Add flags for Iceberg and Lake Formation and Security Lake as a data source type. #2858
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
asuresh8
requested review from
ps48,
kavithacm,
derek-ho,
joshuali925,
dai-chen,
YANG-DB,
rupal-bq,
mengweieric,
vamsi-amazon,
Swiddis,
penghuo,
seankao-az,
MaxKsyunz,
Yury-Fridlyand,
anirudha,
forestmvey,
acarbonetto,
GumpacG,
ykmr1224 and
LantaoJin
as code owners
| * ``glue.lakeformation.enabled`` determines whether to enable lakeformation for queries. Default value is ``"false"`` if not specified | ||
| * ``glue.iceberg.enabled`` determines whether to enable Iceberg for the session. Default value is ``"false"`` if not specified. | ||
| * ``glue.lakeformation.enabled`` determines whether to enable Lake Formation for queries when Iceberg is also enabled. If Iceberg is not enabled, then this property has no effect. Default value is ``"false"`` if not specified. | ||
| * ``glue.lakeformation.session_tag`` what session tag to use when assuming the data source role. This property is required when both Iceberg and Lake Formation are enabled. |
There was a problem hiding this comment.
Have we introduced validations on these conditions while creating Glue datasource?
There was a problem hiding this comment.
Thanks for catching this! I've added them now.
asuresh8
force-pushed
the
iceberg_lf
branch
2 times, most recently
from
75683cc
to
726c24f
Compare
asuresh8
force-pushed
the
iceberg_lf
branch
2 times, most recently
from
79b8f9a
to
af13394
Compare
asuresh8
changed the title
asuresh8
force-pushed
the
iceberg_lf
branch
3 times, most recently
from
2a2843d
to
d5ae63a
Compare
engechas
approved these changes
Aug 8, 2024
penghuo
reviewed
Aug 9, 2024
async-query-core/src/main/java/org/opensearch/sql/spark/data/constants/SparkConstants.java
Show resolved
Hide resolved
async-query-core/src/main/java/org/opensearch/sql/spark/data/constants/SparkConstants.java
Outdated
Show resolved
Hide resolved
Failure does not look related to this change. |
ykmr1224
reviewed
Aug 12, 2024
| "glue.auth.role_arn": "role_arn", | ||
| "glue.indexstore.opensearch.uri": "http://adsasdf.amazonopensearch.com:9200", | ||
| "glue.indexstore.opensearch.auth" :"awssigv4", | ||
| "glue.indexstore.opensearch.auth.region" :"awssigv4", |
There was a problem hiding this comment.
Same as above. The value should be region name.
| public static final String SPARK_CATALOG_CATALOG_IMPL = | ||
| "spark.sql.catalog.spark_catalog.catalog-impl"; | ||
| public static final String ICEBERG_SPARK_JARS = | ||
| "org.apache.iceberg:iceberg-spark-runtime-3.3_2.12:1.5.0,software.amazon.awssdk:bundle:2.26.30"; |
There was a problem hiding this comment.
Is it safe to specify the specific version? When do we notice the issue if we have version inconsistency?
There was a problem hiding this comment.
This is hard to say. Some things I observed here is that using the Iceberg version in EMR was causing issues in EMR versions prior to 7.2 (Spark 3.5.1). So specifying iceberg from Maven central is more stable than that. On the AWS version, I'm not sure. The AWS sdk v2 is only used with Iceberg in the EMR 6.x versions, and this version doesn't conflict. That's not to say it couldn't be an issue in EMR 7.x.
Previously, Iceberg catalog was set as the default catalog. This poses problems as the behavior to fall back to default Spark catalog is only correct in some versions of Iceberg. Rather than always opt into Iceberg, Iceberg should be an option. Additionally, the Lake Formation flag enabled Lake Formation for the EMR job. This did not work as expected because EMR system space does not work with Flint. Instead Lake Formation can be enabled using the Iceberg catalog implementation. Signed-off-by: Adi Suresh <adsuresh@amazon.com>
This changes adds Security Lake as a data source type. Security Lake as a data source is simply specific options set on top of the base S3Glue data source. Signed-off-by: Adi Suresh <adsuresh@amazon.com>
ykmr1224
approved these changes
Aug 13, 2024
penghuo
approved these changes
Aug 13, 2024
opensearch-trigger-bot bot
pushed a commit
that referenced
this pull request
Aug 13, 2024
…source type. (#2858) Previously, Iceberg catalog was set as the default catalog. This poses problems as the behavior to fall back to default Spark catalog is only correct in some versions of Iceberg. Rather than always opt into Iceberg, Iceberg should be an option. Additionally, the Lake Formation flag enabled Lake Formation for the EMR job. This did not work as expected because EMR system space does not work with Flint. Instead Lake Formation can be enabled using the Iceberg catalog implementation. This changes adds Security Lake as a data source type. Security Lake as a data source is simply specific options set on top of the base S3Glue data source. --------- Signed-off-by: Adi Suresh <adsuresh@amazon.com> (cherry picked from commit 05c961e) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
manasvinibs
pushed a commit
to manasvinibs/sql
that referenced
this pull request
Aug 14, 2024
…source type. (opensearch-project#2858) Previously, Iceberg catalog was set as the default catalog. This poses problems as the behavior to fall back to default Spark catalog is only correct in some versions of Iceberg. Rather than always opt into Iceberg, Iceberg should be an option. Additionally, the Lake Formation flag enabled Lake Formation for the EMR job. This did not work as expected because EMR system space does not work with Flint. Instead Lake Formation can be enabled using the Iceberg catalog implementation. This changes adds Security Lake as a data source type. Security Lake as a data source is simply specific options set on top of the base S3Glue data source. --------- Signed-off-by: Adi Suresh <adsuresh@amazon.com>
jzonthemtn
pushed a commit
to jzonthemtn/sql
that referenced
this pull request
Aug 28, 2024
…source type. (opensearch-project#2858) Previously, Iceberg catalog was set as the default catalog. This poses problems as the behavior to fall back to default Spark catalog is only correct in some versions of Iceberg. Rather than always opt into Iceberg, Iceberg should be an option. Additionally, the Lake Formation flag enabled Lake Formation for the EMR job. This did not work as expected because EMR system space does not work with Flint. Instead Lake Formation can be enabled using the Iceberg catalog implementation. This changes adds Security Lake as a data source type. Security Lake as a data source is simply specific options set on top of the base S3Glue data source. --------- Signed-off-by: Adi Suresh <adsuresh@amazon.com>
opensearch-trigger-bot bot
pushed a commit
that referenced
this pull request
Sep 4, 2024
…source type. (#2858) Previously, Iceberg catalog was set as the default catalog. This poses problems as the behavior to fall back to default Spark catalog is only correct in some versions of Iceberg. Rather than always opt into Iceberg, Iceberg should be an option. Additionally, the Lake Formation flag enabled Lake Formation for the EMR job. This did not work as expected because EMR system space does not work with Flint. Instead Lake Formation can be enabled using the Iceberg catalog implementation. This changes adds Security Lake as a data source type. Security Lake as a data source is simply specific options set on top of the base S3Glue data source. --------- Signed-off-by: Adi Suresh <adsuresh@amazon.com> (cherry picked from commit 05c961e) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
ykmr1224
pushed a commit
that referenced
this pull request
Sep 4, 2024
…source type. (#2858) (#2978) Previously, Iceberg catalog was set as the default catalog. This poses problems as the behavior to fall back to default Spark catalog is only correct in some versions of Iceberg. Rather than always opt into Iceberg, Iceberg should be an option. Additionally, the Lake Formation flag enabled Lake Formation for the EMR job. This did not work as expected because EMR system space does not work with Flint. Instead Lake Formation can be enabled using the Iceberg catalog implementation. This changes adds Security Lake as a data source type. Security Lake as a data source is simply specific options set on top of the base S3Glue data source. --------- (cherry picked from commit 05c961e) Signed-off-by: Adi Suresh <adsuresh@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
ykmr1224
pushed a commit
that referenced
this pull request
Sep 4, 2024
…source type. (#2858) (#2934) Previously, Iceberg catalog was set as the default catalog. This poses problems as the behavior to fall back to default Spark catalog is only correct in some versions of Iceberg. Rather than always opt into Iceberg, Iceberg should be an option. Additionally, the Lake Formation flag enabled Lake Formation for the EMR job. This did not work as expected because EMR system space does not work with Flint. Instead Lake Formation can be enabled using the Iceberg catalog implementation. This changes adds Security Lake as a data source type. Security Lake as a data source is simply specific options set on top of the base S3Glue data source. --------- (cherry picked from commit 05c961e) Signed-off-by: Adi Suresh <adsuresh@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Previously, Iceberg catalog was set as the default catalog. This poses problems as the behavior to fall back to default Spark catalog is only correct in some versions of Iceberg. Rather than always opt into Iceberg, Iceberg should be an option.
Additionally, the Lake Formation flag enabled Lake Formation for the EMR Serverless job, but this did not work as expected. Setting Lake Formation enabled for the entire EMR Serverless job result in EMR Serverless system space being used. This system space does not work with Flint. The full limitations are documented in https://docs.aws.amazon.com/emr/latest/EMR-Serverless-UserGuide/emr-serverless-lf-enable-considerations.html. Instead Lake Formation can be enabled using the Iceberg catalog implementation.
Testing
Built and deployed to cluster and then queried Iceberg tables to verify functionality still works as well as testing the new functionality.
Setup
Created 2 data sources:
Scenario 1 (S3 IAM permissions, Yes Iceberg and No Lake Formation flags set) Iceberg table should work
Scenario 2 (LF permissions, Yes Iceberg and Yes Lake Formation flags set) Iceberg table should work
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.