feat: Use DH S3Instructions to build Iceberg AWS clients #6113
Conversation
devinrsmith
added
DocumentationNeeded
ReleaseNotesNeeded
extensions/iceberg/s3/src/main/java/io/deephaven/iceberg/util/IcebergToolsS3.java
Outdated
Show resolved
Hide resolved
extensions/iceberg/s3/src/main/java/io/deephaven/iceberg/util/IcebergToolsS3.java
Show resolved
Hide resolved
extensions/iceberg/s3/src/main/java/io/deephaven/iceberg/util/IcebergToolsS3.java
Show resolved
Hide resolved
extensions/s3/src/main/java/io/deephaven/extensions/s3/S3ClientFactory.java
Outdated
Show resolved
Hide resolved
extensions/iceberg/s3/src/main/java/io/deephaven/extensions/s3/DeephavenAwsClientFactory.java
Outdated
Show resolved
Hide resolved
extensions/iceberg/s3/src/main/java/io/deephaven/extensions/s3/DeephavenAwsClientFactory.java
Show resolved
Hide resolved
extensions/iceberg/s3/src/main/java/io/deephaven/extensions/s3/DeephavenAwsClientFactory.java
Outdated
Show resolved
Hide resolved
extensions/s3/src/main/java/io/deephaven/extensions/s3/S3ClientFactory.java
Outdated
Show resolved
Hide resolved
extensions/iceberg/s3/src/main/java/io/deephaven/iceberg/util/IcebergToolsS3.java
Outdated
Show resolved
Hide resolved
extensions/iceberg/s3/src/main/java/io/deephaven/iceberg/util/IcebergToolsS3.java
Show resolved
Hide resolved
| @@ -15,9 +16,11 @@ | |||
| import static org.apache.iceberg.aws.s3.S3FileIOProperties.ENDPOINT; | |||
| import static org.apache.iceberg.aws.s3.S3FileIOProperties.SECRET_ACCESS_KEY; | |||
|
|
|||
| @Tag("testcontainers") | |||
| @Deprecated | |||
There was a problem hiding this comment.
I don't understand why we had to deprecate these?
They might still give us coverage on a lot of smaller cases that Larry tested.
Is it deprecated in a sense that new tests should not be added?
There was a problem hiding this comment.
It's mostly that I think we should not add new tests here, and work to migrating them as mentioned in IcebergToolsTest. @lbooker42 has so far owned this layer, but it should be relatively easy to migrate to db_resource, and then we get the benefit of:
- No separate container (s3) needed (+ no need to upload files)
- Ne need to have custom catalog IcebergTestCatalog
- On disk JDBC catalog + on disk warehouse
I see db_resource as mainly a way to test out how well we can interoperate with Iceberg that has been written via different processes (pyiceberg, spark, etc).
For more thorough testing (once we have our own writing support) we should be able to extend SqliteCatalogBase (or create further specialized tests that look similar to it), which can work with any warehouse - currently the same logic is tested out via local disk, minio, and localstack.
There was a problem hiding this comment.
I agree, these new catalog testing code is the more comprehensive way for all future tests. Once we can migrate these tests so we don't lose any coverage, we should remove these as well as the IcebergTestCatalog class.
cc: @lbooker42
extensions/iceberg/src/main/java/io/deephaven/iceberg/util/IcebergTools.java
Show resolved
Hide resolved
| @Override | ||
| public S3Client s3() { | ||
| checkInit(); | ||
| return S3ClientFactory.getSyncClient(instructions); | ||
| } | ||
|
|
||
| @Override | ||
| public GlueClient glue() { |
There was a problem hiding this comment.
Are the glue, kms and dynamodb clients creation covered under any tests?
There was a problem hiding this comment.
No; you could argue we should prefer to throw unsupported for DynamoDB / KMS, but it was easy enough construct those clients if some Iceberg catalog happens to use them (I'm not sure under what circumstances, but it is part of that API...).
I don't know if we've done any Glue testing. https://docs.localstack.cloud/user-guide/aws/glue/ might be possible with the "pro" version, not sure what that entails. https://docs.localstack.cloud/user-guide/aws/glue/
There was a problem hiding this comment.
Makes sense, the implementation does seem straightforward and the internal methods are being touched in the S3 code, so I think that part should be okay.
The only thing I am slightly worried about is preloading in case of kms and dynamo clients.
You have a comment stating glue client is preloaded, is it possible to verify the same for kms and dynamo too?
There was a problem hiding this comment.
I've done some manual testing of the Glue Catalog with the DeephavenAwsClientFactory, and it works. It was a good exercise though, because I realized that there is a new S3Client built for ever Table load (at least for the Glue catalog), so we can't immediately invoke the cleanup Runnable. After a quick change, it worked.
The only caller I see of kms() is LakeFormationAwsClientFactory - it's possible that some private Catalogs use it, but I'm not sure. It seems like this factory has something do do with Role ARN, and it may not actually be in use anymore since I think Iceberg has expanded how configurable AWS is since the creation of it.
The only caller of dynamodb() is DynamoDbCatalog; it may be possible to test it out with Localstack since it looks to be freely available, but it's just a matter of how much time do we want to spend trying? https://docs.localstack.cloud/user-guide/aws/dynamodb/
There was a problem hiding this comment.
Thanks for checking into this.
At this point, maybe just add a TODO comment for kms and dynamodb, for testing it in future?
| @Override | ||
| public S3Client s3() { | ||
| checkInit(); | ||
| return S3ClientFactory.getSyncClient(instructions); | ||
| } | ||
|
|
||
| @Override | ||
| public GlueClient glue() { |
There was a problem hiding this comment.
Makes sense, the implementation does seem straightforward and the internal methods are being touched in the S3 code, so I think that part should be okay.
The only thing I am slightly worried about is preloading in case of kms and dynamo clients.
You have a comment stating glue client is preloaded, is it possible to verify the same for kms and dynamo too?
extensions/iceberg/src/main/java/io/deephaven/iceberg/util/IcebergTools.java
Show resolved
Hide resolved
| @@ -15,9 +16,11 @@ | |||
| import static org.apache.iceberg.aws.s3.S3FileIOProperties.ENDPOINT; | |||
| import static org.apache.iceberg.aws.s3.S3FileIOProperties.SECRET_ACCESS_KEY; | |||
|
|
|||
| @Tag("testcontainers") | |||
| @Deprecated | |||
There was a problem hiding this comment.
I agree, these new catalog testing code is the more comprehensive way for all future tests. Once we can migrate these tests so we don't lose any coverage, we should remove these as well as the IcebergTestCatalog class.
cc: @lbooker42
| throw new IllegalStateException( | ||
| "This S3Iinstructions were already cleaned up; please ensure that the returned Runnable from addToProperties is not invoked until the Catalog is no longer in use."); |
There was a problem hiding this comment.
This is so weird that spotless let this one pass.
Also, typo in S3Instructions.
| CLEANER.register(adapter.catalog(), cleanup); | ||
| return adapter; |
There was a problem hiding this comment.
When I had to do something similar for the S3Request objects, Ryan suggested using CleanupReferenceProcessor. You can check that too, if that has any advantages.
This provides a way for users who are responsible for providing AWS / S3 credentials to specify it in a way where Deephaven can own the S3 client building logic for the Iceberg Catalog in additional to our own data access layer.
Note, this does not deprecate
DataInstructionsProviderPlugin, as there may be cases where the user is not responsible for providing these credentials, and it is instead provided via the catalog after catalog authorization. See #6191