SUBMARINE-1417. Retrieve SUBMARINE_AUTH_SECRET from environment varia…

…ble instead of using hard-coded value (#1125)
apache · Apr 3, 2024 · 7a1d551 · 7a1d551
1 parent 4e68894
commit 7a1d551
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
@@ -22,6 +22,7 @@ env:
   VERSION: "0.9.0-SNAPSHOT"
   BUILD_FLAG: "clean install -ntp -DskipTests -am"
   TEST_FLAG: "test -DskipRat -ntp"
+  SUBMARINE_AUTH_SECRET: "SUBMARINE_SECRET_12345678901234567890"
 jobs:
   generate-k8s-versions-array:
     runs-on: ubuntu-latest

diff --git a/...ons/commons-utils/src/main/java/org/apache/submarine/commons/utils/SubmarineConfVars.java b/...ons/commons-utils/src/main/java/org/apache/submarine/commons/utils/SubmarineConfVars.java
@@ -23,6 +23,19 @@
 
 public class SubmarineConfVars {
   private static final Logger LOG = LoggerFactory.getLogger(SubmarineConfVars.class);
+  /**
+  * Retrieves the secret from the environment variable "SUBMARINE_AUTH_DEFAULT_SECRET".
+  * Throws runtimeException if the environment variable is not set or empty.
+  *
+  * @return The secret as a String
+  */
+  private static String getSecretFromEnv() {
+    String secret = System.getenv("SUBMARINE_AUTH_SECRET");
+    if (secret == null || secret.isEmpty()) {
+      secret = "";
+    }
+    return secret;
+  }
   public enum ConfVars {
     SUBMARINE_CONF_DIR("submarine.conf.dir", "conf"),
     SUBMARINE_LOCALIZATION_MAX_ALLOWED_FILE_SIZE_MB(
@@ -93,7 +106,7 @@ public enum ConfVars {
 
     /* auth */
     SUBMARINE_AUTH_TYPE("submarine.auth.type", "simple"),
-    SUBMARINE_AUTH_DEFAULT_SECRET("submarine.auth.default.secret", "SUBMARINE_SECRET_12345678901234567890"),
+    SUBMARINE_AUTH_DEFAULT_SECRET("submarine.auth.default.secret", getSecretFromEnv()),
     SUBMARINE_AUTH_MAX_AGE_ENV("submarine.auth.maxAge", 60 * 60 * 24);
 
     private String varName;