[GLUTEN-8455][VL] Fallback Scan for Encrypted Parquet Files

[ArnavBalyan]

• Currently Scan is offloaded to Velox, however Velox does not support encrypted parquet files.
• This leads to a Velox side error and runtime failure. Added support to fallback in such cases.
• We attempt to read parquet footer for the root paths in scan operator, if decryption is detected, the scan fallsback
• This is behind a config and will not be enabled by default, users can enable scan fallback by passing spark.gluten.sql.fallbackEncryptedParquet true.

Fixes: #8455

[github-actions]

#8455

[github-actions]

Run Gluten Clickhouse CI on x86

[github-actions]

Run Gluten Clickhouse CI on x86

[github-actions]

Run Gluten Clickhouse CI on x86

[github-actions]

Run Gluten Clickhouse CI on x86

[Yohahaha]

LGTM! just one comments

[Yohahaha]

why use static conf?

[ArnavBalyan]

updated, this config changing at runtime is an unlikely event, kept removed static to allow any such usecases

[jackylee-ch]

The config name is a little wird to me. maybe parquetEncryptionValidationEnabled?

[ArnavBalyan]

Updated it

[jackylee-ch]

Is it a better way to check encrypted metadata than use the Exception?

[ArnavBalyan]

This is done to keep it backward compatible, spark 33 uses parquet 1.12, support is not there yet

[jackylee-ch]

Spark 3.5 uses parquet 1.13, and I found it defined in thrift. This could work for Spark 3.5?

[github-actions]

Run Gluten Clickhouse CI on x86

[ArnavBalyan]

Thanks for the review @Yohahaha addressed comments, could you please take a look

[FelixYBW]

CI fails. can you fix format?

[github-actions]

Run Gluten Clickhouse CI on x86

[Yohahaha]

[ERROR] /__w/incubator-gluten/incubator-gluten/backends-velox/src/main/scala/org/apache/gluten/backendsapi/velox/VeloxBackend.scala:196: error: value getConf is not a member of object org.apache.gluten.config.GlutenConfig
[ERROR]       val encryptionValidationEnabled = GlutenConfig.getConf.parquetEncryptionValidationEnabled
[ERROR]                                                      ^
[ERROR] one error found
[ERROR] exception compilation error occurred!!!

please rebase and fix conflict.

[github-actions]

Run Gluten Clickhouse CI on x86

[jackylee-ch]

@Yohahaha The way to check encrypted file haven't been confirmed, I'm afraid this is not work on Spark 3.5

[ArnavBalyan]

@Yohahaha The way to check encrypted file haven't been confirmed, I'm afraid this is not work on Spark 3.5

Hi @jackylee-ch, spark 3.5 uses parquet 1.13. After parquet 1.13, there is a new field added to check for encryption, which can provide if the file is encrypted. However if we try to read the encrypted file footer, it throws ParquetCryptoRuntimeException. Could you please elaborate on why it may not work on 3.5? Thanks

Alternatively, I was planning to shade parquet 1.14 and bring the shaded parquet as a packaged dependency in Gluten (to check the encryption), which will be a more elegant solution and work with multiple spark version. If there are no concerns with bringing in shaded parquet inside gluten, I'm happy to work on that implementation as well. I could not see such implementations inside Gluten so was a bit hesitant, althought parquet encryption seems to be a special case and could benefit from such a solution. Let me know what you think thanks!

[Yohahaha]

@Yohahaha The way to check encrypted file haven't been confirmed, I'm afraid this is not work on Spark 3.5

@jackylee-ch sorry, I missed your comments.

the check is disabled by default, it's safe to merge to main branch. if we verified it's not work in Spark 3.5, we can fix with a followup PR.

[Yohahaha]

@ArnavBalyan thanks for the update!

would you add UT in different spark shim module with a minimal encrypted parquet file?

we do not need package parquet deps in Gluten I think, just do verification in shim module.

[Yohahaha]

@jackylee-ch I'm ok if you want to revert this PR with Spark 3.5 compatibility concern.

[jackylee-ch]

Hi @jackylee-ch, spark 3.5 uses parquet 1.13. After parquet 1.13, there is a new field added to check for encryption, which can provide if the file is encrypted. However if we try to read the encrypted file footer, it throws ParquetCryptoRuntimeException. Could you please elaborate on why it may not work on 3.5? Thanks

@ArnavBalyan You mean that no matter which Spark version we use, we can get ParquetCryptoRuntimeException if I try to read the encrypted footer?

BTW what would happen if the footer is not encrypted but the column is encrypted?

[jackylee-ch]

@jackylee-ch I'm ok if you want to revert this PR with Spark 3.5 compatibility concern.

Current PR should work fine for Spark 3.2 and 3.3 for encrypted footer, not sure for other cases. If it doesn't support those cases, we need move ParquetMetadataUtils to shim layer and support other cases.

Since it is merged and not work by default, a followed PR is good for me.

[ArnavBalyan]

Hi @jackylee-ch, spark 3.5 uses parquet 1.13. After parquet 1.13, there is a new field added to check for encryption, which can provide if the file is encrypted. However if we try to read the encrypted file footer, it throws ParquetCryptoRuntimeException. Could you please elaborate on why it may not work on 3.5? Thanks

@ArnavBalyan You mean that no matter which Spark version we use, we can get ParquetCryptoRuntimeException if I try to read the encrypted footer?

BTW what would happen if the footer is not encrypted but the column is encrypted?

Sure let me add a follow up UT for 3.5, this feature is behind feature flag and verified for parquet 1.13. @jackylee-ch, it would depend how you are doing encryption in your setup. Typically the footer metadata will indicate encryption for newer versions of parquet.

we do not need package parquet deps in Gluten I think, just do verification in shim module.

@Yohahaha, if we want to keep it backward compatible for parquet 1.12, and not use exception, then we will need a newer parquet inside Gluten regardless of the spark version, in that case, the check can hold true if there are future parquet upgrades inside spark. Using the shim layer we can probably do validation but still will use exception checking for 1.12, I was wondering how feasible it would be to bring in shaded parquet to do this? Thanks

[jackylee-ch]

We can use different checker for different Spark version in shims, and for parquet 1.12, the exception is good to me if there is no other better idea.