uce opened a new pull request, #24856:
URL: https://github.com/apache/flink/pull/24856
## What is the purpose of the change
The purpose of this change is to limit multipart requests to POST endpoints
and file upload endpoint. Prior to this change, any request could be a
multipart request (and upload a file).
With this change, the behavior of `FileUploadHandler` will be as follows:
1. Only accept a multipart request if the endpoint handler accepts POST
requests.
2. Only accept a file upload if the endpoint handler accept file uploads.
Note that there multipart requests can mix file uploads with regular
requests.
## Brief change log
- Add `MultipartRoutes` in the `*.router` package for re-use of existing
path patterns utilities.
- Factor out `RestServerEndpoint#getHandlerUrls(RestHandlerSpecification)`
in order to ensure that we have a consistent way of getting the registered
endpoint URLs.
- Add `MultipartRoutes` to `FileUploadHandler` and populate from handler
list in `RestServerEndpoint`.
- Validate that all multipart requests go to a POST endpoint.
- Validate that file uploads go to a endpoint that accepts file uploads.
## Verifying this change
This change is already covered by existing tests, such as
`RestServerEndpointITCase` and `FileUploadHandlerITCase`. I made minor
additions to these tests.
I manually verified that I can submit jobs via `bin/flink run` and `curl`
both when web sumission is enabled and disabled.
The following gets logged in DEBUG on startup:
When web submission enabled:
```
DEBUG org.apache.flink.runtime.dispatcher.DispatcherRestEndpoint [] -
Using MultipartRoutes{postRoutes=[v1/jars/upload, jars/upload,
v1/jars/:jarid/plan, jars/:jarid/plan, v1/jars/:jarid/run, jars/:jarid/run,
v1/jobs, jobs, v1/jobs/:jobid/checkpoints, jobs/:jobid/checkpoints,
v1/jobs/:jobid/coordinators/:operatorid, jobs/:jobid/coordinators/:operatorid,
v1/jobs/:jobid/savepoints, jobs/:jobid/savepoints, v1/jobs/:jobid/stop,
jobs/:jobid/stop, v1/savepoint-disposal, savepoint-disposal],
fileUploadRoutes=[v1/jars/upload, jars/upload, v1/jobs, jobs]} for
FileUploadHandler
```
When web submission disabled:
```
DEBUG org.apache.flink.runtime.dispatcher.DispatcherRestEndpoint [] -
Using MultipartRoutes{postRoutes=[v1/jobs, jobs, v1/jobs/:jobid/checkpoints,
jobs/:jobid/checkpoints, v1/jobs/:jobid/coordinators/:operatorid,
jobs/:jobid/coordinators/:operatorid, v1/jobs/:jobid/savepoints,
jobs/:jobid/savepoints, v1/jobs/:jobid/stop, jobs/:jobid/stop,
v1/savepoint-disposal, savepoint-disposal], fileUploadRoutes=[v1/jobs, jobs]}
for FileUploadHandler
```
When trying to upload a JAR with web submission disabled:
```
$ curl -X POST -H "Expect:" -F
"jarfile=@examples/streaming/StateMachineExample.jar"
http://localhost:8081/jars/upload
{"errors":["POST request not allowed"]}
```
## Does this pull request potentially affect one of the following parts:
- Dependencies (does it add or upgrade a dependency): no
- The public API, i.e., is any changed class annotated with
`@Public(Evolving)`: no
- The serializers: no
- The runtime per-record code paths (performance sensitive): no
- Anything that affects deployment or recovery: yes (REST API for job and
JAR submission)
- The S3 file system connector: no
## Documentation
- Does this pull request introduce a new feature? no
- If yes, how is the feature documented? docs
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
