dimas-b commented on code in PR #438:
URL: https://github.com/apache/polaris/pull/438#discussion_r1837256023
##########
polaris-core/src/main/java/org/apache/polaris/core/entity/PolarisPrincipalSecrets.java:
##########
@@ -108,11 +155,29 @@ public String getPrincipalClientId() {
return principalClientId;
}
+ public boolean matchesSecret(String potentialSecret) {
+ String potentialSecretHash = hashSecret(potentialSecret);
+ return potentialSecretHash.equals(this.mainSecretHash)
+ || potentialSecretHash.equals(this.secondarySecretHash);
Review Comment:
Well, clients will take time to update their configuration. How about we
allow plain test password even when a hash is set, but until the next password
rotation? Meaning: remove plain test passwords during rotation if hash is set.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
