[FLUSS-2686] Add COS filesystem support#2836
Conversation
XuQianJin-Stars
force-pushed
the
feature/cos-filesystem-integration
branch
2 times, most recently
from
8f2358a to
186ef5d
Compare
XuQianJin-Stars
changed the title
XuQianJin-Stars
force-pushed
the
feature/cos-filesystem-integration
branch
from
186ef5d to
e1151e8
Compare
There was a problem hiding this comment.
Pull request overview
Adds a new Fluss filesystem plugin module to support Tencent Cloud Object Storage (COS) via Hadoop’s CosNFileSystem, including SPI registration and integration tests for COS access.
Changes:
- Introduces new
fluss-fs-cosmodule with COS filesystem implementation, token receiver/provider, and SPI service registrations. - Adds COS integration tests (static credentials + token-based flow) gated by environment-provided credentials.
- Updates parent filesystem build to include the COS module and adjusts test-coverage exclusions.
Reviewed changes
Copilot reviewed 16 out of 16 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| fluss-test-coverage/pom.xml | Excludes COS filesystem packages from coverage aggregation (consistent with other FS plugins). |
| fluss-filesystems/pom.xml | Registers fluss-fs-cos as a submodule. |
| fluss-filesystems/fluss-fs-cos/pom.xml | Adds COS module dependencies, shading, and multi-release JAXB handling. |
| fluss-filesystems/fluss-fs-cos/src/main/java/org/apache/fluss/fs/cos/COSFileSystem.java | Wraps Hadoop FS and adds Fluss security-token acquisition hook. |
| fluss-filesystems/fluss-fs-cos/src/main/java/org/apache/fluss/fs/cos/COSFileSystemPlugin.java | Implements FileSystemPlugin for cosn and translates Fluss config to Hadoop config. |
| fluss-filesystems/fluss-fs-cos/src/main/java/org/apache/fluss/fs/cos/token/COSSecurityTokenProvider.java | Provides a Fluss ObtainedSecurityToken intended for COS credential propagation. |
| fluss-filesystems/fluss-fs-cos/src/main/java/org/apache/fluss/fs/cos/token/COSSecurityTokenReceiver.java | Receives Fluss tokens and configures Hadoop COS credential provider + extra config. |
| fluss-filesystems/fluss-fs-cos/src/main/java/org/apache/fluss/fs/cos/token/DynamicTemporaryCOSCredentialsProvider.java | Supplies COS SDK credentials dynamically from received tokens. |
| fluss-filesystems/fluss-fs-cos/src/main/resources/META-INF/services/org.apache.fluss.fs.FileSystemPlugin | SPI registration of COSFileSystemPlugin. |
| fluss-filesystems/fluss-fs-cos/src/main/resources/META-INF/services/org.apache.fluss.fs.token.SecurityTokenReceiver | SPI registration of COSSecurityTokenReceiver. |
| fluss-filesystems/fluss-fs-cos/src/main/resources/META-INF/licenses/LICENSE.jaxb | Bundled CDDL license text for JAXB dependency. |
| fluss-filesystems/fluss-fs-cos/src/main/resources/META-INF/NOTICE | Declares bundled dependencies and licensing notice for the module. |
| fluss-filesystems/fluss-fs-cos/src/test/java/org/apache/fluss/fs/cos/COSFileSystemBehaviorITCase.java | COS behavior IT using static secretId/secretKey. |
| fluss-filesystems/fluss-fs-cos/src/test/java/org/apache/fluss/fs/cos/COSWithTokenFileSystemBehaviorBaseITCase.java | Base for token-based COS behavior tests; initializes FS with static creds first. |
| fluss-filesystems/fluss-fs-cos/src/test/java/org/apache/fluss/fs/cos/COSWithTokenFileSystemBehaviorITCase.java | Token-based COS behavior IT wiring receiver + re-init. |
| fluss-filesystems/fluss-fs-cos/src/test/java/org/apache/fluss/fs/cos/COSTestCredentials.java | Reads COS IT credentials from environment variables and gates tests. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| public ObtainedSecurityToken obtainSecurityToken(String scheme) { | ||
| // For COS, we directly use the configured secret id and secret key as the token. | ||
| // If STS temporary credentials are needed in the future, this can be extended | ||
| // to call Tencent Cloud STS API to get temporary credentials. | ||
| Map<String, String> additionInfo = new HashMap<>(); | ||
| // we need to put endpoint as addition info | ||
| if (endpoint != null) { | ||
| additionInfo.put(ENDPOINT_KEY, endpoint); | ||
| } | ||
|
|
||
| Credentials credentials = new Credentials(secretId, secretKey, null); | ||
| byte[] tokenBytes = CredentialsJsonSerde.toJson(credentials); | ||
|
|
||
| // token does not expire when using static credentials | ||
| return new ObtainedSecurityToken(scheme, tokenBytes, Long.MAX_VALUE, additionInfo); | ||
| } |
There was a problem hiding this comment.
This provider serializes secretId/secretKey with a null security token and sets Long.MAX_VALUE expiry, but the receiver converts tokens into BasicSessionCredentials (session-based) which generally expects a non-null session token. Either (a) actually obtain STS temporary credentials (accessKey/secretKey/sessionToken + real expiry) and serialize them, or (b) treat the propagated token as static credentials end-to-end (adjust receiver/provider to use non-session COS credentials) and rename/comment accordingly to avoid implying STS behavior.
| LOG.debug("Providing session credentials"); | ||
| return new BasicSessionCredentials( | ||
| credentials.getCOSAccessKeyId(), | ||
| credentials.getCOSSecretKey(), | ||
| ((BasicSessionCredentials) credentials).getSessionToken()); |
There was a problem hiding this comment.
This unconditionally casts credentials to BasicSessionCredentials, which will throw ClassCastException if the receiver ever stores a different COSCredentials implementation (e.g., static/basic credentials). Consider removing the cast by storing the session token separately, or branching with instanceof and returning the appropriate credential type based on what was received.
| LOG.debug("Providing session credentials"); | |
| return new BasicSessionCredentials( | |
| credentials.getCOSAccessKeyId(), | |
| credentials.getCOSSecretKey(), | |
| ((BasicSessionCredentials) credentials).getSessionToken()); | |
| if (credentials instanceof BasicSessionCredentials) { | |
| BasicSessionCredentials sessionCredentials = (BasicSessionCredentials) credentials; | |
| LOG.debug("Providing session credentials"); | |
| return new BasicSessionCredentials( | |
| sessionCredentials.getCOSAccessKeyId(), | |
| sessionCredentials.getCOSSecretKey(), | |
| sessionCredentials.getSessionToken()); | |
| } else { | |
| LOG.debug("Providing non-session COS credentials"); | |
| return credentials; | |
| } |
| LOG.info( | ||
| "Session credentials updated successfully with access key: {}.", | ||
| credentials.getCOSAccessKeyId()); |
There was a problem hiding this comment.
Avoid logging credential identifiers (even access key IDs) at INFO level, as they are typically treated as sensitive and can leak via centralized logs. Consider removing the access key from the message, masking it (e.g., last 4 chars), and/or lowering the log level to DEBUG.
| LOG.info( | |
| "Session credentials updated successfully with access key: {}.", | |
| credentials.getCOSAccessKeyId()); | |
| LOG.info("Session credentials updated successfully."); |
| // then, set addition info | ||
| if (additionInfos == null) { | ||
| // if addition info is null, it also means we have not received any token, | ||
| throw new RuntimeException("Credentials is not ready."); |
There was a problem hiding this comment.
The exception message is grammatically incorrect and not very actionable. Consider using a more specific message that indicates the real cause (e.g., token/credentials not yet received via onNewTokensObtained, so the receiver cannot update Hadoop config) and—if applicable—include what to configure/call first.
| throw new RuntimeException("Credentials is not ready."); | |
| throw new RuntimeException( | |
| "Cannot update Hadoop configuration: COS credentials and additional " | |
| + "information have not been received yet. Ensure " | |
| + "onNewTokensObtained(...) has been called with valid tokens " | |
| + "before invoking COSSecurityTokenReceiver.updateHadoopConfig()."); |
| String providers = hadoopConfig.get(CREDENTIALS_PROVIDER, ""); | ||
|
|
||
| if (!providers.contains(credentialsProviderName)) { | ||
| if (providers.isEmpty()) { | ||
| LOG.debug("Setting provider"); | ||
| providers = credentialsProviderName; | ||
| } else { | ||
| providers = credentialsProviderName + "," + providers; | ||
| LOG.debug("Prepending provider, new providers value: {}", providers); | ||
| } | ||
| hadoopConfig.set(CREDENTIALS_PROVIDER, providers); | ||
| } else { | ||
| LOG.debug("Provider already exists"); | ||
| } |
There was a problem hiding this comment.
Using String#contains on a comma-separated provider list can yield false positives (e.g., partial class-name matches). Consider parsing the list as comma-separated tokens (trimmed) and checking for exact equality before prepending.
| private static final Logger LOG = LoggerFactory.getLogger(COSSecurityTokenReceiver.class); | ||
|
|
||
| static volatile COSCredentials credentials; | ||
| static volatile Map<String, String> additionInfos; |
There was a problem hiding this comment.
The field name additionInfos is awkward/unclear; additionalInfos (or additionalInfo if singular) is more standard and improves readability throughout this class.
| // then, set addition info | ||
| if (additionInfos == null) { |
There was a problem hiding this comment.
The field name additionInfos is awkward/unclear; additionalInfos (or additionalInfo if singular) is more standard and improves readability throughout this class.
| // if addition info is null, it also means we have not received any token, | ||
| throw new RuntimeException("Credentials is not ready."); | ||
| } else { | ||
| for (Map.Entry<String, String> entry : additionInfos.entrySet()) { |
There was a problem hiding this comment.
The field name additionInfos is awkward/unclear; additionalInfos (or additionalInfo if singular) is more standard and improves readability throughout this class.
| <plugin> | ||
| <groupId>org.apache.maven.plugins</groupId> | ||
| <artifactId>maven-jar-plugin</artifactId> | ||
| <executions> | ||
| <execution> | ||
| <goals> | ||
| <goal>jar</goal> | ||
| </goals> | ||
| </execution> | ||
| </executions> | ||
| <configuration> | ||
| <archive> | ||
| <manifestEntries> | ||
| <!-- jaxb-api is packaged as an optional dependency that is only accessible on Java 11 --> | ||
| <Multi-Release>true</Multi-Release> | ||
| </manifestEntries> | ||
| </archive> | ||
| </configuration> | ||
| </plugin> |
There was a problem hiding this comment.
The same maven-jar-plugin is declared twice. This is easy to misread and can lead to configuration being overridden unexpectedly depending on Maven’s model merging. Consider merging the jar and test-jar executions into a single maven-jar-plugin declaration so the Multi-Release manifest configuration applies consistently.
| <plugin> | ||
| <groupId>org.apache.maven.plugins</groupId> | ||
| <artifactId>maven-jar-plugin</artifactId> | ||
| <executions> | ||
| <execution> | ||
| <goals> | ||
| <goal>test-jar</goal> | ||
| </goals> | ||
| </execution> | ||
| </executions> | ||
| </plugin> |
There was a problem hiding this comment.
The same maven-jar-plugin is declared twice. This is easy to misread and can lead to configuration being overridden unexpectedly depending on Maven’s model merging. Consider merging the jar and test-jar executions into a single maven-jar-plugin declaration so the Multi-Release manifest configuration applies consistently.
XuQianJin-Stars
force-pushed
the
feature/cos-filesystem-integration
branch
from
e95fbb6 to
e1086d1
Compare
|
hi @wuchong @leekeiabstraction @luoyuxia Hi, i already updated the pr. Please help review when you got some time. |
leekeiabstraction
left a comment
leekeiabstraction
left a comment
There was a problem hiding this comment.
TY for the PR. Left some comments.
| </dependency> | ||
|
|
||
| <dependency> | ||
| <groupId>org.apache.fluss</groupId> |
There was a problem hiding this comment.
Should this be in test scope?
There was a problem hiding this comment.
Should this be in test scope?
The test scope for fluss-test-utils is already defined in the parent pom's dependencyManagement section (line 336 in root pom.xml), so child modules inherit it automatically without needing to declare test explicitly. This is consistent with how other filesystem modules (oss, s3, gs, azure, obs, hdfs) declare this dependency.
| /** A provider to provide Tencent Cloud COS security token. */ | ||
| public class COSSecurityTokenProvider { | ||
|
|
||
| private static final String SECRET_ID = "fs.cosn.userinfo.secretId"; |
There was a problem hiding this comment.
This string constant seems to be declared in a few classes. Consider sharing single pub static final?
| * An implementation of the {@link FileSystemBehaviorTestSuite} for the COS file system with Hadoop | ||
| * cos sdk. | ||
| */ | ||
| class COSFileSystemBehaviorITCase extends FileSystemBehaviorTestSuite { |
There was a problem hiding this comment.
Was the IT test run successful with creds set? Would be good to indicate in pr description
There was a problem hiding this comment.
Was the IT test run successful with creds set? Would be good to indicate in pr description
Yes, the IT tests have been run successfully with COS credentials configured.
leekeiabstraction
left a comment
leekeiabstraction
left a comment
There was a problem hiding this comment.
Looks consistent to other filesystem support. Left comments on unrelated changes being included in this PR (looks like it crept back in), can approve once this is addresed.
I think we should have someone else who has access to COS to test this as well as I do not have access to COS to manually test. cc @luoyuxia
| | `client.lookup.max-retries` | `2147483647` | Integer | Setting a value greater than zero will cause the client to resend any lookup request that fails with a potentially transient error. | | ||
| | `client.scanner.remote-log.prefetch-num` | `4` | Integer | The number of remote log segments to keep in local temp file for LogScanner, which download from remote storage. The default setting is 4. | | ||
| | `client.scanner.io.tmpdir` | `/var/folders/bp/v2l48kz51mx86d743qv0zhzh0000gn/T//fluss` | String | Local directory that is used by client for storing the data files (like kv snapshot, log segment files) to read temporarily | | ||
| | `client.scanner.io.tmpdir` | `/var/folders/7r/lwdsh9ms4gn0fnxs8c6fcfpm0000gn/T//fluss` | String | Local directory that is used by client for storing the data files (like kv snapshot, log segment files) to read temporarily | |
There was a problem hiding this comment.
Looks like unrelated changes crept back into this file
| | `remote.data.dir` | `none` | String | The directory used for storing the kv snapshot data files and remote log for log tiered storage in a Fluss supported filesystem. When upgrading to `remote.data.dirs`, please ensure this value is placed as the first entry in the new configuration.For new clusters, it is recommended to use `remote.data.dirs` instead. If `remote.data.dirs` is configured, this value will be ignored. | | ||
| | `remote.data.dirs` | `[]` | ArrayList | A comma-separated list of directories in Fluss supported filesystems for storing the kv snapshot data files and remote log files of tables/partitions. If configured, when a new table or a new partition is created, one of the directories from this list will be selected according to the strategy specified by `remote.data.dirs.strategy` (`ROUND_ROBIN` by default). If not configured, the system uses `remote.data.dir` as the sole remote data directory for all data. | | ||
| | `remote.data.dirs.strategy` | `ROUND_ROBIN` | RemoteDataDirStrategy | The strategy for selecting the remote data directory from `remote.data.dirs`. The candidate strategies are: [ROUND_ROBIN, WEIGHTED_ROUND_ROBIN], the default strategy is ROUND_ROBIN. ROUND_ROBIN: this strategy employs a round-robin approach to select one from the available remote directories. WEIGHTED_ROUND_ROBIN: this strategy selects one of the available remote directories based on the weights configured in `remote.data.dirs.weights`. | | ||
| | `remote.data.dirs.weights` | `[]` | ArrayList | The weights of the remote data directories. This is a list of weights corresponding to the `remote.data.dirs` in the same order. When `remote.data.dirs.strategy` is set to `WEIGHTED_ROUND_ROBIN`, this must be configured, and its size must be equal to `remote.data.dirs`; otherwise, it will be ignored. | |
| | `remote.data.dirs.weights` | `[]` | ArrayList | The weights of the remote data directories. This is a list of weights corresponding to the `remote.data.dirs` in the same order. When `remote.data.dirs.strategy` is set to `WEIGHTED_ROUND_ROBIN`, this must be configured, and its size must be equal to `remote.data.dirs`; otherwise, it will be ignored. | | ||
| | `remote.fs.write-buffer-size` | `4 kb` | MemorySize | The default size of the write buffer for writing the local files to remote file systems. | | ||
| | `remote.log.task-interval-duration` | `1 min` | Duration | Interval at which remote log manager runs the scheduled tasks like copy segments, clean up remote log segments, delete local log segments etc. If the value is set to 0, it means that the remote log storage is disabled. | | ||
| | `remote.log.task-max-upload-segments` | `5` | Integer | The maximum number of log segments to upload to remote storage per tiering task execution. This limits the upload batch size to prevent overwhelming the remote storage when there is a large backlog of segments to upload. | |
| | `table.auto-partition.key` | `none` | String | This configuration defines the time-based partition key to be used for auto-partitioning when a table is partitioned with multiple keys. Auto-partitioning utilizes a time-based partition key to handle partitions automatically, including creating new ones and removing outdated ones, by comparing the time value of the partition with the current system time. In the case of a table using multiple partition keys (such as a composite partitioning strategy), this feature determines which key should serve as the primary time dimension for making auto-partitioning decisions.And If the table has only one partition key, this config is not necessary. Otherwise, it must be specified. | | ||
| | `table.auto-partition.time-unit` | `DAY` | AutoPartitionTimeUnit | The time granularity for auto created partitions. The default value is `DAY`. Valid values are `HOUR`, `DAY`, `MONTH`, `QUARTER`, `YEAR`. If the value is `HOUR`, the partition format for auto created is yyyyMMddHH. If the value is `DAY`, the partition format for auto created is yyyyMMdd. If the value is `MONTH`, the partition format for auto created is yyyyMM. If the value is `QUARTER`, the partition format for auto created is yyyyQ. If the value is `YEAR`, the partition format for auto created is yyyy. | | ||
| | `table.auto-partition.time-zone` | `Europe/Paris` | String | The time zone for auto partitions, which is by default the same as the system time zone. | | ||
| | `table.auto-partition.time-zone` | `Asia/Shanghai` | String | The time zone for auto partitions, which is by default the same as the system time zone. | |
XuQianJin-Stars
force-pushed
the
feature/cos-filesystem-integration
branch
from
f3902d1 to
147fa96
Compare
hi @leekeiabstraction @luoyuxia Thanks for the review! I've tested the COS filesystem support with a real COS bucket (region: ap-guangzhou). Here are the test details: Test classes executed:
Both classes inherit from
Result: All 38 tests passed ✅ (19 × 2 test classes, 0 failures, 0 errors) |
XuQianJin-Stars
force-pushed
the
feature/cos-filesystem-integration
branch
from
dd8858e to
4eab96a
Compare
|
hi @leekeiabstraction @luoyuxia Hi, i already updated the pr. Please help review when you got some time. |
leekeiabstraction
left a comment
leekeiabstraction
left a comment
There was a problem hiding this comment.
TY for addressing PR comments. Left a couple more questions
| public static final String SECRET_KEY = "fs.cosn.userinfo.secretKey"; | ||
| public static final String CREDENTIALS_PROVIDER = "fs.cosn.credentials.provider"; | ||
|
|
||
| public static final String ENDPOINT_KEY = "fs.cosn.bucket.endpoint_suffix"; |
There was a problem hiding this comment.
Just noticed that this is different to what's in the PR description fs.cosn.endpoint. Which is the configuration that we are exposing? fs.cosn.endpoint or fs.cosn.bucket.endpoint_suffix?
| public static final String SECRET_ID = "fs.cosn.userinfo.secretId"; | ||
| public static final String SECRET_KEY = "fs.cosn.userinfo.secretKey"; | ||
| public static final String CREDENTIALS_PROVIDER = "fs.cosn.credentials.provider"; |
There was a problem hiding this comment.
Seems like region is a required property, but we are not defining it here?
Ref: https://hadoop.apache.org/docs/stable/hadoop-cos/cloud-storage/index.html
fs.cosn.userinfo.region is an required property for Hadoop-COS. The reason is that Hadoop-COS must know the region of the using bucket in order to accurately construct a URL to access it.
|
|
||
| public ObtainedSecurityToken obtainSecurityToken(String scheme) { | ||
| // For COS, we directly use the configured secret id and secret key as the token. | ||
| // If STS temporary credentials are needed in the future, this can be extended |
There was a problem hiding this comment.
I think we need to update PR description to be consistent with behaviour here
COSSecurityTokenProvider: Generates temporary security tokens using Tencent Cloud STS (Security Token Service) based on existing secretId/secretKey configuration.
Please also create issue to track implementation of using STS to generate token/
Actually, why not implement as part of this PR? I'd like to understand the reasoning.
Thanks for the review! I've addressed all three previous comments in the latest push:
Also updated the |
XuQianJin-Stars
force-pushed
the
feature/cos-filesystem-integration
branch
from
3fee0c6 to
872cb9f
Compare
leekeiabstraction
left a comment
leekeiabstraction
left a comment
There was a problem hiding this comment.
TY for the updates. Added further comments.
| // set credential provider | ||
| if (hadoopConfig.get(SECRET_ID) == null) { | ||
| String credentialsProvider = hadoopConfig.get(CREDENTIALS_PROVIDER); | ||
| if (credentialsProvider != null) { |
There was a problem hiding this comment.
Do we need to have IT for this branch?
There was a problem hiding this comment.
Do we need to have IT for this branch?
Good catch — I've added COSWithCredentialsProviderFileSystemBehaviorITCase in the latest commit to cover this CREDENTIALS_PROVIDER branch.
It reuses org.apache.hadoop.fs.cosn.auth.EnvironmentVariableCredentialsProvider shipped with hadoop-cos, which reads COSN_SECRET_ID / COSN_SECRET_KEY from the environment — exactly the same variables already required by COSTestCredentials. So no extra CI configuration is needed: whenever the existing COS ITs are enabled, this new one runs too. PTAL.
| <dependency> | ||
| <groupId>org.apache.hadoop</groupId> | ||
| <artifactId>hadoop-cos</artifactId> | ||
| <version>${fs.cosn.sdk.version}</version> |
There was a problem hiding this comment.
This could be better named as hadoop cos version. It is not the sdk version.
| private static final String FEDERATION_TOKEN_NAME = "fluss-cos-federation"; | ||
|
|
||
| /** Default duration seconds for temporary credentials, 1800s = 30min. */ | ||
| private static final long DEFAULT_DURATION_SECONDS = 1800L; |
There was a problem hiding this comment.
Curious on why picking lower default than other implementation like OSS/OBS
XuQianJin-Stars
force-pushed
the
feature/cos-filesystem-integration
branch
from
09a902b to
ab2f9ef
Compare
leekeiabstraction
left a comment
leekeiabstraction
left a comment
There was a problem hiding this comment.
TY for addressing comments. Left one more question on one of the test case. Also, are the CI test failures related to changes within this PR?
|
|
||
| /** Access to credentials to access COS buckets during integration tests. */ | ||
| public class COSTestCredentials { | ||
| @Nullable private static final String ENDPOINT = System.getenv("COSN_ENDPOINT"); |
There was a problem hiding this comment.
Should this be endpoint suffix?
|
@leekeiabstraction Hi lee, I have tested this manually. |
|
Thanks for adding COS support. I reviewed the implementation and found a few issues that should be addressed before merge.
"action": ["name/cos:*"],
"resource": ["*"]That means the temporary credentials distributed to Fluss clients can access any COS resource allowed by the permanent server-side secret. This is broader than the Fluss remote storage path and could expose non-Fluss data if the permanent credential has wide permissions. Can we scope the token policy to the configured
That makes the actual runtime COS SDK version depend on shade ordering and can produce subtle incompatibilities. Please keep only one COS SDK variant, for example by excluding
The docs show: fs.cosn.credentials.provider: org.apache.hadoop.fs.cosn.auth.EnvironmentVariableCredentialProviderbut the actual hadoop-cos class is
The docs say the temporary credential is valid for 30 minutes, but
Validation I ran: ./mvnw -pl fluss-filesystems/fluss-fs-cos -am -DskipTests compile
./mvnw -pl fluss-filesystems/fluss-fs-cos -am -DskipTests test-compile
./mvnw -pl fluss-filesystems/fluss-fs-cos -am -DskipTests package
git diff --checkThe Maven commands passed; |
Thanks for the thorough review! The PR has been updated in
|
This adds a new fluss-fs-cos module that integrates Tencent Cloud COS (Cloud Object Storage) as a remote filesystem for Fluss. Key changes: - Add fluss-fs-cos module with hadoop-cos and cos_api dependencies - Implement COSFileSystem extending HadoopFileSystem (scheme: cosn) - Implement COSFileSystemPlugin as FileSystemPlugin SPI - Add security token support (COSSecurityTokenProvider/Receiver) - Add DynamicTemporaryCOSCredentialsProvider for temporary credentials - Add integration tests for COS filesystem behavior - Register module in fluss-filesystems parent pom
…ials doc, and address review comments
- Rename Maven property fs.cosn.sdk.version to fs.hadoop.cos.version to accurately reflect that it is the hadoop-cos version rather than the Tencent Cloud COS SDK version. - Align COSSecurityTokenProvider default token duration with OSS/OBS (30min -> 1h). - Add COSWithCredentialsProviderFileSystemBehaviorITCase to cover the CREDENTIALS_PROVIDER branch in COSFileSystemPlugin, reusing hadoop-cos's EnvironmentVariableCredentialsProvider.
…S SDK, fix docs 1. STS tokens scoped to remote.data.dir bucket: COSSecurityTokenProvider now derives a default policy that limits name/cos:* to the bucket (and prefix) parsed from fsUri. Users can override via fs.cosn.security.token.policy. 2. Drop duplicate COS SDK: exclude com.qcloud:cos_api-bundle from hadoop-cos so only the directly declared cos_api remains on the classpath, eliminating 902 overlapping com.qcloud.cos.* classes during shade. NOTICE updated accordingly. 3. Docs: use the correct hadoop-cos provider class EnvironmentVariableCredentialsProvider and the correct env vars COSN_SECRET_ID / COSN_SECRET_KEY. 4. Docs: align temporary credential lifetime with the code (1 hour, matches DEFAULT_DURATION_SECONDS=3600L). 5. Docs: remove trailing whitespace in website/docs/maintenance/filesystems/cos.md.
XuQianJin-Stars
force-pushed
the
feature/cos-filesystem-integration
branch
from
80c5435 to
765310f
Compare
Purpose
Linked issue: close #2686
This PR adds support for Tencent Cloud Object Storage (COS) as a remote filesystem for Fluss. COS is one of the most widely used cloud storage services in China and this integration enables users to store Fluss remote data on COS, similar to the existing OSS, OBS, S3, and GCS filesystem integrations.
Brief change log
fluss-fs-cos/pom.xml: Add module configuration with dependencies onhadoop-cos(3.3.5),cos_api(5.6.139), andfluss-fs-hadoopfor Hadoop filesystem abstraction.COSFileSystem: ExtendsHadoopFileSystemto wrap Hadoop'sCosNFileSystem, with lazy-initialized security token provider support for obtaining temporary credentials.COSFileSystemPlugin: ImplementsFileSystemPluginSPI for thecosnscheme. Handles Hadoop configuration translation from Fluss config (prefixfs.cosn.*), supports three credential modes: static secret key, custom credentials provider, and dynamic security token viaCOSSecurityTokenReceiver.COSSecurityTokenProvider: Generates temporary security tokens using Tencent Cloud STS (Security Token Service) based on existingsecretId/secretKeyconfiguration.COSSecurityTokenReceiver: ImplementsSecurityTokenReceiverSPI to receive and apply security tokens, configuringDynamicTemporaryCOSCredentialsProvideras the Hadoop credentials provider.DynamicTemporaryCOSCredentialsProvider: Implements COS SDK'sCOSCredentialsProviderinterface, providingBasicSessionCredentialsfrom tokens received viaCOSSecurityTokenReceiver.fluss-filesystems/pom.xml: Registerfluss-fs-cosas a sub-module.Tests
COSFileSystemBehaviorITCase: Integration test for basic COS filesystem behavior (create, read, write, delete) using static credentials (secretId/secretKey).COSWithTokenFileSystemBehaviorITCase: Integration test for COS filesystem behavior using dynamic security tokens obtained via STS.COSWithTokenFileSystemBehaviorBaseITCase: Base class for token-based filesystem tests, handling filesystem initialization with both static credentials and security tokens.COSTestCredentials: Test utility that reads COS credentials and endpoint from environment variables (COSN_SECRET_ID,COSN_SECRET_KEY,COSN_ENDPOINT,COSN_BUCKET).API and Format
No existing API or storage format changes. This PR only adds a new filesystem plugin that registers via SPI (
META-INF/services/org.apache.fluss.fs.FileSystemPlugin).New configuration keys introduced (all following standard Hadoop COS conventions):
fs.cosn.endpoint— COS region endpoint (e.g.,ap-guangzhou)fs.cosn.userinfo.secretId— Tencent Cloud secret IDfs.cosn.userinfo.secretKey— Tencent Cloud secret keyfs.cosn.credentials.provider— Custom credentials provider classDocumentation
This PR introduces a new feature. Documentation for COS filesystem configuration should be added to the Fluss documentation site in a follow-up. Usage example: