github-actions[bot] commented on code in PR #64966:
URL: https://github.com/apache/doris/pull/64966#discussion_r3496643929


##########
fe/fe-core/src/main/java/org/apache/doris/datasource/iceberg/IcebergMetadataOps.java:
##########
@@ -143,23 +145,23 @@ public void close() {
     @Override
     public boolean tableExist(String dbName, String tblName) {
         try {
-            return executionAuthenticator.execute(() -> 
catalog.tableExists(getTableIdentifier(dbName, tblName)));
+            return executeWithReauthRetry(() -> 
catalog.tableExists(getTableIdentifier(dbName, tblName)));
         } catch (Exception e) {
             throw new RuntimeException("Failed to check table exist, error 
message is:" + e.getMessage(), e);
         }
     }
 
     public boolean databaseExist(String dbName) {
         try {

Review Comment:
   This retry can leave `CREATE DATABASE` using the stale namespace client. 
`performCreateDb` captures `SupportsNamespaces nsCatalog = (SupportsNamespaces) 
catalog` before calling `databaseExist()`, but this line can now rebuild the 
parent catalog and replace `this.catalog`/`this.nsCatalog` after a 401. When 
control returns, the existence check has succeeded on the fresh client, but 
`nsCatalog.createNamespace(...)` still runs on the pre-rebuild client, so an 
expired-token REST catalog can fail the actual create even though the self-heal 
path succeeded. Move the namespace-catalog capture below the `databaseExist` 
call or use `this.nsCatalog` for the create so the mutation uses the rebuilt 
client.



##########
fe/fe-core/src/main/java/org/apache/doris/datasource/iceberg/IcebergMetadataOps.java:
##########
@@ -1290,6 +1291,57 @@ public List<String> listViewNames(String db) {
         }
     }
 
+    /**
+     * Wraps an idempotent read op with re-auth-on-401 self-heal. The Iceberg 
REST
+     * OAuth client caches its Polaris token; if that token expires or is 
invalidated
+     * (e.g. a token-refresh POST failed under Polaris load), the client 
wedges and
+     * every call returns NotAuthorizedException (401) -- it does NOT re-auth 
on its
+     * own, so the catalog stays unusable until the FE is restarted. Detect 
that, force
+     * a full catalog-client rebuild on the parent catalog

Review Comment:
   This new recovery path needs a focused test. The helper does more than catch 
an exception: it resets the parent catalog, rebuilds metadata ops, copies the 
rebuilt catalog/namespace/authenticator fields, retries the original callable, 
and must stop after one retry if auth still fails. The PR only changes 
production code, and the existing Iceberg REST/OAuth tests cover normal catalog 
use rather than a forced `NotAuthorizedException` and the rebuild state 
transition. Please add a small FE unit test with mocked catalog/authenticator 
behavior for the 401-then-success case and the still-401 case.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to