fivetran-arunsuri commented on code in PR #2197:
URL: https://github.com/apache/polaris/pull/2197#discussion_r2289216006
##########
persistence/relational-jdbc/src/main/java/org/apache/polaris/persistence/relational/jdbc/JdbcBasePersistenceImpl.java:
##########
@@ -773,6 +773,73 @@ public PolarisPrincipalSecrets generateNewPrincipalSecrets(
return principalSecrets;
}
+ @Nullable
+ @Override
+ public PolarisPrincipalSecrets resetPrincipalSecrets(
+ @Nonnull PolarisCallContext callCtx,
+ @Nonnull String clientId,
+ long principalId,
+ String customClientId,
+ String customClientSecret,
+ boolean customReset) {
+ PolarisPrincipalSecrets principalSecrets = loadPrincipalSecrets(callCtx,
clientId);
+
+ // should be found
+ callCtx
+ .getDiagServices()
+ .checkNotNull(
+ principalSecrets,
+ "cannot_find_secrets",
+ "client_id={} principalId={}",
+ clientId,
+ principalId);
+
+ // ensure principal id is matching
+ callCtx
+ .getDiagServices()
+ .check(
+ principalId == principalSecrets.getPrincipalId(),
+ "principal_id_mismatch",
+ "expectedId={} id={}",
+ principalId,
+ principalSecrets.getPrincipalId());
+
+ if (customReset) {
+ principalSecrets =
+ new PolarisPrincipalSecrets(
+ principalSecrets.getPrincipalId(), customClientId,
customClientSecret, null);
+ } else {
+ principalSecrets.rotateSecrets(principalSecrets.getMainSecretHash());
Review Comment:
> reusing values from the old one if they did not get reset
@dimas-b Only thing changed here as per your suggestion is kept the clientId
as same if not set but regenerate random secret if not set for security reasons
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@polaris.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
