Add FileIO implementation for Azure Blob Storage

[sumeetgajjar]

What changes were proposed in this pull request?

Currently, HadoopFileIO is used to talk to azure blob storage. This PR introduces AzureFileIO which uses Azure native SDK to communicate with Azure blob storage.

Does this PR introduce any user-facing change?

Yes, users can now configure the catalog io-impl property to org.apache.iceberg.azure.blob.AzureBlobFileIO to enable this feature.

How was this patch tested?

• Ran the newly added tests against Azurite Emulator
• Ran the newly added tests against Azure Blob Storage
• Used newly added AzureFileIO to run queries on iceberg tables stored on azure using Spark

Closes #4257

[sumeetgajjar]

cc: @danielcweeks @jackye1995

[rdblue]

I don't think we need to change this.

[sumeetgajjar]

Hi Ryan - without the above change, the checkstyleIntegration task fails with the following error:

[ant:checkstyle] [ERROR] /<redacted>/upstream-iceberg/azure/src/integration/java/org/apache/iceberg/azure/blob/TestAzureBlobOutputStream.java:38:46: Using a static member import should be avoided - org.assertj.core.api.Assertions.assertThat. [AvoidStaticImport]

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':iceberg-azure:checkstyleIntegration'.
> Checkstyle rule violations were found. See the report at: file:///<redacted>/upstream-iceberg/azure/build/reports/checkstyle/integration.html
  Checkstyle files with violations: 5
  Checkstyle violations by severity: [error:12]

[rdblue]

Yes, you shouldn't use a static import for those methods.

[sumeetgajjar]

Ack,
will make the necessary modifications.

[rdblue]

I would rather track dependency versions specifically rather than relying on some external BOM. BOMs are fine for end uses, but libraries should generally not delegate dependency versions to other projects.

[sumeetgajjar]

Ack.
Will switch to direct dependencies.

Note: Currently GCP also relies on bom. We should also make a change in the GCP module to avoid using bom.

iceberg/build.gradle

Line 375 in 7c2ea01

implementation platform('com.google.cloud:libraries-bom')

[sumeetgajjar]

If required, I can file another PR to eliminate the usage of bom in the GCP module.

[rdblue]

This comment doesn't make it clear why this plugin is used. Can you explain in more detail?

[sumeetgajjar]

Ack.

[rdblue]

There's no need for end punctuation in logs, and in fact in cases like this it is misleading because . could be interpreted as part of the URI. Can you remove end punctuation?

[sumeetgajjar]

Ack

[rdblue]

We generally discourage the use of URI because it handles URI encoding in strange ways. I think it is a best practice to ignore the URI and parse manually using split and delimiters.

[sumeetgajjar]

Ack.

[rdblue]

ValidationException is not a substitute for IllegalArgumentException. ValidationException indicates that while an argument may be valid, it is inconsistent with other arguments or config.

For example, when creating a partition spec, "column" is a valid column reference, but null would result in an IllegalArgumentException. But, if "column" is not a defined name in the schema then a ValidationException is thrown because you can't partition by an unknown column.

[sumeetgajjar]

Ack.

[rdblue]

Should this be package-private? I don't see a reason why people would need to use it directly.

[sumeetgajjar]

Ack

[sumeetgajjar]

Along with this, I've also made BaseAzureBlobFile package-private.

[rdblue]

In Iceberg, we don't use final for local variables. Recent JVM versions (8+) handle this without problems and it is also not very valuable because it isn't actually translated into bytecode.

[sumeetgajjar]

Ack, I'll remove it for the local variables.

[rdblue]

Why is setAuth not required when using a connection string?

[sumeetgajjar]

The general form of a connection string is as follows:

DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;
AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;
BlobEndpoint=http://127.0.0.1:10000/devstoreaccount1;
QueueEndpoint=http://127.0.0.1:10001/devstoreaccount1;
TableEndpoint=http://127.0.0.1:10002/devstoreaccount1;

Thus the connection string contains all the necessary auth-related and storage account endpoints information required for establishing a connection and hence it is not necessary to explicitly set the auth.
https://docs.microsoft.com/en-us/azure/storage/common/storage-configure-connection-string#configure-a-connection-string-for-an-azure-storage-account

Note: the above connection string does not leak any actual keys, it is the default connection string used by the Azurite Emulator thus safe to share on public forums.

[rdblue]

What happens if the blob doesn't exist? Could this throw NotFoundException to standardize?

[sumeetgajjar]

It throws a BlobStorageException: Status code 404, (BlobNotFound) as of now. I can standardize it to throw NotFoundException

[rdblue]

We usually put each chained method on a separate line.

[sumeetgajjar]

Ack

[rdblue]

Does this read through or just change the next request?

[sumeetgajjar]

It does not read through, it repositions internal pointers to change the next read request

https://github.com/Azure/azure-sdk-for-java/blob/627f10710712d00eea89dfd892587f18da2a456a/sdk/storage/azure-storage-common/src/main/java/com/azure/storage/common/StorageInputStream.java#L419

https://github.com/Azure/azure-sdk-for-java/blob/627f10710712d00eea89dfd892587f18da2a456a/sdk/storage/azure-storage-common/src/main/java/com/azure/storage/common/StorageInputStream.java#L379

[rdblue]

Can you make sure that there is a workflow that runs these integration tests?

[sumeetgajjar]

java-ci workflow already takes care of this.

The check task depends on the above integrationTest task. The java-ci workflow runs the check task on each module in Iceberg which would in turn run the integration tests for azure.

iceberg/.github/workflows/java-ci.yml

Line 68 in 7c2ea01

- run: ./gradlew check -DsparkVersions= -DhiveVersions= -DflinkVersions= -Pquick=true -x javadoc

[rdblue]

Does this need to be public?

[sumeetgajjar]

Yes, this needs to be public.
AuthType is accessed in AzureProperties, AzureBlobClientFactory, and IntegrationTests.

Making it package-private would leave AzureProperties unaffected since both of them reside in org.apache.iceberg.azure package.
However, AzureBlobClientFactory, and IntegrationTests would throw a compilation error since they reside in org.apache.iceberg.azure.blob package.

[rdblue]

These seem long. What about abfs.%s.uri or abfs.%s.connection-string instead? Does it really need to be "connection string"?

[sumeetgajjar]

These seem long. What about abfs.%s.uri or abfs.%s.connection-string instead?

I can replace azure.storage with abfs for this and the rest of the configs to make them shorter.

Does it really need to be "connection string"?

It would be a good idea to keep connection-string as is, since it would directly map to the connection-string config available on the Azure portal, thereby reducing the chances of confusing this config with a different one.

[rdblue]

Thank for working on this, @sumeetgajjar! Overall it is looking good.

[sumeetgajjar]

@rdblue thanks for the review and your comments.
I have addressed all of your requested changes in the latest commit, please review those at your convenience.

[rbalamohan]

Does this take care of reverse seek issues, where connections can be terminated and reopened?

[sumeetgajjar]

Hi @rbalamohan - can you please elaborate more on the reverse seek issues?

For the reverse seek case, we close the current stream and re-open the stream from the earlier offset.

// Seeking backward.
stream.close();
openStream(newPos); // newPos is a position back in the stream. 

[rbalamohan]

Connection close/reopens are expensive in cloud stores. https://issues.apache.org/jira/browse/HADOOP-12444 has more details on backward seek. Good set of tickets went in terms of fixing/improving for backward seek especially for columnar formats like ORC, Parq.

[sumeetgajjar]

Thanks for the feedback - I can follow a similar approach in the current implementation where I simply set the newPos to the given value and can skip openStream in the seek method. Later lazily open a stream in the subsequent read request.

[sumeetgajjar]

Done.

[electrum]

Does this support Data Lake Storage Gen2?

[sumeetgajjar]

Does this support Data Lake Storage Gen2?

Hi @electrum - yes, DataLake Storage Gen2 is supported. In fact, we only support Gen2.
Gen1 is set to retire on Feb 29, 2024 thus no point in adding support for it: https://docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-overview

[sumeetgajjar]

@rdblue gentle ping to re-review the PR.
All the suggested changes have been incorporated.

[blcksrx]

Any plan to merge this PR?

[kiarash-rezahanjani]

Curious about the state of this PR and if there is a plan to merge?

[karlschriek]

Doesn't look like there is anything left to do. Will this be merged anytime soon? @rdblue ?

[ghost]

Also curious about this one!

[rni-HMC]

Will this be merged anytime soon? I'd love to have support for blob storage instead of only adlfs (as implemented in #8303 )

[github-actions]

This pull request has been marked as stale due to 30 days of inactivity. It will be closed in 1 week if no further activity occurs. If you think that’s incorrect or this pull request requires a review, please simply write any comment. If closed, you can revive the PR at any time and @mention a reviewer or discuss it on the dev@iceberg.apache.org list. Thank you for your contributions.

[github-actions]

This pull request has been closed due to lack of activity. This is not a judgement on the merit of the PR in any way. It is just a way of keeping the PR queue manageable. If you think that is incorrect, or the pull request requires review, you can revive the PR at any time.