Merge branch 'main' into write

Author: lmangani

.clang-format

@@ -0,0 +1,33 @@
+---
+BasedOnStyle: LLVM
+SortIncludes: false
+TabWidth: 4
+IndentWidth: 4
+ColumnLimit: 120
+AllowShortFunctionsOnASingleLine: false
+---
+UseTab: ForIndentation
+DerivePointerAlignment: false
+PointerAlignment: Right
+AlignConsecutiveMacros: true
+AlignTrailingComments: true
+AllowAllArgumentsOnNextLine: true
+AllowAllConstructorInitializersOnNextLine: true
+AllowAllParametersOfDeclarationOnNextLine: true
+AlignAfterOpenBracket: Align
+SpaceBeforeCpp11BracedList: true
+SpaceBeforeCtorInitializerColon: true
+SpaceBeforeInheritanceColon: true
+SpacesInAngles: false
+SpacesInCStyleCastParentheses: false
+SpacesInConditionalStatement: false
+AllowShortLambdasOnASingleLine: Inline
+AllowShortLoopsOnASingleLine: false
+AlwaysBreakTemplateDeclarations: Yes
+IncludeBlocks: Regroup
+Language: Cpp
+AccessModifierOffset: -4
+---
+Language: Java
+SpaceAfterCStyleCast: true
+---

.github/workflows/MainDistributionPipeline.yml

@@ -16,9 +16,9 @@ jobs:
     name: Build extension binaries
     uses: duckdb/extension-ci-tools/.github/workflows/_extension_distribution.yml@main
     with:
-      duckdb_version: main
-      ci_tools_version: main
       extension_name: httpfs
+      duckdb_version: v1.3.1
+      ci_tools_version: main
 
   duckdb-stable-deploy:
     name: Deploy extension binaries
@@ -27,6 +27,6 @@ jobs:
     secrets: inherit
     with:
       extension_name: httpfs
-      duckdb_version: main
+      duckdb_version: v1.3.1
       ci_tools_version: main
       deploy_latest: ${{ startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' }}

.github/workflows/MinioTests.yml

@@ -0,0 +1,66 @@
+name: Minio Tests
+on: [push, pull_request,repository_dispatch]
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || '' }}-${{ github.base_ref || '' }}-${{ github.ref != 'refs/heads/main' || github.sha }}
+  cancel-in-progress: true
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  minio-tests:
+    name: Minio Tests
+    runs-on: ubuntu-24.04
+    env:
+      S3_TEST_SERVER_AVAILABLE: 1
+      AWS_DEFAULT_REGION: eu-west-1
+      AWS_ACCESS_KEY_ID: minio_duckdb_user
+      AWS_SECRET_ACCESS_KEY: minio_duckdb_user_password
+      DUCKDB_S3_ENDPOINT: duckdb-minio.com:9000
+      DUCKDB_S3_USE_SSL: false
+      GEN: ninja
+      VCPKG_TARGET_TRIPLET: x64-linux
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          submodules: 'true'
+
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
+
+      - name: Install Ninja
+        shell: bash
+        run: sudo apt-get update -y -qq && sudo apt-get install -y -qq ninja-build
+
+      - name: Setup Ccache
+        uses: hendrikmuhs/ccache-action@main
+        with:
+          key: ${{ github.job }}
+          save: ${{ github.ref == 'refs/heads/main' || github.repository != 'duckdb/duckdb' }}
+
+      - name: Setup vcpkg
+        uses: lukka/run-vcpkg@v11.1
+        with:
+          vcpkgGitCommitId: 5e5d0e1cd7785623065e77eff011afdeec1a3574
+
+      - name: Build
+        shell: bash
+        run: make
+
+      - name: Start S3/HTTP test server
+        shell: bash
+        run: |
+          cd duckdb
+          mkdir data/attach_test
+          touch data/attach_test/attach.db
+          sudo ./scripts/install_s3_test_server.sh
+          source ./scripts/run_s3_test_server.sh
+          sleep 30
+
+      - name: Test
+        shell: bash
+        run: |
+          make test

CMakeLists.txt

@@ -6,13 +6,15 @@ project(HTTPFsExtension)
 
 add_extension_definitions()
 
-include_directories(extension/httpfs/include ${DUCKDB_MODULE_BASE_DIR}/third_party/httplib)
+include_directories(extension/httpfs/include
+                    ${DUCKDB_MODULE_BASE_DIR}/third_party/httplib)
 
 build_static_extension(
   httpfs
   extension/httpfs/hffs.cpp
   extension/httpfs/s3fs.cpp
   extension/httpfs/httpfs.cpp
+  extension/httpfs/httpfs_client.cpp
   extension/httpfs/http_state.cpp
   extension/httpfs/crypto.cpp
   extension/httpfs/create_secret_functions.cpp
@@ -22,10 +24,10 @@ set(PARAMETERS "-warnings")
 build_loadable_extension(
   httpfs
   ${PARAMETERS}
-  extension/httpfs/httpfs
   extension/httpfs/hffs.cpp
   extension/httpfs/s3fs.cpp
   extension/httpfs/httpfs.cpp
+  extension/httpfs/httpfs_client.cpp
   extension/httpfs/http_state.cpp
   extension/httpfs/crypto.cpp
   extension/httpfs/create_secret_functions.cpp
@@ -38,16 +40,17 @@ endif()
 find_package(OpenSSL REQUIRED)
 include_directories(${OPENSSL_INCLUDE_DIR})
 if(EMSCRIPTEN)
-else()
-target_link_libraries(httpfs_loadable_extension duckdb_mbedtls
-                      ${OPENSSL_LIBRARIES})
-target_link_libraries(httpfs_extension duckdb_mbedtls ${OPENSSL_LIBRARIES})
 
-if(MINGW)
-  find_package(ZLIB)
-  target_link_libraries(httpfs_loadable_extension ZLIB::ZLIB -lcrypt32)
-  target_link_libraries(httpfs_extension ZLIB::ZLIB -lcrypt32)
-endif()
+else()
+  target_link_libraries(httpfs_loadable_extension duckdb_mbedtls
+                        ${OPENSSL_LIBRARIES})
+  target_link_libraries(httpfs_extension duckdb_mbedtls ${OPENSSL_LIBRARIES})
+
+  if(MINGW)
+    find_package(ZLIB)
+    target_link_libraries(httpfs_loadable_extension ZLIB::ZLIB -lcrypt32)
+    target_link_libraries(httpfs_extension ZLIB::ZLIB -lcrypt32)
+  endif()
 endif()
 
 install(

Makefile

@@ -4,5 +4,7 @@ PROJ_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
 EXT_NAME=httpfs
 EXT_CONFIG=${PROJ_DIR}extension_config.cmake
 
+CORE_EXTENSIONS=''
+
 # Include the Makefile from extension-ci-tools
 include extension-ci-tools/makefiles/duckdb_extension.Makefile

duckdb

@@ -7,10 +7,25 @@ namespace duckdb {
 
 void CreateS3SecretFunctions::Register(DatabaseInstance &instance) {
 	RegisterCreateSecretFunction(instance, "s3");
+	RegisterCreateSecretFunction(instance, "aws");
 	RegisterCreateSecretFunction(instance, "r2");
 	RegisterCreateSecretFunction(instance, "gcs");
 }
 
+static Value MapToStruct(const Value &map) {
+	auto children = MapValue::GetChildren(map);
+
+	child_list_t<Value> struct_fields;
+	for (const auto &kv_child : children) {
+		auto kv_pair = StructValue::GetChildren(kv_child);
+		if (kv_pair.size() != 2) {
+			throw InvalidInputException("Invalid input passed to refresh_info");
+		}
+
+		struct_fields.push_back({kv_pair[0].ToString(), kv_pair[1]});
+	}
+	return Value::STRUCT(struct_fields);
+}
 unique_ptr<BaseSecret> CreateS3SecretFunctions::CreateSecretFunctionInternal(ClientContext &context,
                                                                              CreateSecretInput &input) {
 	// Set scope to user provided scope or the default
@@ -25,6 +40,8 @@ unique_ptr<BaseSecret> CreateS3SecretFunctions::CreateSecretFunctionInternal(Cli
 		} else if (input.type == "gcs") {
 			scope.push_back("gcs://");
 			scope.push_back("gs://");
+		} else if (input.type == "aws") {
+			scope.push_back("");
 		} else {
 			throw InternalException("Unknown secret type found in httpfs extension: '%s'", input.type);
 		}
@@ -39,6 +56,8 @@ unique_ptr<BaseSecret> CreateS3SecretFunctions::CreateSecretFunctionInternal(Cli
 		secret->secret_map["url_style"] = "path";
 	}
 
+	bool refresh = false;
+
 	// apply any overridden settings
 	for (const auto &named_param : input.options) {
 		auto lower_name = StringUtil::Lower(named_param.first);
@@ -61,6 +80,8 @@ unique_ptr<BaseSecret> CreateS3SecretFunctions::CreateSecretFunctionInternal(Cli
 				                            lower_name, named_param.second.type().ToString());
 			}
 			secret->secret_map["use_ssl"] = Value::BOOLEAN(named_param.second.GetValue<bool>());
+		} else if (lower_name == "kms_key_id") {
+			secret->secret_map["kms_key_id"] = named_param.second.ToString();
 		} else if (lower_name == "url_compatibility_mode") {
 			if (named_param.second.type() != LogicalType::BOOLEAN) {
 				throw InvalidInputException("Invalid type past to secret option: '%s', found '%s', expected: 'BOOLEAN'",
@@ -69,14 +90,86 @@ unique_ptr<BaseSecret> CreateS3SecretFunctions::CreateSecretFunctionInternal(Cli
 			secret->secret_map["url_compatibility_mode"] = Value::BOOLEAN(named_param.second.GetValue<bool>());
 		} else if (lower_name == "account_id") {
 			continue; // handled already
+		} else if (lower_name == "refresh") {
+			if (refresh) {
+				throw InvalidInputException("Can not set `refresh` and `refresh_info` at the same time");
+			}
+			refresh = named_param.second.GetValue<string>() == "auto";
+			secret->secret_map["refresh"] = Value("auto");
+			child_list_t<Value> struct_fields;
+			for (const auto &named_param : input.options) {
+				auto lower_name = StringUtil::Lower(named_param.first);
+				struct_fields.push_back({lower_name, named_param.second});
+			}
+			secret->secret_map["refresh_info"] = Value::STRUCT(struct_fields);
+		} else if (lower_name == "refresh_info") {
+			if (refresh) {
+				throw InvalidInputException("Can not set `refresh` and `refresh_info` at the same time");
+			}
+			refresh = true;
+			secret->secret_map["refresh_info"] = MapToStruct(named_param.second);
 		} else {
-			throw InternalException("Unknown named parameter passed to CreateSecretFunctionInternal: " + lower_name);
+			throw InvalidInputException("Unknown named parameter passed to CreateSecretFunctionInternal: " +
+			                            lower_name);
 		}
 	}
 
 	return std::move(secret);
 }
 
+CreateSecretInput CreateS3SecretFunctions::GenerateRefreshSecretInfo(const SecretEntry &secret_entry,
+                                                                     Value &refresh_info) {
+	const auto &kv_secret = dynamic_cast<const KeyValueSecret &>(*secret_entry.secret);
+
+	CreateSecretInput result;
+	result.on_conflict = OnCreateConflict::REPLACE_ON_CONFLICT;
+	result.persist_type = SecretPersistType::TEMPORARY;
+
+	result.type = kv_secret.GetType();
+	result.name = kv_secret.GetName();
+	result.provider = kv_secret.GetProvider();
+	result.storage_type = secret_entry.storage_mode;
+	result.scope = kv_secret.GetScope();
+
+	auto result_child_count = StructType::GetChildCount(refresh_info.type());
+	auto refresh_info_children = StructValue::GetChildren(refresh_info);
+	D_ASSERT(refresh_info_children.size() == result_child_count);
+	for (idx_t i = 0; i < result_child_count; i++) {
+		auto &key = StructType::GetChildName(refresh_info.type(), i);
+		auto &value = refresh_info_children[i];
+		result.options[key] = value;
+	}
+
+	return result;
+}
+
+//! Function that will automatically try to refresh a secret
+bool CreateS3SecretFunctions::TryRefreshS3Secret(ClientContext &context, const SecretEntry &secret_to_refresh) {
+	const auto &kv_secret = dynamic_cast<const KeyValueSecret &>(*secret_to_refresh.secret);
+
+	Value refresh_info;
+	if (!kv_secret.TryGetValue("refresh_info", refresh_info)) {
+		return false;
+	}
+	auto &secret_manager = context.db->GetSecretManager();
+	auto refresh_input = GenerateRefreshSecretInfo(secret_to_refresh, refresh_info);
+
+	// TODO: change SecretManager API to avoid requiring catching this exception
+	try {
+		auto res = secret_manager.CreateSecret(context, refresh_input);
+		auto &new_secret = dynamic_cast<const KeyValueSecret &>(*res->secret);
+		DUCKDB_LOG_INFO(context, "Successfully refreshed secret: %s, new key_id: %s",
+		                secret_to_refresh.secret->GetName(), new_secret.TryGetValue("key_id").ToString());
+		return true;
+	} catch (std::exception &ex) {
+		ErrorData error(ex);
+		string new_message = StringUtil::Format("Exception thrown while trying to refresh secret %s. To fix this, "
+		                                        "please recreate or remove the secret and try again. Error: '%s'",
+		                                        secret_to_refresh.secret->GetName(), error.Message());
+		throw Exception(error.Type(), new_message);
+	}
+}
+
 unique_ptr<BaseSecret> CreateS3SecretFunctions::CreateS3SecretFromConfig(ClientContext &context,
                                                                          CreateSecretInput &input) {
 	return CreateSecretFunctionInternal(context, input);
@@ -90,8 +183,23 @@ void CreateS3SecretFunctions::SetBaseNamedParams(CreateSecretFunction &function,
 	function.named_parameters["endpoint"] = LogicalType::VARCHAR;
 	function.named_parameters["url_style"] = LogicalType::VARCHAR;
 	function.named_parameters["use_ssl"] = LogicalType::BOOLEAN;
+	function.named_parameters["kms_key_id"] = LogicalType::VARCHAR;
 	function.named_parameters["url_compatibility_mode"] = LogicalType::BOOLEAN;
 
+	// Whether a secret refresh attempt should be made when the secret appears to be incorrect
+	function.named_parameters["refresh"] = LogicalType::VARCHAR;
+
+	// Refresh Modes
+	// - auto
+	// - disabled
+	// - on_error
+	// - on_timeout
+
+	// - on_use: every time a secret is used, it will refresh.
+
+	// Debugging/testing option: it allows specifying how the secret will be refreshed using a manually specfied MAP
+	function.named_parameters["refresh_info"] = LogicalType::MAP(LogicalType::VARCHAR, LogicalType::VARCHAR);
+
 	if (type == "r2") {
 		function.named_parameters["account_id"] = LogicalType::VARCHAR;
 	}
@@ -103,6 +211,7 @@ void CreateS3SecretFunctions::RegisterCreateSecretFunction(DatabaseInstance &ins
 	secret_type.name = type;
 	secret_type.deserializer = KeyValueSecret::Deserialize<KeyValueSecret>;
 	secret_type.default_provider = "config";
+	secret_type.extension = "httpfs";
 
 	ExtensionUtil::RegisterSecretType(instance, secret_type);
 
@@ -117,6 +226,7 @@ void CreateBearerTokenFunctions::Register(DatabaseInstance &instance) {
 	secret_type_hf.name = HUGGINGFACE_TYPE;
 	secret_type_hf.deserializer = KeyValueSecret::Deserialize<KeyValueSecret>;
 	secret_type_hf.default_provider = "config";
+	secret_type_hf.extension = "httpfs";
 	ExtensionUtil::RegisterSecretType(instance, secret_type_hf);
 
 	// Huggingface config provider