singhpk234 commented on code in PR #1965: URL: https://github.com/apache/polaris/pull/1965#discussion_r2316585400
########## runtime/service/src/main/java/org/apache/polaris/service/events/jsonEventListener/aws/cloudwatch/AwsCloudWatchEventListener.java: ########## @@ -0,0 +1,185 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.polaris.service.events.jsonEventListener.aws.cloudwatch; + +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import io.smallrye.common.annotation.Identifier; +import jakarta.annotation.PostConstruct; +import jakarta.annotation.PreDestroy; +import jakarta.enterprise.context.ApplicationScoped; +import jakarta.inject.Inject; +import jakarta.ws.rs.core.Context; +import jakarta.ws.rs.core.SecurityContext; +import java.time.Clock; +import java.util.HashMap; +import java.util.List; +import java.util.concurrent.CompletableFuture; +import java.util.function.Supplier; +import org.apache.polaris.core.context.CallContext; +import org.apache.polaris.service.config.PolarisIcebergObjectMapperCustomizer; +import org.apache.polaris.service.events.jsonEventListener.PropertyMapEventListener; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import software.amazon.awssdk.regions.Region; +import software.amazon.awssdk.services.cloudwatchlogs.CloudWatchLogsAsyncClient; +import software.amazon.awssdk.services.cloudwatchlogs.model.CreateLogGroupRequest; +import software.amazon.awssdk.services.cloudwatchlogs.model.CreateLogStreamRequest; +import software.amazon.awssdk.services.cloudwatchlogs.model.DescribeLogGroupsRequest; +import software.amazon.awssdk.services.cloudwatchlogs.model.DescribeLogStreamsRequest; +import software.amazon.awssdk.services.cloudwatchlogs.model.InputLogEvent; +import software.amazon.awssdk.services.cloudwatchlogs.model.PutLogEventsRequest; +import software.amazon.awssdk.services.cloudwatchlogs.model.PutLogEventsResponse; + +@ApplicationScoped +@Identifier("aws-cloudwatch") +public class AwsCloudWatchEventListener extends PropertyMapEventListener { + private static final Logger LOGGER = LoggerFactory.getLogger(AwsCloudWatchEventListener.class); + final ObjectMapper objectMapper = new ObjectMapper(); + + private CloudWatchLogsAsyncClient client; + + private final String logGroup; + private final String logStream; + private final Region region; + private final boolean synchronousMode; + private final Clock clock; + + @Inject CallContext callContext; + + @Context SecurityContext securityContext; + + @Inject + public AwsCloudWatchEventListener( + AwsCloudWatchConfiguration config, + Clock clock, + PolarisIcebergObjectMapperCustomizer customizer) { + this.logStream = config.awsCloudWatchLogStream(); + this.logGroup = config.awsCloudWatchLogGroup(); + this.region = Region.of(config.awsCloudWatchRegion()); + this.synchronousMode = config.synchronousMode(); + this.clock = clock; + customizer.customize(this.objectMapper); + } + + @PostConstruct + void start() { + this.client = createCloudWatchAsyncClient(); + ensureLogGroupAndStream(); + } + + protected CloudWatchLogsAsyncClient createCloudWatchAsyncClient() { + return CloudWatchLogsAsyncClient.builder().region(region).build(); + } + + private void ensureLogGroupAndStream() { + ensureResourceExists( + () -> + client + .describeLogGroups( + DescribeLogGroupsRequest.builder().logGroupNamePrefix(logGroup).build()) + .join() + .logGroups() + .stream() + .anyMatch(g -> g.logGroupName().equals(logGroup)), + () -> + client + .createLogGroup(CreateLogGroupRequest.builder().logGroupName(logGroup).build()) + .join(), + "group", + logGroup); + ensureResourceExists( + () -> + client + .describeLogStreams( + DescribeLogStreamsRequest.builder() + .logGroupName(logGroup) + .logStreamNamePrefix(logStream) + .build()) + .join() + .logStreams() + .stream() + .anyMatch(s -> s.logStreamName().equals(logStream)), + () -> + client + .createLogStream( + CreateLogStreamRequest.builder() + .logGroupName(logGroup) + .logStreamName(logStream) + .build()) + .join(), + "stream", + logStream); + } + + private static void ensureResourceExists( + Supplier<Boolean> existsCheck, + Runnable createAction, + String resourceType, + String resourceName) { + if (existsCheck.get()) { + LOGGER.debug("Log {} [{}] already exists", resourceType, resourceName); + } else { + LOGGER.debug("Attempting to create log {}: {}", resourceType, resourceName); + createAction.run(); + } + } + + @PreDestroy + void shutdown() { + if (client != null) { + client.close(); + } + } + + @Override + protected void transformAndSendEvent(HashMap<String, Object> properties) { + properties.put("realm_id", callContext.getRealmContext().getRealmIdentifier()); + properties.put("principal", securityContext.getUserPrincipal().getName()); + // TODO: Add request ID when it is available + String eventAsJson; + try { + eventAsJson = objectMapper.writeValueAsString(properties); + } catch (JsonProcessingException e) { + LOGGER.error("Error processing event into JSON string: ", e); Review Comment: may be we can add debug log to log the object ? ########## runtime/service/src/main/java/org/apache/polaris/service/events/jsonEventListener/PropertyMapEventListener.java: ########## @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.polaris.service.events.jsonEventListener; + +import java.util.HashMap; +import org.apache.polaris.service.events.AfterTableRefreshedEvent; +import org.apache.polaris.service.events.PolarisEventListener; + +/** + * This class provides a common framework for transforming Polaris events into a HashMap, which can + * be used to transform the event further, such as transforming into a JSON string, and send them to + * various destinations. Concrete implementations should override the + * {{@code @link#transformAndSendEvent(HashMap)}} method to define how the event data should be + * transformed into a JSON string, transmitted, and/or stored. + */ +public abstract class PropertyMapEventListener extends PolarisEventListener { + protected abstract void transformAndSendEvent(HashMap<String, Object> properties); + + @Override + public void onAfterTableRefreshed(AfterTableRefreshedEvent event) { + HashMap<String, Object> properties = new HashMap<>(); + properties.put("event_type", event.getClass().getSimpleName()); + properties.put("table_identifier", event.tableIdentifier().toString()); Review Comment: [optional] wondering if we need catalog name too in this ? lets say i have a same namespace and table in the different catalogs in the realm ? ########## runtime/service/src/main/java/org/apache/polaris/service/events/jsonEventListener/aws/cloudwatch/AwsCloudWatchEventListener.java: ########## @@ -0,0 +1,185 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.polaris.service.events.jsonEventListener.aws.cloudwatch; + +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import io.smallrye.common.annotation.Identifier; +import jakarta.annotation.PostConstruct; +import jakarta.annotation.PreDestroy; +import jakarta.enterprise.context.ApplicationScoped; +import jakarta.inject.Inject; +import jakarta.ws.rs.core.Context; +import jakarta.ws.rs.core.SecurityContext; +import java.time.Clock; +import java.util.HashMap; +import java.util.List; +import java.util.concurrent.CompletableFuture; +import java.util.function.Supplier; +import org.apache.polaris.core.context.CallContext; +import org.apache.polaris.service.config.PolarisIcebergObjectMapperCustomizer; +import org.apache.polaris.service.events.jsonEventListener.PropertyMapEventListener; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import software.amazon.awssdk.regions.Region; +import software.amazon.awssdk.services.cloudwatchlogs.CloudWatchLogsAsyncClient; +import software.amazon.awssdk.services.cloudwatchlogs.model.CreateLogGroupRequest; +import software.amazon.awssdk.services.cloudwatchlogs.model.CreateLogStreamRequest; +import software.amazon.awssdk.services.cloudwatchlogs.model.DescribeLogGroupsRequest; +import software.amazon.awssdk.services.cloudwatchlogs.model.DescribeLogStreamsRequest; +import software.amazon.awssdk.services.cloudwatchlogs.model.InputLogEvent; +import software.amazon.awssdk.services.cloudwatchlogs.model.PutLogEventsRequest; +import software.amazon.awssdk.services.cloudwatchlogs.model.PutLogEventsResponse; + +@ApplicationScoped +@Identifier("aws-cloudwatch") +public class AwsCloudWatchEventListener extends PropertyMapEventListener { + private static final Logger LOGGER = LoggerFactory.getLogger(AwsCloudWatchEventListener.class); + final ObjectMapper objectMapper = new ObjectMapper(); + + private CloudWatchLogsAsyncClient client; + + private final String logGroup; + private final String logStream; + private final Region region; + private final boolean synchronousMode; + private final Clock clock; + + @Inject CallContext callContext; + + @Context SecurityContext securityContext; + + @Inject + public AwsCloudWatchEventListener( + AwsCloudWatchConfiguration config, + Clock clock, + PolarisIcebergObjectMapperCustomizer customizer) { + this.logStream = config.awsCloudWatchLogStream(); + this.logGroup = config.awsCloudWatchLogGroup(); + this.region = Region.of(config.awsCloudWatchRegion()); + this.synchronousMode = config.synchronousMode(); + this.clock = clock; + customizer.customize(this.objectMapper); + } + + @PostConstruct + void start() { + this.client = createCloudWatchAsyncClient(); + ensureLogGroupAndStream(); + } + + protected CloudWatchLogsAsyncClient createCloudWatchAsyncClient() { + return CloudWatchLogsAsyncClient.builder().region(region).build(); + } + + private void ensureLogGroupAndStream() { + ensureResourceExists( + () -> + client + .describeLogGroups( + DescribeLogGroupsRequest.builder().logGroupNamePrefix(logGroup).build()) + .join() + .logGroups() + .stream() + .anyMatch(g -> g.logGroupName().equals(logGroup)), + () -> + client + .createLogGroup(CreateLogGroupRequest.builder().logGroupName(logGroup).build()) + .join(), + "group", + logGroup); + ensureResourceExists( + () -> + client + .describeLogStreams( + DescribeLogStreamsRequest.builder() + .logGroupName(logGroup) + .logStreamNamePrefix(logStream) + .build()) + .join() + .logStreams() + .stream() + .anyMatch(s -> s.logStreamName().equals(logStream)), + () -> + client + .createLogStream( + CreateLogStreamRequest.builder() + .logGroupName(logGroup) + .logStreamName(logStream) + .build()) + .join(), + "stream", + logStream); + } + + private static void ensureResourceExists( + Supplier<Boolean> existsCheck, + Runnable createAction, + String resourceType, + String resourceName) { + if (existsCheck.get()) { + LOGGER.debug("Log {} [{}] already exists", resourceType, resourceName); Review Comment: ```suggestion LOGGER.debug("Resource {} [{}] already exists", resourceType, resourceName); ``` ########## site/content/in-dev/unreleased/configuration.md: ########## @@ -78,46 +78,51 @@ read-only mode, as Polaris only reads the configuration file once, at startup. ## Polaris Configuration Options Reference -| Configuration Property | Default Value | Description | -|----------------------------------------------------------------------------------------|-----------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `polaris.persistence.type` | `relational-jdbc` | Define the persistence backend used by Polaris (`in-memory`, `relational-jdbc`, `eclipse-link` (deprecated)). See [Configuring Apache Polaris for Production)[{{% ref "configuring-polaris-for-production.md" %}}) | -| `polaris.persistence.relational.jdbc.max-retries` | `1` | Total number of retries JDBC persistence will attempt on connection resets or serialization failures before giving up. | -| `polaris.persistence.relational.jdbc.max_duaration_in_ms` | `5000 ms` | Max time interval (ms) since the start of a transaction when retries can be attempted. | -| `polaris.persistence.relational.jdbc.initial_delay_in_ms` | `100 ms` | Initial delay before retrying. The delay is doubled after each retry. | -| `polaris.persistence.eclipselink.configurationFile` | | Define the location of the `persistence.xml`. By default, it's the built-in `persistence.xml` in use. | -| `polaris.persistence.eclipselink.persistenceUnit` | `polaris` | Define the name of the persistence unit to use, as defined in the `persistence.xml`. | -| `polaris.realm-context.type` | `default` | Define the type of the Polaris realm to use. | -| `polaris.realm-context.realms` | `POLARIS` | Define the list of realms to use. | -| `polaris.realm-context.header-name` | `Polaris-Realm` | Define the header name defining the realm context. | -| `polaris.features."ENFORCE_PRINCIPAL_CREDENTIAL_ROTATION_REQUIRED_CHECKING"` | `false` | Flag to enforce check if credential rotation. | -| `polaris.features."SUPPORTED_CATALOG_STORAGE_TYPES"` | `FILE` | Define the catalog supported storage. Supported values are `S3`, `GCS`, `AZURE`, `FILE`. | -| `polaris.features.realm-overrides."my-realm"."SKIP_CREDENTIAL_SUBSCOPING_INDIRECTION"` | `true` | "Override" realm features, here the skip credential subscoping indirection flag. | -| `polaris.authentication.authenticator.type` | `default` | Define the Polaris authenticator type. | -| `polaris.authentication.token-service.type` | `default` | Define the Polaris token service type. | -| `polaris.authentication.token-broker.type` | `rsa-key-pair` | Define the Polaris token broker type. Also configure the location of the key files. For RSA: if the locations of the key files are not configured, an ephemeral key-pair will be created on each Polaris server instance startup, which breaks existing tokens after server restarts and is also incompatible with running multiple Polaris server instances. | -| `polaris.authentication.token-broker.max-token-generation` | `PT1H` | Define the max token generation policy on the token broker. | -| `polaris.authentication.token-broker.rsa-key-pair.private-key-file` | | Define the location of the RSA-256 private key file, if present the `public-key` file must be specified, too. | -| `polaris.authentication.token-broker.rsa-key-pair.public-key-file` | | Define the location of the RSA-256 public key file, if present the `private-key` file must be specified, too. | -| `polaris.authentication.token-broker.symmetric-key.secret` | `secret` | Define the secret of the symmetric key. | -| `polaris.authentication.token-broker.symmetric-key.file` | `/tmp/symmetric.key` | Define the location of the symmetric key file. | -| `polaris.storage.aws.access-key` | `accessKey` | Define the AWS S3 access key. If unset, the default credential provider chain will be used. | -| `polaris.storage.aws.secret-key` | `secretKey` | Define the AWS S3 secret key. If unset, the default credential provider chain will be used. | -| `polaris.storage.gcp.token` | `token` | Define the Google Cloud Storage token. If unset, the default credential provider chain will be used. | -| `polaris.storage.gcp.lifespan` | `PT1H` | Define the Google Cloud Storage lifespan type. If unset, the default credential provider chain will be used. | -| `polaris.log.request-id-header-name` | `Polaris-Request-Id` | Define the header name to match request ID in the log. | -| `polaris.log.mdc.aid` | `polaris` | Define the log context (e.g. MDC) AID. | -| `polaris.log.mdc.sid` | `polaris-service` | Define the log context (e.g. MDC) SID. | -| `polaris.rate-limiter.filter.type` | `no-op` | Define the Polaris rate limiter. Supported values are `no-op`, `token-bucket`. | -| `polaris.rate-limiter.token-bucket.type` | `default` | Define the token bucket rate limiter. | -| `polaris.rate-limiter.token-bucket.requests-per-second` | `9999` | Define the number of requests per second for the token bucket rate limiter. | -| `polaris.rate-limiter.token-bucket.window` | `PT10S` | Define the window type for the token bucket rate limiter. | -| `polaris.metrics.tags.<tag-name>=<tag-value>` | `application=Polaris` | Define arbitrary metric tags to include in every request. | -| `polaris.metrics.realm-id-tag.api-metrics-enabled` | `false` | Whether to enable the `realm_id` metric tag in API metrics. | -| `polaris.metrics.realm-id-tag.http-metrics-enabled` | `false` | Whether to enable the `realm_id` metric tag in HTTP request metrics. | -| `polaris.metrics.realm-id-tag.http-metrics-max-cardinality` | `100` | The maximum cardinality for the `realm_id` tag in HTTP request metrics. | -| `polaris.tasks.max-concurrent-tasks` | `100` | Define the max number of concurrent tasks. | -| `polaris.tasks.max-queued-tasks` | `1000` | Define the max number of tasks in queue. | - | `polaris.config.rollback.compaction.on-conflicts.enabled` | `false` | When set to true Polaris will apply the deconfliction by rollbacking those REPLACE operations snapshots which have the property of `polaris.internal.rollback.compaction.on-conflict` in their snapshot summary set to `rollback`, to resolve conflicts at the server end. | +| Configuration Property | Default Value | Description | +|----------------------------------------------------------------------------------------|------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `polaris.persistence.type` | `relational-jdbc` | Define the persistence backend used by Polaris (`in-memory`, `relational-jdbc`, `eclipse-link` (deprecated)). See [Configuring Apache Polaris for Production)[{{% ref "configuring-polaris-for-production.md" %}}) | +| `polaris.persistence.relational.jdbc.max-retries` | `1` | Total number of retries JDBC persistence will attempt on connection resets or serialization failures before giving up. | +| `polaris.persistence.relational.jdbc.max_duaration_in_ms` | `5000 ms` | Max time interval (ms) since the start of a transaction when retries can be attempted. | +| `polaris.persistence.relational.jdbc.initial_delay_in_ms` | `100 ms` | Initial delay before retrying. The delay is doubled after each retry. | +| `polaris.persistence.eclipselink.configurationFile` | | Define the location of the `persistence.xml`. By default, it's the built-in `persistence.xml` in use. | +| `polaris.persistence.eclipselink.persistenceUnit` | `polaris` | Define the name of the persistence unit to use, as defined in the `persistence.xml`. | +| `polaris.realm-context.type` | `default` | Define the type of the Polaris realm to use. | +| `polaris.realm-context.realms` | `POLARIS` | Define the list of realms to use. | +| `polaris.realm-context.header-name` | `Polaris-Realm` | Define the header name defining the realm context. | +| `polaris.features."ENFORCE_PRINCIPAL_CREDENTIAL_ROTATION_REQUIRED_CHECKING"` | `false` | Flag to enforce check if credential rotation. | +| `polaris.features."SUPPORTED_CATALOG_STORAGE_TYPES"` | `FILE` | Define the catalog supported storage. Supported values are `S3`, `GCS`, `AZURE`, `FILE`. | +| `polaris.features.realm-overrides."my-realm"."SKIP_CREDENTIAL_SUBSCOPING_INDIRECTION"` | `true` | "Override" realm features, here the skip credential subscoping indirection flag. | +| `polaris.authentication.authenticator.type` | `default` | Define the Polaris authenticator type. | +| `polaris.authentication.token-service.type` | `default` | Define the Polaris token service type. | +| `polaris.authentication.token-broker.type` | `rsa-key-pair` | Define the Polaris token broker type. Also configure the location of the key files. For RSA: if the locations of the key files are not configured, an ephemeral key-pair will be created on each Polaris server instance startup, which breaks existing tokens after server restarts and is also incompatible with running multiple Polaris server instances. | +| `polaris.authentication.token-broker.max-token-generation` | `PT1H` | Define the max token generation policy on the token broker. | +| `polaris.authentication.token-broker.rsa-key-pair.private-key-file` | | Define the location of the RSA-256 private key file, if present the `public-key` file must be specified, too. | +| `polaris.authentication.token-broker.rsa-key-pair.public-key-file` | | Define the location of the RSA-256 public key file, if present the `private-key` file must be specified, too. | +| `polaris.authentication.token-broker.symmetric-key.secret` | `secret` | Define the secret of the symmetric key. | +| `polaris.authentication.token-broker.symmetric-key.file` | `/tmp/symmetric.key` | Define the location of the symmetric key file. | +| `polaris.storage.aws.access-key` | `accessKey` | Define the AWS S3 access key. If unset, the default credential provider chain will be used. | +| `polaris.storage.aws.secret-key` | `secretKey` | Define the AWS S3 secret key. If unset, the default credential provider chain will be used. | +| `polaris.storage.gcp.token` | `token` | Define the Google Cloud Storage token. If unset, the default credential provider chain will be used. | +| `polaris.storage.gcp.lifespan` | `PT1H` | Define the Google Cloud Storage lifespan type. If unset, the default credential provider chain will be used. | +| `polaris.log.request-id-header-name` | `Polaris-Request-Id` | Define the header name to match request ID in the log. | +| `polaris.log.mdc.aid` | `polaris` | Define the log context (e.g. MDC) AID. | +| `polaris.log.mdc.sid` | `polaris-service` | Define the log context (e.g. MDC) SID. | +| `polaris.rate-limiter.filter.type` | `no-op` | Define the Polaris rate limiter. Supported values are `no-op`, `token-bucket`. | +| `polaris.rate-limiter.token-bucket.type` | `default` | Define the token bucket rate limiter. | +| `polaris.rate-limiter.token-bucket.requests-per-second` | `9999` | Define the number of requests per second for the token bucket rate limiter. | +| `polaris.rate-limiter.token-bucket.window` | `PT10S` | Define the window type for the token bucket rate limiter. | +| `polaris.metrics.tags.<tag-name>=<tag-value>` | `application=Polaris` | Define arbitrary metric tags to include in every request. | +| `polaris.metrics.realm-id-tag.api-metrics-enabled` | `false` | Whether to enable the `realm_id` metric tag in API metrics. | +| `polaris.metrics.realm-id-tag.http-metrics-enabled` | `false` | Whether to enable the `realm_id` metric tag in HTTP request metrics. | +| `polaris.metrics.realm-id-tag.http-metrics-max-cardinality` | `100` | The maximum cardinality for the `realm_id` tag in HTTP request metrics. | +| `polaris.tasks.max-concurrent-tasks` | `100` | Define the max number of concurrent tasks. | +| `polaris.tasks.max-queued-tasks` | `1000` | Define the max number of tasks in queue. | +| `polaris.config.rollback.compaction.on-conflicts.enabled` | `false` | When set to true Polaris will apply the deconfliction by rollbacking those REPLACE operations snapshots which have the property of `polaris.internal.rollback.compaction.on-conflict` in their snapshot summary set to `rollback`, to resolve conflicts at the server end. | +| `polaris.event-listener.type` | `no-op` | Define the Polaris event listener type. Supported values are `no-op`, `aws-cloudwatch`. | +| `polaris.event-listener.aws-cloudwatch.log-group` | `polaris-cloudwatch-default-group` | Define the AWS CloudWatch log group name for the event listener. | +| `polaris.event-listener.aws-cloudwatch.log-stream` | `polaris-cloudwatch-default-stream`| Define the AWS CloudWatch log stream name for the event listener. Ensure that Polaris' IAM credentials have the following actions: "PutLogEvents", "DescribeLogStreams", and "DescribeLogGroups" on the specified log stream/group. If the specified log stream/group does not exist, then "CreateLogStream" and "CreateLogGroup" will also be required. | Review Comment: [not a blocker] IMHO adding IAM requirement might not be right place, is there a place where IAM with Polaris runs with requirements are there ? let me check too. ########## runtime/service/src/main/java/org/apache/polaris/service/events/jsonEventListener/aws/cloudwatch/AwsCloudWatchEventListener.java: ########## @@ -0,0 +1,185 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.polaris.service.events.jsonEventListener.aws.cloudwatch; + +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import io.smallrye.common.annotation.Identifier; +import jakarta.annotation.PostConstruct; +import jakarta.annotation.PreDestroy; +import jakarta.enterprise.context.ApplicationScoped; +import jakarta.inject.Inject; +import jakarta.ws.rs.core.Context; +import jakarta.ws.rs.core.SecurityContext; +import java.time.Clock; +import java.util.HashMap; +import java.util.List; +import java.util.concurrent.CompletableFuture; +import java.util.function.Supplier; +import org.apache.polaris.core.context.CallContext; +import org.apache.polaris.service.config.PolarisIcebergObjectMapperCustomizer; +import org.apache.polaris.service.events.jsonEventListener.PropertyMapEventListener; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import software.amazon.awssdk.regions.Region; +import software.amazon.awssdk.services.cloudwatchlogs.CloudWatchLogsAsyncClient; +import software.amazon.awssdk.services.cloudwatchlogs.model.CreateLogGroupRequest; +import software.amazon.awssdk.services.cloudwatchlogs.model.CreateLogStreamRequest; +import software.amazon.awssdk.services.cloudwatchlogs.model.DescribeLogGroupsRequest; +import software.amazon.awssdk.services.cloudwatchlogs.model.DescribeLogStreamsRequest; +import software.amazon.awssdk.services.cloudwatchlogs.model.InputLogEvent; +import software.amazon.awssdk.services.cloudwatchlogs.model.PutLogEventsRequest; +import software.amazon.awssdk.services.cloudwatchlogs.model.PutLogEventsResponse; + +@ApplicationScoped +@Identifier("aws-cloudwatch") +public class AwsCloudWatchEventListener extends PropertyMapEventListener { + private static final Logger LOGGER = LoggerFactory.getLogger(AwsCloudWatchEventListener.class); + final ObjectMapper objectMapper = new ObjectMapper(); + + private CloudWatchLogsAsyncClient client; + + private final String logGroup; + private final String logStream; + private final Region region; + private final boolean synchronousMode; + private final Clock clock; + + @Inject CallContext callContext; + + @Context SecurityContext securityContext; + + @Inject + public AwsCloudWatchEventListener( + AwsCloudWatchConfiguration config, + Clock clock, + PolarisIcebergObjectMapperCustomizer customizer) { + this.logStream = config.awsCloudWatchLogStream(); + this.logGroup = config.awsCloudWatchLogGroup(); + this.region = Region.of(config.awsCloudWatchRegion()); + this.synchronousMode = config.synchronousMode(); + this.clock = clock; + customizer.customize(this.objectMapper); + } + + @PostConstruct + void start() { + this.client = createCloudWatchAsyncClient(); + ensureLogGroupAndStream(); + } + + protected CloudWatchLogsAsyncClient createCloudWatchAsyncClient() { + return CloudWatchLogsAsyncClient.builder().region(region).build(); + } + + private void ensureLogGroupAndStream() { + ensureResourceExists( + () -> + client + .describeLogGroups( + DescribeLogGroupsRequest.builder().logGroupNamePrefix(logGroup).build()) + .join() + .logGroups() + .stream() + .anyMatch(g -> g.logGroupName().equals(logGroup)), + () -> + client + .createLogGroup(CreateLogGroupRequest.builder().logGroupName(logGroup).build()) + .join(), + "group", + logGroup); + ensureResourceExists( + () -> + client + .describeLogStreams( + DescribeLogStreamsRequest.builder() + .logGroupName(logGroup) + .logStreamNamePrefix(logStream) + .build()) + .join() + .logStreams() + .stream() + .anyMatch(s -> s.logStreamName().equals(logStream)), + () -> + client + .createLogStream( + CreateLogStreamRequest.builder() + .logGroupName(logGroup) + .logStreamName(logStream) + .build()) + .join(), + "stream", + logStream); + } + + private static void ensureResourceExists( + Supplier<Boolean> existsCheck, + Runnable createAction, + String resourceType, + String resourceName) { + if (existsCheck.get()) { + LOGGER.debug("Log {} [{}] already exists", resourceType, resourceName); + } else { + LOGGER.debug("Attempting to create log {}: {}", resourceType, resourceName); + createAction.run(); + } + } + + @PreDestroy + void shutdown() { + if (client != null) { + client.close(); Review Comment: ```suggestion client.close(); client = null ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@polaris.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
