fix: ensure proper shell quoting for parameters

[freeznet]

(If this PR fixes a github issue, please add Fixes #<xyz>.)

Fixes #

(or if this PR is one task of a github issue, please add Master Issue: #<xyz> to link to the master issue.)

Master Issue: #

Motivation

Function Mesh currently builds the Java runtime startup command through bash -c and passes FunctionDetails as a single --function_details argument. The JSON payload is wrapped in single quotes, but embedded single quotes inside the payload are not escaped.

This becomes a real problem for connector configs that legitimately rely on single quotes. One concrete example is the cloud storage sink setting below:

timePartitionPattern: yyyy-MM-dd/HH'h'-mm'm'

During shell parsing, those embedded quotes are consumed instead of being preserved as literal characters. As a result, the runtime eventually sees:

yyyy-MM-dd/HHh-mmm

instead of the original value, and the sink fails to start with:

IllegalArgumentException: Too many pattern letters: m

This is not limited to timePartitionPattern. The same quoting pattern is also used when passing auth-related JSON flags such as --client_auth_params and --auth-params, which means any payload containing single quotes can be corrupted before it reaches the Pulsar runtime.

This PR fixes the issue by centralizing shell-safe quoting for literal command arguments and applying it consistently to --function_details, --client_auth_params, and admin/download auth parameter flags.

Modifications

Describe the modifications you've done.

Verifying this change

• Make sure that the change passes the CI checks.

(Please pick either of the following options)

This change is a trivial rework / code cleanup without any test coverage.

(or)

This change is already covered by existing tests, such as (please describe tests).

(or)

This change added tests and can be verified as follows:

(example:)

• Added integration tests for end-to-end deployment with large payloads (10MB)
• Extended integration test for recovery after broker failure

Documentation

Check the box below.

Need to update docs?

• doc-required

  (If you need help on updating docs, create a doc issue)

• no-need-doc

  (Please explain why)

• doc

  (If this PR contains doc changes)

[github-actions]

@freeznet:Thanks for your contribution. For this PR, do we need to update docs?
(The PR template contains info about doc, which helps others know more about the changes. Can you provide doc-related info in this and future PR descriptions? Thanks)

[Copilot]

Pull request overview

This PR fixes shell-parsing corruption when Function Mesh builds runtime/admin commands via bash -c by introducing a single, consistent shell-literal quoting helper and applying it to JSON/parameter arguments that may contain embedded single quotes.

Changes:

• Added shellQuoteLiteral() to correctly single-quote literal arguments (escaping embedded ' as '"'"').
• Applied shell-safe quoting to --function_details, --client_auth_params, and admin/download --auth-params paths (OAuth2 + generic auth).
• Updated and extended unit tests to validate correct escaping behavior for real-world configs (e.g., timePartitionPattern containing single quotes).

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
controllers/spec/common.go	Introduces shellQuoteLiteral() and uses it for function details + auth params in shell-command construction.
api/compute/v1alpha1/common.go	Adjusts OAuth2 AuthenticationParameters() to return raw JSON (quoting now handled at command construction).
controllers/spec/common_test.go	Updates expected commands to use shellQuoteLiteral(); adds focused tests for quoting behavior.
controllers/spec/function_test.go	Updates function-details assertions and adds sink-specific tests covering embedded quote escaping.
.gitignore	Ignores repository /tmp directory.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.