Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expose resetCredentials via api to allow root user to reset credentials for one time use for an existing principal. #1047

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

Expose resetCredentials via api to allow root user to reset credentials for one time use for an existing principal. #1047

wants to merge 3 commits into from

Conversation

mansehajsingh
Copy link

  • Exposes the resetCredentials operation via the api
  • Root principal or an individual principal can now call reset for that principal to obtain a new secret pair that puts PRINCIPAL_CREDENTIAL_ROTATION_REQUIRED_STATE on principal's properties
  • Principal can only use these credentials to call rotateCredentials to obtain new client id and secret that can now be used to exercise normal privileges
  • Needs ENFORCE_PRINCIPAL_CREDENTIAL_ROTATION_REQUIRED_CHECKING to be set to true

@eric-maynard eric-maynard mentioned this pull request Mar 4, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adutra adutra Awaiting requested review from adutra adutra will be requested when the pull request is marked ready for review adutra is a code owner

@ashvina ashvina Awaiting requested review from ashvina ashvina will be requested when the pull request is marked ready for review ashvina is a code owner

@dennishuo dennishuo Awaiting requested review from dennishuo dennishuo will be requested when the pull request is marked ready for review dennishuo is a code owner

@dimas-b dimas-b Awaiting requested review from dimas-b dimas-b will be requested when the pull request is marked ready for review dimas-b is a code owner

@eric-maynard eric-maynard Awaiting requested review from eric-maynard eric-maynard will be requested when the pull request is marked ready for review eric-maynard is a code owner

@jackye1995 jackye1995 Awaiting requested review from jackye1995 jackye1995 will be requested when the pull request is marked ready for review jackye1995 is a code owner

@jbonofre jbonofre Awaiting requested review from jbonofre jbonofre will be requested when the pull request is marked ready for review jbonofre is a code owner

@vvcephei vvcephei Awaiting requested review from vvcephei vvcephei will be requested when the pull request is marked ready for review vvcephei is a code owner

@collado-mike collado-mike Awaiting requested review from collado-mike collado-mike will be requested when the pull request is marked ready for review collado-mike is a code owner

@snazy snazy Awaiting requested review from snazy snazy will be requested when the pull request is marked ready for review snazy is a code owner

@RussellSpitzer RussellSpitzer Awaiting requested review from RussellSpitzer RussellSpitzer will be requested when the pull request is marked ready for review RussellSpitzer is a code owner

@takidau takidau Awaiting requested review from takidau takidau will be requested when the pull request is marked ready for review takidau is a code owner

@MonkeyCanCode MonkeyCanCode Awaiting requested review from MonkeyCanCode MonkeyCanCode will be requested when the pull request is marked ready for review MonkeyCanCode is a code owner

@flyrain flyrain Awaiting requested review from flyrain flyrain will be requested when the pull request is marked ready for review flyrain is a code owner

@ebyhr ebyhr Awaiting requested review from ebyhr ebyhr will be requested when the pull request is marked ready for review ebyhr is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mansehajsingh