[HDDS-7752] GetS3SecretRequest API should not return secret if secret of user already exists - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.3.0
Fix Version/s: 1.4.0
Component/s: Security
Labels:
- pull-request-available

Target Version/s:

1.4.0

Description

It's not a good security practice to get/query plain password of an existing user.

Attachments

Issue Links

relates to

HDDS-9349 Intermittent failure in TestSecureOzoneCluster#testGetSetRevokeS3Secret due to S3_SECRET_ALREADY_EXISTS

Resolved

links to

GitHub Pull Request #4538

Activity

People

Assignee:: Tejaskriya Madhan

Reporter:: Sammi Chen

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 09/Jan/23 07:24

Updated:: 25/Sep/23 16:01

Resolved:: 14/Sep/23 04:30