Re: [PR] Ignore SSL Verification [polaris]

Fri, 17 Oct 2025 05:55:25 -0700 


dimas-b commented on code in PR #2805:
URL: https://github.com/apache/polaris/pull/2805#discussion_r2433246963


##########
spec/polaris-management-service.yml:
##########
@@ -1139,6 +1139,14 @@ components:
                 Whether S3 requests to files in this catalog should use 
'path-style addressing for buckets'.
               example: true
               default: false
+            ignoreSSLVerification:
+              type: boolean
+              description: >-
+                Whether SSL certificate verification should be disabled for 
STS and S3 endpoints (optional).
+                WARNING: This should only be used for development and testing 
environments with self-signed certificates.
+                Disabling SSL verification in production environments 
compromises security.
+              example: false
+              default: false

Review Comment:
   I'd prefer to avoid an explicit default here. Having a default value in this 
YAML will cause all clients to receive in in REST API responses. On the other 
hand this property is not likely to be used in many cases.
   
   We should certainly implement the change such that `false` is the default 
behaviour, but I believe it would be preferable to avoid declaring it here as 
an Open API default (so that clients will not receive this property at all, 
unless it is set explicitly).
   
   Ignore this comment if you're moving the flag to `FeatureConfiguration`.



##########
spec/polaris-management-service.yml:
##########
@@ -1139,6 +1139,14 @@ components:
                 Whether S3 requests to files in this catalog should use 
'path-style addressing for buckets'.
               example: true
               default: false
+            ignoreSSLVerification:
+              type: boolean
+              description: >-
+                Whether SSL certificate verification should be disabled for 
STS and S3 endpoints (optional).
+                WARNING: This should only be used for development and testing 
environments with self-signed certificates.

Review Comment:
   If the intention is to support dev / test environments only, I believe it 
would be preferable to have this flag in `FeatureConfiguration` as opposed to 
catalog properties.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to