Skip to content

Add branchRefName to TableAuditEvent#616

Open
cbb330 wants to merge 5 commits into
mainfrom
chbush/branch-ref-audit-event
Open

Add branchRefName to TableAuditEvent#616
cbb330 wants to merge 5 commits into
mainfrom
chbush/branch-ref-audit-event

Conversation

@cbb330
Copy link
Copy Markdown
Collaborator

@cbb330 cbb330 commented May 28, 2026

Problem

The Git for Data feature introduces named Iceberg branch refs, but table operation observability is blind to them. Today TableAuditEvent records currentSnapshotId and currentSnapshotTimestampMs for the main branch, with no signal for which branch a write went to. Dali and Grid Observability cannot answer "was this commit to main or a named branch?" without ACL-gated access to current table state.

Solution

Add branchRefName to TableAuditEvent, populated at commit time from the existing snapshotRefs and jsonSnapshots fields already present on IcebergSnapshotsRequestBody.

How the committed branch is identified: Iceberg appends snapshots chronologically, so the last entry in jsonSnapshots is always the newly-committed snapshot. We find the ref in snapshotRefs whose snapshot-id matches it — that ref is the branch being written.

This correctly handles:

  • Main branch commit → branchRefName = "main"
  • Named branch commit where main did not advance → branchRefName = "<branch>"
  • No main ref present → branchRefName = "<branch>", currentSnapshotId = null

Why the last-snapshot assumption is safe: Every request reaching putIcebergSnapshots has a non-empty jsonSnapshots — the repository layer (doUpdateSnapshotsIfNeeded) gates all snapshotRefs processing on jsonSnapshots being present. A ref-only update is a silent no-op that never commits, so the last-snapshot invariant holds for all reachable code paths.

Changes

  • TableAuditEvent.java — add String branchRefName
  • TableAuditAspect.java — populate in extractSnapshotInfo() by matching last snapshot to its ref; no separate pass, no special-casing for main
  • IcebergSnapshotsApiHandlerAuditTest.java — two new tests: main commit sets "main", named branch commit sets the branch name; existing branch-only test updated to assert branchRefName
  • TableAuditModelConstants.java — add branchRefName("main") to the three commit-path expected events

Depends on

#601 (adds tableProperties to TableAuditEvent; merge that first)

James Wang and others added 5 commits May 24, 2026 16:35
add table properties to audit event
b10cc45
add filterTableProperties and read tableProperties from response
3f98e7d
add table-property-value-max-length
f94d384
remove table-property-value-max-length
0fc323b
@cbb330
Add branchRefName to TableAuditEvent for Git for Data observability
189ff88 
Table operations against named Iceberg branches are not currently
observable: the existing TableAuditEvent records currentSnapshotId and
currentSnapshotTimestampMs but has no signal for which branch ref was
written.

Add branchRefName to TableAuditEvent, populated in extractSnapshotInfo()
from the existing snapshotRefs and jsonSnapshots fields on the request
body. The committed branch is identified by matching the last snapshot in
jsonSnapshots (Iceberg always appends new snapshots chronologically) to
the ref that points to it in snapshotRefs. This correctly handles main
branch commits, named branch commits where main did not advance, and the
case where no main ref is present at all.

This is safe to rely on: every request through putIcebergSnapshots has a
non-empty jsonSnapshots (the repository layer gates snapshotRefs
processing on jsonSnapshots being present), so the last-snapshot
invariant holds for all reachable code paths.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cbb330