laurentgo commented on code in PR #14196:
URL: https://github.com/apache/iceberg/pull/14196#discussion_r2450317404
##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -1903,6 +1926,34 @@ components:
schema:
type: string
+ idempotency-key:
+ name: Idempotency-Key
+ in: header
+ required: false
+ schema:
+ type: string
+ format: uuid
+ minLength: 36
+ maxLength: 36
+ example: "550e8400-e29b-41d4-a716-446655440000"
+ description: |
+ Optional client-provided idempotency key for safe request retries.
+
+ When present, the server ensures no additional effects for requests
that carry the same
+ Idempotency-Key within the same operation/resource scope. If a prior
request with this key
+ has been finalized, the server returns the previously finalized
response instead of
+ re-executing the mutation.
+
+ Finalization rules:
+ - Finalize & replay: 200, 201, 204, and deterministic terminal 4xx
+ - Do not finalize (not stored/replayed): 5xx, 409 request_in_progress
+
+ Key Requirements:
+ - Key format: UUID (V7 preferred)
Review Comment:
> I am not sure the clock skew is a problem for the current proposal.
idempotency-key-lifetime indicates that server would track the idempotency key
for at least this advertised window. It is a relative time (not a server-side
timestamp returned from server to client).
>
> If server doesn't adhere to this requirement, it's a server side
implementation issue. If client continues to use the same idempotency key after
this window since the first submission, it is an client side implementation
issue.
it may be the case in theory, but this is not true in practice, especially
when dealing with distributed systems. For example,
`System.currentTimeMillis()` is not monotonic or there's no guarantee on the
client. If many servers are involved, there may be clock skew between them. And
there's also the latency between the client and the server (without even taking
into consideration intermediaries).
My concern is that the specification puts a lot of constraint on the server
but do very little to make things easier or a bit more flexible...
> Coming back to the language implementation states. ideally I like to see
java.util.UUID supports the version 7 in JDK. For Python, my understanding is
that v7 UUID is only supported in Python 3.14, which was just released on Oct
7, 2025. I don't know how many people would be comfortable with requiring
version 7 UUID. We can also poll the broader community with a thread in the
dev@ ML>
I understand it would be better to have system implementation but like I
said 3rd party implementations exist, and it's not terribly complicated to
create one ourselves:
```
UUID uuidv7() {
long mostSigBits = 0L;
mostSigBits = (System.currentTimeMillis() << 16); // 48bits timestamp
mostSigBits |= (0b0111 << 12); // version 7
mostSigBits |= (ThreadLocalRandom.current().nextInt() & 0x0fffL); // 12
bits pseudo random data
long leastSigBits = 0L;
leastSigBits |= 0b10L << 62; // variant
leastSigBits |= (ThreadLocalRandom.current().nextLong() &
0x3fffffffffffffffL); // 62 bits pseudo random data
return new UUID(mostSigBits, leastSigBits);
}
```
is it worth dismissing UUIDv7 over 10 lines of code?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
