cryptoe commented on code in PR #18891:
URL: https://github.com/apache/druid/pull/18891#discussion_r2690549813
##########
cloud/aws-common/src/main/java/org/apache/druid/common/aws/FileSessionCredentialsProvider.java:
##########
@@ -53,13 +53,12 @@ public FileSessionCredentialsProvider(String
sessionCredentialsFile)
}
@Override
- public AWSCredentials getCredentials()
+ public AwsCredentials resolveCredentials()
{
return awsSessionCredentials;
}
- @Override
- public void refresh()
+ private void refresh()
Review Comment:
Who calls the refresh method now ?
##########
extensions-core/kinesis-indexing-service/src/main/java/org/apache/druid/indexing/kinesis/KinesisRecordSupplier.java:
##########
@@ -474,45 +459,88 @@ public KinesisRecordSupplier(
records = new MemoryBoundLinkedBlockingQueue<>(recordBufferSizeBytes);
}
- public static AmazonKinesis getAmazonKinesisClient(
+ public static KinesisClient getAmazonKinesisClient(
String endpoint,
AWSCredentialsConfig awsCredentialsConfig,
String awsAssumedRoleArn,
String awsExternalId
)
{
- AWSCredentialsProvider awsCredentialsProvider =
AWSCredentialsUtils.defaultAWSCredentialsProviderChain(
+ AwsCredentialsProvider credentialsProvider =
AWSCredentialsUtils.defaultAWSCredentialsProviderChain(
awsCredentialsConfig
);
+ final Region regionFromEndpoint = parseRegionFromEndpoint(endpoint);
+
if (awsAssumedRoleArn != null) {
log.info("Assuming role [%s] with externalId [%s]", awsAssumedRoleArn,
awsExternalId);
- STSAssumeRoleSessionCredentialsProvider.Builder builder = new
STSAssumeRoleSessionCredentialsProvider
- .Builder(awsAssumedRoleArn, StringUtils.format("druid-kinesis-%s",
UUID.randomUUID().toString()))
- .withStsClient(AWSSecurityTokenServiceClientBuilder.standard()
-
.withCredentials(awsCredentialsProvider)
- .build());
+ AssumeRoleRequest.Builder assumeRoleBuilder = AssumeRoleRequest.builder()
+ .roleArn(awsAssumedRoleArn)
+ .roleSessionName(StringUtils.format("druid-kinesis-%s",
UUID.randomUUID().toString()));
if (awsExternalId != null) {
- builder.withExternalId(awsExternalId);
+ assumeRoleBuilder.externalId(awsExternalId);
+ }
+
+ StsClientBuilder stsClientBuilder = StsClient.builder()
+ .credentialsProvider(credentialsProvider);
+
+ if (regionFromEndpoint != null) {
+ stsClientBuilder.region(regionFromEndpoint);
}
- awsCredentialsProvider = builder.build();
+ StsClient stsClient = stsClientBuilder.build();
+
+ credentialsProvider = StsAssumeRoleCredentialsProvider.builder()
+ .stsClient(stsClient)
+ .refreshRequest(assumeRoleBuilder.build())
+ .build();
}
- return AmazonKinesisClientBuilder.standard()
- .withCredentials(awsCredentialsProvider)
- .withClientConfiguration(new
ClientConfiguration())
- .withEndpointConfiguration(new
AwsClientBuilder.EndpointConfiguration(
- endpoint,
- AwsHostNameUtils.parseRegion(
- endpoint,
- null
- )
- )).build();
+ KinesisClientBuilder builder = KinesisClient.builder()
+ .credentialsProvider(credentialsProvider);
+
+ if (endpoint != null && !endpoint.isEmpty()) {
+ // Back-compat: historically this endpoint is often a hostname without a
scheme
+ // (e.g. "kinesis.us-east-1.amazonaws.com"). SDK v2 requires a URI for
endpointOverride.
+ final String endpointWithScheme = endpoint.contains("://") ? endpoint :
"https://"; + endpoint;
+ URI endpointUri = URI.create(endpointWithScheme);
+ builder.endpointOverride(endpointUri);
+ }
+
+ // SDK v2 requires a region; when endpoint matches AWS hostname pattern we
can infer it.
+ if (regionFromEndpoint != null) {
+ builder.region(regionFromEndpoint);
+ }
+
+ return builder.build();
}
+ /**
+ * Parse region from a Kinesis endpoint URL.
+ * Expected format: https://kinesis.{region}.amazonaws.com
+ */
+ private static Region parseRegionFromEndpoint(String endpoint)
Review Comment:
We should probably add tests for this function.
##########
extensions-core/s3-extensions/src/main/java/org/apache/druid/storage/s3/ObjectSummaryWithBucketIterator.java:
##########
@@ -0,0 +1,170 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.druid.storage.s3;
+
+import org.apache.druid.java.util.common.RE;
+import software.amazon.awssdk.services.s3.model.ListObjectsV2Request;
+import software.amazon.awssdk.services.s3.model.ListObjectsV2Response;
+import software.amazon.awssdk.services.s3.model.S3Exception;
+import software.amazon.awssdk.services.s3.model.S3Object;
+
+import java.net.URI;
+import java.util.Iterator;
+import java.util.NoSuchElementException;
+
+/**
+ * Iterator that returns S3 objects along with their bucket names.
+ * This is needed because AWS SDK v2's S3Object doesn't include the bucket
name.
+ */
+public class ObjectSummaryWithBucketIterator implements
Iterator<S3Utils.S3ObjectWithBucket>
+{
+ private final ServerSideEncryptingAmazonS3 s3Client;
+ private final Iterator<URI> prefixesIterator;
+ private final int maxListingLength;
+ private final int maxRetries;
+
+ private String currentBucket;
+ private String currentPrefix;
+ private String continuationToken;
+ private ListObjectsV2Response result;
+ private Iterator<S3Object> objectSummaryIterator;
+ private S3Utils.S3ObjectWithBucket currentObjectSummary;
+
+ ObjectSummaryWithBucketIterator(
+ final ServerSideEncryptingAmazonS3 s3Client,
+ final Iterable<URI> prefixes,
+ final int maxListingLength,
+ final int maxRetries
+ )
+ {
+ this.s3Client = s3Client;
+ this.prefixesIterator = prefixes.iterator();
+ this.maxListingLength = maxListingLength;
+ this.maxRetries = maxRetries;
+
+ prepareNextRequest();
+ fetchNextBatch();
+ advanceObjectSummary();
+ }
+
+ @Override
+ public boolean hasNext()
+ {
+ return currentObjectSummary != null;
+ }
+
+ @Override
+ public S3Utils.S3ObjectWithBucket next()
+ {
+ if (currentObjectSummary == null) {
+ throw new NoSuchElementException();
+ }
+
+ final S3Utils.S3ObjectWithBucket retVal = currentObjectSummary;
+ advanceObjectSummary();
+ return retVal;
+ }
+
+ private void prepareNextRequest()
+ {
+ final URI currentUri = prefixesIterator.next();
+ currentBucket = currentUri.getAuthority();
+ currentPrefix = S3Utils.extractS3Key(currentUri);
+ continuationToken = null;
+ }
+
+ private void fetchNextBatch()
+ {
+ try {
+ ListObjectsV2Request request = ListObjectsV2Request.builder()
+ .bucket(currentBucket)
+ .prefix(currentPrefix)
+ .maxKeys(maxListingLength)
+ .continuationToken(continuationToken)
+ .build();
+
+ result = S3Utils.retryS3Operation(() -> s3Client.listObjectsV2(request),
maxRetries);
+ continuationToken = result.nextContinuationToken();
+ objectSummaryIterator = result.contents().iterator();
+ }
+ catch (S3Exception e) {
+ throw new RE(
+ e,
+ "Failed to get object summaries from S3 bucket[%s], prefix[%s]; S3
error: %s",
+ currentBucket,
+ currentPrefix,
+ e.getMessage()
+ );
+ }
+ catch (Exception e) {
+ throw new RE(
+ e,
+ "Failed to get object summaries from S3 bucket[%s], prefix[%s]",
+ currentBucket,
+ currentPrefix
+ );
+ }
+ }
+
+ private void advanceObjectSummary()
+ {
+ while (objectSummaryIterator.hasNext() || result.isTruncated() ||
prefixesIterator.hasNext()) {
+ while (objectSummaryIterator.hasNext()) {
+ S3Object s3Object = objectSummaryIterator.next();
+ // skips directories and empty objects
+ if (!isDirectoryPlaceholder(s3Object) && s3Object.size() > 0) {
+ currentObjectSummary = new S3Utils.S3ObjectWithBucket(currentBucket,
s3Object);
+ return;
+ }
+ }
+
+ // Exhausted "objectSummaryIterator" without finding a non-placeholder.
+ if (result.isTruncated()) {
+ fetchNextBatch();
+ } else if (prefixesIterator.hasNext()) {
+ prepareNextRequest();
+ fetchNextBatch();
+ }
+ }
+
+ // Truly nothing left to read.
+ currentObjectSummary = null;
+ }
+
+ private static boolean isDirectoryPlaceholder(final S3Object objectSummary)
+ {
+ // Recognize "standard" directory place-holder indications used by
Amazon's AWS Console and Panic's Transmit.
+ if (objectSummary.key().endsWith("/") && objectSummary.size() == 0) {
+ return true;
+ }
+
+ // Recognize s3sync.rb directory placeholders by MD5/ETag value.
Review Comment:
Could you please share relevant docs for these placeholders ?
##########
extensions-core/s3-extensions/src/main/java/org/apache/druid/storage/s3/ObjectSummaryWithBucketIterator.java:
##########
@@ -0,0 +1,170 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.druid.storage.s3;
+
+import org.apache.druid.java.util.common.RE;
+import software.amazon.awssdk.services.s3.model.ListObjectsV2Request;
+import software.amazon.awssdk.services.s3.model.ListObjectsV2Response;
+import software.amazon.awssdk.services.s3.model.S3Exception;
+import software.amazon.awssdk.services.s3.model.S3Object;
+
+import java.net.URI;
+import java.util.Iterator;
+import java.util.NoSuchElementException;
+
+/**
+ * Iterator that returns S3 objects along with their bucket names.
+ * This is needed because AWS SDK v2's S3Object doesn't include the bucket
name.
+ */
+public class ObjectSummaryWithBucketIterator implements
Iterator<S3Utils.S3ObjectWithBucket>
+{
+ private final ServerSideEncryptingAmazonS3 s3Client;
+ private final Iterator<URI> prefixesIterator;
+ private final int maxListingLength;
+ private final int maxRetries;
+
+ private String currentBucket;
+ private String currentPrefix;
+ private String continuationToken;
+ private ListObjectsV2Response result;
+ private Iterator<S3Object> objectSummaryIterator;
+ private S3Utils.S3ObjectWithBucket currentObjectSummary;
+
+ ObjectSummaryWithBucketIterator(
+ final ServerSideEncryptingAmazonS3 s3Client,
+ final Iterable<URI> prefixes,
+ final int maxListingLength,
+ final int maxRetries
+ )
+ {
+ this.s3Client = s3Client;
+ this.prefixesIterator = prefixes.iterator();
+ this.maxListingLength = maxListingLength;
+ this.maxRetries = maxRetries;
+
+ prepareNextRequest();
Review Comment:
Feels a bit weird that in the constructor we are calling these methods.
Should we call these in hasNext() ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
