Skip to content

Ensure client_id/client_secret patterns are not enforced as before #3276

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
rmannibucau wants to merge 1 commit into
base: main
Choose a base branch
from
+1 −18
Open

Ensure client_id/client_secret patterns are not enforced as before #3276

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ request adding CHANGELOG notes for breaking (!) changes and possibly other secti
- Enhanced catalog federation with SigV4 authentication support, additional authentication types for credential vending, and location-based access restrictions to block credential vending for remote tables outside allowed location lists.
- Added `topologySpreadConstraints` support in Helm chart.
- Added support for including principal name in subscoped credentials. `INCLUDE_PRINCIPAL_NAME_IN_SUBSCOPED_CREDENTIAL` (default: false) can be used to toggle this feature. If enabled, cached credentials issued to one principal will no longer be available for others.
- Relaxed `client_id`, `client_secret` regex/pattern validation on reset endpoint call

### Changes

Expand Down
18 changes: 0 additions & 18 deletions runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisServiceImpl.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -136,18 +136,6 @@ public Response createCatalog(
return Response.status(Response.Status.CREATED).entity(newCatalog).build();
}

private void validateClientId(String clientId) {
if (!clientId.matches("^[0-9a-f]{16}$")) {
throw new IllegalArgumentException("Invalid clientId format");
}
}

private void validateClientSecret(String clientSecret) {
if (!clientSecret.matches("^[0-9a-f]{32}$")) {
throw new IllegalArgumentException("Invalid clientSecret format");
}
}

private void validateStorageConfig(StorageConfigInfo storageConfigInfo) {
List<String> allowedStorageTypes =
realmConfig.getConfig(FeatureConfiguration.SUPPORTED_CATALOG_STORAGE_TYPES);
Expand Down Expand Up @@ -304,12 +292,6 @@ public Response resetCredentials(
? resetPrincipalRequest
: new ResetPrincipalRequest(null, null);

if (safeResetPrincipalRequest.getClientId() != null) {
validateClientId(safeResetPrincipalRequest.getClientId());
}
if (safeResetPrincipalRequest.getClientSecret() != null) {
validateClientSecret(safeResetPrincipalRequest.getClientSecret());
}
return Response.ok(adminService.resetCredentials(principalName, safeResetPrincipalRequest))
.build();
}
Expand Down