rename one property

Author: snazy

plugins/spark/v3.5/regtests/docker-compose.yml

@@ -28,7 +28,7 @@ services:
       POLARIS_BOOTSTRAP_CREDENTIALS: POLARIS,root,secret
       quarkus.log.file.enable: "false"
       quarkus.otel.sdk.disabled: "true"
-      polaris.features.defaults."ALLOW_INSECURE_STORAGE_TYPES_ACCEPTING_SECURITY_RISKS": "true"
+      polaris.features.defaults."ALLOW_INSECURE_STORAGE_TYPES": "true"
       polaris.features.defaults."SUPPORTED_CATALOG_STORAGE_TYPES": "[\"FILE\",\"S3\",\"GCS\",\"AZURE\"]"
       polaris.readiness.ignore-security-issues: "true"
     healthcheck:

polaris-core/src/main/java/org/apache/polaris/core/config/FeatureConfiguration.java

@@ -243,17 +243,15 @@ public static void enforceFeatureEnabledOrThrow(
           .defaultValue(false)
           .buildFeatureConfiguration();
 
-  public static final FeatureConfiguration<Boolean>
-      ALLOW_INSECURE_STORAGE_TYPES_ACCEPTING_SECURITY_RISKS =
-          PolarisConfiguration.<Boolean>builder()
-              .key("ALLOW_INSECURE_STORAGE_TYPES_ACCEPTING_SECURITY_RISKS")
-              .description(
-                  "Allow usage of FileIO implementations that are considered insecure. "
-                      + "Enabling this setting exposes the service to SEVERE security risks, including "
-                      + "denial of service, corruption, data loss and more!"
-                      + "This must NEVER be set to 'true' for anything except tests! ")
-              .defaultValue(false)
-              .buildFeatureConfiguration();
+  public static final FeatureConfiguration<Boolean> ALLOW_INSECURE_STORAGE_TYPES =
+      PolarisConfiguration.<Boolean>builder()
+          .key("ALLOW_INSECURE_STORAGE_TYPES")
+          .description(
+              "Allow usage of FileIO implementations that are considered insecure. "
+                  + "Enabling this setting may expose the service to possibly severe security risks!"
+                  + "This should only be set to 'true' for tests!")
+          .defaultValue(false)
+          .buildFeatureConfiguration();
 
   public static final FeatureConfiguration<Boolean> INITIALIZE_DEFAULT_CATALOG_FILEIO_FOR_TEST =
       PolarisConfiguration.<Boolean>builder()

quarkus/defaults/src/main/resources/application-it.properties

@@ -35,7 +35,7 @@ polaris.features.defaults."ALLOW_EXTERNAL_CATALOG_CREDENTIAL_VENDING"=false
 polaris.features.defaults."ALLOW_EXTERNAL_METADATA_FILE_LOCATION"=false
 polaris.features.defaults."ALLOW_OVERLAPPING_CATALOG_URLS"=true
 polaris.features.defaults."ALLOW_SPECIFYING_FILE_IO_IMPL"=true
-polaris.features.defaults."ALLOW_INSECURE_STORAGE_TYPES_ACCEPTING_SECURITY_RISKS"=true
+polaris.features.defaults."ALLOW_INSECURE_STORAGE_TYPES"=true
 polaris.features.defaults."ALLOW_WILDCARD_LOCATION"=true
 polaris.features.defaults."ENFORCE_PRINCIPAL_CREDENTIAL_ROTATION_REQUIRED_CHECKING"=true
 polaris.features.defaults."INITIALIZE_DEFAULT_CATALOG_FILEIO_FOR_it"=true

quarkus/service/src/main/java/org/apache/polaris/service/quarkus/config/ProductionReadinessChecks.java

@@ -214,7 +214,7 @@ private static String authRealmSegment(String realm) {
   @Produces
   public ProductionReadinessCheck checkInsecureStorageSettings(
       FeaturesConfiguration featureConfiguration) {
-    var insecure = FeatureConfiguration.ALLOW_INSECURE_STORAGE_TYPES_ACCEPTING_SECURITY_RISKS;
+    var insecure = FeatureConfiguration.ALLOW_INSECURE_STORAGE_TYPES;
 
     var errors = new ArrayList<Error>();
     if (Boolean.parseBoolean(featureConfiguration.defaults().get(insecure.key))) {

quarkus/service/src/test/java/org/apache/polaris/service/quarkus/admin/PolarisAuthzTestBase.java

@@ -114,7 +114,7 @@ public Map<String, String> getConfigOverrides() {
       return Map.of(
           "polaris.features.defaults.\"ALLOW_SPECIFYING_FILE_IO_IMPL\"",
           "true",
-          "polaris.features.defaults.\"ALLOW_INSECURE_STORAGE_TYPES_ACCEPTING_SECURITY_RISKS\"",
+          "polaris.features.defaults.\"ALLOW_INSECURE_STORAGE_TYPES\"",
           "true",
           "polaris.features.defaults.\"ALLOW_EXTERNAL_METADATA_FILE_LOCATION\"",
           "true",
@@ -230,7 +230,7 @@ public void before(TestInfo testInfo) {
         Map.of(
             "ALLOW_SPECIFYING_FILE_IO_IMPL",
             true,
-            "ALLOW_INSECURE_STORAGE_TYPES_ACCEPTING_SECURITY_RISKS",
+            "ALLOW_INSECURE_STORAGE_TYPES",
             true,
             "ALLOW_EXTERNAL_METADATA_FILE_LOCATION",
             true,

quarkus/service/src/test/java/org/apache/polaris/service/quarkus/admin/PolarisOverlappingTableTest.java

@@ -79,7 +79,7 @@ static Stream<Arguments> testTableLocationRestrictions() {
             "true",
             "ALLOW_TABLE_LOCATION_OVERLAP",
             "true",
-            "ALLOW_INSECURE_STORAGE_TYPES_ACCEPTING_SECURITY_RISKS",
+            "ALLOW_INSECURE_STORAGE_TYPES",
             "true",
             "SUPPORTED_CATALOG_STORAGE_TYPES",
             List.of("FILE", "S3"));
@@ -89,7 +89,7 @@ static Stream<Arguments> testTableLocationRestrictions() {
             "false",
             "ALLOW_TABLE_LOCATION_OVERLAP",
             "false",
-            "ALLOW_INSECURE_STORAGE_TYPES_ACCEPTING_SECURITY_RISKS",
+            "ALLOW_INSECURE_STORAGE_TYPES",
             "true",
             "SUPPORTED_CATALOG_STORAGE_TYPES",
             List.of("FILE", "S3"));

quarkus/service/src/test/java/org/apache/polaris/service/quarkus/catalog/GenericTableCatalogTest.java

@@ -107,7 +107,7 @@ public Map<String, String> getConfigOverrides() {
       return Map.of(
           "polaris.features.defaults.\"ALLOW_SPECIFYING_FILE_IO_IMPL\"",
           "true",
-          "polaris.features.defaults.\"ALLOW_INSECURE_STORAGE_TYPES_ACCEPTING_SECURITY_RISKS\"",
+          "polaris.features.defaults.\"ALLOW_INSECURE_STORAGE_TYPES\"",
           "true",
           "polaris.features.defaults.\"INITIALIZE_DEFAULT_CATALOG_FILEIO_FOR_TEST\"",
           "true",

quarkus/service/src/test/java/org/apache/polaris/service/quarkus/catalog/GetConfigTest.java

@@ -42,7 +42,7 @@ public void testGetConfig(boolean enableGenericTable) {
         TestServices.builder()
             .config(
                 Map.of(
-                    "ALLOW_INSECURE_STORAGE_TYPES_ACCEPTING_SECURITY_RISKS",
+                    "ALLOW_INSECURE_STORAGE_TYPES",
                     true,
                     "SUPPORTED_CATALOG_STORAGE_TYPES",
                     List.of("FILE", "S3"),

quarkus/service/src/test/java/org/apache/polaris/service/quarkus/catalog/IcebergCatalogTest.java

@@ -167,7 +167,7 @@ public Map<String, String> getConfigOverrides() {
       return Map.of(
           "polaris.features.defaults.\"ALLOW_SPECIFYING_FILE_IO_IMPL\"",
           "true",
-          "polaris.features.defaults.\"ALLOW_INSECURE_STORAGE_TYPES_ACCEPTING_SECURITY_RISKS\"",
+          "polaris.features.defaults.\"ALLOW_INSECURE_STORAGE_TYPES\"",
           "true",
           "polaris.features.defaults.\"INITIALIZE_DEFAULT_CATALOG_FILEIO_FOR_TEST\"",
           "true",

quarkus/service/src/test/java/org/apache/polaris/service/quarkus/catalog/IcebergCatalogViewTest.java

@@ -105,7 +105,7 @@ public Map<String, String> getConfigOverrides() {
           "true",
           "polaris.features.defaults.\"ALLOW_SPECIFYING_FILE_IO_IMPL\"",
           "true",
-          "polaris.features.defaults.\"ALLOW_INSECURE_STORAGE_TYPES_ACCEPTING_SECURITY_RISKS\"",
+          "polaris.features.defaults.\"ALLOW_INSECURE_STORAGE_TYPES\"",
           "true",
           "polaris.features.defaults.\"INITIALIZE_DEFAULT_CATALOG_FILEIO_FOR_TEST\"",
           "true",

quarkus/service/src/test/java/org/apache/polaris/service/quarkus/catalog/PolicyCatalogTest.java

@@ -126,7 +126,7 @@ public Map<String, String> getConfigOverrides() {
           "true",
           "polaris.features.defaults.\"SUPPORTED_CATALOG_STORAGE_TYPES\"",
           "[\"FILE\"]",
-          "polaris.features.defaults.\"ALLOW_INSECURE_STORAGE_TYPES_ACCEPTING_SECURITY_RISKS\"",
+          "polaris.features.defaults.\"ALLOW_INSECURE_STORAGE_TYPES\"",
           "true",
           "polaris.readiness.ignore-security-issues",
           "true");

quarkus/service/src/test/java/org/apache/polaris/service/quarkus/catalog/io/FileIOExceptionsTest.java

@@ -65,7 +65,7 @@ public static void beforeAll() {
         TestServices.builder()
             .config(
                 Map.of(
-                    "ALLOW_INSECURE_STORAGE_TYPES_ACCEPTING_SECURITY_RISKS",
+                    "ALLOW_INSECURE_STORAGE_TYPES",
                     true,
                     "SUPPORTED_CATALOG_STORAGE_TYPES",
                     List.of("FILE", "S3")))

quarkus/service/src/test/java/org/apache/polaris/service/quarkus/it/QuarkusApplicationIntegrationTest.java

@@ -60,7 +60,7 @@ public Map<String, String> getConfigOverrides() {
           "true",
           "polaris.features.defaults.\"ALLOW_SPECIFYING_FILE_IO_IMPL\"",
           "true",
-          "polaris.features.defaults.\"ALLOW_INSECURE_STORAGE_TYPES_ACCEPTING_SECURITY_RISKS\"",
+          "polaris.features.defaults.\"ALLOW_INSECURE_STORAGE_TYPES\"",
           "true",
           "polaris.features.defaults.\"SUPPORTED_CATALOG_STORAGE_TYPES\"",
           "[\"FILE\",\"S3\"]",

quarkus/service/src/test/java/org/apache/polaris/service/quarkus/it/QuarkusPolicyServiceIntegrationTest.java

@@ -34,7 +34,7 @@ public Map<String, String> getConfigOverrides() {
       return Map.of(
           "polaris.features.defaults.\"ALLOW_SPECIFYING_FILE_IO_IMPL\"",
           "true",
-          "polaris.features.defaults.\"ALLOW_INSECURE_STORAGE_TYPES_ACCEPTING_SECURITY_RISKS\"",
+          "polaris.features.defaults.\"ALLOW_INSECURE_STORAGE_TYPES\"",
           "true",
           "polaris.features.defaults.\"SUPPORTED_CATALOG_STORAGE_TYPES\"",
           "[\"FILE\",\"S3\"]",

quarkus/service/src/test/java/org/apache/polaris/service/quarkus/it/QuarkusRestCatalogIntegrationTest.java

@@ -37,7 +37,7 @@ public Map<String, String> getConfigOverrides() {
           "true",
           "polaris.features.defaults.\"ALLOW_EXTERNAL_CATALOG_CREDENTIAL_VENDING\"",
           "false",
-          "polaris.features.defaults.\"ALLOW_INSECURE_STORAGE_TYPES_ACCEPTING_SECURITY_RISKS\"",
+          "polaris.features.defaults.\"ALLOW_INSECURE_STORAGE_TYPES\"",
           "true",
           "polaris.features.defaults.\"SUPPORTED_CATALOG_STORAGE_TYPES\"",
           "[\"FILE\",\"S3\"]",

quarkus/service/src/test/java/org/apache/polaris/service/quarkus/it/QuarkusRestCatalogViewFileIntegrationTest.java

@@ -39,7 +39,7 @@ public static class Profile implements QuarkusTestProfile {
     @Override
     public Map<String, String> getConfigOverrides() {
       return Map.of(
-          "polaris.features.defaults.\"ALLOW_INSECURE_STORAGE_TYPES_ACCEPTING_SECURITY_RISKS\"",
+          "polaris.features.defaults.\"ALLOW_INSECURE_STORAGE_TYPES\"",
           "true",
           "polaris.features.defaults.\"SUPPORTED_CATALOG_STORAGE_TYPES\"",
           "[\"FILE\"]",

regtests/docker-compose.yml

@@ -34,7 +34,7 @@ services:
       POLARIS_BOOTSTRAP_CREDENTIALS: POLARIS,root,secret
       quarkus.log.file.enable: "false"
       quarkus.otel.sdk.disabled: "true"
-      polaris.features.defaults."ALLOW_INSECURE_STORAGE_TYPES_ACCEPTING_SECURITY_RISKS": "true"
+      polaris.features.defaults."ALLOW_INSECURE_STORAGE_TYPES": "true"
       polaris.features.defaults."SUPPORTED_CATALOG_STORAGE_TYPES": "[\"FILE\",\"S3\",\"GCS\",\"AZURE\"]"
       polaris.readiness.ignore-security-issues: "true"
     volumes:

service/common/src/main/java/org/apache/polaris/service/catalog/validation/IcebergPropertiesValidation.java

@@ -18,7 +18,7 @@
  */
 package org.apache.polaris.service.catalog.validation;
 
-import static org.apache.polaris.core.config.FeatureConfiguration.ALLOW_INSECURE_STORAGE_TYPES_ACCEPTING_SECURITY_RISKS;
+import static org.apache.polaris.core.config.FeatureConfiguration.ALLOW_INSECURE_STORAGE_TYPES;
 import static org.apache.polaris.core.config.FeatureConfiguration.ALLOW_SPECIFYING_FILE_IO_IMPL;
 import static org.apache.polaris.core.config.FeatureConfiguration.SUPPORTED_CATALOG_STORAGE_TYPES;
 
@@ -77,9 +77,7 @@ public static String validateIcebergProperties(
             ioImpl, storageType);
       }
 
-      if (!storageType.safe()
-          && !configStore.getConfiguration(
-              ctx, ALLOW_INSECURE_STORAGE_TYPES_ACCEPTING_SECURITY_RISKS)) {
+      if (!storageType.safe() && !configStore.getConfiguration(ctx, ALLOW_INSECURE_STORAGE_TYPES)) {
         throw new ValidationException(
             "File IO implementation '%s' (storage type '%s') is considered insecure and must not be used",
             ioImpl, storageType);

service/common/src/test/java/org/apache/polaris/service/catalog/io/FileIOFactoryTest.java

@@ -124,7 +124,7 @@ FileIO loadFileIOInternal(
                 Map.of(
                     "ALLOW_SPECIFYING_FILE_IO_IMPL",
                     true,
-                    "ALLOW_INSECURE_STORAGE_TYPES_ACCEPTING_SECURITY_RISKS",
+                    "ALLOW_INSECURE_STORAGE_TYPES",
                     true,
                     "SUPPORTED_CATALOG_STORAGE_TYPES",
                     List.of("FILE", "S3")))