dimas-b commented on code in PR #3414:
URL: https://github.com/apache/polaris/pull/3414#discussion_r2692150954
##########
runtime/service/src/main/java/org/apache/polaris/service/catalog/io/StorageAccessConfigProvider.java:
##########
@@ -187,6 +193,62 @@ private CredentialVendingContext
buildCredentialVendingContext(
builder.activatedRoles(Optional.of(rolesString));
}
+ // Only include trace ID when the feature flag is enabled.
+ // When enabled, trace IDs are included in AWS STS session tags and become
part of the
+ // credential cache key (since they affect the vended credentials).
+ // When disabled (default), trace IDs are not included, allowing efficient
credential
+ // caching across requests with different trace IDs.
+ boolean includeTraceIdInSessionTags =
+ storageCredentialsVendor
+ .getRealmConfig()
+ .getConfig(FeatureConfiguration.INCLUDE_TRACE_ID_IN_SESSION_TAGS);
+ if (includeTraceIdInSessionTags) {
+ builder.traceId(getCurrentTraceId());
+ }
+
+ // Only include request ID when the feature flag is enabled.
+ // When enabled, request IDs are included in AWS STS session tags and
become part of the
+ // credential cache key (since they affect the vended credentials).
+ // When disabled (default), request IDs are not included, allowing
efficient credential
+ // caching across requests with different request IDs.
+ boolean includeRequestIdInSessionTags =
+ storageCredentialsVendor
+ .getRealmConfig()
+
.getConfig(FeatureConfiguration.INCLUDE_REQUEST_ID_IN_SESSION_TAGS);
+ if (includeRequestIdInSessionTags) {
+ builder.requestId(getCurrentRequestId());
+ }
+
return builder.build();
}
+
+ /**
+ * Extracts the current OpenTelemetry trace ID from the active span context.
+ *
+ * @return the trace ID if a valid span context exists, empty otherwise
+ */
+ private Optional<String> getCurrentTraceId() {
+ SpanContext spanContext = Span.current().getSpanContext();
+ if (spanContext.isValid()) {
+ return Optional.of(spanContext.getTraceId());
+ }
+ return Optional.empty();
+ }
+
+ /**
+ * Extracts the current request ID from the active RESTEasy Reactive request
context.
+ *
+ * <p>Note: avoid injecting ContainerRequestContext here because some tests
may run with no active
+ * request scope.
+ */
+ private Optional<String> getCurrentRequestId() {
+ // See org.jboss.resteasy.reactive.server.injection.ContextProducers
+ ResteasyReactiveRequestContext context = CurrentRequestManager.get();
Review Comment:
Sorry, but I do not think this is a totally correct way to get request IDs.
IIRC, `CurrentRequestManager.get()` will fail in runtime if the this method is
called outside an HTTP (REST) request context, which is possible in async tasks.
Please see how `TaskExecutorImpl` deals with realm IDs. A similar CDI
pattern is probably necessary for request IDs, except that we may not have to
produce a request ID for background tasks. I do not have an opinion on whether
request IDs should be propagated from REST requests to related async tasks or
not. However, CDI must be solid and not cause runtime exceptions even if the
request ID is not propagated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
