fix

JingsongLi · JingsongLi · commit 3927772cd9de · 2025-04-30T20:58:38.000+08:00
diff --git a/paimon-core/src/main/java/org/apache/paimon/rest/RESTClient.java b/paimon-core/src/main/java/org/apache/paimon/rest/RESTClient.java
@@ -20,7 +20,6 @@
 
 import org.apache.paimon.rest.auth.RESTAuthFunction;
 
-import java.io.Closeable;
 import java.util.Map;
 
 /** Interface for a basic HTTP Client for interfacing with the REST catalog. */
diff --git a/paimon-core/src/main/java/org/apache/paimon/rest/RESTTokenFileIO.java b/paimon-core/src/main/java/org/apache/paimon/rest/RESTTokenFileIO.java
@@ -192,11 +192,13 @@ private void tryToRefreshToken() {
     }
 
     private boolean shouldRefresh() {
-        return token == null || token.expireAtMillis() - System.currentTimeMillis() < TOKEN_EXPIRATION_SAFE_TIME_MILLIS;
+        return token == null
+                || token.expireAtMillis() - System.currentTimeMillis()
+                        < TOKEN_EXPIRATION_SAFE_TIME_MILLIS;
     }
 
     private void refreshToken() {
-        LOG.info("begin refresh token for identifier [{}]", identifier);
+        LOG.info("begin refresh data token for identifier [{}]", identifier);
         GetTableTokenResponse response;
         if (catalogInstance != null) {
             try {
@@ -212,7 +214,7 @@ private void refreshToken() {
             }
         }
         LOG.info(
-                "end refresh token for identifier [{}] expiresAtMillis [{}]",
+                "end refresh data token for identifier [{}] expiresAtMillis [{}]",
                 identifier,
                 response.getExpiresAtMillis());
 
diff --git a/paimon-core/src/main/java/org/apache/paimon/rest/auth/AuthProvider.java b/paimon-core/src/main/java/org/apache/paimon/rest/auth/AuthProvider.java
@@ -23,5 +23,6 @@
 /** Authentication provider. */
 public interface AuthProvider {
 
-    Map<String, String> mergeAuthHeader(Map<String, String> baseHeader, RESTAuthParameter restAuthParameter);
+    Map<String, String> mergeAuthHeader(
+            Map<String, String> baseHeader, RESTAuthParameter restAuthParameter);
 }
diff --git a/paimon-core/src/main/java/org/apache/paimon/rest/auth/AuthProviderFactory.java b/paimon-core/src/main/java/org/apache/paimon/rest/auth/AuthProviderFactory.java
@@ -21,16 +21,17 @@
 import org.apache.paimon.factories.Factory;
 import org.apache.paimon.factories.FactoryUtil;
 import org.apache.paimon.options.Options;
-import org.apache.paimon.rest.RESTCatalogOptions;
 import org.apache.paimon.utils.StringUtils;
 
+import static org.apache.paimon.rest.RESTCatalogOptions.TOKEN_PROVIDER;
+
 /** Factory for {@link AuthProvider}. */
 public interface AuthProviderFactory extends Factory {
 
     AuthProvider create(Options options);
 
     static AuthProvider createAuthProvider(Options options) {
-        String tokenProvider = options.get(RESTCatalogOptions.TOKEN_PROVIDER);
+        String tokenProvider = options.get(TOKEN_PROVIDER);
         if (StringUtils.isEmpty(tokenProvider)) {
             throw new IllegalArgumentException("token.provider is not set.");
         }
diff --git a/paimon-core/src/main/java/org/apache/paimon/rest/auth/DLFAuthProvider.java b/paimon-core/src/main/java/org/apache/paimon/rest/auth/DLFAuthProvider.java
@@ -18,20 +18,28 @@
 
 package org.apache.paimon.rest.auth;
 
+import org.apache.paimon.annotation.VisibleForTesting;
+
 import okhttp3.MediaType;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import javax.annotation.Nullable;
+
 import java.time.ZoneOffset;
 import java.time.ZonedDateTime;
 import java.time.format.DateTimeFormatter;
 import java.util.HashMap;
 import java.util.Map;
 
 import static org.apache.paimon.rest.RESTCatalog.TOKEN_EXPIRATION_SAFE_TIME_MILLIS;
+import static org.apache.paimon.utils.Preconditions.checkNotNull;
 
 /** Auth provider for <b>Ali CLoud</b> DLF. */
 public class DLFAuthProvider implements AuthProvider {
 
+    private static final Logger LOG = LoggerFactory.getLogger(DLFAuthProvider.class);
+
     public static final String DLF_AUTHORIZATION_HEADER_KEY = "Authorization";
     public static final String DLF_CONTENT_MD5_HEADER_KEY = "Content-MD5";
     public static final String DLF_CONTENT_TYPE_KEY = "Content-Type";
@@ -40,20 +48,16 @@ public class DLFAuthProvider implements AuthProvider {
     public static final String DLF_AUTH_VERSION_HEADER_KEY = "x-dlf-version";
     public static final String DLF_CONTENT_SHA56_HEADER_KEY = "x-dlf-content-sha256";
     public static final String DLF_CONTENT_SHA56_VALUE = "UNSIGNED-PAYLOAD";
-    public static final double EXPIRED_FACTOR = 0.4;
 
     public static final DateTimeFormatter AUTH_DATE_TIME_FORMATTER =
             DateTimeFormatter.ofPattern("yyyyMMdd'T'HHmmss'Z'");
     protected static final MediaType MEDIA_TYPE = MediaType.parse("application/json");
 
-    @Nullable
-    private final DLFTokenLoader tokenLoader;
-    @Nullable
-    protected DLFToken token;
+    @Nullable private final DLFTokenLoader tokenLoader;
+    @Nullable protected DLFToken token;
     private final String region;
 
-    public static DLFAuthProvider fromTokenLoader(
-            DLFTokenLoader tokenLoader, String region) {
+    public static DLFAuthProvider fromTokenLoader(DLFTokenLoader tokenLoader, String region) {
         return new DLFAuthProvider(tokenLoader, null, region);
     }
 
@@ -64,9 +68,7 @@ public static DLFAuthProvider fromAccessKey(
     }
 
     public DLFAuthProvider(
-            @Nullable DLFTokenLoader tokenLoader,
-            @Nullable DLFToken token,
-            String region) {
+            @Nullable DLFTokenLoader tokenLoader, @Nullable DLFToken token, String region) {
         this.tokenLoader = tokenLoader;
         this.token = token;
         this.region = region;
@@ -75,7 +77,7 @@ public DLFAuthProvider(
     @Override
     public Map<String, String> mergeAuthHeader(
             Map<String, String> baseHeader, RESTAuthParameter restAuthParameter) {
-        tryToRefreshToken();
+        DLFToken token = getFreshToken();
         try {
             String dateTime =
                     baseHeader.getOrDefault(
@@ -97,14 +99,27 @@ public Map<String, String> mergeAuthHeader(
         }
     }
 
-    private void tryToRefreshToken() {
+    @VisibleForTesting
+    DLFToken getFreshToken() {
         if (shouldRefresh()) {
             synchronized (this) {
                 if (shouldRefresh()) {
-                    this.token = tokenLoader.loadToken();
+                    refreshToken();
                 }
             }
         }
+        return token;
+    }
+
+    private void refreshToken() {
+        checkNotNull(tokenLoader);
+        LOG.info("begin refresh meta token for loader [{}]", tokenLoader.description());
+        this.token = tokenLoader.loadToken();
+        checkNotNull(token);
+        LOG.info(
+                "end refresh meta token for loader [{}] expiresAtMillis [{}]",
+                tokenLoader.description(),
+                token.getExpirationAtMills());
     }
 
     private boolean shouldRefresh() {
diff --git a/paimon-core/src/main/java/org/apache/paimon/rest/auth/DLFECSTokenLoader.java b/paimon-core/src/main/java/org/apache/paimon/rest/auth/DLFECSTokenLoader.java
@@ -53,7 +53,7 @@ public class DLFECSTokenLoader implements DLFTokenLoader {
                     .readTimeout(Duration.ofMinutes(3))
                     .build();
 
-    private String ecsMetadataURL;
+    private final String ecsMetadataURL;
 
     private String roleName;
 
@@ -70,6 +70,11 @@ public DLFToken loadToken() {
         return getToken(ecsMetadataURL + roleName);
     }
 
+    @Override
+    public String description() {
+        return ecsMetadataURL;
+    }
+
     private static String getRole(String url) {
         try {
             return getResponseBody(url);
diff --git a/paimon-core/src/main/java/org/apache/paimon/rest/auth/DLFLocalFileTokenLoader.java b/paimon-core/src/main/java/org/apache/paimon/rest/auth/DLFLocalFileTokenLoader.java
@@ -43,6 +43,11 @@ public DLFToken loadToken() {
         return readToken(tokenFilePath, 0);
     }
 
+    @Override
+    public String description() {
+        return tokenFilePath;
+    }
+
     protected static DLFToken readToken(String tokenFilePath, int retryTimes) {
         try {
             File tokenFile = new File(tokenFilePath);
diff --git a/paimon-core/src/main/java/org/apache/paimon/rest/auth/DLFToken.java b/paimon-core/src/main/java/org/apache/paimon/rest/auth/DLFToken.java
@@ -24,8 +24,9 @@
 import org.apache.paimon.shade.jackson2.com.fasterxml.jackson.annotation.JsonProperty;
 
 import javax.annotation.Nullable;
+
 import java.time.LocalDateTime;
-import java.time.ZoneOffset;
+import java.time.ZoneId;
 import java.time.format.DateTimeFormatter;
 import java.util.Objects;
 
@@ -55,8 +56,7 @@ public class DLFToken {
     @Nullable
     private final String expiration;
 
-    @Nullable
-    private final Long expirationAtMills;
+    @Nullable private final Long expirationAtMills;
 
     @JsonCreator
     public DLFToken(
@@ -72,7 +72,8 @@ public DLFToken(
             this.expirationAtMills = null;
         } else {
             LocalDateTime dateTime = LocalDateTime.parse(expiration, TOKEN_DATE_FORMATTER);
-            this.expirationAtMills = dateTime.atZone(ZoneOffset.UTC).toInstant().toEpochMilli();
+            this.expirationAtMills =
+                    dateTime.atZone(ZoneId.systemDefault()).toInstant().toEpochMilli();
         }
     }
 
diff --git a/paimon-core/src/main/java/org/apache/paimon/rest/auth/DLFTokenLoader.java b/paimon-core/src/main/java/org/apache/paimon/rest/auth/DLFTokenLoader.java
@@ -22,4 +22,6 @@
 public interface DLFTokenLoader {
 
     DLFToken loadToken();
+
+    String description();
 }
diff --git a/paimon-core/src/test/java/org/apache/paimon/rest/auth/AuthProviderTest.java b/paimon-core/src/test/java/org/apache/paimon/rest/auth/AuthProviderTest.java
diff --git a/paimon-core/src/test/java/org/apache/paimon/rest/auth/CustomTestDLFTokenLoader.java b/paimon-core/src/test/java/org/apache/paimon/rest/auth/CustomTestDLFTokenLoader.java

Original file line number	Diff line number	Diff line change
`@@ -192,11 +192,13 @@ private void tryToRefreshToken() {`
`192`	`192`	`}`
`193`	`193`
`194`	`194`	`private boolean shouldRefresh() {`
`195`		`- return token == null \|\| token.expireAtMillis() - System.currentTimeMillis() < TOKEN_EXPIRATION_SAFE_TIME_MILLIS;`
	`195`	`+ return token == null`
	`196`	`+ \|\| token.expireAtMillis() - System.currentTimeMillis()`
	`197`	`+ < TOKEN_EXPIRATION_SAFE_TIME_MILLIS;`
`196`	`198`	`}`
`197`	`199`
`198`	`200`	`private void refreshToken() {`
`199`		`- LOG.info("begin refresh token for identifier [{}]", identifier);`
	`201`	`+ LOG.info("begin refresh data token for identifier [{}]", identifier);`
`200`	`202`	`GetTableTokenResponse response;`
`201`	`203`	`if (catalogInstance != null) {`
`202`	`204`	`try {`
`@@ -212,7 +214,7 @@ private void refreshToken() {`
`212`	`214`	`}`
`213`	`215`	`}`
`214`	`216`	`LOG.info(`
`215`		`- "end refresh token for identifier [{}] expiresAtMillis [{}]",`
	`217`	`+ "end refresh data token for identifier [{}] expiresAtMillis [{}]",`
`216`	`218`	`identifier,`
`217`	`219`	`response.getExpiresAtMillis());`
`218`	`220`
Original file line number	Diff line number	Diff line change
`@@ -23,5 +23,6 @@`
`23`	`23`	`/** Authentication provider. */`
`24`	`24`	`public interface AuthProvider {`
`25`	`25`
`26`		`- Map<String, String> mergeAuthHeader(Map<String, String> baseHeader, RESTAuthParameter restAuthParameter);`
	`26`	`+ Map<String, String> mergeAuthHeader(`
	`27`	`+ Map<String, String> baseHeader, RESTAuthParameter restAuthParameter);`
`27`	`28`	`}`
Original file line number	Diff line number	Diff line change
`@@ -22,4 +22,6 @@`
`22`	`22`	`public interface DLFTokenLoader {`
`23`	`23`
`24`	`24`	`DLFToken loadToken();`
	`25`	`+`
	`26`	`+ String description();`
`25`	`27`	`}`