New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FLINK-15868][kinesis] Resolve version conflict between jackson-core and jackson-dataformat-cbor #11006
Conversation
Thanks a lot for your contribution to the Apache Flink project. I'm the @flinkbot. I help the community Automated ChecksLast check on commit af2a640 (Mon Feb 03 23:21:52 UTC 2020) Warnings:
Mention the bot in a comment to re-run the automated checks. Review Progress
Please see the Pull Request Review Guide for a full explanation of the review process. The Bot is tracking the review progress through labels. Labels are applied according to the order of the review items. For consensus, approval by a Flink committer of PMC member is required Bot commandsThe @flinkbot bot supports the following commands:
|
CI report:
Bot commandsThe @flinkbot bot supports the following commands:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for creating this PR @tweise. I think the change goes in the right direction. However, it does not updates the corresponding NOTICE
files. Here is the license guide.
It also affects a lot of modules which rely on jackson-dataformat-cbor
such as flink-elasticsearch-base
, flink-connector-elasticsearch2
, flink-connector-elasticsearch5
, flink-connector-elasticsearch7
, flink-connector-elasticsearch6
, flink-connector-kinesis
, flink-sql-connector-elasticsearch7
, flink-sql-connector-elasticsearch6
which means that we would need to validate that these modules are still working. I guess you haven't tried them out, right?
Last but not least, I was wondering whether we would need to update other jackson dependencies as well. Currently, we rely on jackson-dataformat-smile
, jackson-dataformat-yaml
, jackson-module-jaxb-annotations
. Would it make sense to bump these dependencies to the same version?
pom.xml
Outdated
<dependency> | ||
<groupId>com.fasterxml.jackson.dataformat</groupId> | ||
<artifactId>jackson-dataformat-cbor</artifactId> | ||
<version>${jackson.version}</version> | ||
</dependency> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change requires the update of all affected NOTICE
files.
pom.xml
Outdated
<dependency> | ||
<groupId>com.fasterxml.jackson.dataformat</groupId> | ||
<artifactId>jackson-dataformat-cbor</artifactId> | ||
<version>${jackson.version}</version> | ||
</dependency> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we really want to change the jackson-dataformat-cbor
for all dependencies which rely on it? It would invalidate the testing for all these components.
On the other hand I guess that the functionality used by Kinesis should then also be broken for all the other modules.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about bumping other jackson dependencies such as jackson-dataformat-smile
, jackson-dataformat-yaml
, jackson-module-jaxb-annotations
? Could they also be affected by the bumping the other dependencies to 2.10.1
?
<!-- https://issues.apache.org/jira/browse/FLINK-15868 --> | ||
<dependency> | ||
<groupId>com.fasterxml.jackson.dataformat</groupId> | ||
<artifactId>jackson-dataformat-cbor</artifactId> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would only put this into the kinesis connector pom. This is the only module that should be affected by virtue of promoting transitive dependencies via the shade-plugin.
This promotion should likely be removed in the future because it has rather subtle side-effects.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like there is consensus to keep it centralized; I prefer that as well. This dependency isn't specific to Kinesis, it comes from aws-java-sdk-core
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like there is consensus to keep it centralized
Not quite; this came up during the offline discussion and we continued with the existing approach for the time-being for simplicity. Long-term we're likely to throw a jackson bom into every module that needs it, and ban older versions.
This way it is a lot easier to tell which modules are affected by the dependency management.
If a new jackson dependency is added 1 of three cases happen:
a) dependency convergence fails (happens if it is not shaded)
b) enforcer check fails (old insecure versions used that we don't want)
c) a safe version is used and shaded (hence no conflicts), in which case there is no reason to mandate another version. This also allows us to use the version that the transitive dependency was built against, which is one less uncertainty on our side.
We actually don't need to pin |
af2a640
to
aa98860
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One minor correction to my code, but otherwise this looks good to me.
private static final long serialVersionUID = 1L; | ||
|
||
private final String index; | ||
private XContentBuilderProvider contentBuilderProvider; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
my bad, this one should be final
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will update the code.
} | ||
|
||
public IndexRequest createIndexRequest(Tuple2<Integer, String> element) { | ||
Map<String, Object> json = new HashMap<>(); | ||
json.put(DATA_FIELD_NAME, element.f1); | ||
|
||
return new IndexRequest(index, TYPE_NAME, element.f0.toString()).source(json); | ||
try { | ||
return new IndexRequest(index, TYPE_NAME, element.f0.toString()).source(contentBuilderProvider.getBuilder().map(json)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think json
is accurate here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok I rename it into document
.
eddaf63
to
f79154d
Compare
I've updated the PR and additionally removed the pinning of Jackson dependencies to |
I had to pin |
LGTM for the additional changes (I cannot approve the PR I opened) @tillrohrmann thanks for taking care of the updates for the ES modules. We are not using these connectors in our applications, so I have no means to do additional verification. I think it is important to keep the jackson modules on the same version, however. Glad to see this is happening now vs. just patching up the Kinesis connector. |
…and jackson-dataformat-cbor
Subsumed by #getUserConfig()
6c424da
to
7e5471a
Compare
…ch5 to 1.25 This closes #11006.
…ch5 to 1.25 This closes apache#11006.
What is the purpose of the change
For the Kinesis consumer to work,
jackson-core
andjackson-dataformat-cbor
need to be at the same version. This change will ensure that users get the same version w/o having to override thejackson-dataformat-cbor
dependency.Note that the versions are consistent in https://mvnrepository.com/artifact/com.amazonaws/aws-java-sdk-core/1.11.603 - the problem was introduced by the dependency management in Flink.
Verifying this change
Run
mvn dependency:tree
on a downstream project and check that versions are same. Was also tested with the 1.10 RC1 with one of our internal deployments.Does this pull request potentially affect one of the following parts:
@Public(Evolving)
: (yes / no)Documentation