Skip to content

fix: ensure proper shell quoting for parameters#837

Merged
freeznet merged 3 commits intomasterfrom
freeznet/fix-config-format
Mar 27, 2026
Merged

fix: ensure proper shell quoting for parameters#837
freeznet merged 3 commits intomasterfrom
freeznet/fix-config-format

Conversation

@freeznet
Copy link
Member

@freeznet freeznet commented Mar 26, 2026

(If this PR fixes a github issue, please add Fixes #<xyz>.)

Fixes #

(or if this PR is one task of a github issue, please add Master Issue: #<xyz> to link to the master issue.)

Master Issue: #

Motivation

Function Mesh currently builds the Java runtime startup command through bash -c and passes FunctionDetails as a single --function_details argument. The JSON payload is wrapped in single quotes, but embedded single quotes inside the payload are not escaped.

This becomes a real problem for connector configs that legitimately rely on single quotes. One concrete example is the cloud storage sink setting below:

timePartitionPattern: yyyy-MM-dd/HH'h'-mm'm'

During shell parsing, those embedded quotes are consumed instead of being preserved as literal characters. As a result, the runtime eventually sees:

yyyy-MM-dd/HHh-mmm

instead of the original value, and the sink fails to start with:

IllegalArgumentException: Too many pattern letters: m

This is not limited to timePartitionPattern. The same quoting pattern is also used when passing auth-related JSON flags such as --client_auth_params and --auth-params, which means any payload containing single quotes can be corrupted before it reaches the Pulsar runtime.

This PR fixes the issue by centralizing shell-safe quoting for literal command arguments and applying it consistently to --function_details, --client_auth_params, and admin/download auth parameter flags.

Modifications

Describe the modifications you've done.

Verifying this change

  • Make sure that the change passes the CI checks.

(Please pick either of the following options)

This change is a trivial rework / code cleanup without any test coverage.

(or)

This change is already covered by existing tests, such as (please describe tests).

(or)

This change added tests and can be verified as follows:

(example:)

  • Added integration tests for end-to-end deployment with large payloads (10MB)
  • Extended integration test for recovery after broker failure

Documentation

Check the box below.

Need to update docs?

  • doc-required

    (If you need help on updating docs, create a doc issue)

  • no-need-doc

    (Please explain why)

  • doc

    (If this PR contains doc changes)

@freeznet freeznet self-assigned this Mar 26, 2026
@freeznet freeznet requested review from a team and nlu90 as code owners March 26, 2026 10:28
@freeznet freeznet requested a review from Copilot March 26, 2026 10:28
@github-actions
Copy link

github-actions bot commented Mar 26, 2026

@freeznet:Thanks for your contribution. For this PR, do we need to update docs?
(The PR template contains info about doc, which helps others know more about the changes. Can you provide doc-related info in this and future PR descriptions? Thanks)

@github-actions github-actions bot added the doc-info-missing This pr needs to mark a document option in description label Mar 26, 2026
Copilot AI reviewed Mar 26, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes shell-parsing corruption when Function Mesh builds runtime/admin commands via bash -c by introducing a single, consistent shell-literal quoting helper and applying it to JSON/parameter arguments that may contain embedded single quotes.

Changes:

  • Added shellQuoteLiteral() to correctly single-quote literal arguments (escaping embedded ' as '"'"').
  • Applied shell-safe quoting to --function_details, --client_auth_params, and admin/download --auth-params paths (OAuth2 + generic auth).
  • Updated and extended unit tests to validate correct escaping behavior for real-world configs (e.g., timePartitionPattern containing single quotes).

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated no comments.

Show a summary per file
File Description
controllers/spec/common.go Introduces shellQuoteLiteral() and uses it for function details + auth params in shell-command construction.
api/compute/v1alpha1/common.go Adjusts OAuth2 AuthenticationParameters() to return raw JSON (quoting now handled at command construction).
controllers/spec/common_test.go Updates expected commands to use shellQuoteLiteral(); adds focused tests for quoting behavior.
controllers/spec/function_test.go Updates function-details assertions and adds sink-specific tests covering embedded quote escaping.
.gitignore Ignores repository /tmp directory.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

jiangpengcheng
jiangpengcheng previously approved these changes Mar 27, 2026
View reviewed changes
@freeznet freeznet merged commit 0012443 into master Mar 27, 2026
15 of 16 checks passed
@freeznet freeznet deleted the freeznet/fix-config-format branch March 27, 2026 08:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jiangpengcheng jiangpengcheng jiangpengcheng approved these changes

@nlu90 nlu90 Awaiting requested review from nlu90 nlu90 is a code owner

Assignees

@freeznet freeznet

Labels

doc-info-missing This pr needs to mark a document option in description

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@freeznet @jiangpengcheng