Support GCS for delta sharing Server

[kohei-tosshy]

This is a PR for #20.

I implemented GCS support by using Google Cloud Client Library (https://cloud.google.com/storage/docs/reference/libraries) and Google Cloud Storage connector (https://cloud.google.com/dataproc/docs/concepts/connectors/cloud-storage).
Google Cloud Storage connector (GCS connector) has a dependency problem with Apache Spark releated with Google Guava, so I added this library's shaded jar in server/lib (SBT Unmanaged dependencies, not Managed dependencies in build.sbt).
I implemented this very forcefully, is this no problem?

To use GCP for delta sharing server, you have to do 2 steps.

1. In your terminal, Do export GOOGLE_APPLICATION_CREDENTIALS=</path/to/your_gcp_service_acount_key.json>
2. In the server config (e,g, delta-sharing-server.yaml), add a setting for GCP

shares:
- name: "share_gcp"
  schemas:
  - name: "schema_gcp"
    tables:
    - name: "table_gcp"
      location: "gs://delta-start/delta/"

If you want to coneect this server from Apache Spark, execute spark-shell or spark-submit like below.

spark-shell \
--packages io.delta:delta-core_2.12:1.0.0,io.delta:delta-contribs_2.12:1.0.0,io.delta:delta-sharing-spark_2.12:0.2.0 \
--jars </path/to/gcs-connector-latest-hadoop2.jar> \
--conf spark.delta.logStore.oci.impl=io.delta.storage.GCSLogStore \
--conf spark.hadoop.fs.gs.impl=com.google.cloud.hadoop.fs.gcs.GoogleHadoopFS \
--conf spark.hadoop.google.cloud.auth.service.account.enable=true 
--conf spark.hadoop.google.cloud.auth.service.account.json.keyfile=</path/to/your_gcp_service_acount_key.json>

I haven't implement integration test on GCP support yet.
If I understand correctly, what I should do is to add the almost same test with Azure support (https://github.com/delta-io/delta-sharing/blob/main/server/src/test/scala/io/delta/sharing/server/DeltaSharingServiceSuite.scala#L510).
Is this correct?
If my understanding is correct, I'll add this integreation test later.

[zsxwing]

Thanks for the contribution. This is awesome!

so I added this library's shaded jar in server/lib (SBT Unmanaged dependencies, not Managed dependencies in build.sbt).

Is Guava the only issue? If so, we can just exclude guava from other dependencies like this a6bd550 This is better than adding a shaded jar to the project.

In your terminal, Do export GOOGLE_APPLICATION_CREDENTIALS=</path/to/your_gcp_service_acount_key.json>

Does the GOOGLE_APPLICATION_CREDENTIALS env work for reading files using GoogleHadoopFileSystem? I saw GCS connector asks users to set a hadoop configuration google.cloud.auth.service.account.json.keyfile: https://github.com/GoogleCloudDataproc/hadoop-connectors/blob/master/gcs/INSTALL.md#configuring-hadoop Since this is the recommended way, can we just read the key file from the hadoop configuration? This will be similar to https://github.com/delta-io/delta-sharing#azure-data-lake-storage-gen2

If I understand correctly, what I should do is to add the almost same test with Azure support

Correct. I will do some manual test with your change for now. We can add the real integration tests later.

[zsxwing]

@kohei-tosshy Any thoughts on my above questions?

[kohei-tosshy]

@zsxwing

Thank you for your comment.
And sorry for being late for reacting.

Is Guava the only issue? If so, we can just exclude guava from other dependencies like this a6bd550 This is better than adding a shaded jar to the project.

I see. I'll try.

Does the GOOGLE_APPLICATION_CREDENTIALS env work for reading files using GoogleHadoopFileSystem? I saw GCS connector asks users to set a hadoop configuration google.cloud.auth.service.account.json.keyfile: https://github.com/GoogleCloudDataproc/hadoop-connectors/blob/master/gcs/INSTALL.md#configuring-hadoop Since this is the recommended way, can we just read the key file from the hadoop configuration? This will be similar to https://github.com/delta-io/delta-sharing#azure-data-lake-storage-gen2

To get a presigned URL, I used Google Google Cloud Client Library.
I only used GoogleHadoopFileSystem only to changing a path.
GOOGLE_APPLICATION_CREDENTIALS is needed to use Google Google Cloud Client Library.

Correct. I will do some manual test with your change for now. We can add the real integration tests later.

I see. I'll try.

[kohei-tosshy]

@zsxwing

Sorry for being late for revising.
I revised Google Guava's dependency problem and added an integration test for GCS support.

[zhuansunxt]

The code change LGTM.

@zsxwing Do you want to have another look? It'll be nice to include this in the upcoming release.

[zhuansunxt]

Revert this change?

[kohei-tosshy]

I reverted this.

[zhuansunxt]

Would be great to have a check assert(objectName.nonEmpty, s"cannot get object key from $path") similar to AWS and Azure signer

[kohei-tosshy]

I added this.

[zsxwing]

To get a presigned URL, I used Google Google Cloud Client Library.
I only used GoogleHadoopFileSystem only to changing a path.
GOOGLE_APPLICATION_CREDENTIALS is needed to use Google Google Cloud Client Library.

Google Google Cloud Client Library also supports other ways to config credentials. But it seems hard to mimic what GoogleHadoopFileSystem does to support various of ways to config credentials. GOOGLE_APPLICATION_CREDENTIALS env is a good start right now. We can support other ways in future if people are asking.

Left some minor comments. Otherwise LGTM.

[zsxwing]

nit

Suggested change

	preSignedUrlTimeoutSeconds: Long) extends CloudFileSigner{
	preSignedUrlTimeoutSeconds: Long) extends CloudFileSigner {

[kohei-tosshy]

I revised this.

[zsxwing]

Is storage thread-safe? If so, we can save it as a val in GCSFileSigner to avoid loading the credentials for each url.

[kohei-tosshy]

I think storage is thread-safe.
One instance of GCSFileSigner is created in each request for client, so each thread for a request has a dedicated instance of GCSFileSigner and won't touch other GCSFileSigner instances.
And, storage is used only for reading, so it will be OK if some threads for creating a presignied-URL are processed in paralle.

[zsxwing]

nit: Could you use ignore for this test for now? We will set up the credentials and enable it later.

[kohei-tosshy]

I used ignore instead of integrationTest.

[zsxwing]

LGTM! Thanks!