Skip to content

[SPEC | CORE] : Allow table level override for scan planning#14867

Open
singhpk234 wants to merge 2 commits intoapache:mainfrom
singhpk234:feature/selectively-override-failure
Open

[SPEC | CORE] : Allow table level override for scan planning#14867
singhpk234 wants to merge 2 commits intoapache:mainfrom
singhpk234:feature/selectively-override-failure

Conversation

@singhpk234
Copy link
Contributor

@singhpk234 singhpk234 commented Dec 17, 2025
edited
Loading

About the change

Scan Planning Modes

Single enum ScanPlanningMode with 2 values:

  • client - MUST use client-side planning
  • server - MUST use server-side planning

ML : https://lists.apache.org/thread/z1g4y8b4ogdrn0jjtjlgg7yjgxdbzpvg

@github-actions github-actions bot added the core label Dec 17, 2025
@sfc-gh-prsingh sfc-gh-prsingh force-pushed the feature/selectively-override-failure branch from a04195b to 474e982 Compare December 17, 2025 09:15
@nastra
Copy link
Contributor

nastra commented Dec 17, 2025

while the changes make sense to me, we may actually want to discuss this in the broader community to decide whether we want to override server-side scan planning at the table level

@sfc-gh-prsingh sfc-gh-prsingh force-pushed the feature/selectively-override-failure branch 2 times, most recently from 3144cd9 to f68fbe2 Compare December 17, 2025 17:35
@singhpk234
Copy link
Contributor Author

singhpk234 commented Dec 20, 2025

ML thread : https://lists.apache.org/thread/z1g4y8b4ogdrn0jjtjlgg7yjgxdbzpvg

@singhpk234 singhpk234 changed the title CORE: Allow table level override for scan planning [SPEC | CORE] : Allow table level override for scan planning Dec 20, 2025
@sfc-gh-prsingh sfc-gh-prsingh force-pushed the feature/selectively-override-failure branch 2 times, most recently from 10123db to 7f2a05b Compare December 20, 2025 02:22
@geruh
Copy link
Contributor

geruh commented Dec 20, 2025

Thanks for raising this @singhpk234! I like the direction here. As a user today, there are two modes either use scan planning or not. Which begs the question, when should I use one versus the other? And right now, there is no clear insight or story from the user's perspective.

Now from a catalog's perspective, the modes make sense. For instance, If the catalog is using planning to enforce governance, the required mode would signify intent. But I do have a question on the semantics. In the current implementation IIUC, optional seems to be similar to required. Rendering the combination of mode=None and Catalog support of planning, as optional. So I'd say if the intent is truly to express optionality to the client, should there be a client side override that wins. Or is the expectation that the catalog avoids sending the mode.

@github-actions github-actions bot added the spark label Dec 22, 2025
@singhpk234
Copy link
Contributor Author

singhpk234 commented Dec 22, 2025

Thanks for the feedback @geruh !

optional seems to be similar to required.

Optional in this context is that the catalog really doesn't have an opinion on what the client decides, it can choose local and remote, the way i was thinking is lets say you are running a lot of concurrent queries in your spark cluster and your driver is slim, even though, we are using spark, we may prefer spark. That being said yes in this impl what i did if the catalog supports plan endpoint and the catalog doesn't have any opinion on this, in java impl we always do scan planning, yes being able to toggle this based on client side config would be ideal may be when the server sends optional from the server side, and from the client side we have configured required we should not allow overwritting the key to optionals and reuse the optional ? WDYT

I see @RussellSpitzer has similar feedback in ML thread too, let me take a deeper look on their feedback and respond there as well

@singhpk234
Copy link
Contributor Author

singhpk234 commented Dec 22, 2025
edited
Loading

Decision matrix : scan planning mode (required | optional | none) :

Client Config Server Config Supports REST? Planning Outcome
Required Required Yes Server Planning (Server overrides and fulfills requirement)
Required Optional Yes Server Planning (Client mandates, Server is flexible)
Required None Yes Server Planning (Client mandate takes priority for Server)
Optional Required Yes Server Planning (Server Required overrides Client Optional)
Optional Optional Yes Server Planning (Defaulted for REST efficiency)
Optional None Yes Local Planning (Server cannot, Client is flexible)
None Required Yes Server Planning (Server Required overrides Client None)
None Optional Yes Local Planning (Client mandate takes priority)
None None Yes Client Planning (Both agree on Client side)
Not configured Required Yes Server Planning (Server Required overrides Client None)
Not configured Optional Yes Local Planning
Not configured None Yes Local Planning

Decision matrix : scan planning mode(client only | client preferred | catalog preferred | catalog only)

Client Config Server Config Supports REST? Planning Outcome
Client Only Client Only Yes Local Planning: Both agree on client-side implementation.
Client Only Client Preferred Yes Local Planning: Both Server and Client agree.
Client Only Catalog Preferred Yes Local Planning: Client ignores server optimization capabilities and chooses client only impl.
Client Only Catalog Only Yes FAIL
Client Preferred Client Only Yes Local Planning: Client preference aligns with server's strict client-only requirement.
Client Preferred Client Preferred Yes Local Planning: Both parties prefer local execution; negotiation defaults to Client.
Client Preferred Catalog Preferred Yes Local Planning: Both are flexible; override client side.
Client Preferred Catalog Only Yes Server Planning: Server MUST plan; client yields its preference.
Catalog Preferred Client Only Yes Local Planning: Server MUST plan locally; client yields its preference.
Catalog Preferred Client Preferred Yes Server Planning: Negotiation favors client-side to minimize server-side overhead.
Catalog Preferred Catalog Preferred Yes Server Planning: Both parties prefer server-side; Catalog is chosen.
Catalog Preferred Catalog Only Yes Server Planning: Server MUST plan; client preference aligns.
Catalog Only Client Only Yes FAIL:
Catalog Only Client Preferred Yes Server Planning: Server is flexible; Catalog MUST plan.
Catalog Only Catalog Preferred Yes Server Planning: Client MUST use Catalog; server agrees with preference.
Catalog Only Catalog Only Yes Server Planning: Strict agreement on server-side implementation.
Not Configured Client Only Yes Local Planning: Client MUST adhere to Catalog;
Not Configured Client Preferred Yes Local Planning:
Not Configured Catalog Preferred Yes Server Planning:
Not Configured Catalog Only Yes Server Planning: Strict agreement on server-side implementation.

@RussellSpitzer
Copy link
Member

RussellSpitzer commented Dec 22, 2025

I wasn't thinking about it quite that way. I was assuming the client is configured independently of the catalog. The client can either have a user preference or none. If none, it does whatever the catalog feeds back to it if the client supports that mode. Otherwise it does what is manually specified.

So

Client (None) -> Follow Catalog Config (Client Only, Client Preferred, CatalogPreferred or Catalog Only), Fail if the client doesn't support config
Client (ClientPlanning) -> Fail if Catalog says Catalog Only, Client planning for all other cases
Client (CatalogPlanning) -> Fail if Catalog says Client Only, Catalog planning for all other cases

A user without a preference or who wants the Catalog to make the determination just leaves this unset on the client. Or a Client which wants to override the catalog can set a specific mode and fail fast if the Catalog doesn't support it.

@sfc-gh-prsingh sfc-gh-prsingh force-pushed the feature/selectively-override-failure branch 3 times, most recently from 9b1adae to 66eb57a Compare December 24, 2025 01:21
nastra
nastra reviewed Jan 7, 2026
View reviewed changes
nastra
nastra reviewed Jan 7, 2026
View reviewed changes
nastra
nastra reviewed Jan 7, 2026
View reviewed changes
anoopj
anoopj reviewed Jan 7, 2026
View reviewed changes
@sfc-gh-prsingh sfc-gh-prsingh force-pushed the feature/selectively-override-failure branch 2 times, most recently from 860ba21 to 1f9bdcb Compare January 7, 2026 23:04
amogh-jahagirdar
amogh-jahagirdar reviewed Jan 8, 2026
View reviewed changes
pvary
pvary reviewed Jan 10, 2026
View reviewed changes
open-api/rest-catalog-open-api.py Outdated
- **Both PREFERRED**: When both are PREFERRED (different types), client config wins
- **Both same**: When both have the same value, use that planning type
- **Only one configured**: Use the configured side (client or server)
- **Neither configured**: Use default (`client-preferred`)
Copy link
Contributor

@pvary pvary Jan 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have a concern about some catalogs starting to make every table CATALOG_ONLY, which would essentially lock users to the catalog without providing a way to migrate the data to another catalog.
Maybe we add a sentence in the spec to enforce, that there should be some users where the catalog MUST provide access to the metadata files.

WDYT?

Copy link
Contributor Author

@singhpk234 singhpk234 Jan 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the catalog without providing a way to migrate the data to another catalog

we would still have a way to migrate, mostly because in the loadTable we give back the metadata.json pointer (which is self describing the table state), and its the catalog ADMIN would be able to use that pointer and register table to another REST or Metastore backed catalog. In the model where storage is decoupled from compute its the administrator of the catalog who has given access the catalog to vend storage creds and it can very well take it back.

This feature is mostly like i want to read the table, can you help me with the data | delete files that corresponds to the table. Nevertheless i believe CATALOG_ONLY we think to be used primarily for gov cases also for things like scanning huge tables where planning can cause a lot of pressure on JVM (trino coordinar unstablity | spark requiring distributed planning) where catalog can do some efficient indexing (stuff like Redis) etc to help these engine.

All in all IMHO i believe vendor lock in and not being able to migrate would not be possible by exposing this option, please let me know if i am missing something.

Copy link
Contributor

@pvary pvary Jan 13, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The specification states:

The corresponding file location of table metadata should be returned in the `metadata-location` field

However, it does not specify that this location must be readable by any user. (Perhaps this is something we should clarify going forward.)

Before the introduction of CATALOG_ONLY tables, users were required to have direct read access to the metadata files in order to plan queries on the table. That implied an access requirement, even though it was never explicitly documented. With the introduction of CATALOG_ONLY, this implicit requirement no longer applies, and we currently do not have an explicit requirement defined in the specification either.

@singhpk234 singhpk234 added this to the Iceberg 1.11.0 milestone Jan 11, 2026
danielcweeks
danielcweeks reviewed Jan 13, 2026
View reviewed changes
@sfc-gh-prsingh sfc-gh-prsingh force-pushed the feature/selectively-override-failure branch 5 times, most recently from 885c41e to 6f20b79 Compare February 6, 2026 23:34
@sfc-gh-prsingh sfc-gh-prsingh force-pushed the feature/selectively-override-failure branch from 6f20b79 to 5800b45 Compare February 11, 2026 18:52
amogh-jahagirdar
amogh-jahagirdar reviewed Feb 12, 2026
View reviewed changes
core/src/main/java/org/apache/iceberg/rest/RESTSessionCatalog.java
String clientModeConfig = properties().get(RESTCatalogProperties.SCAN_PLANNING_MODE);
String serverModeConfig = tableConf.get(RESTCatalogProperties.SCAN_PLANNING_MODE);

// Validate that client and server configs don't conflict
Copy link
Contributor

@amogh-jahagirdar amogh-jahagirdar Feb 12, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have a choice here. We can either hard fail on conflicting configs like is done below or we can just let one override the other.

I think the least surprising thing from a client perspective is to just override using the client config in case of conflicts. On average I don't expect people to be fiddling with this config. In the chance they do, they're probably intentionally trying to set it and we should attempt to respect that. Even if there's some FGAC and creds and all aren't returned and it fails later on, that's better to me.

I guess I could go either way here (as long as we log there's a conflict and we're overriding using some mechanism), but I think any approach seems better than just hard failing since that seems unneccessary.

Copy link
Contributor Author

@singhpk234 singhpk234 Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the least surprising thing from a client perspective is to just override using the client config in case of conflicts

It can cause an issue in a sense that let say i am low resource client i can't run scan planning at all, so i say use catalog and the catalog says do client ? i believe if we let catalog judgement win it may lead to failure ?
But i think other way to look at it we any way override the client config with the server one if server says for some configs we can do the same then here ?
I am also open to both !

@sfc-gh-prsingh sfc-gh-prsingh force-pushed the feature/selectively-override-failure branch from 5800b45 to 607e44f Compare February 12, 2026 19:19
stevenzwu
stevenzwu reviewed Feb 17, 2026
View reviewed changes
@sfc-gh-prsingh
Core: Simplify REST scan planning to 2 modes (client/catalog)
1a25199 
Simplified scan planning configuration from boolean to 2-mode enum:
- client (default): Use client-side scan planning
- catalog: Use server-side scan planning if supported

Changes:
- RESTCatalogProperties: Added ScanPlanningMode enum with CLIENT and CATALOG
- RESTSessionCatalog: Updated to check table config for scan planning mode
- Updated OpenAPI specs with simplified documentation

The mode can be configured per-table via LoadTableResponse.config() to
allow fine-grained control over which tables use server-side planning.
@sfc-gh-prsingh sfc-gh-prsingh force-pushed the feature/selectively-override-failure branch from a5cf1a5 to 3f2bce3 Compare February 18, 2026 04:13
@sfc-gh-prsingh sfc-gh-prsingh force-pushed the feature/selectively-override-failure branch from 3f2bce3 to e886045 Compare February 18, 2026 04:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@danielcweeks danielcweeks Awaiting requested review from danielcweeks

@pvary pvary Awaiting requested review from pvary

@RussellSpitzer RussellSpitzer Awaiting requested review from RussellSpitzer

@nastra nastra Awaiting requested review from nastra

@amogh-jahagirdar amogh-jahagirdar Awaiting requested review from amogh-jahagirdar

@stevenzwu stevenzwu Awaiting requested review from stevenzwu

1 more reviewer

@anoopj anoopj anoopj left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

core OPENAPI spark

Projects

None yet

Milestone

Iceberg 1.11.0

Development

Successfully merging this pull request may close these issues.

10 participants

@singhpk234 @nastra @geruh @RussellSpitzer @anoopj @stevenzwu @danielcweeks @pvary @amogh-jahagirdar @sfc-gh-prsingh

Comments