nzw921rx opened a new pull request, #10595: URL: https://github.com/apache/seatunnel/pull/10595
## Purpose of this pull request Fix [#10590](https://github.com/apache/seatunnel/issues/10590). When submitting a job via REST API with `shade.identifier` configured in the env section, `ConfigShadeUtils.decryptConfig()` is only invoked for JSON format submissions. HOCON format, SQL format, and the upload-file endpoint (`/submit-job/upload`) all skip the decryption step, causing `shade.identifier` and encrypted values to be silently ignored. **Root cause:** - In `JobInfoService.submitJob(Map, byte[])`, the HOCON and SQL branches call `ConfigFactory.parseString()` / `SqlConfigBuilder.of()` without calling `ConfigShadeUtils.decryptConfig()`. The JSON branch works because `RestUtil.buildConfig()` → `ConfigBuilder.of(Map, boolean)` internally calls it. - In `SubmitJobByUploadFileServlet.doPost()`, no format calls `decryptConfig()` before passing the config to `jobInfoService.submitJob(Map, Config)`. **Fix:** - Added `ConfigShadeUtils.decryptConfig(config)` after config parsing in HOCON and SQL branches of `JobInfoService.submitJob()`. - Added `ConfigShadeUtils.decryptConfig(config)` after the format switch in `SubmitJobByUploadFileServlet.doPost()`. | Endpoint | Format | Before | After | |---|---|---|---| | `POST /submit-job` | JSON (default) | ✅ | ✅ | | `POST /submit-job?format=hocon` | HOCON | ❌ | ✅ | | `POST /submit-job?format=sql` | SQL | ❌ | ✅ | | `POST /submit-job/upload` | ALL | ❌ | ✅ | ## Does this PR introduce _any_ user-facing change? No new user-facing change. This PR fixes existing behavior so that `shade.identifier` (e.g. `base64`) correctly decrypts sensitive config values (like `password`, `username`) for HOCON, SQL, and upload-file submissions — matching the behavior that JSON format already had. ## How was this patch tested? Added integration test `RestApiSubmitJobConfigShadeDecryptTest` that starts a real Hazelcast + Jetty REST server and verifies the following scenarios end-to-end: 1. `testSubmitJobWithHoconFormatDecryptsConfig` — POST `/submit-job?format=hocon` with base64-encrypted `username`/`password` and `shade.identifier = "base64"`, asserts HTTP 200 with `jobId`. 2. `testSubmitJobWithSqlFormatDecryptsConfig` — POST `/submit-job?format=sql` with the same encrypted values, asserts HTTP 200 with `jobId`. 3. `testSubmitJobByUploadHoconFileDecryptsConfig` — POST multipart `/submit-job/upload` with `.conf` file, asserts HTTP 200 with `jobId`. ## Check list * [x] No new Jar binary package added. * [x] No documentation update needed (bug fix for existing behavior). * [x] No incompatible change. * [x] Not a connector code contribution. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
