rohangoli opened a new pull request, #2805: URL: https://github.com/apache/polaris/pull/2805
### What changes were proposed in this pull request? - Support Ignore SSL Verification for S3-Compatible Storage (S3 Endpoint, STS Endpoint) for Development/Test Purposes https://github.com/apache/polaris/discussions/2705 - Add getting-started/minio-https example for MinIO (HTTPS) using Self-Signed Certificates with Polaris for Development ### Why are the changes needed? - Unable to create table with HTTPS (self-signed certificates) ``` curl --location 'http://localhost:8181/api/catalog/v1/quickstart_catalog/namespaces/minio_polaris_ns/tables' \ -H "Authorization: Bearer $TOKEN" \ -H 'Content-Type: application/json' \ -H 'Polaris-Realm: POLARIS' \ --data '{ "name": "minio_polaris_ns_table01", "schema": { "type": "struct", "fields": [ { "id": 0, "name": "id", "type": "string", "required": true, "doc": "car model" }, { "id": 1, "name": "first_name", "type": "string", "required": true, "doc": "first name" } ] } }' | jq { "error": { "message": "Unable to execute HTTP request: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (SDK Attempt Count: 6)", "type": "SdkClientException", "code": 500 } } ``` Polaris Logs: ``` polaris-1 | 2025-10-13 15:20:52,403 INFO [io.qua.htt.access-log] [a97e3793-1931-405c-aa0d-b402ebb7b4dc_0000000000000000007,POLARIS] [,,,] (executor-thread-1) 172.18.0.1 - root [13/Oct/2025:15:20:52 +0000] "GET /api/catalog/v1/quickstart_catalog/namespaces HTTP/1.1" 200 60 polaris-1 | 2025-10-13 15:21:05,522 INFO [org.apa.pol.ser.cat.ice.IcebergCatalogHandler] [a97e3793-1931-405c-aa0d-b402ebb7b4dc_0000000000000000008,POLARIS] [,,,] (executor-thread-1) Initializing non-federated catalog polaris-1 | 2025-10-13 15:21:05,530 INFO [org.apa.ice.BaseMetastoreCatalog] [a97e3793-1931-405c-aa0d-b402ebb7b4dc_0000000000000000008,POLARIS] [,,,] (executor-thread-1) Table properties set at catalog level through catalog properties: {} polaris-1 | 2025-10-13 15:21:05,533 INFO [org.apa.ice.BaseMetastoreCatalog] [a97e3793-1931-405c-aa0d-b402ebb7b4dc_0000000000000000008,POLARIS] [,,,] (executor-thread-1) Table properties enforced at catalog level through catalog properties: {} polaris-1 | 2025-10-13 15:21:05,717 WARN [org.apa.pol.ser.con.ServiceProducers] [a97e3793-1931-405c-aa0d-b402ebb7b4dc_0000000000000000008,POLARIS] [,,,] (executor-thread-1) Creating HTTP client with SSL certificate verification disabled. Use only in development! polaris-1 | 2025-10-13 15:21:05,791 INFO [org.apa.ice.CatalogUtil] [a97e3793-1931-405c-aa0d-b402ebb7b4dc_0000000000000000008,POLARIS] [,,,] (executor-thread-1) Loading custom FileIO implementation: org.apache.iceberg.aws.s3.S3FileIO polaris-1 | 2025-10-13 15:21:06,177 INFO [org.apa.pol.ser.cat.io.s3.ReflectionS3ClientInjector] [a97e3793-1931-405c-aa0d-b402ebb7b4dc_0000000000000000008,POLARIS] [,,,] (executor-thread-1) Successfully injected S3Client into org.apache.iceberg.aws.s3.S3FileIO polaris-1 | 2025-10-13 15:21:06,178 INFO [org.apa.pol.ser.cat.io.DefaultFileIOFactory] [a97e3793-1931-405c-aa0d-b402ebb7b4dc_0000000000000000008,POLARIS] [,,,] (executor-thread-1) Injected insecure S3Client into Iceberg S3FileIO for ioImpl=org.apache.iceberg.aws.s3.S3FileIO polaris-1 | 2025-10-13 15:21:08,723 INFO [org.apa.pol.ser.exc.IcebergExceptionMapper] [a97e3793-1931-405c-aa0d-b402ebb7b4dc_0000000000000000008,POLARIS] [,,,] (executor-thread-1) Handling runtimeException Unable to execute HTTP request: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (SDK Attempt Count: 6) polaris-1 | 2025-10-13 15:21:08,733 ERROR [org.apa.pol.ser.exc.IcebergExceptionMapper] [a97e3793-1931-405c-aa0d-b402ebb7b4dc_0000000000000000008,POLARIS] [,,,] (executor-thread-1) Unhandled exception returning INTERNAL_SERVER_ERROR: software.amazon.awssdk.core.exception.SdkClientException: Unable to execute HTTP request: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (SDK Attempt Count: 6) polaris-1 | at software.amazon.awssdk.core.exception.SdkClientException$BuilderImpl.build(SdkClientException.java:130) polaris-1 | at software.amazon.awssdk.core.exception.SdkClientException$BuilderImpl.build(SdkClientException.java:95) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.stages.utils.RetryableStageHelper.retryPolicyDisallowedRetryException(RetryableStageHelper.java:168) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.stages.RetryableStage.execute(RetryableStage.java:73) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.stages.RetryableStage.execute(RetryableStage.java:36) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.RequestPipelineBuilder$ComposingRequestPipelineStage.execute(RequestPipelineBuilder.java:206) polaris-1 | at software.amazon.awssdk.core.internal.http.StreamManagingStage.execute(StreamManagingStage.java:53) polaris-1 | at software.amazon.awssdk.core.internal.http.StreamManagingStage.execute(StreamManagingStage.java:35) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallTimeoutTrackingStage.executeWithTimer(ApiCallTimeoutTrackingStage.java:82) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallTimeoutTrackingStage.execute(ApiCallTimeoutTrackingStage.java:62) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallTimeoutTrackingStage.execute(ApiCallTimeoutTrackingStage.java:43) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallMetricCollectionStage.execute(ApiCallMetricCollectionStage.java:50) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallMetricCollectionStage.execute(ApiCallMetricCollectionStage.java:32) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.RequestPipelineBuilder$ComposingRequestPipelineStage.execute(RequestPipelineBuilder.java:206) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.RequestPipelineBuilder$ComposingRequestPipelineStage.execute(RequestPipelineBuilder.java:206) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.stages.ExecutionFailureExceptionReportingStage.execute(ExecutionFailureExceptionReportingStage.java:37) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.stages.ExecutionFailureExceptionReportingStage.execute(ExecutionFailureExceptionReportingStage.java:26) polaris-1 | at software.amazon.awssdk.core.internal.http.AmazonSyncHttpClient$RequestExecutionBuilderImpl.execute(AmazonSyncHttpClient.java:210) polaris-1 | at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.invoke(BaseSyncClientHandler.java:103) polaris-1 | at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.doExecute(BaseSyncClientHandler.java:173) polaris-1 | at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$1(BaseSyncClientHandler.java:80) polaris-1 | at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:182) polaris-1 | at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:74) polaris-1 | at software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:45) polaris-1 | at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:53) polaris-1 | at software.amazon.awssdk.services.s3.DefaultS3Client.putObject(DefaultS3Client.java:11883) polaris-1 | at org.apache.iceberg.aws.s3.S3OutputStream.completeUploads(S3OutputStream.java:443) polaris-1 | at org.apache.iceberg.aws.s3.S3OutputStream.close(S3OutputStream.java:269) polaris-1 | at org.apache.iceberg.aws.s3.S3OutputStream.close(S3OutputStream.java:255) polaris-1 | at java.base/sun.nio.cs.StreamEncoder.implClose(StreamEncoder.java:435) polaris-1 | at java.base/sun.nio.cs.StreamEncoder.lockedClose(StreamEncoder.java:237) polaris-1 | at java.base/sun.nio.cs.StreamEncoder.close(StreamEncoder.java:222) polaris-1 | at java.base/java.io.OutputStreamWriter.close(OutputStreamWriter.java:266) polaris-1 | at org.apache.iceberg.TableMetadataParser.internalWrite(TableMetadataParser.java:135) polaris-1 | at org.apache.iceberg.TableMetadataParser.overwrite(TableMetadataParser.java:119) polaris-1 | at org.apache.polaris.service.catalog.iceberg.IcebergCatalog$BasePolarisTableOperations.writeNewMetadata(IcebergCatalog.java:1647) polaris-1 | at org.apache.polaris.service.catalog.iceberg.IcebergCatalog$BasePolarisTableOperations.writeNewMetadataIfRequired(IcebergCatalog.java:1636) polaris-1 | at org.apache.polaris.service.catalog.iceberg.IcebergCatalog$BasePolarisTableOperations.doCommit(IcebergCatalog.java:1505) polaris-1 | at org.apache.polaris.service.catalog.iceberg.IcebergCatalog$BasePolarisTableOperations.commit(IcebergCatalog.java:1356) polaris-1 | at org.apache.iceberg.BaseMetastoreCatalog$BaseMetastoreCatalogTableBuilder.create(BaseMetastoreCatalog.java:201) polaris-1 | at org.apache.polaris.service.catalog.iceberg.IcebergCatalogHandler.createTableDirect(IcebergCatalogHandler.java:456) polaris-1 | at org.apache.polaris.service.catalog.iceberg.IcebergCatalogAdapter.lambda$createTable$6(IcebergCatalogAdapter.java:394) polaris-1 | at org.apache.polaris.service.catalog.iceberg.IcebergCatalogAdapter.withCatalog(IcebergCatalogAdapter.java:209) polaris-1 | at org.apache.polaris.service.catalog.iceberg.IcebergCatalogAdapter.createTable(IcebergCatalogAdapter.java:378) polaris-1 | at org.apache.polaris.service.catalog.iceberg.IcebergCatalogAdapter_Subclass.createTable$$superforward(Unknown Source) polaris-1 | at org.apache.polaris.service.catalog.iceberg.IcebergRestCatalogEventServiceDelegator_Gj_WCptqTcdHu-fbZfgVkAwPXCI_Delegate_Subclass.createTable(Unknown Source) polaris-1 | at org.apache.polaris.service.catalog.iceberg.IcebergRestCatalogEventServiceDelegator.createTable(IcebergRestCatalogEventServiceDelegator.java:217) polaris-1 | at org.apache.polaris.service.catalog.iceberg.IcebergCatalogAdapter_Subclass.createTable(Unknown Source) polaris-1 | at org.apache.polaris.service.catalog.iceberg.IcebergCatalogAdapter_ClientProxy.createTable(Unknown Source) polaris-1 | at org.apache.polaris.service.catalog.api.IcebergRestCatalogApi.createTable(IcebergRestCatalogApi.java:193) polaris-1 | at org.apache.polaris.service.catalog.api.IcebergRestCatalogApi_Subclass.createTable$$superforward(Unknown Source) polaris-1 | at org.apache.polaris.service.catalog.api.IcebergRestCatalogApi_Subclass$$function$$3.apply(Unknown Source) polaris-1 | at io.quarkus.arc.impl.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:73) polaris-1 | at io.quarkus.arc.impl.AroundInvokeInvocationContext$NextAroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:97) polaris-1 | at io.smallrye.faulttolerance.FaultToleranceInterceptor.lambda$syncFlow$8(FaultToleranceInterceptor.java:364) polaris-1 | at io.smallrye.faulttolerance.core.Future.from(Future.java:85) polaris-1 | at io.smallrye.faulttolerance.FaultToleranceInterceptor.lambda$syncFlow$9(FaultToleranceInterceptor.java:364) polaris-1 | at io.smallrye.faulttolerance.core.FaultToleranceContext.call(FaultToleranceContext.java:20) polaris-1 | at io.smallrye.faulttolerance.core.Invocation.apply(Invocation.java:29) polaris-1 | at io.smallrye.faulttolerance.core.metrics.MetricsCollector.apply(MetricsCollector.java:98) polaris-1 | at io.smallrye.faulttolerance.FaultToleranceInterceptor.syncFlow(FaultToleranceInterceptor.java:367) polaris-1 | at io.smallrye.faulttolerance.FaultToleranceInterceptor.intercept(FaultToleranceInterceptor.java:205) polaris-1 | at io.smallrye.faulttolerance.FaultToleranceInterceptor_Bean.intercept(Unknown Source) polaris-1 | at io.quarkus.arc.impl.InterceptorInvocation.invoke(InterceptorInvocation.java:42) polaris-1 | at io.quarkus.arc.impl.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:70) polaris-1 | at io.quarkus.arc.impl.AroundInvokeInvocationContext$NextAroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:97) polaris-1 | at io.quarkus.micrometer.runtime.MicrometerTimedInterceptor.timedMethod(MicrometerTimedInterceptor.java:79) polaris-1 | at io.quarkus.micrometer.runtime.MicrometerTimedInterceptor_Bean.intercept(Unknown Source) polaris-1 | at io.quarkus.arc.impl.InterceptorInvocation.invoke(InterceptorInvocation.java:42) polaris-1 | at io.quarkus.arc.impl.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:70) polaris-1 | at io.quarkus.arc.impl.AroundInvokeInvocationContext$NextAroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:97) polaris-1 | at io.quarkus.security.runtime.interceptor.SecurityHandler.handle(SecurityHandler.java:27) polaris-1 | at io.quarkus.security.runtime.interceptor.RolesAllowedInterceptor.intercept(RolesAllowedInterceptor.java:29) polaris-1 | at io.quarkus.security.runtime.interceptor.RolesAllowedInterceptor_Bean.intercept(Unknown Source) polaris-1 | at io.quarkus.arc.impl.InterceptorInvocation.invoke(InterceptorInvocation.java:42) polaris-1 | at io.quarkus.arc.impl.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:70) polaris-1 | at io.quarkus.arc.impl.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:62) polaris-1 | at io.quarkus.resteasy.reactive.server.runtime.StandardSecurityCheckInterceptor.intercept(StandardSecurityCheckInterceptor.java:44) polaris-1 | at io.quarkus.resteasy.reactive.server.runtime.StandardSecurityCheckInterceptor_RolesAllowedInterceptor_Bean.intercept(Unknown Source) polaris-1 | at io.quarkus.arc.impl.InterceptorInvocation.invoke(InterceptorInvocation.java:42) polaris-1 | at io.quarkus.arc.impl.AroundInvokeInvocationContext.perform(AroundInvokeInvocationContext.java:30) polaris-1 | at io.quarkus.arc.impl.InvocationContexts.performAroundInvoke(InvocationContexts.java:27) polaris-1 | at org.apache.polaris.service.catalog.api.IcebergRestCatalogApi_Subclass.createTable(Unknown Source) polaris-1 | at org.apache.polaris.service.catalog.api.IcebergRestCatalogApi$quarkusrestinvoker$createTable_01f5a1bd6d7815fd3314a553161c943c8cd03101.invoke(Unknown Source) polaris-1 | at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29) polaris-1 | at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:183) polaris-1 | at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147) polaris-1 | at io.quarkus.vertx.core.runtime.VertxCoreRecorder$15.runWith(VertxCoreRecorder.java:645) polaris-1 | at org.jboss.threads.EnhancedQueueExecutor$Task.doRunWith(EnhancedQueueExecutor.java:2651) polaris-1 | at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2630) polaris-1 | at org.jboss.threads.EnhancedQueueExecutor.runThreadBody(EnhancedQueueExecutor.java:1622) polaris-1 | at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1589) polaris-1 | at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:11) polaris-1 | at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:11) polaris-1 | at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) polaris-1 | at java.base/java.lang.Thread.run(Thread.java:1583) polaris-1 | Suppressed: software.amazon.awssdk.core.exception.SdkClientException: Request attempt 1 failure: Unable to execute HTTP request: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target polaris-1 | Suppressed: software.amazon.awssdk.core.exception.SdkClientException: Request attempt 2 failure: Unable to execute HTTP request: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target polaris-1 | Suppressed: software.amazon.awssdk.core.exception.SdkClientException: Request attempt 3 failure: Unable to execute HTTP request: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target polaris-1 | Suppressed: software.amazon.awssdk.core.exception.SdkClientException: Request attempt 4 failure: Unable to execute HTTP request: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target polaris-1 | Suppressed: software.amazon.awssdk.core.exception.SdkClientException: Request attempt 5 failure: Unable to execute HTTP request: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target polaris-1 | Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target polaris-1 | at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130) polaris-1 | at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:383) polaris-1 | at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:326) polaris-1 | at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) polaris-1 | at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1327) polaris-1 | at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1204) polaris-1 | at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1147) polaris-1 | at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393) polaris-1 | at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476) polaris-1 | at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:447) polaris-1 | at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:206) polaris-1 | at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) polaris-1 | at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506) polaris-1 | at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421) polaris-1 | at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455) polaris-1 | at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426) polaris-1 | at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436) polaris-1 | at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384) polaris-1 | at software.amazon.awssdk.http.apache.internal.conn.SdkTlsSocketFactory.connectSocket(SdkTlsSocketFactory.java:63) polaris-1 | at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) polaris-1 | at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376) polaris-1 | at software.amazon.awssdk.http.apache.internal.conn.ClientConnectionManagerFactory$DelegatingHttpClientConnectionManager.connect(ClientConnectionManagerFactory.java:86) polaris-1 | at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393) polaris-1 | at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) polaris-1 | at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) polaris-1 | at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) polaris-1 | at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) polaris-1 | at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) polaris-1 | at software.amazon.awssdk.http.apache.internal.impl.ApacheSdkHttpClient.execute(ApacheSdkHttpClient.java:72) polaris-1 | at software.amazon.awssdk.http.apache.ApacheHttpClient.execute(ApacheHttpClient.java:261) polaris-1 | at software.amazon.awssdk.http.apache.ApacheHttpClient.access$600(ApacheHttpClient.java:106) polaris-1 | at software.amazon.awssdk.http.apache.ApacheHttpClient$1.call(ApacheHttpClient.java:238) polaris-1 | at software.amazon.awssdk.http.apache.ApacheHttpClient$1.call(ApacheHttpClient.java:235) polaris-1 | at software.amazon.awssdk.core.internal.util.MetricUtils.measureDurationUnsafe(MetricUtils.java:103) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.stages.MakeHttpRequestStage.executeHttpRequest(MakeHttpRequestStage.java:88) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.stages.MakeHttpRequestStage.execute(MakeHttpRequestStage.java:64) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.stages.MakeHttpRequestStage.execute(MakeHttpRequestStage.java:46) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.RequestPipelineBuilder$ComposingRequestPipelineStage.execute(RequestPipelineBuilder.java:206) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.RequestPipelineBuilder$ComposingRequestPipelineStage.execute(RequestPipelineBuilder.java:206) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.RequestPipelineBuilder$ComposingRequestPipelineStage.execute(RequestPipelineBuilder.java:206) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.RequestPipelineBuilder$ComposingRequestPipelineStage.execute(RequestPipelineBuilder.java:206) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallAttemptTimeoutTrackingStage.execute(ApiCallAttemptTimeoutTrackingStage.java:74) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallAttemptTimeoutTrackingStage.execute(ApiCallAttemptTimeoutTrackingStage.java:43) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.stages.TimeoutExceptionHandlingStage.execute(TimeoutExceptionHandlingStage.java:79) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.stages.TimeoutExceptionHandlingStage.execute(TimeoutExceptionHandlingStage.java:41) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallAttemptMetricCollectionStage.execute(ApiCallAttemptMetricCollectionStage.java:55) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallAttemptMetricCollectionStage.execute(ApiCallAttemptMetricCollectionStage.java:39) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.stages.RetryableStage.executeRequest(RetryableStage.java:93) polaris-1 | at software.amazon.awssdk.core.internal.http.pipeline.stages.RetryableStage.execute(RetryableStage.java:56) polaris-1 | ... 92 more polaris-1 | Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target polaris-1 | at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:388) polaris-1 | at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:271) polaris-1 | at java.base/sun.security.validator.Validator.validate(Validator.java:256) polaris-1 | at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:230) polaris-1 | at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132) polaris-1 | at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1311) polaris-1 | ... 136 more polaris-1 | Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target polaris-1 | at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:148) polaris-1 | at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:129) polaris-1 | at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) polaris-1 | at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:383) polaris-1 | ... 141 more polaris-1 | polaris-1 | 2025-10-13 15:21:08,739 INFO [io.qua.htt.access-log] [a97e3793-1931-405c-aa0d-b402ebb7b4dc_0000000000000000008,POLARIS] [,,,] (executor-thread-1) 172.18.0.1 - root [13/Oct/2025:15:21:08 +0000] "POST /api/catalog/v1/quickstart_catalog/namespaces/minio_polaris_ns/tables HTTP/1.1" 500 264 ``` ### Does this PR introduce _any_ user-facing change? - Yes, it introduces ignoreSSLVerification flag for S3 Storage Type Parameters ### How was this patch tested? - Full Gradle Tests were successful - Updated the following tests - api/management-model/src/test/java/org/apache/polaris/core/admin/model/CatalogSerializationTest.java - runtime/service/src/test/java/org/apache/polaris/service/admin/ManagementServiceTest.java - Added following tests - runtime/service/src/test/java/org/apache/polaris/service/catalog/io/s3/ReflectionS3ClientInjectorConfigTest.java - runtime/service/src/test/java/org/apache/polaris/service/catalog/io/s3/ReflectionS3ClientInjectorTest.java - Create Table Rest API is successful ``` curl --location 'http://localhost:8181/api/catalog/v1/quickstart_catalog/namespaces/minio_polaris_ns/tables' \ -H "Authorization: Bearer $TOKEN" \ -H 'Content-Type: application/json' \ -H 'Polaris-Realm: POLARIS' \ --data '{ "name": "minio_polaris_ns_table01", "schema": { "type": "struct", "fields": [ { "id": 0, "name": "id", "type": "string", "required": true, "doc": "car model" }, { "id": 1, "name": "first_name", "type": "string", "required": true, "doc": "first name" } ] } }' | jq % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1454 100 1073 100 381 863 306 0:00:01 0:00:01 --:--:-- 1170 { "metadata-location": "s3://bucket123/minio_polaris_ns/minio_polaris_ns_table01/metadata/00000-6e118173-519e-401c-87ea-549eb70b939e.metadata.json", "metadata": { "format-version": 2, "table-uuid": "29f5d242-8bab-4052-be02-4313b4ec6a31", "location": "s3://bucket123/minio_polaris_ns/minio_polaris_ns_table01", "last-sequence-number": 0, "last-updated-ms": 1760372568321, "last-column-id": 2, "current-schema-id": 0, "schemas": [ { "type": "struct", "schema-id": 0, "fields": [ { "id": 1, "name": "id", "required": true, "type": "string", "doc": "car model" }, { "id": 2, "name": "first_name", "required": true, "type": "string", "doc": "first name" } ] } ], "default-spec-id": 0, "partition-specs": [ { "spec-id": 0, "fields": [] } ], "last-partition-id": 999, "default-sort-order-id": 0, "sort-orders": [ { "order-id": 0, "fields": [] } ], "properties": { "created-at": "2025-10-13T16:22:48.289344333Z", "write.parquet.compression-codec": "zstd" }, "current-snapshot-id": -1, "refs": {}, "snapshots": [], "statistics": [], "partition-statistics": [], "snapshot-log": [], "metadata-log": [] }, "config": { "s3.path-style-access": "true", "s3.endpoint": "https://localhost:9000"; } } ``` ``` polaris-1 | 2025-10-13 16:22:16,633 INFO [io.qua.htt.access-log] [02f56580-8e05-4dcd-a818-636533aafecd_0000000000000000004,POLARIS] [,,,] (executor-thread-1) 172.18.0.1 - - [13/Oct/2025:16:22:16 +0000] "POST /api/catalog/v1/oauth/tokens HTTP/1.1" 200 757 polaris-1 | 2025-10-13 16:22:25,631 INFO [org.apa.pol.ser.cat.ice.IcebergCatalogHandler] [02f56580-8e05-4dcd-a818-636533aafecd_0000000000000000005,POLARIS] [,,,] (executor-thread-1) Initializing non-federated catalog polaris-1 | 2025-10-13 16:22:25,676 INFO [io.qua.htt.access-log] [02f56580-8e05-4dcd-a818-636533aafecd_0000000000000000005,POLARIS] [,,,] (executor-thread-1) 172.18.0.1 - root [13/Oct/2025:16:22:25 +0000] "POST /api/catalog/v1/quickstart_catalog/namespaces/ HTTP/1.1" 200 95 polaris-1 | 2025-10-13 16:22:48,284 INFO [org.apa.pol.ser.cat.ice.IcebergCatalogHandler] [02f56580-8e05-4dcd-a818-636533aafecd_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Initializing non-federated catalog polaris-1 | 2025-10-13 16:22:48,293 INFO [org.apa.ice.BaseMetastoreCatalog] [02f56580-8e05-4dcd-a818-636533aafecd_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Table properties set at catalog level through catalog properties: {} polaris-1 | 2025-10-13 16:22:48,296 INFO [org.apa.ice.BaseMetastoreCatalog] [02f56580-8e05-4dcd-a818-636533aafecd_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Table properties enforced at catalog level through catalog properties: {} polaris-1 | 2025-10-13 16:22:48,501 WARN [org.apa.pol.ser.con.ServiceProducers] [02f56580-8e05-4dcd-a818-636533aafecd_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Creating HTTP client with SSL certificate verification disabled. Use only in development! polaris-1 | 2025-10-13 16:22:48,586 INFO [org.apa.ice.CatalogUtil] [02f56580-8e05-4dcd-a818-636533aafecd_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Loading custom FileIO implementation: org.apache.iceberg.aws.s3.S3FileIO polaris-1 | 2025-10-13 16:22:49,010 INFO [org.apa.pol.ser.cat.io.DefaultFileIOFactory] [02f56580-8e05-4dcd-a818-636533aafecd_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Injected SerializableSupplier for insecure S3 client into Iceberg S3FileIO for ioImpl=org.apache.iceberg.aws.s3.S3FileIO polaris-1 | 2025-10-13 16:22:49,478 INFO [org.apa.pol.ser.cat.ice.IcebergCatalog] [02f56580-8e05-4dcd-a818-636533aafecd_0000000000000000006,POLARIS] [,,,] (executor-thread-1) Successfully committed to table quickstart_catalog.minio_polaris_ns.minio_polaris_ns_table01 in 1151 ms polaris-1 | 2025-10-13 16:22:49,495 INFO [io.qua.htt.access-log] [02f56580-8e05-4dcd-a818-636533aafecd_0000000000000000006,POLARIS] [,,,] (executor-thread-1) 172.18.0.1 - root [13/Oct/2025:16:22:49 +0000] "POST /api/catalog/v1/quickstart_catalog/namespaces/minio_polaris_ns/tables HTTP/1.1" 200 1073 ``` ### CHANGELOG.md <!-- If the changes need to be included in CHANGELOG.md, please add a line here and in CHANGELOG.md. --> fcc779b81 Ignore SSL Verification -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
