eric-maynard commented on code in PR #438:
URL: https://github.com/apache/polaris/pull/438#discussion_r1837260504
##########
polaris-core/src/main/java/org/apache/polaris/core/entity/PolarisPrincipalSecrets.java:
##########
@@ -108,11 +155,29 @@ public String getPrincipalClientId() {
return principalClientId;
}
+ public boolean matchesSecret(String potentialSecret) {
+ String potentialSecretHash = hashSecret(potentialSecret);
+ return potentialSecretHash.equals(this.mainSecretHash)
+ || potentialSecretHash.equals(this.secondarySecretHash);
Review Comment:
The way it works right now is this:
1. As soon as you `rotate-credentials`, the plaintext secret is wiped from
the metastore. Atomically with this, the hash of that secret is added as the
secondary hash
2. You can still authenticate with the old credential (it checks against
that hash) until you `rotate-credentials` again, at which point the secondary
secret is gone. The client still sends the full secret, but it's not persisted.
I think this is the correct behavior ***iff*** we want to have secrets be
valid after one `rotate-credentials` but not after two.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
