add a FF

Author: fivetran-arunsuri

polaris-core/src/main/java/org/apache/polaris/core/config/FeatureConfiguration.java

@@ -367,4 +367,13 @@ public static void enforceFeatureEnabledOrThrow(
                   + "it is still possible to enforce the uniqueness of table locations within a catalog.")
           .defaultValue(false)
           .buildFeatureConfiguration();
+
+  public static final FeatureConfiguration<Boolean> ENABLE_CREDENTIAL_RESET =
+      PolarisConfiguration.<Boolean>builder()
+          .key("ENABLE_CREDENTIAL_RESET")
+          .description(
+              "Flag to enable or disable the API to reset principal credentials. "
+                  + "Defaults to enabled, but service providers may want to disable it.")
+          .defaultValue(true)
+          .buildFeatureConfiguration();
 }

runtime/defaults/src/main/resources/application.properties

@@ -116,6 +116,7 @@ polaris.features."SUPPORTED_CATALOG_STORAGE_TYPES"=["S3","GCS","AZURE"]
 # polaris.features."ENABLE_CATALOG_FEDERATION"=true
 polaris.features."SUPPORTED_CATALOG_CONNECTION_TYPES"=["ICEBERG_REST"]
 polaris.features."SUPPORTED_EXTERNAL_CATALOG_AUTHENTICATION_TYPES"=["OAUTH", "BEARER"]
+polaris.features."ENABLE_CREDENTIAL_RESET"=true
 
 # realm overrides
 # polaris.features.realm-overrides."my-realm"."SKIP_CREDENTIAL_SUBSCOPING_INDIRECTION"=true

runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisAdminService.java

@@ -1181,6 +1181,8 @@ public void deletePrincipal(String name) {
 
   public @Nonnull PrincipalWithCredentials resetCredentials(
       String principalName, ResetPrincipalRequest resetPrincipalRequest) {
+    FeatureConfiguration.enforceFeatureEnabledOrThrow(
+        realmConfig, FeatureConfiguration.ENABLE_CREDENTIAL_RESET);
     PolarisAuthorizableOperation op = PolarisAuthorizableOperation.RESET_CREDENTIALS;
     authorizeBasicTopLevelEntityOperationOrThrow(op, principalName, PolarisEntityType.PRINCIPAL);
     var customClientId = resetPrincipalRequest.getClientId();