gingeekrishna opened a new pull request, #69398:
URL: https://github.com/apache/airflow/pull/69398
### Motivation
Closes #69396
`decrypt_remote_file_to_string` in `encryption_utils.py` calls
`shell_quote_single()` unconditionally. Single-quoting is Unix shell syntax and
does not work on Windows CMD/PowerShell, so any call targeting a Windows remote
host produced a malformed `openssl` command.
The issue author notes: *"[Note that the decrypt_remote_file function in
tpt_util.py does cater for Windows.]"* — that function already handles this
correctly via `get_remote_os()`.
### Changes
Apply the same OS-detection pattern already used in
`tpt_util.py:decrypt_remote_file`:
- Detect the remote OS via `get_remote_os(ssh_client)`
- **Windows**: wrap password in double quotes, escape embedded `"` as `""`
- **Unix/Linux**: keep existing `shell_quote_single()` behaviour (no
functional change)
```python
# Before (Unix only)
quoted_password = shell_quote_single(password)
# After (OS-aware)
remote_os = get_remote_os(ssh_client)
if remote_os == "windows":
quoted_password = '"' + password.replace('"', '""') + '"'
else:
quoted_password = shell_quote_single(password)
```
### Tests
- Updated `test_decrypt_remote_file_to_string` to mock `get_remote_os`
returning `"unix"` (no behaviour change for Unix path)
- Added `test_decrypt_remote_file_to_string_windows` to assert double-quote
escaping is used on Windows remotes, including embedded `"` characters in the
password
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]