Skip to content

Commit b842b06

Browse files
rmannibucaurmannibucau
committed
Drop client_id/client_secret pattern validation on /reset endpoint
1 parent 2929a99 commit b842b06

File tree

3 files changed

+3
-20
lines changed

3 files changed

+3
-20
lines changed

CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -60,6 +60,7 @@ request adding CHANGELOG notes for breaking (!) changes and possibly other secti
6060
- Enhanced catalog federation with SigV4 authentication support, additional authentication types for credential vending, and location-based access restrictions to block credential vending for remote tables outside allowed location lists.
6161
- Added `topologySpreadConstraints` support in Helm chart.
6262
- Added support for including principal name in subscoped credentials. `INCLUDE_PRINCIPAL_NAME_IN_SUBSCOPED_CREDENTIAL` (default: false) can be used to toggle this feature. If enabled, cached credentials issued to one principal will no longer be available for others.
63+
- Relaxed `client_id`, `client_secret` regex/pattern validation on reset endpoint call
6364

6465
### Changes
6566

runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisServiceImpl.java

Lines changed: 0 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -136,18 +136,6 @@ public Response createCatalog(
136136
return Response.status(Response.Status.CREATED).entity(newCatalog).build();
137137
}
138138

139-
private void validateClientId(String clientId) {
140-
if (!clientId.matches("^[0-9a-f]{16}$")) {
141-
throw new IllegalArgumentException("Invalid clientId format");
142-
}
143-
}
144-
145-
private void validateClientSecret(String clientSecret) {
146-
if (!clientSecret.matches("^[0-9a-f]{32}$")) {
147-
throw new IllegalArgumentException("Invalid clientSecret format");
148-
}
149-
}
150-
151139
private void validateStorageConfig(StorageConfigInfo storageConfigInfo) {
152140
List<String> allowedStorageTypes =
153141
realmConfig.getConfig(FeatureConfiguration.SUPPORTED_CATALOG_STORAGE_TYPES);
@@ -304,12 +292,6 @@ public Response resetCredentials(
304292
? resetPrincipalRequest
305293
: new ResetPrincipalRequest(null, null);
306294

307-
if (safeResetPrincipalRequest.getClientId() != null) {
308-
validateClientId(safeResetPrincipalRequest.getClientId());
309-
}
310-
if (safeResetPrincipalRequest.getClientSecret() != null) {
311-
validateClientSecret(safeResetPrincipalRequest.getClientSecret());
312-
}
313295
return Response.ok(adminService.resetCredentials(principalName, safeResetPrincipalRequest))
314296
.build();
315297
}

site/content/in-dev/unreleased/configuration.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,7 @@ read-only mode, as Polaris only reads the configuration file once, at startup.
8383

8484
| Configuration Property | Default Value | Description |
8585
|----------------------------------------------------------------------------------------|-------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
86-
| `polaris.persistence.type` | `relational-jdbc` | Define the persistence backend used by Polaris (`in-memory`, `relational-jdbc`). See [Configuring Apache Polaris for Production)[{{% ref "configuring-polaris-for-production.md" %}}) |
86+
| `polaris.persistence.type` | `relational-jdbc` | Define the persistence backend used by Polaris (`in-memory`, `relational-jdbc`). See [Configuring Apache Polaris for Production)[{{% ref "configuring-polaris-for-production.md" %}}) |
8787
| `polaris.persistence.relational.jdbc.max-retries` | `1` | Total number of retries JDBC persistence will attempt on connection resets or serialization failures before giving up. |
8888
| `polaris.persistence.relational.jdbc.max_duaration_in_ms` | `5000 ms` | Max time interval (ms) since the start of a transaction when retries can be attempted. |
8989
| `polaris.persistence.relational.jdbc.initial_delay_in_ms` | `100 ms` | Initial delay before retrying. The delay is doubled after each retry. |
@@ -158,7 +158,7 @@ read-only mode, as Polaris only reads the configuration file once, at startup.
158158
| `polaris.rate-limiter.token-bucket.type` | `default` | Define the token bucket rate limiter. |
159159
| `polaris.rate-limiter.token-bucket.requests-per-second` | `9999` | Define the number of requests per second for the token bucket rate limiter. |
160160
| `polaris.rate-limiter.token-bucket.window` | `PT10S` | Define the window type for the token bucket rate limiter. |
161-
| `polaris.metrics.tags.<tag-name>=<tag-value>` | `application=Polaris` | Define arbitrary metric tags to include in every request. |
161+
| `polaris.metrics.tags.<tag-name>=<tag-value>` | `application=Polaris` | Define arbitrary metric tags to include in every request. |
162162
| `polaris.metrics.realm-id-tag.api-metrics-enabled` | `false` | Whether to enable the `realm_id` metric tag in API metrics. |
163163
| `polaris.metrics.realm-id-tag.http-metrics-enabled` | `false` | Whether to enable the `realm_id` metric tag in HTTP request metrics. |
164164
| `polaris.metrics.realm-id-tag.http-metrics-max-cardinality` | `100` | The maximum cardinality for the `realm_id` tag in HTTP request metrics. |

0 commit comments

Comments
 (0)