From cefe2ad7c62ef69bec5ca3098acabe1c199ebbf8 Mon Sep 17 00:00:00 2001 From: laiyousin Date: Tue, 26 Mar 2024 22:19:20 -0400 Subject: [PATCH] SUBMARINE-1417. Retrieve SUBMARINE_AUTH_SECRET from environment variable instead of using hard-coded value --- .github/workflows/master.yml | 1 + .../commons/utils/SubmarineConfVars.java | 17 ++++++++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index a2204ac33..192fa6db3 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -22,6 +22,7 @@ env: VERSION: "0.9.0-SNAPSHOT" BUILD_FLAG: "clean install -ntp -DskipTests -am" TEST_FLAG: "test -DskipRat -ntp" + SUBMARINE_AUTH_DEFAULT_SECRET: "SUBMARINE_SECRET_12345678901234567890" jobs: generate-k8s-versions-array: runs-on: ubuntu-latest diff --git a/submarine-commons/commons-utils/src/main/java/org/apache/submarine/commons/utils/SubmarineConfVars.java b/submarine-commons/commons-utils/src/main/java/org/apache/submarine/commons/utils/SubmarineConfVars.java index f778bf5bd..eee0d863e 100644 --- a/submarine-commons/commons-utils/src/main/java/org/apache/submarine/commons/utils/SubmarineConfVars.java +++ b/submarine-commons/commons-utils/src/main/java/org/apache/submarine/commons/utils/SubmarineConfVars.java @@ -23,6 +23,21 @@ public class SubmarineConfVars { private static final Logger LOG = LoggerFactory.getLogger(SubmarineConfVars.class); + /** + * Retrieves the secret from the environment variable "SUBMARINE_AUTH_DEFAULT_SECRET". + * Throws runtimeException if the environment variable is not set or empty. + * + * @return The secret as a String + */ + private static String getSecretFromEnv() { + String secret = System.getenv("SUBMARINE_AUTH_SECRET"); + if (secret == null || secret.isEmpty()) { + throw new RuntimeException( + "Environment variable SUBMARINE_JWT_SECRET is not set." + + "Please configure a secure key."); + } + return secret; + } public enum ConfVars { SUBMARINE_CONF_DIR("submarine.conf.dir", "conf"), SUBMARINE_LOCALIZATION_MAX_ALLOWED_FILE_SIZE_MB( @@ -93,7 +108,7 @@ public enum ConfVars { /* auth */ SUBMARINE_AUTH_TYPE("submarine.auth.type", "simple"), - SUBMARINE_AUTH_DEFAULT_SECRET("submarine.auth.default.secret", "SUBMARINE_SECRET_12345678901234567890"), + SUBMARINE_AUTH_DEFAULT_SECRET("submarine.auth.default.secret", getSecretFromEnv()), SUBMARINE_AUTH_MAX_AGE_ENV("submarine.auth.maxAge", 60 * 60 * 24); private String varName;