enable support for custom session configurations

Fix the description of "Read Change Data Feed from a Table"

Author: qxtaiba

client/src/main/scala/io/delta/sharing/client/DeltaSharingFileSystem.scala

@@ -16,20 +16,23 @@
 
 package io.delta.sharing.client
 
+import java.io.File
 import java.net.{URI, URLDecoder, URLEncoder}
 import java.util.concurrent.TimeUnit
 
 import org.apache.hadoop.fs._
 import org.apache.hadoop.fs.permission.FsPermission
 import org.apache.hadoop.util.Progressable
 import org.apache.http.{HttpClientConnection, HttpHost, HttpRequest, HttpResponse}
-import org.apache.http.auth.{AuthScope, UsernamePasswordCredentials}
 import org.apache.http.client.config.RequestConfig
 import org.apache.http.client.utils.URIBuilder
 import org.apache.http.conn.routing.HttpRoute
-import org.apache.http.impl.client.{BasicCredentialsProvider, HttpClientBuilder, RequestWrapper}
+import org.apache.http.conn.ssl.NoopHostnameVerifier
+import org.apache.http.conn.ssl.TrustSelfSignedStrategy
+import org.apache.http.impl.client.{CloseableHttpClient, HttpClientBuilder, RequestWrapper}
 import org.apache.http.impl.conn.{DefaultRoutePlanner, DefaultSchemePortResolver}
 import org.apache.http.protocol.{HttpContext, HttpRequestExecutor}
+import org.apache.http.ssl.SSLContextBuilder
 import org.apache.spark.SparkEnv
 import org.apache.spark.delta.sharing.{PreSignedUrlCache, PreSignedUrlFetcher}
 import org.apache.spark.internal.Logging
@@ -44,18 +47,20 @@ private[sharing] class DeltaSharingFileSystem extends FileSystem with Logging {
 
   lazy private val numRetries = ConfUtils.numRetries(getConf)
   lazy private val maxRetryDurationMillis = ConfUtils.maxRetryDurationMillis(getConf)
-  lazy private val timeoutInSeconds = ConfUtils.timeoutInSeconds(getConf)
+  lazy private val timeoutInMillis = ConfUtils.getTimeoutInMillis(getConf)
   lazy private val httpClient = createHttpClient()
 
-  private[sharing] def createHttpClient() = {
+  private[sharing] def createHttpClient(): CloseableHttpClient = {
     val proxyConfigOpt = ConfUtils.getProxyConfig(getConf)
     val maxConnections = ConfUtils.maxConnections(getConf)
+    val customHeadersOpt = ConfUtils.getCustomHeaders(getConf)
+
     val config = RequestConfig.custom()
-      .setConnectTimeout(timeoutInSeconds * 1000)
-      .setConnectionRequestTimeout(timeoutInSeconds * 1000)
-      .setSocketTimeout(timeoutInSeconds * 1000).build()
+      .setConnectTimeout(timeoutInMillis)
+      .setConnectionRequestTimeout(timeoutInMillis)
+      .setSocketTimeout(timeoutInMillis).build()
 
-    logDebug(s"Creating delta sharing httpClient with timeoutInSeconds: $timeoutInSeconds.")
+    logDebug(s"Creating delta sharing httpClient with timeoutInMillis: $timeoutInMillis.")
     val clientBuilder = HttpClientBuilder.create()
       .setMaxConnTotal(maxConnections)
       .setMaxConnPerRoute(maxConnections)
@@ -66,10 +71,15 @@ private[sharing] class DeltaSharingFileSystem extends FileSystem with Logging {
 
     // Set proxy if provided.
     proxyConfigOpt.foreach { proxyConfig =>
-
       val proxy = new HttpHost(proxyConfig.host, proxyConfig.port)
       clientBuilder.setProxy(proxy)
 
+      if (proxyConfig.authToken.nonEmpty) {
+        clientBuilder.addInterceptorFirst((request: HttpRequest, _: HttpContext) => {
+          request.addHeader("Proxy-Authorization", s"Bearer ${proxyConfig.authToken}")
+        })
+      }
+
       val neverUseHttps = ConfUtils.getNeverUseHttps(getConf)
       if (neverUseHttps) {
         val httpRequestDowngradeExecutor = new HttpRequestExecutor {
@@ -94,6 +104,7 @@ private[sharing] class DeltaSharingFileSystem extends FileSystem with Logging {
         }
         clientBuilder.setRequestExecutor(httpRequestDowngradeExecutor)
       }
+
       if (proxyConfig.noProxyHosts.nonEmpty || neverUseHttps) {
         val routePlanner = new DefaultRoutePlanner(DefaultSchemePortResolver.INSTANCE) {
           override def determineRoute(target: HttpHost,
@@ -110,6 +121,28 @@ private[sharing] class DeltaSharingFileSystem extends FileSystem with Logging {
         }
         clientBuilder.setRoutePlanner(routePlanner)
       }
+
+      if (proxyConfig.sslTrustAll) {
+        clientBuilder.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE)
+        clientBuilder.setSSLContext(
+          new SSLContextBuilder()
+            .loadTrustMaterial(null, new TrustSelfSignedStrategy)
+            .build()
+        )
+      } else if (proxyConfig.caCertPath.nonEmpty) {
+        clientBuilder.setSSLContext(
+          new SSLContextBuilder()
+            .loadTrustMaterial(new File(proxyConfig.caCertPath.getOrElse("")), null)
+            .build()
+        )
+      }
+
+      customHeadersOpt.foreach { headers =>
+        ConfUtils.validateCustomHeaders(headers)
+        clientBuilder.addInterceptorFirst((request: HttpRequest, _: HttpContext) => {
+          headers.foreach { case (key, value) => request.addHeader(key, value) }
+        })
+      }
     }
     clientBuilder.build()
   }
@@ -122,7 +155,7 @@ private[sharing] class DeltaSharingFileSystem extends FileSystem with Logging {
 
   override def getScheme: String = SCHEME
 
-  override def getUri(): URI = URI.create(s"$SCHEME:///")
+  override def getUri: URI = URI.create(s"$SCHEME:///")
 
   // open a file path with the format below:
   // ```
@@ -204,7 +237,7 @@ private[sharing] class DeltaSharingFileSystem extends FileSystem with Logging {
 
 private[sharing] object DeltaSharingFileSystem {
 
-  val SCHEME = "delta-sharing"
+  private val SCHEME = "delta-sharing"
 
   case class DeltaSharingPath(tablePath: String, fileId: String, fileSize: Long) {
 

client/src/main/scala/io/delta/sharing/client/util/ConfUtils.scala

@@ -16,8 +16,8 @@
 
 package io.delta.sharing.client.util
 
+import com.fasterxml.jackson.databind.ObjectMapper
 import java.util.concurrent.TimeUnit
-
 import org.apache.hadoop.conf.Configuration
 import org.apache.spark.network.util.JavaUtils
 import org.apache.spark.sql.internal.SQLConf
@@ -81,6 +81,10 @@ object ConfUtils {
   val PROXY_PORT = "spark.delta.sharing.network.proxyPort"
   val NO_PROXY_HOSTS = "spark.delta.sharing.network.noProxyHosts"
 
+  val CUSTOM_HEADERS = "spark.delta.sharing.network.customHeaders"
+  val PROXY_AUTH_TOKEN = "spark.delta.sharing.network.proxyAuthToken"
+  val CA_CERT_PATH = "spark.delta.sharing.network.caCertPath"
+
   val OAUTH_RETRIES_CONF = "spark.delta.sharing.oauth.tokenExchangeMaxRetries"
   val OAUTH_RETRIES_DEFAULT = 5
 
@@ -98,18 +102,55 @@ object ConfUtils {
   def getProxyConfig(conf: Configuration): Option[ProxyConfig] = {
     val proxyHost = conf.get(PROXY_HOST, null)
     val proxyPortAsString = conf.get(PROXY_PORT, null)
+    val noProxyList = conf.getTrimmedStrings(NO_PROXY_HOSTS).toSeq
+    val authToken = Option(conf.get(PROXY_AUTH_TOKEN, null))
+    val caCertPath = Option(conf.get(CA_CERT_PATH, null))
+    val sslTrustAll = conf.getBoolean(SSL_TRUST_ALL_CONF, SSL_TRUST_ALL_DEFAULT.toBoolean)
 
     if (proxyHost == null && proxyPortAsString == null) {
       return None
     }
 
     validateNonEmpty(proxyHost, PROXY_HOST)
     validateNonEmpty(proxyPortAsString, PROXY_PORT)
+    validateNonEmpty(sslTrustAll.toString, SSL_TRUST_ALL_CONF)
+
     val proxyPort = proxyPortAsString.toInt
     validatePortNumber(proxyPort, PROXY_PORT)
 
-    val noProxyList = conf.getTrimmedStrings(NO_PROXY_HOSTS).toSeq
-    Some(ProxyConfig(proxyHost, proxyPort, noProxyHosts = noProxyList))
+    Some(ProxyConfig(
+      host = proxyHost,
+      port = proxyPort,
+      noProxyHosts = noProxyList,
+      authToken = authToken,
+      caCertPath = caCertPath,
+      sslTrustAll = sslTrustAll
+    ))
+  }
+
+  def getCustomHeaders(conf: Configuration): Option[Map[String, String]] = {
+    val headersString = conf.get(CUSTOM_HEADERS, null)
+    if (headersString != null && headersString.nonEmpty) {
+      val mapper = new ObjectMapper()
+      val headers = mapper.readValue(headersString, classOf[Map[String, String]])
+      Some(headers)
+    } else {
+      None
+    }
+  }
+
+  def validateCustomHeaders(headers: Map[String, String]): Unit = {
+    headers.foreach { case (key, value) =>
+      require(key != null && key.nonEmpty, "Custom header name must not be null or empty")
+      require(value != null, s"Custom header value for '$key' must not be null")
+    }
+  }
+
+  def getTimeoutInMillis(conf: Configuration): Int = {
+    val timeoutStr = conf.get(TIMEOUT_CONF, TIMEOUT_DEFAULT)
+    val timeoutMillis = JavaUtils.timeStringAs(timeoutStr, TimeUnit.MILLISECONDS)
+    validateNonNeg(timeoutMillis, TIMEOUT_CONF)
+    timeoutMillis.toInt
   }
 
   def getNeverUseHttps(conf: Configuration): Boolean = {
@@ -325,7 +366,10 @@ object ConfUtils {
   }
 
   case class ProxyConfig(host: String,
-                         port: Int,
-                         noProxyHosts: Seq[String] = Seq.empty
+                        port: Int,
+                        noProxyHosts: Seq[String] = Seq.empty,
+                        authToken: Option[String] = None,
+                        caCertPath: Option[String] = None,
+                        sslTrustAll: Boolean = false
                         )
 }

client/src/test/scala/io/delta/sharing/client/DeltaSharingFileSystemSuite.scala

@@ -92,11 +92,13 @@ class DeltaSharingFileSystemSuite extends SparkFunSuite {
     proxyServer.initialize()
 
     try {
-
       // Create a ProxyConfig with the host and port of the local proxy server.
       val conf = new Configuration
       conf.set(ConfUtils.PROXY_HOST, proxyServer.getHost())
       conf.set(ConfUtils.PROXY_PORT, proxyServer.getPort().toString)
+      conf.set(ConfUtils.PROXY_AUTH_TOKEN, "testAuthToken")
+      conf.set(ConfUtils.CA_CERT_PATH, "/path/to/ca_cert.pem")
+      conf.set(ConfUtils.SSL_TRUST_ALL_CONF, "true")
 
       // Configure the httpClient to use the ProxyConfig.
       val fs = new DeltaSharingFileSystem() {

client/src/test/scala/io/delta/sharing/client/util/ConfUtilsSuite.scala

@@ -113,13 +113,19 @@ class ConfUtilsSuite extends SparkFunSuite {
     val conf = newConf(Map(
       PROXY_HOST -> "1.2.3.4",
       PROXY_PORT -> "8080",
-      NO_PROXY_HOSTS -> "localhost,127.0.0.1"
+      NO_PROXY_HOSTS -> "localhost,127.0.0.1",
+      PROXY_AUTH_TOKEN -> "testAuthToken",
+      CA_CERT_PATH -> "/path/to/ca_cert.pem",
+      SSL_TRUST_ALL_CONF -> "true"
     ))
     val proxyConfig = getProxyConfig(conf)
     assert(proxyConfig.isDefined)
     assert(proxyConfig.get.host == "1.2.3.4")
     assert(proxyConfig.get.port == 8080)
     assert(proxyConfig.get.noProxyHosts == Seq("localhost", "127.0.0.1"))
+    assert(proxyConfig.get.authToken.contains("testAuthToken"))
+    assert(proxyConfig.get.caCertPath.contains("/path/to/ca_cert.pem"))
+    assert(proxyConfig.get.sslTrustAll)
   }
 
   test("getProxyConfig with only host and port") {
@@ -132,6 +138,9 @@ class ConfUtilsSuite extends SparkFunSuite {
     assert(proxyConfig.get.host == "1.2.3.4")
     assert(proxyConfig.get.port == 8080)
     assert(proxyConfig.get.noProxyHosts.isEmpty)
+    assert(proxyConfig.get.authToken.isEmpty)
+    assert(proxyConfig.get.caCertPath.isEmpty)
+    assert(!proxyConfig.get.sslTrustAll)
   }
 
   test("getProxyConfig with no proxy settings") {

client/src/test/scala/io/delta/sharing/client/util/RetryUtilsSuite.scala

@@ -22,7 +22,6 @@ import scala.collection.mutable.ArrayBuffer
 
 import org.apache.spark.SparkFunSuite
 
-import io.delta.sharing.client.util.{RetryUtils, UnexpectedHttpStatus}
 import io.delta.sharing.client.util.RetryUtils._
 import io.delta.sharing.spark.MissingEndStreamActionException