feat!(secrets): remove secrets (#657)

Removes the ability to use secrets. This can be added to applications if necessary using the prototype secrets service.

craft_application/__init__.py

@@ -17,7 +17,6 @@
 
 from craft_application.application import (
     Application,
-    AppFeatures,
     AppMetadata,
 )
 from craft_application import models
@@ -44,7 +43,6 @@
 __all__ = [
     "__version__",
     "Application",
-    "AppFeatures",
     "AppMetadata",
     "AppService",
     "ConfigModel",

craft_application/application.py

@@ -37,7 +37,7 @@
 from craft_parts.plugins.plugins import PluginType
 from platformdirs import user_cache_path
 
-from craft_application import _config, commands, errors, grammar, models, secrets, util
+from craft_application import _config, commands, errors, grammar, models, util
 from craft_application.errors import PathInvalidError
 from craft_application.models import BuildInfo, GrammarAwareProject
 
@@ -59,14 +59,6 @@
 )
 
 
-@dataclass(frozen=True)
-class AppFeatures:
-    """Specific features that can be enabled/disabled per-application."""
-
-    build_secrets: bool = False
-    """Support for build-time secrets."""
-
-
 @final
 @dataclass(frozen=True)
 class AppMetadata:
@@ -78,7 +70,6 @@ class AppMetadata:
     docs_url: str | None = None
     source_ignore_patterns: list[str] = field(default_factory=list)
     managed_instance_project_path = pathlib.PurePosixPath("/root/project")
-    features: AppFeatures = AppFeatures()
     project_variables: list[str] = field(default_factory=lambda: ["version"])
     mandatory_adoptable_fields: list[str] = field(default_factory=lambda: ["version"])
     ConfigModel: type[_config.ConfigModel] = _config.ConfigModel
@@ -138,9 +129,6 @@ def __init__(
         self._cli_loggers = DEFAULT_CLI_LOGGERS | set(extra_loggers)
         self._full_build_plan: list[models.BuildInfo] = []
         self._build_plan: list[models.BuildInfo] = []
-        # When build_secrets are enabled, this contains the secret info to pass to
-        # managed instances.
-        self._secrets: secrets.BuildSecrets | None = None
         self._partitions: list[str] | None = None
         # Cached project object, allows only the first time we load the project
         # to specify things like the project directory.
@@ -452,15 +440,6 @@ def run_managed(self, platform: str | None, build_for: str | None) -> None:
                 "CRAFT_VERBOSITY_LEVEL": craft_cli.emit.get_mode().name,
             }
 
-            if self.app.features.build_secrets:
-                # If using build secrets, put them in the environment of the managed
-                # instance.
-                secret_values = cast(secrets.BuildSecrets, self._secrets)
-                # disable logging CRAFT_SECRETS value passed to the managed instance
-                craft_cli.emit.set_secrets(list(secret_values.environment.values()))
-
-                env.update(secret_values.environment)
-
             extra_args["env"] = env
 
             craft_cli.emit.debug(
@@ -765,10 +744,6 @@ def _transform_project_yaml(
         # Perform variable expansion.
         self._expand_environment(yaml_data=yaml_data, build_for=build_for)
 
-        # Handle build secrets.
-        if self.app.features.build_secrets:
-            self._render_secrets(yaml_data)
-
         # Expand grammar.
         if "parts" in yaml_data:
             craft_cli.emit.debug(f"Processing grammar (on {build_on} for {build_for})")
@@ -840,19 +815,6 @@ def _set_global_environment(self, info: craft_parts.ProjectInfo) -> None:
             }
         )
 
-    def _render_secrets(self, yaml_data: dict[str, Any]) -> None:
-        """Render build-secrets, in-place."""
-        secret_values = secrets.render_secrets(
-            yaml_data, managed_mode=self.is_managed()
-        )
-
-        num_secrets = len(secret_values.secret_strings)
-        craft_cli.emit.debug(f"Project has {num_secrets} build-secret(s).")
-
-        craft_cli.emit.set_secrets(list(secret_values.secret_strings))
-
-        self._secrets = secret_values
-
     def _extra_yaml_transform(
         self,
         yaml_data: dict[str, Any],

docs/reference/changelog.rst

@@ -18,6 +18,7 @@ Breaking changes
 
 - The pytest plugin includes an auto-used fixture that puts the app into debug mode
   by default for tests.
+- Support for secrets has been removed.
 
 For a complete list of commits, check out the `5.0.0`_ release on GitHub.
 

tests/conftest.py

@@ -56,24 +56,6 @@ def reset_services():
     service_factory.ServiceFactory.reset()
 
 
-@pytest.fixture
-def features(request) -> dict[str, bool]:
-    """Fixture that controls the enabled features.
-
-    To use it, mark the test with the features that should be enabled. For example:
-
-    @pytest.mark.enable_features("build_secrets")
-    def test_with_build_secrets(...)
-    """
-    features = {}
-
-    for feature_marker in request.node.iter_markers("enable_features"):
-        for feature_name in feature_marker.args:
-            features[feature_name] = True
-
-    return features
-
-
 class FakeConfigModel(craft_application.ConfigModel):
     my_str: str
     my_int: int
@@ -105,29 +87,27 @@ def default_app_metadata(fake_config_model) -> craft_application.AppMetadata:
 
 
 @pytest.fixture
-def app_metadata(features, fake_config_model) -> craft_application.AppMetadata:
+def app_metadata(fake_config_model) -> craft_application.AppMetadata:
     with pytest.MonkeyPatch.context() as m:
         m.setattr(metadata, "version", lambda _: "3.14159")
         return craft_application.AppMetadata(
             "testcraft",
             "A fake app for testing craft-application",
             source_ignore_patterns=["*.snap", "*.charm", "*.starcraft"],
-            features=craft_application.AppFeatures(**features),
             docs_url="www.testcraft.example/docs/{version}",
             ConfigModel=fake_config_model,
         )
 
 
 @pytest.fixture
-def app_metadata_docs(features) -> craft_application.AppMetadata:
+def app_metadata_docs() -> craft_application.AppMetadata:
     with pytest.MonkeyPatch.context() as m:
         m.setattr(metadata, "version", lambda _: "3.14159")
         return craft_application.AppMetadata(
             "testcraft",
             "A fake app for testing craft-application",
             docs_url="http://testcraft.example",
             source_ignore_patterns=["*.snap", "*.charm", "*.starcraft"],
-            features=craft_application.AppFeatures(**features),
         )