Re: [PR] Require explict user-consent to enable HadoopFileIO [polaris]

Mon, 12 May 2025 14:42:44 -0700 


adutra commented on code in PR #1532:
URL: https://github.com/apache/polaris/pull/1532#discussion_r2085539503


##########
quarkus/service/src/main/java/org/apache/polaris/service/quarkus/config/ProductionReadinessChecks.java:
##########
@@ -176,4 +210,71 @@ public ProductionReadinessCheck checkPolarisEventListener(
   private static String authRealmSegment(String realm) {
     return realm.equals(QuarkusAuthenticationConfiguration.DEFAULT_REALM_KEY) 
? "" : realm + ".";
   }
+
+  @Produces
+  public ProductionReadinessCheck checkInsecureStorageSettings(
+      FeaturesConfiguration featureConfiguration) {
+    var insecure = FeatureConfiguration.ALLOW_INSECURE_STORAGE_TYPES;
+
+    var errors = new ArrayList<Error>();
+    if 
(Boolean.parseBoolean(featureConfiguration.defaults().get(insecure.key))) {
+      errors.add(
+          Error.ofSevere(
+              "Must not enable a configuration that exposes known and severe 
security risks: "
+                  + insecure.description,
+              format("polaris.features.defaults.\"%s\"", insecure.key)));
+    }
+
+    featureConfiguration
+        .realmOverrides()
+        .forEach(
+            (realmId, overrides) -> {
+              if 
(Boolean.parseBoolean(overrides.overrides().get(insecure.key))) {
+                errors.add(
+                    Error.ofSevere(
+                        "Must not enable a configuration that exposes known 
and severe security risks: "
+                            + insecure.description,
+                        format(
+                            
"polaris.features.realm-overrides.\"%s\".overrides.\"%s\"",
+                            realmId, insecure.key)));
+              }
+            });
+
+    var storageTypes = FeatureConfiguration.SUPPORTED_CATALOG_STORAGE_TYPES;
+    var mapper = new ObjectMapper();
+    var defaults = featureConfiguration.parseDefaults(mapper);
+    var realmOverrides = featureConfiguration.parseRealmOverrides(mapper);
+    @SuppressWarnings("unchecked")
+    var supported = (List<String>) defaults.getOrDefault(storageTypes.key, 
List.of());
+    supported.stream()
+        .filter(n -> !IcebergPropertiesValidation.safeStorageType(n))
+        .forEach(
+            t ->
+                errors.add(
+                    Error.ofSevere(
+                        format(
+                            "The storage type '%s' is considered insecure and 
to expose the service to severe security ricks!",
+                            t),
+                        format("polaris.features.defaults.\"%s\"", 
storageTypes.key))));
+    realmOverrides.forEach(
+        (realmId, overrides) -> {
+          @SuppressWarnings("unchecked")
+          var s = (List<String>) overrides.getOrDefault(storageTypes.key, 
List.of());
+          s.stream()
+              .filter(n -> !IcebergPropertiesValidation.safeStorageType(n))
+              .forEach(
+                  t ->
+                      errors.add(
+                          Error.ofSevere(
+                              format(
+                                  "The storage type '%s' is considered 
insecure and to expose the service to severe security ricks!",

Review Comment:
   ```suggestion
                                     "The storage type '%s' is considered 
insecure and exposes the service to severe security risks!",
   ```



##########
quarkus/service/src/main/java/org/apache/polaris/service/quarkus/config/ProductionReadinessChecks.java:
##########
@@ -176,4 +210,71 @@ public ProductionReadinessCheck checkPolarisEventListener(
   private static String authRealmSegment(String realm) {
     return realm.equals(QuarkusAuthenticationConfiguration.DEFAULT_REALM_KEY) 
? "" : realm + ".";
   }
+
+  @Produces
+  public ProductionReadinessCheck checkInsecureStorageSettings(
+      FeaturesConfiguration featureConfiguration) {
+    var insecure = FeatureConfiguration.ALLOW_INSECURE_STORAGE_TYPES;
+
+    var errors = new ArrayList<Error>();
+    if 
(Boolean.parseBoolean(featureConfiguration.defaults().get(insecure.key))) {
+      errors.add(
+          Error.ofSevere(
+              "Must not enable a configuration that exposes known and severe 
security risks: "
+                  + insecure.description,
+              format("polaris.features.defaults.\"%s\"", insecure.key)));
+    }
+
+    featureConfiguration
+        .realmOverrides()
+        .forEach(
+            (realmId, overrides) -> {
+              if 
(Boolean.parseBoolean(overrides.overrides().get(insecure.key))) {
+                errors.add(
+                    Error.ofSevere(
+                        "Must not enable a configuration that exposes known 
and severe security risks: "
+                            + insecure.description,
+                        format(
+                            
"polaris.features.realm-overrides.\"%s\".overrides.\"%s\"",
+                            realmId, insecure.key)));
+              }
+            });
+
+    var storageTypes = FeatureConfiguration.SUPPORTED_CATALOG_STORAGE_TYPES;
+    var mapper = new ObjectMapper();
+    var defaults = featureConfiguration.parseDefaults(mapper);
+    var realmOverrides = featureConfiguration.parseRealmOverrides(mapper);
+    @SuppressWarnings("unchecked")
+    var supported = (List<String>) defaults.getOrDefault(storageTypes.key, 
List.of());
+    supported.stream()
+        .filter(n -> !IcebergPropertiesValidation.safeStorageType(n))
+        .forEach(
+            t ->
+                errors.add(
+                    Error.ofSevere(
+                        format(
+                            "The storage type '%s' is considered insecure and 
to expose the service to severe security ricks!",

Review Comment:
   ```suggestion
                               "The storage type '%s' is considered insecure 
and exposes the service to severe security risks!",
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@polaris.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to