[client] Sender trigger to abort all writeBatches if InitWriter failed with AuthorizationException

Author: swuferhong

fluss-client/src/main/java/com/alibaba/fluss/client/write/ArrowLogWriteBatch.java

@@ -131,4 +131,9 @@ public long writerId() {
     public int batchSequence() {
         return recordsBuilder.batchSequence();
     }
+
+    @Override
+    public void abortRecordAppends() {
+        recordsBuilder.abort();
+    }
 }

fluss-client/src/main/java/com/alibaba/fluss/client/write/IdempotenceManager.java

@@ -35,6 +35,7 @@
 
 import java.util.Optional;
 import java.util.Set;
+import java.util.concurrent.ExecutionException;
 import java.util.stream.Collectors;
 
 import static com.alibaba.fluss.record.LogRecordBatch.NO_WRITER_ID;
@@ -281,23 +282,13 @@ synchronized boolean canRetry(WriteBatch batch, Errors error) {
         return false;
     }
 
-    void maybeWaitForWriterId(Set<PhysicalTablePath> tablePaths) {
+    void maybeWaitForWriterId(Set<PhysicalTablePath> tablePaths)
+            throws ExecutionException, InterruptedException {
         if (!isWriterIdValid()) {
-            try {
-                tabletServerGateway
-                        .initWriter(prepareInitWriterRequest(tablePaths))
-                        .thenAccept(response -> setWriterId(response.getWriterId()))
-                        .exceptionally(
-                                e -> {
-                                    LOG.error("Failed to get writer id from tablet server.", e);
-                                    return null;
-                                })
-                        .get(); // TODO: can optimize into async response handling.
-            } catch (Exception e) {
-                LOG.error(
-                        "Received an exception while trying to get writer id from tablet server.",
-                        e);
-            }
+            tabletServerGateway
+                    .initWriter(prepareInitWriterRequest(tablePaths))
+                    .thenAccept(response -> setWriterId(response.getWriterId()))
+                    .get(); // TODO: can optimize into async response handling.
         }
     }
 

fluss-client/src/main/java/com/alibaba/fluss/client/write/IncompleteBatches.java

@@ -20,6 +20,7 @@
 
 import javax.annotation.concurrent.ThreadSafe;
 
+import java.util.ArrayList;
 import java.util.HashSet;
 import java.util.Set;
 import java.util.stream.Collectors;
@@ -53,6 +54,12 @@ public void remove(WriteBatch batch) {
         }
     }
 
+    public Iterable<WriteBatch> copyAll() {
+        synchronized (incomplete) {
+            return new ArrayList<>(this.incomplete);
+        }
+    }
+
     public Iterable<WriteBatch.RequestFuture> requestResults() {
         synchronized (incomplete) {
             return incomplete.stream()

fluss-client/src/main/java/com/alibaba/fluss/client/write/IndexedLogWriteBatch.java

@@ -123,6 +123,11 @@ public int batchSequence() {
         return recordsBuilder.batchSequence();
     }
 
+    @Override
+    public void abortRecordAppends() {
+        recordsBuilder.abort();
+    }
+
     public void resetWriterState(long writerId, int batchSequence) {
         super.resetWriterState(writerId, batchSequence);
         recordsBuilder.resetWriterState(writerId, batchSequence);

fluss-client/src/main/java/com/alibaba/fluss/client/write/KvWriteBatch.java

@@ -144,6 +144,11 @@ public int batchSequence() {
         return recordsBuilder.batchSequence();
     }
 
+    @Override
+    public void abortRecordAppends() {
+        recordsBuilder.abort();
+    }
+
     public void resetWriterState(long writerId, int batchSequence) {
         super.resetWriterState(writerId, batchSequence);
         recordsBuilder.resetWriterState(writerId, batchSequence);

fluss-client/src/main/java/com/alibaba/fluss/client/write/RecordAccumulator.java

@@ -294,6 +294,19 @@ public void reEnqueue(WriteBatch batch) {
         }
     }
 
+    /** Abort all incomplete batches (whether they have been sent or not). */
+    public void abortBatches(final Exception reason) {
+        for (WriteBatch batch : incomplete.copyAll()) {
+            Deque<WriteBatch> dq = getDeque(batch.physicalTablePath(), batch.tableBucket());
+            synchronized (dq) {
+                batch.abortRecordAppends();
+                dq.remove(batch);
+            }
+            batch.abort(reason);
+            deallocate(batch);
+        }
+    }
+
     /** Get the deque for the given table-bucket, creating it if necessary. */
     private Deque<WriteBatch> getOrCreateDeque(
             TableBucket tableBucket, PhysicalTablePath physicalTablePath) {

fluss-client/src/main/java/com/alibaba/fluss/client/write/Sender.java

@@ -38,6 +38,7 @@
 import com.alibaba.fluss.rpc.messages.PutKvResponse;
 import com.alibaba.fluss.rpc.protocol.ApiError;
 import com.alibaba.fluss.rpc.protocol.Errors;
+import com.alibaba.fluss.utils.ExceptionUtils;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -174,7 +175,19 @@ public void runOnce() throws Exception {
             // may be wait for writer id.
             Set<PhysicalTablePath> targetTables = accumulator.getPhysicalTablePathsInBatches();
             // TODO: only request to init writer_id when we have valid target tables
-            idempotenceManager.maybeWaitForWriterId(targetTables);
+            try {
+                idempotenceManager.maybeWaitForWriterId(targetTables);
+            } catch (Exception e) {
+                Throwable t = ExceptionUtils.stripExecutionException(e);
+
+                // TODO: If 'only request to init writer_id when we have valid target tables' have
+                // been down, this if check can be removed.
+                if (!targetTables.isEmpty()) {
+                    maybeAbortBatches((Exception) t);
+                } else {
+                    LOG.trace("No target tables, ignore init writer id error", t);
+                }
+            }
         }
 
         // do send.
@@ -256,6 +269,13 @@ private void failBatch(WriteBatch batch, Exception exception, boolean adjustBatc
         }
     }
 
+    private void maybeAbortBatches(Exception exception) {
+        if (accumulator.hasIncomplete()) {
+            LOG.error("Aborting write batches due to fatal error", exception);
+            accumulator.abortBatches(exception);
+        }
+    }
+
     private void reEnqueueBatch(WriteBatch batch) {
         accumulator.reEnqueue(batch);
         maybeRemoveFromInflightBatches(batch);

fluss-client/src/main/java/com/alibaba/fluss/client/write/WriteBatch.java

@@ -111,6 +111,8 @@ public abstract boolean tryAppend(WriteRecord writeRecord, WriteCallback callbac
 
     public abstract int batchSequence();
 
+    public abstract void abortRecordAppends();
+
     public boolean hasBatchSequence() {
         return batchSequence() != LogRecordBatch.NO_BATCH_SEQUENCE;
     }
@@ -124,6 +126,17 @@ public void resetWriterState(long writerId, int batchSequence) {
         reopened = true;
     }
 
+    /** Abort the batch and complete the future and callbacks. */
+    public void abort(Exception exception) {
+        if (!finalState.compareAndSet(null, FinalState.ABORTED)) {
+            throw new IllegalStateException(
+                    "Batch has already been completed in final stata " + finalState.get());
+        }
+
+        LOG.trace("Abort batch for tableBucket {}", tableBucket, exception);
+        completeFutureAndFireCallbacks(exception);
+    }
+
     public boolean sequenceHasBeenReset() {
         return reopened;
     }
@@ -251,14 +264,8 @@ private boolean done(@Nullable Exception batchException) {
 
     private enum FinalState {
         FAILED,
-        SUCCEEDED
-    }
-
-    /** The type of write batch. */
-    public enum WriteBatchType {
-        ARROW_LOG,
-        INDEXED_LOG,
-        KV
+        SUCCEEDED,
+        ABORTED
     }
 
     /** The future for this batch. */

fluss-client/src/test/java/com/alibaba/fluss/client/security/acl/FlussAuthorizationITCase.java

@@ -508,6 +508,85 @@ void testInitWriter() throws Exception {
         assertThat(response.getWriterId()).isGreaterThanOrEqualTo(0);
     }
 
+    @Test
+    void testProduceWithNoWriteAuthorization() throws Exception {
+        TablePath writeAclTable = TablePath.of("test_db_1", "write_acl_table_1");
+        TablePath noWriteAclTable = TablePath.of("test_db_1", "no_write_acl_table_1");
+        TableDescriptor descriptor =
+                TableDescriptor.builder().schema(DATA1_SCHEMA).distributedBy(1).build();
+        rootAdmin.createTable(writeAclTable, descriptor, false).get();
+        rootAdmin.createTable(noWriteAclTable, descriptor, false).get();
+
+        // create acl to allow guest write for writeAclTable.
+        rootAdmin
+                .createAcls(
+                        Collections.singletonList(
+                                new AclBinding(
+                                        Resource.table(writeAclTable),
+                                        new AccessControlEntry(
+                                                guestPrincipal,
+                                                "*",
+                                                OperationType.WRITE,
+                                                PermissionType.ALLOW))))
+                .all()
+                .get();
+        rootAdmin
+                .createAcls(
+                        Collections.singletonList(
+                                new AclBinding(
+                                        Resource.table(noWriteAclTable),
+                                        new AccessControlEntry(
+                                                guestPrincipal,
+                                                "*",
+                                                OperationType.READ,
+                                                PermissionType.ALLOW))))
+                .all()
+                .get();
+
+        FLUSS_CLUSTER_EXTENSION.waitUtilTableReady(
+                rootAdmin.getTableInfo(writeAclTable).get().getTableId());
+        FLUSS_CLUSTER_EXTENSION.waitUtilTableReady(
+                rootAdmin.getTableInfo(noWriteAclTable).get().getTableId());
+
+        // 1. Try to write data to noWriteAclTable. It should throw AuthorizationException because
+        // of request writeId failed.
+        try (Table table = guestConn.getTable(noWriteAclTable)) {
+            AppendWriter appendWriter = table.newAppend().createWriter();
+            assertThatThrownBy(() -> appendWriter.append(row(1, "a")).get())
+                    .hasRootCauseInstanceOf(AuthorizationException.class)
+                    .rootCause()
+                    .hasMessageContaining(
+                            String.format(
+                                    "No WRITE permission among all the tables: %s",
+                                    Collections.singletonList(noWriteAclTable)));
+        }
+
+        // 2. Try to write data to writeAclTable. It will success and writeId will be set.
+        try (Table table = guestConn.getTable(writeAclTable)) {
+            AppendWriter appendWriter = table.newAppend().createWriter();
+            appendWriter.append(row(1, "a")).get();
+        }
+
+        // 3. Try to write data to writeAclTable again. It will throw AuthorizationException because
+        // of no write permission.
+        // Note: If guestUser have permission for table lists: [writeAclTable, noWriteAclTable].
+        // When we give WRITE permission to writeAclTable for guestUser, guestUser will have
+        // INIT_WRITER permission for both writeAclTable and noWriteAclTable.
+        // In this case, when guestUser try to write noWriteAclTable, Fluss client can get writerId
+        // but can not to write to noWriteAclTable because of no WRITE permission.
+        try (Table table = guestConn.getTable(noWriteAclTable)) {
+            AppendWriter appendWriter = table.newAppend().createWriter();
+            assertThatThrownBy(() -> appendWriter.append(row(1, "a")).get())
+                    .hasRootCauseInstanceOf(AuthorizationException.class)
+                    .rootCause()
+                    .hasMessageContaining(
+                            String.format(
+                                    "No permission to WRITE table %s in database %s",
+                                    noWriteAclTable.getTableName(),
+                                    noWriteAclTable.getDatabaseName()));
+        }
+    }
+
     @Test
     void testProduceAndConsumer() throws Exception {
         TableDescriptor descriptor =

fluss-client/src/test/java/com/alibaba/fluss/client/write/ArrowLogWriteBatchTest.java

@@ -40,6 +40,7 @@
 
 import java.util.ArrayList;
 import java.util.List;
+import java.util.concurrent.CompletableFuture;
 
 import static com.alibaba.fluss.compression.ArrowCompressionInfo.DEFAULT_COMPRESSION;
 import static com.alibaba.fluss.record.LogRecordReadContext.createArrowReadContext;
@@ -49,6 +50,7 @@
 import static com.alibaba.fluss.record.TestData.DATA1_TABLE_INFO;
 import static com.alibaba.fluss.testutils.DataTestUtils.row;
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 /** Test for {@link ArrowLogWriteBatch}. */
 public class ArrowLogWriteBatchTest {
@@ -231,6 +233,59 @@ void testArrowCompressionRatioEstimated() throws Exception {
         assertThat(currentRatio).isLessThan(1.0f);
     }
 
+    @Test
+    void testBatchAborted() throws Exception {
+        int bucketId = 0;
+        int maxSizeInBytes = 10240;
+        ArrowLogWriteBatch arrowLogWriteBatch =
+                createArrowLogWriteBatch(new TableBucket(DATA1_TABLE_ID, bucketId), maxSizeInBytes);
+        int recordCount = 5;
+        List<CompletableFuture<Void>> futures = new ArrayList<>();
+        for (int i = 0; i < recordCount; i++) {
+            CompletableFuture<Void> future = new CompletableFuture<>();
+            arrowLogWriteBatch.tryAppend(
+                    createWriteRecord(row(i, "a" + i)),
+                    exception -> {
+                        if (exception != null) {
+                            future.completeExceptionally(exception);
+                        } else {
+                            future.complete(null);
+                        }
+                    });
+            futures.add(future);
+        }
+
+        assertThat(writerProvider.freeWriters()).isEmpty();
+        arrowLogWriteBatch.abortRecordAppends();
+        arrowLogWriteBatch.abort(new RuntimeException("close with record batch abort"));
+
+        // first try to append.
+        assertThatThrownBy(
+                        () ->
+                                arrowLogWriteBatch.tryAppend(
+                                        createWriteRecord(row(1, "a")), newWriteCallback()))
+                .isInstanceOf(IllegalStateException.class)
+                .hasMessageContaining(
+                        "Tried to append a record, but MemoryLogRecordsArrowBuilder has already been aborted");
+
+        // try to build.
+        assertThatThrownBy(arrowLogWriteBatch::build)
+                .isInstanceOf(IllegalStateException.class)
+                .hasMessageContaining("Attempting to build an aborted record batch");
+
+        // verify arrow writer have recycled.
+        assertThat(writerProvider.freeWriters()).hasSize(1);
+        assertThat(writerProvider.freeWriters().get("150001-1-ZSTD-3")).isNotNull();
+
+        // verify record append future is completed with exception.
+        for (CompletableFuture<Void> future : futures) {
+            assertThatThrownBy(future::join)
+                    .rootCause()
+                    .isInstanceOf(RuntimeException.class)
+                    .hasMessageContaining("close with record batch abort");
+        }
+    }
+
     private WriteRecord createWriteRecord(GenericRow row) {
         return WriteRecord.forArrowAppend(DATA1_PHYSICAL_TABLE_PATH, row, null);
     }