eric-maynard commented on code in PR #1913: URL: https://github.com/apache/polaris/pull/1913#discussion_r2157938345
########## runtime/service/src/main/java/org/apache/polaris/service/storage/aws/S3AccessConfig.java: ########## @@ -0,0 +1,85 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.polaris.service.storage.aws; + +import java.time.Duration; +import java.util.Optional; +import java.util.OptionalInt; + +public interface S3AccessConfig { + /** Default value for {@link #sessionCacheMaxSize()}. */ + int DEFAULT_MAX_SESSION_CREDENTIAL_CACHE_ENTRIES = 1000; Review Comment: nit: the convention used elsewhere seems to be `..._DEFAULT` not `DEFAULT_...`` ########## polaris-core/src/main/java/org/apache/polaris/core/storage/aws/StsClientSupplier.java: ########## @@ -0,0 +1,45 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.polaris.core.storage.aws; + +import jakarta.annotation.Nullable; +import java.net.URI; +import java.util.Optional; +import org.apache.polaris.immutables.PolarisImmutable; +import org.immutables.value.Value; +import software.amazon.awssdk.services.sts.StsClient; + +public interface StsClientSupplier { Review Comment: Perhaps this is rather a `Factory`? At first, I thought `StsClientSupplier` would be a `Supplier<StsClient>`. Even if it's not literally this type it's also not logically this type because it needs an input `StsDestination` to get you a `StsClient`. ########## runtime/service/src/main/java/org/apache/polaris/service/storage/aws/S3AccessConfig.java: ########## @@ -0,0 +1,85 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.polaris.service.storage.aws; + +import java.time.Duration; +import java.util.Optional; +import java.util.OptionalInt; + +public interface S3AccessConfig { Review Comment: Would be nice to have a Javadoc on the new types ########## runtime/service/src/main/java/org/apache/polaris/service/storage/aws/StsClientsPool.java: ########## @@ -0,0 +1,101 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.polaris.service.storage.aws; + +import static java.util.Collections.singletonList; +import static java.util.concurrent.CompletableFuture.completedFuture; + +import com.github.benmanes.caffeine.cache.Cache; +import com.github.benmanes.caffeine.cache.Caffeine; +import com.github.benmanes.caffeine.cache.stats.StatsCounter; +import com.google.common.annotations.VisibleForTesting; +import io.micrometer.core.instrument.MeterRegistry; +import io.micrometer.core.instrument.Tag; +import io.micrometer.core.instrument.binder.cache.CaffeineStatsCounter; +import java.util.Optional; +import java.util.concurrent.CompletableFuture; +import java.util.function.Function; +import org.apache.polaris.core.storage.aws.StsClientSupplier; +import software.amazon.awssdk.endpoints.Endpoint; +import software.amazon.awssdk.http.SdkHttpClient; +import software.amazon.awssdk.regions.Region; +import software.amazon.awssdk.services.sts.StsClient; +import software.amazon.awssdk.services.sts.StsClientBuilder; + +/** Maintains a pool of STS clients. */ +public class StsClientsPool implements StsClientSupplier { + // CODE_COPIED_TO_POLARIS from Project Nessie 0.104.2 + + private static final String CACHE_NAME = "sts-clients"; + + private final Cache<StsDestination, StsClient> clients; + private final Function<StsDestination, StsClient> clientBuilder; + + public StsClientsPool( + S3AccessConfig effectiveSts, SdkHttpClient sdkHttpClient, MeterRegistry meterRegistry) { + this( + effectiveSts.effectiveClientsCacheMaxSize(), + key -> defaultStsClient(key, sdkHttpClient), + Optional.ofNullable(meterRegistry)); + } + + @VisibleForTesting + StsClientsPool( + int maxSize, + Function<StsDestination, StsClient> clientBuilder, + Optional<MeterRegistry> meterRegistry) { + this.clientBuilder = clientBuilder; + this.clients = + Caffeine.newBuilder() + .maximumSize(maxSize) + .recordStats(() -> statsCounter(meterRegistry, maxSize)) + .build(); + } + + @Override + public StsClient stsClient(StsDestination destination) { + return clients.get(destination, clientBuilder); + } + + private static StsClient defaultStsClient(StsDestination parameters, SdkHttpClient sdkClient) { + StsClientBuilder builder = StsClient.builder(); + builder.httpClient(sdkClient); Review Comment: This is the only usage of `SdkHttpClient` outside of `QuarkusProducers` itself, I wonder if we can simplify things by just injecting the `StsClientBuilder` ########## runtime/service/src/main/java/org/apache/polaris/service/storage/aws/StsClientsPool.java: ########## @@ -0,0 +1,101 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.polaris.service.storage.aws; + +import static java.util.Collections.singletonList; +import static java.util.concurrent.CompletableFuture.completedFuture; + +import com.github.benmanes.caffeine.cache.Cache; +import com.github.benmanes.caffeine.cache.Caffeine; +import com.github.benmanes.caffeine.cache.stats.StatsCounter; +import com.google.common.annotations.VisibleForTesting; +import io.micrometer.core.instrument.MeterRegistry; +import io.micrometer.core.instrument.Tag; +import io.micrometer.core.instrument.binder.cache.CaffeineStatsCounter; +import java.util.Optional; +import java.util.concurrent.CompletableFuture; +import java.util.function.Function; +import org.apache.polaris.core.storage.aws.StsClientSupplier; +import software.amazon.awssdk.endpoints.Endpoint; +import software.amazon.awssdk.http.SdkHttpClient; +import software.amazon.awssdk.regions.Region; +import software.amazon.awssdk.services.sts.StsClient; +import software.amazon.awssdk.services.sts.StsClientBuilder; + +/** Maintains a pool of STS clients. */ +public class StsClientsPool implements StsClientSupplier { + // CODE_COPIED_TO_POLARIS from Project Nessie 0.104.2 Review Comment: Why are we copying such generic code from another project? ########## runtime/service/src/main/java/org/apache/polaris/service/quarkus/config/QuarkusProducers.java: ########## @@ -170,6 +175,34 @@ public UserSecretsManagerFactory userSecretsManagerFactory( return userSecretsManagerFactories.select(Identifier.Literal.of(config.type())).get(); } + @Produces + @Singleton + @Identifier("http-client-s3") + public SdkHttpClient sdkHttpClient(S3AccessConfig config) { + ApacheHttpClient.Builder httpClient = ApacheHttpClient.builder(); + config.maxHttpConnections().ifPresent(httpClient::maxConnections); + config.readTimeout().ifPresent(httpClient::socketTimeout); + config.connectTimeout().ifPresent(httpClient::connectionTimeout); + config.connectionAcquisitionTimeout().ifPresent(httpClient::connectionAcquisitionTimeout); + config.connectionMaxIdleTime().ifPresent(httpClient::connectionMaxIdleTime); + config.connectionTimeToLive().ifPresent(httpClient::connectionTimeToLive); + config.expectContinueEnabled().ifPresent(httpClient::expectContinueEnabled); + return httpClient.build(); + } + + public void closeSdkHttpClient(@Disposes @Identifier("http-client-s3") SdkHttpClient client) { Review Comment: This feels out of place in `QuarkusProducers`. Maybe we could create a wrapper over `SdkHttpClient` and handle that like our other `Closeable`s or use `AutoCloseable` ########## runtime/service/src/main/java/org/apache/polaris/service/storage/aws/StsClientsPool.java: ########## @@ -0,0 +1,101 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.polaris.service.storage.aws; + +import static java.util.Collections.singletonList; +import static java.util.concurrent.CompletableFuture.completedFuture; + +import com.github.benmanes.caffeine.cache.Cache; +import com.github.benmanes.caffeine.cache.Caffeine; +import com.github.benmanes.caffeine.cache.stats.StatsCounter; +import com.google.common.annotations.VisibleForTesting; +import io.micrometer.core.instrument.MeterRegistry; +import io.micrometer.core.instrument.Tag; +import io.micrometer.core.instrument.binder.cache.CaffeineStatsCounter; +import java.util.Optional; +import java.util.concurrent.CompletableFuture; +import java.util.function.Function; +import org.apache.polaris.core.storage.aws.StsClientSupplier; +import software.amazon.awssdk.endpoints.Endpoint; +import software.amazon.awssdk.http.SdkHttpClient; +import software.amazon.awssdk.regions.Region; +import software.amazon.awssdk.services.sts.StsClient; +import software.amazon.awssdk.services.sts.StsClientBuilder; + +/** Maintains a pool of STS clients. */ +public class StsClientsPool implements StsClientSupplier { + // CODE_COPIED_TO_POLARIS from Project Nessie 0.104.2 + + private static final String CACHE_NAME = "sts-clients"; + + private final Cache<StsDestination, StsClient> clients; + private final Function<StsDestination, StsClient> clientBuilder; + + public StsClientsPool( + S3AccessConfig effectiveSts, SdkHttpClient sdkHttpClient, MeterRegistry meterRegistry) { + this( + effectiveSts.effectiveClientsCacheMaxSize(), + key -> defaultStsClient(key, sdkHttpClient), + Optional.ofNullable(meterRegistry)); + } + + @VisibleForTesting + StsClientsPool( + int maxSize, + Function<StsDestination, StsClient> clientBuilder, + Optional<MeterRegistry> meterRegistry) { + this.clientBuilder = clientBuilder; + this.clients = + Caffeine.newBuilder() + .maximumSize(maxSize) + .recordStats(() -> statsCounter(meterRegistry, maxSize)) + .build(); + } + + @Override + public StsClient stsClient(StsDestination destination) { + return clients.get(destination, clientBuilder); + } + + private static StsClient defaultStsClient(StsDestination parameters, SdkHttpClient sdkClient) { + StsClientBuilder builder = StsClient.builder(); + builder.httpClient(sdkClient); + if (parameters.endpoint().isPresent()) { + CompletableFuture<Endpoint> endpointFuture = + completedFuture(Endpoint.builder().url(parameters.endpoint().get()).build()); + builder.endpointProvider(params -> endpointFuture); + } + + parameters.region().ifPresent(r -> builder.region(Region.of(r))); + + return builder.build(); + } + + static StatsCounter statsCounter(Optional<MeterRegistry> meterRegistry, int maxSize) { Review Comment: Is this really related to S3-compatible storage support? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@polaris.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
