Use isolated request contexts for task execution

[dimas-b]

• Avoid propagating request contexts into threads running background tasks.

• Use fresh request context for each task instead.

• Manually propagate realm context into a task from the request that submits the task.

• Update DefaultConfigurationStore to cross-check realm IDs in request context and explicit method parameters.

• Fix tests to set thread-local data to match CDI context data.

Next step: Simplify DefaultConfigurationStore API to remove contextual arguments and use CDI context instead.

[adnanhemani]

Hi @dimas-b - I'm also attempting to solve a related problem (#1765), but based on my understanding of Quarkus, I'm not understanding how this solves the problem we are seeing.

From what I got, you are adding the RealmContext object to a new PolarisRequestContext RequestScoped object. Does this inner RealmContext object not still expire at the end of the original request? Or is this working because you've added @ActivateRequestContext to the handleTask method in QuarkusTaskExecutorImpl - and refreshing the polarisRequestContext there? If so, is there any side-effects of doing so?

Additionally, does this fix all existing Tasks or do we need to make additional changes to ensure that all existing tasks start reading from polarisRequestContext?

Also, similar comment as @adutra on #1765 - is there any test that shows what's failing today and that this change fixes that?

[dimas-b]

@ActivateRequestContext in combination with .propagated(ThreadContext.NONE) (see it in diff) result in the creation of a new, independent request context for each (async) task.

PolarisRequestContext and all other @RequestScoped objects still expire at the end the request, but this "request" for task is the lifecycle of the QuarkusTaskExecutorImpl.handleTask() method call now.

PolarisRequestContext does not need to be accessed directly by tasks. In most cases relevant objects are injected by CDI.

[dimas-b]

is there any test that shows what's failing today and that this change fixes that?

Things are not broken today @gh-yzou fixed hard errors. The problem this PR addresses is the confusion between explicit method parameters and implicit context parameters.

[adutra]

Should we add a runtime check here to prevent returning null?

[gh-yzou]

+1,

[dimas-b]

Quarkus already makes a runtime exception if that is the case, but I'll add a check for a more friendly message.

[dimas-b]

checkState added

[adutra]

What is the motivation for this change?

[dimas-b]

the real change is moving CallContext.setCurrentContext(callContext) above, but GH formats it strangely 😅

CallContext.setCurrentContext must happen earlier to make sure "thread local" stuff is aligned with CDI context.

[dimas-b]

well, after rebasing these changes are not meaningful, indeed 🤷

[adutra]

Can you explain the rationale here? I thought we would be removing realmContextInstance completely. It's imho more elegant to receive the realm context as a method parameter than injecting an Instance<RealmContext> – especially since this bean is application-scoped, so receiving a realm context as a method parameter aligns more with the common idiom that we have everywhere in Polaris where an application-scoped bean exposes a method that takes a realm context and returns something for that realm (e.g. all the getOrCreateXYZ methods).

[gh-yzou]

yes, that will not be needed anymore.

[dimas-b]

My thinking goes in the other direction. I'd like to make DeafaultConfigurationStore a proper CDI bean getting realm ID from the request context. Ideally Instance<RealmContext> simply becomes RealmContext.

Eventually, I'd like to remove the RealmContext parameter.

I believe refactoring the code and internal interfaces to be free from RealmContext parameters in methods would be beneficial. Most of the code is written to operate within a realm. Managing various objects (e.g. meta store instances) for multiple realms feels like an infrastructure concern. WDYT?

[adutra]

Same: is this change required?

[dimas-b]

Just moving CallContext.setCurrentContext above the calls that rely on it -- to ensure CDI context has the same data and thread locals.

[dimas-b]

well, after rebasing these changes are not meaningful, indeed 🤷

[gh-yzou]

I don't fully understand how the propagation works, but will we be able to add some test to make sure the context is propagated correctly?

[dimas-b]

This is covered by existing tests that produce tasks.

It works like this:

1. Quarkus create a new request context when handleTask is called
2. The code below this like puts the RealmContext for the tasks into polarisRequestContext
3. The Quarkus proxy for polarisRequestContext redirects this "set" call to the instance in the current request context
4. When something needs a RealmContext during the execution of a task, Quarkus invokes QuarkusProducers.realmContext(PolarisRequestContext context) and gives it the same PolarisRequestContext instance that was used in step 3.

For HTTP requests step 1 is the start of the request at the REST API layer, in which case the RealmContext is derived from HTTP headers by a filter.

This whole workflow is very similar to how it worked before, but we use a custom "holder" object instead of ContainerRequestContext, which allows us to support non-HTTP requests (i.e. async tasks).

[dimas-b]

well, after rebasing test coverage is gone 🤷

[gh-yzou]

This is covered by existing tests that produce tasks.

Unfortunately I don't think we have such case running in our CI today, otherwise, it would have caught the problem when we do ConfigurationStore injection. The only case i know which triggers background task is purge, which was caught by an aws regression test, which can only run manually today.

I am trying to add a spark integration test here https://github.com/apache/polaris/pull/1825/files, but runs into following error when do drop with purge

2025-06-05 18:36:21,503 INFO  [org.apa.pol.ser.exc.IcebergExceptionMapper] [,POLARIS] [,,,] (executor-thread-1) Handling runtimeException Principal 'root' with activated PrincipalRoles '[]' and activated grants via '[service_admin, catalog_admin]' is not authorized for op DROP_TABLE_WITH_PURGE

i am wondering if you know how the catalogAPI privilege is setup with quarkus test?

[dimas-b]

It looks like it's using default privileges in this case. Related slack discussion: https://apache-polaris.slack.com/archives/C084XDM50CB/p1748381388095509

[dimas-b]

Re: test coverage : when my new code had checkState assertions, it caused CI failures in the tests I had to modify. Unfortunately, after rebasing request context stuff is no longer injected into the default config impl., so it cannot perform those checks 🤷 I'll address this if the community decides to go ahead with this PR.

[gh-yzou]

It looks like it's using default privileges in this case. Related slack discussion: https://apache-polaris.slack.com/archives/C084XDM50CB/p1748381388095509

Thanks! let me see if I can get this test work.

[gh-yzou]

with the propagation now, will we be able to remove the code here https://github.com/dimas-b/polaris/blob/main/polaris-service/src/main/java/org/apache/polaris/service/task/TaskExecutorImpl.java#L71

[dimas-b]

yes, good point. I'll do it later if people agree on the general approach in this PR.

[gh-yzou]

Actually, i think we probably need to propagate the whole callcontext, instead of just the realmContext, because the whole callContext is needed for the background executor, the realmContext is just what needed for getConfiguration, which is called during the task execution.

[dimas-b]

Eventually - yes. With the recent config changes this PR is no longer meaningful in isolation, but it shows how CDI can be done for tasks.

I also opened a bigger related proposal on the dev ML: https://lists.apache.org/thread/0cyrzft2oon28otxlmmhvd5671rd3r3d

[dimas-b]

So, after rebasing the new way of handling request context in tasks is indeed not very meaningful, because tasks no longer use request-scoped beans.

However, I'd like this PR to act as an illustration for the proposal of moving all RealmContext from explicit method parameters to object fields to be injected by CDI (or manually). This PR shows that it is possible. I'll open a dev ML thread on this.