#150: Added S3 intermediate storage layer (#152)

Co-authored-by: Christoph Pirkl <[email protected]>

.project-keeper.yml

@@ -12,6 +12,7 @@ excludes:
   - "E-PK-CORE-18: Outdated content: '.github/workflows/release_droid_print_quick_checksum.yml'"
   - "E-PK-CORE-18: Outdated content: '.github/workflows/release_droid_upload_github_release_assets.yml'"
   - "E-PK-CORE-18: Outdated content: '.github/workflows/release_droid_release_on_maven_central.yml'"
+  - "E-PK-CORE-18: Outdated content: '.settings/org.eclipse.jdt.core.prefs'"
 linkReplacements:
   - https://netty.io/netty-all/|https://netty.io/index.html
   - http://nexus.sonatype.org/oss-repository-hosting.html/scalatest-maven-plugin|https://www.scalatest.org/user_guide/using_the_scalatest_maven_plugin

.settings/org.eclipse.jdt.core.prefs

@@ -10,9 +10,9 @@ org.eclipse.jdt.core.compiler.annotation.nullable.secondary=
 org.eclipse.jdt.core.compiler.annotation.nullanalysis=disabled
 org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
 org.eclipse.jdt.core.compiler.codegen.methodParameters=do not generate
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=11
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
 org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve
-org.eclipse.jdt.core.compiler.compliance=11
+org.eclipse.jdt.core.compiler.compliance=1.8
 org.eclipse.jdt.core.compiler.debug.lineNumber=generate
 org.eclipse.jdt.core.compiler.debug.localVariable=generate
 org.eclipse.jdt.core.compiler.debug.sourceFile=generate
@@ -113,7 +113,7 @@ org.eclipse.jdt.core.compiler.problem.unusedWarningToken=warning
 org.eclipse.jdt.core.compiler.problem.varargsArgumentNeedCast=warning
 org.eclipse.jdt.core.compiler.processAnnotations=enabled
 org.eclipse.jdt.core.compiler.release=disabled
-org.eclipse.jdt.core.compiler.source=11
+org.eclipse.jdt.core.compiler.source=1.8
 org.eclipse.jdt.core.formatter.align_assignment_statements_on_columns=false
 org.eclipse.jdt.core.formatter.align_fields_grouping_blank_lines=2147483647
 org.eclipse.jdt.core.formatter.align_type_members_on_columns=false

doc/changes/changes_1.2.2.md

@@ -4,7 +4,7 @@ Code name: Fix vulnerabilities in dependencies
 
 ## Summary
 
-This release fixes [sonatype-2022-5401](https://ossindex.sonatype.org/vulnerability/sonatype-2022-5401) in reload4j.
+This release fixes `sonatype-2022-5401` in reload4j.
 
 ## Features
 

doc/changes/changes_1.5.0.md

@@ -0,0 +1,26 @@
+# The Spark Exasol Connector 1.5.0, released 2023-??-??
+
+Code name:
+
+## Summary
+
+## Features
+
+* #150: Added S3 intermediate storage layer
+
+## Dependency Updates
+
+### Compile Dependency Updates
+
+* Added `com.exasol:spark-connector-common-java:1.0.0`
+
+### Test Dependency Updates
+
+* Added `com.amazonaws:aws-java-sdk-s3:1.12.429`
+* Added `nl.jqno.equalsverifier:equalsverifier:3.14.1`
+* Added `org.junit.jupiter:junit-jupiter-api:5.9.2`
+* Added `org.junit.jupiter:junit-jupiter:5.9.2`
+* Updated `org.mockito:mockito-core:5.3.0` to `5.2.0`
+* Added `org.mockito:mockito-junit-jupiter:5.2.0`
+* Added `org.testcontainers:junit-jupiter:1.17.6`
+* Added `org.testcontainers:localstack:1.17.6`

error_code_config.yml

@@ -2,4 +2,4 @@ error-tags:
   SEC:
     packages:
       - com.exasol.spark
-    highest-index: 11
+    highest-index: 21

pom.xml

@@ -2,19 +2,21 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
     <artifactId>spark-connector</artifactId>
-    <version>1.4.0</version>
+    <version>1.5.0</version>
     <name>The Spark Exasol Connector</name>
     <description>A connector for Apache Spark to access Exasol</description>
     <url>https://github.com/exasol/spark-connector/</url>
     <parent>
         <artifactId>spark-connector-generated-parent</artifactId>
         <groupId>com.exasol</groupId>
-        <version>1.4.0</version>
+        <version>1.5.0</version>
         <relativePath>pk_generated_parent.pom</relativePath>
     </parent>
     <properties>
-        <java.version>1.8</java.version>
+        <java.version>8</java.version>
         <log4j.version>2.20.0</log4j.version>
+        <junit.version>5.9.2</junit.version>
+        <mockito.version>5.2.0</mockito.version>
         <!-- These lines are required for Sonar to find sources and to report coverage -->
         <sonar.sources>.</sonar.sources>
         <sonar.inclusions>src/main/**</sonar.inclusions>
@@ -50,6 +52,11 @@
             <artifactId>error-reporting-java8</artifactId>
             <version>1.0.1</version>
         </dependency>
+        <dependency>
+            <groupId>com.exasol</groupId>
+            <artifactId>spark-connector-common-java</artifactId>
+            <version>1.0.0</version>
+        </dependency>
         <dependency>
             <groupId>org.apache.spark</groupId>
             <artifactId>spark-core_${scala.compat.version}</artifactId>
@@ -149,11 +156,6 @@
                     <groupId>org.glassfish.jersey.core</groupId>
                     <artifactId>jersey-server</artifactId>
                 </exclusion>
-                <!-- excluded to fix vulnerability for profile spark3.1 -->
-                <exclusion>
-                    <groupId>org.apache.avro</groupId>
-                    <artifactId>avro-mapred</artifactId>
-                </exclusion>
                 <!-- exluded to fix CVEs: CVE-2022-37865 and CVE-2022-37866 -->
                 <exclusion>
                     <groupId>org.apache.ivy</groupId>
@@ -259,6 +261,14 @@
                     <groupId>org.eclipse.jetty</groupId>
                     <artifactId>jetty-server</artifactId>
                 </exclusion>
+                <!--
+                    Excluded because of: [CVE-2023-26048] CWE-770: Allocation of Resources Without Limits or Throttling (5.3);
+                    https://ossindex.sonatype.org/vulnerability/CVE-2023-26048
+                -->
+                <exclusion>
+                    <groupId>org.eclipse.jetty</groupId>
+                    <artifactId>jetty-util</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency>
@@ -300,6 +310,11 @@
                     <groupId>org.eclipse.jetty</groupId>
                     <artifactId>jetty-client</artifactId>
                 </exclusion>
+                <!-- excluded to fix vulnerabilities CVE-2023-26048 -->
+                <exclusion>
+                    <groupId>org.eclipse.jetty</groupId>
+                    <artifactId>jetty-util</artifactId>
+                </exclusion>
                 <!-- excluded to fix vulnerabilities CVE-2021-0341 and sonatype-2018-0035 -->
                 <exclusion>
                     <groupId>com.squareup.okhttp</groupId>
@@ -324,6 +339,17 @@
                 </exclusion>
             </exclusions>
         </dependency>
+        <!-- Dependencies that are forced higher to fix vulnerabilities -->
+        <dependency>
+            <groupId>com.google.protobuf</groupId>
+            <artifactId>protobuf-java</artifactId>
+            <version>3.22.3</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-text</artifactId>
+            <version>1.10.0</version>
+        </dependency>
         <dependency>
             <groupId>com.fasterxml.woodstox</groupId>
             <artifactId>woodstox-core</artifactId>
@@ -345,7 +371,25 @@
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
-            <version>5.3.0</version>
+            <version>${mockito.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-junit-jupiter</artifactId>
+            <version>${mockito.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter</artifactId>
+            <version>${junit.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-api</artifactId>
+            <version>${junit.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -384,16 +428,33 @@
             <version>6.5.2</version>
             <scope>test</scope>
         </dependency>
-        <!-- Dependencies that are forced higher to fix vulnerabilities -->
         <dependency>
-            <groupId>com.google.protobuf</groupId>
-            <artifactId>protobuf-java</artifactId>
-            <version>3.22.3</version>
+            <groupId>org.testcontainers</groupId>
+            <artifactId>localstack</artifactId>
+            <version>1.17.6</version>
+            <scope>test</scope>
         </dependency>
+        <!--
+            Issue with Localstack S3
+            https://stackoverflow.com/questions/64017812/junit-awscredentials-noclassdeffounderror-with-localstackcontainer
+        -->
         <dependency>
-            <groupId>org.apache.commons</groupId>
-            <artifactId>commons-text</artifactId>
-            <version>1.10.0</version>
+            <groupId>com.amazonaws</groupId>
+            <artifactId>aws-java-sdk-s3</artifactId>
+            <version>1.12.429</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.testcontainers</groupId>
+            <artifactId>junit-jupiter</artifactId>
+            <version>1.17.6</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>nl.jqno.equalsverifier</groupId>
+            <artifactId>equalsverifier</artifactId>
+            <version>3.14.1</version>
+            <scope>test</scope>
         </dependency>
     </dependencies>
     <build>
@@ -472,19 +533,17 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.11.0</version>
                 <configuration>
                     <source>${java.version}</source>
                     <target>${java.version}</target>
                 </configuration>
-                <executions>
-                    <execution>
-                        <phase>compile</phase>
-                        <goals>
-                            <goal>compile</goal>
-                        </goals>
-                    </execution>
-                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-javadoc-plugin</artifactId>
+                <configuration>
+                    <source>${java.version}</source>
+                </configuration>
             </plugin>
             <plugin>
                 <groupId>org.scalatest</groupId>
@@ -589,7 +648,7 @@
                         <!-- io.netty:netty-handler:jar:4.1.91.Final is provided by arrow-vector ... spark-catalyst ... spark-core. Currently no update available. As potential attackers cannot manipulate the URL, the developers decided to accept the risk for now. -->
                         <exclude>sonatype-2020-0026</exclude>
                         <!-- com.google.guava:guava:jar:31.1-jre: Currently no update available. Risk does not apply, as potential attackers cannot access the temp directory. -->
-                        <exclude>sonatype-2020-0926</exclude>
+                        <exclude>CVE-2020-8908</exclude>
                         <!-- org.apache.spark:spark-core_2.12:jar:3.3.2: CWE-269: Improper Privilege Management (6.4); https://ossindex.sonatype.org/vulnerability/CVE-2023-22946 -->
                         <!-- This from the spark-code_2.12 version, which we release using profiles below. -->
                         <exclude>CVE-2023-22946</exclude>

src/main/java/com/exasol/spark/s3/Constants.java

@@ -0,0 +1,27 @@
+package com.exasol.spark.s3;
+
+/**
+ * A class that contains common constant variables.
+ */
+public final class Constants {
+
+    /** Parameter name for Exasol table. */
+    public static final String TABLE = "TABLE";
+    /** Parameter name for Exasol query. */
+    public static final String QUERY = "QUERY";
+    /** Parameter name for Exasol database connection JDBC URL. */
+    public static final String JDBC_URL = "JDBC_URL";
+    /** Parameter name for Exasol database username. */
+    public static final String USERNAME = "USERNAME";
+    /** Parameter name for Exasol database password. */
+    public static final String PASSWORD = "PASSWORD";
+    /** Parameter name for setting number of Spark job partitions. */
+    public static final String NUMBER_OF_PARTITIONS = "numPartitions";
+    /** Default number of partitions for Spark job. */
+    public static final int DEFAULT_NUMBER_OF_PARTITIONS = 8;
+
+    private Constants() {
+        // prevent instantiation
+    }
+
+}

src/main/java/com/exasol/spark/s3/ExasolConnectionException.java

@@ -0,0 +1,27 @@
+package com.exasol.spark.s3;
+
+/**
+ * An exception for Exasol JDCB connection issues.
+ */
+public class ExasolConnectionException extends RuntimeException {
+    private static final long serialVersionUID = 2818034094289319833L;
+
+    /**
+     * Creates an instance of a {@link ExasolConnectionException}.
+     *
+     * @param message error message
+     * @param cause   exception cause
+     */
+    public ExasolConnectionException(final String message, final Throwable cause) {
+        super(message, cause);
+    }
+
+    /**
+     * Creates an instance of a {@link ExasolConnectionException}.
+     *
+     * @param message error message
+     */
+    public ExasolConnectionException(final String message) {
+        super(message);
+    }
+}