fix: do not fall back to timeline server markers on transient HDFS failures

[vamshipasunuru1]

Change Description

When MARKERS.type is absent, MarkerBasedRollbackUtils.getAllMarkerPaths() first tries DIRECT markers and catches IOException | IllegalArgumentException to fall back to TIMELINE_SERVER_BASED. This catch is too broad.

The problem: A transient HDFS error (e.g., "Server too busy" / RetriableException) is also an IOException. When it's caught, the code falls back to the timeline server marker path, which looks in a different location and finds 0 markers — causing the rollback to skip deleting data files and leaving orphan files on the table.

Fix

Split the exception handling:

• IOException → propagate, let rollback fail and retry (transient HDFS failures should not silently produce an incorrect rollback)
• IllegalArgumentException → keep the fallback (this indicates a marker path format mismatch, the existing intended behavior)

Testing

Added TestMarkerBasedRollbackUtils with unit tests covering:

• IOException is propagated (no fallback)
• IllegalArgumentException still falls back to timeline server markers

Risk

Low — the change only affects the MARKERS.type-absent code path, and only for transient IO failures. The IllegalArgumentException fallback behavior is preserved.

[hudi-bot]

CI report:

• 615d88a Azure: FAILURE

Bot commands

@hudi-bot supports the following commands:

• @hudi-bot run azure re-run the last Azure build

[hudi-agent]

🤖 This review was generated by an AI agent and may contain mistakes. Please verify any suggestions before applying.

Thanks for working on this! The intent — propagating transient HDFS IOExceptions instead of silently falling back to timeline-server markers (and leaving orphan data files) — is a real correctness improvement. A couple of issues worth a closer look in the inline comments: the new IllegalArgumentException branch references an undefined fileSystem variable (the surrounding code uses storage), and the new test mocks metaClient.getFs() even though the production code goes through table.getStorage()/readMarkerType(storage, …), so the injected IOException likely never reaches the catch block under test. Please take a look at the inline comments, and this should be ready for a Hudi committer or PMC member to take it from here. One logging style nit below — both new catch blocks switched from SLF4J parameterized logging to String.format, losing the exception stack trace in the process.

[hudi-agent]

🤖 Is fileSystem defined anywhere in scope? The surrounding method uses storage (a HoodieStorage from table.getStorage()), and the line you removed passed storage to getTimelineServerBasedMarkers. As written this looks like it won't compile — did you mean storage here?

_{- AI-generated; verify before applying. React 👍/👎 to flag quality.}

[hudi-agent]

🤖 The test stubs metaClient.getFs() and HoodieWrapperFileSystem.listStatus(...), but getAllMarkerPaths reaches the catch block via table.getStorage() → readMarkerType(storage, markerDir) → WriteMarkers.allMarkerFilePaths() (which goes through HoodieStorage, not the Hadoop FS). Without stubbing table.getStorage(), storage is null and the call should NPE before ever reaching the IOException path you're trying to exercise — so the assertion would be matching the wrong exception type. Could you verify this test actually fails before the fix and passes after?

_{- AI-generated; verify before applying. React 👍/👎 to flag quality.}

[hudi-agent]

🤖 nit: both new catch blocks switched from SLF4J parameterized logging to String.format, which eagerly formats the string and drops the stack trace. Could you use the parameterized form and pass e as the last argument? e.g. log.warn("{} not present and {} marker listing failed with IO error, propagating rather than falling back to {}", MARKER_TYPE_FILENAME, DIRECT, TIMELINE_SERVER_BASED, e); — same applies to the IllegalArgumentException block at line 83.

_{- AI-generated; verify before applying. React 👍/👎 to flag quality.}