@ -64,9 +63,6 @@ type ProjectConfiguration struct {
 
 	// Prometheus configs
 	Prometheus *PrometheusConfig `json:"prometheus,omitempty" yaml:"prometheus,omitempty"`
-
-	// Secret stores
-	SecretStores *vals.SecretStores `json:"secret_stores,omitempty" yaml:"secret_stores,omitempty"`
 }
 
 type Project struct {

diff --git a/pkg/vals/doc.go b/pkg/vals/doc.go
diff --git a/pkg/vals/secret_stores.go b/pkg/vals/secret_stores.go
diff --git a/pkg/vals/vals.go b/pkg/vals/vals.go