Merge commit 'e40cbf450514379b211da99e6c96e7a057c0f9a5' into handle-non-stnd-sts-response

Author: rohangoli

api/management-model/src/test/java/org/apache/polaris/core/admin/model/CatalogSerializationTest.java

@@ -71,7 +71,6 @@ public void testJsonFormat() throws JsonProcessingException {
                 + "\"storageConfigInfo\":{"
                 + "\"roleArn\":\"arn:aws:iam::123456789012:role/test-role\","
                 + "\"pathStyleAccess\":false,"
-                + "\"ignoreSSLVerification\":false,"
                 + "\"storageType\":\"S3\","
                 + "\"allowedLocations\":[]"
                 + "}}");

getting-started/minio-https/README.md

@@ -166,7 +166,6 @@ private StorageConfigInfo getStorageInfo(Map<String, String> internalProperties)
             .setRegion(awsConfig.getRegion())
             .setEndpoint(awsConfig.getEndpoint())
             .setStsEndpoint(awsConfig.getStsEndpoint())
-            .setIgnoreSSLVerification(awsConfig.getIgnoreSSLVerification())
             .setPathStyleAccess(awsConfig.getPathStyleAccess())
             .setStsUnavailable(awsConfig.getStsUnavailable())
             .setEndpointInternal(awsConfig.getEndpointInternal())
@@ -316,7 +315,6 @@ public Builder setStorageConfigurationInfo(
                     .pathStyleAccess(awsConfigModel.getPathStyleAccess())
                     .stsUnavailable(awsConfigModel.getStsUnavailable())
                     .endpointInternal(awsConfigModel.getEndpointInternal())
-                    .ignoreSSLVerification(awsConfigModel.getIgnoreSSLVerification())
                     .build();
             config = awsConfig;
             break;

getting-started/minio-https/docker-compose.yml

@@ -102,11 +102,7 @@ public AccessConfig getSubscopedCreds(
       @SuppressWarnings("resource")
       // Note: stsClientProvider returns "thin" clients that do not need closing
       StsClient stsClient =
-          stsClientProvider.stsClient(
-              StsDestination.of(
-                  storageConfig.getStsEndpointUri(),
-                  region,
-                  storageConfig.getIgnoreSSLVerification()));
+          stsClientProvider.stsClient(StsDestination.of(storageConfig.getStsEndpointUri(), region));
 
       AssumeRoleResponse response = stsClient.assumeRole(request.build());
       if (response != null && response.credentials() != null) {
@@ -165,12 +161,6 @@ public AccessConfig getSubscopedCreds(
           StorageAccessProperty.AWS_ENDPOINT.getPropertyName(), internalEndpointUri.toString());
     }
 
-    // Propagate ignore SSL verification flag so callers (e.g., FileIOFactory) can honor it when
-    // constructing S3 clients for metadata ops.
-    if (Boolean.TRUE.equals(storageConfig.getIgnoreSSLVerification())) {
-      accessConfig.putInternalProperty("polaris.ignore-ssl-verification", "true");
-    }
-
     if (Boolean.TRUE.equals(storageConfig.getPathStyleAccess())) {
       accessConfig.put(StorageAccessProperty.AWS_PATH_STYLE_ACCESS, Boolean.TRUE.toString());
     }

polaris-core/src/main/java/org/apache/polaris/core/entity/CatalogEntity.java

@@ -108,9 +108,6 @@ public URI getInternalEndpointUri() {
   @Nullable
   public abstract String getStsEndpoint();
 
-  /** Flag indicating whether SSL certificate verification should be disabled */
-  public abstract @Nullable Boolean getIgnoreSSLVerification();
-
   /** Returns the STS endpoint if set, defaulting to {@link #getEndpointUri()} otherwise. */
   @JsonIgnore
   @Nullable

polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsCredentialsStorageIntegration.java

@@ -52,16 +52,8 @@ interface StsDestination {
     @Value.Parameter(order = 2)
     Optional<String> region();
 
-    /** Whether to ignore SSL certificate verification */
-    @Value.Parameter(order = 3)
-    Optional<Boolean> ignoreSSLVerification();
-
-    static StsDestination of(
-        @Nullable URI endpoint, @Nullable String region, @Nullable Boolean ignoreSSLVerification) {
-      return ImmutableStsDestination.of(
-          Optional.ofNullable(endpoint),
-          Optional.ofNullable(region),
-          Optional.ofNullable(ignoreSSLVerification));
+    static StsDestination of(@Nullable URI endpoint, @Nullable String region) {
+      return ImmutableStsDestination.of(Optional.ofNullable(endpoint), Optional.ofNullable(region));
     }
   }
 }