SUBMARINE-1417. Retrieve SUBMARINE_AUTH_SECRET from environment variable instead of using hard-coded value (#1125)
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index a2204ac..f6da43c 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -22,6 +22,7 @@
VERSION: "0.9.0-SNAPSHOT"
BUILD_FLAG: "clean install -ntp -DskipTests -am"
TEST_FLAG: "test -DskipRat -ntp"
+ SUBMARINE_AUTH_SECRET: "SUBMARINE_SECRET_12345678901234567890"
jobs:
generate-k8s-versions-array:
runs-on: ubuntu-latest
diff --git a/submarine-commons/commons-utils/src/main/java/org/apache/submarine/commons/utils/SubmarineConfVars.java b/submarine-commons/commons-utils/src/main/java/org/apache/submarine/commons/utils/SubmarineConfVars.java
index f778bf5..fb4b20c 100644
--- a/submarine-commons/commons-utils/src/main/java/org/apache/submarine/commons/utils/SubmarineConfVars.java
+++ b/submarine-commons/commons-utils/src/main/java/org/apache/submarine/commons/utils/SubmarineConfVars.java
@@ -23,6 +23,19 @@
public class SubmarineConfVars {
private static final Logger LOG = LoggerFactory.getLogger(SubmarineConfVars.class);
+ /**
+ * Retrieves the secret from the environment variable "SUBMARINE_AUTH_DEFAULT_SECRET".
+ * Throws runtimeException if the environment variable is not set or empty.
+ *
+ * @return The secret as a String
+ */
+ private static String getSecretFromEnv() {
+ String secret = System.getenv("SUBMARINE_AUTH_SECRET");
+ if (secret == null || secret.isEmpty()) {
+ secret = "";
+ }
+ return secret;
+ }
public enum ConfVars {
SUBMARINE_CONF_DIR("submarine.conf.dir", "conf"),
SUBMARINE_LOCALIZATION_MAX_ALLOWED_FILE_SIZE_MB(
@@ -93,7 +106,7 @@
/* auth */
SUBMARINE_AUTH_TYPE("submarine.auth.type", "simple"),
- SUBMARINE_AUTH_DEFAULT_SECRET("submarine.auth.default.secret", "SUBMARINE_SECRET_12345678901234567890"),
+ SUBMARINE_AUTH_DEFAULT_SECRET("submarine.auth.default.secret", getSecretFromEnv()),
SUBMARINE_AUTH_MAX_AGE_ENV("submarine.auth.maxAge", 60 * 60 * 24);
private String varName;
