fix: skip replacing secret data without ref prefix (#1175)

KusionStack · Jun 21, 2024 · 1da8b5c · 1da8b5c
1 parent 2241ae5
commit 1da8b5c
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/pkg/engine/operation/graph/resource_node.go b/pkg/engine/operation/graph/resource_node.go
@@ -36,6 +36,10 @@ const (
 	ImplicitRefPrefix = "$kusion_path."
 )
 
+const (
+	SecretRefPrefix = "ref://"
+)
+
 func (rn *ResourceNode) PreExecute(o *models.Operation) v1.Status {
 	value := reflect.ValueOf(rn.resource.Attributes)
 
@@ -87,6 +91,12 @@ func replaceSecretRef(o *models.Operation, obj map[string]interface{}) (map[stri
 	}
 	for k, data := range secret.Data {
 		ref := string(data)
+
+		// Skip the secret data which is not with the secret ref prefix.
+		if !strings.HasPrefix(ref, SecretRefPrefix) {
+			continue
+		}
+
 		externalSecretRef, err := parseExternalSecretDataRef(ref)
 		if err != nil {
 			return nil, v1.NewErrorStatus(err)