github-actions[bot] commented on code in PR #64966:
URL: https://github.com/apache/doris/pull/64966#discussion_r3496643929
##########
fe/fe-core/src/main/java/org/apache/doris/datasource/iceberg/IcebergMetadataOps.java:
##########
@@ -143,23 +145,23 @@ public void close() {
@Override
public boolean tableExist(String dbName, String tblName) {
try {
- return executionAuthenticator.execute(() ->
catalog.tableExists(getTableIdentifier(dbName, tblName)));
+ return executeWithReauthRetry(() ->
catalog.tableExists(getTableIdentifier(dbName, tblName)));
} catch (Exception e) {
throw new RuntimeException("Failed to check table exist, error
message is:" + e.getMessage(), e);
}
}
public boolean databaseExist(String dbName) {
try {
Review Comment:
This retry can leave `CREATE DATABASE` using the stale namespace client.
`performCreateDb` captures `SupportsNamespaces nsCatalog = (SupportsNamespaces)
catalog` before calling `databaseExist()`, but this line can now rebuild the
parent catalog and replace `this.catalog`/`this.nsCatalog` after a 401. When
control returns, the existence check has succeeded on the fresh client, but
`nsCatalog.createNamespace(...)` still runs on the pre-rebuild client, so an
expired-token REST catalog can fail the actual create even though the self-heal
path succeeded. Move the namespace-catalog capture below the `databaseExist`
call or use `this.nsCatalog` for the create so the mutation uses the rebuilt
client.
##########
fe/fe-core/src/main/java/org/apache/doris/datasource/iceberg/IcebergMetadataOps.java:
##########
@@ -1290,6 +1291,57 @@ public List<String> listViewNames(String db) {
}
}
+ /**
+ * Wraps an idempotent read op with re-auth-on-401 self-heal. The Iceberg
REST
+ * OAuth client caches its Polaris token; if that token expires or is
invalidated
+ * (e.g. a token-refresh POST failed under Polaris load), the client
wedges and
+ * every call returns NotAuthorizedException (401) -- it does NOT re-auth
on its
+ * own, so the catalog stays unusable until the FE is restarted. Detect
that, force
+ * a full catalog-client rebuild on the parent catalog
Review Comment:
This new recovery path needs a focused test. The helper does more than catch
an exception: it resets the parent catalog, rebuilds metadata ops, copies the
rebuilt catalog/namespace/authenticator fields, retries the original callable,
and must stop after one retry if auth still fails. The PR only changes
production code, and the existing Iceberg REST/OAuth tests cover normal catalog
use rather than a forced `NotAuthorizedException` and the rebuild state
transition. Please add a small FE unit test with mocked catalog/authenticator
behavior for the 401-then-success case and the still-401 case.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]