Skip to content

Re-use connections when remote S3 signing #2543

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Fokko merged 3 commits into from
Oct 1, 2025
Merged

Re-use connections when remote S3 signing #2543

Fokko merged 3 commits into from
Oct 1, 2025

Conversation

@lwfitzgerald
Copy link
Contributor

@lwfitzgerald lwfitzgerald commented Sep 29, 2025
edited
Loading

Rationale for this change

The existing S3 remote signing hook function (s3v4_rest_signer) uses requests.post to submit POST requests to the REST signing endpoint. This internally creates a new requests.Session for every request, preventing any reuse of connections.

In my profiling I saw this add overhead from repeated loading of CA certs and reestablishing of TLS connections.

This change makes the signing function a callable object that wraps a request.Session, using this for POSTing, therefore achieving connection reuse.

Signer callables are stored on the hook internals of the aiobotocore client inside the s3fs.S3FileSystem instance, so use and lifetime will match that of those instances. They are thread-local since: #2495.

Are these changes tested?

Tested locally. Existing unit tests updated for changes.

Are there any user-facing changes?

Yes - S3 signing requests now use connection pools (scoped to the s3fs.S3FileSystem object).

@lwfitzgerald
Re-use connections when remote S3 signing
d9e5ced 
The existing S3 remote signing hook function (`s3v4_rest_signer`) uses
`requests.post` to submit `POST` requests to the REST signing endpoint.
This internally creates a new `requests.Session` for every request,
preventing any reuse of connections.

In my profiling I saw this add overhead from repeated loading of CA certs
and reestablishing of TLS connections.

This change makes the signing function a callable object that wraps a
`request.Session`, using this for `POST`ing, therefore achieving
connection reuse.

Signer callables are stored on the hook internals of the `aiobotocore`
client inside the `s3fs.S3FileSystem` instance, so use and lifetime will
match that of those instances. They are thread-local since:
apache#2495.
lwfitzgerald
lwfitzgerald commented Sep 29, 2025
View reviewed changes
pyiceberg/io/fsspec.py
Copy link
Contributor Author

@lwfitzgerald lwfitzgerald Sep 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Diff best viewed with whitespace changes turned off

@lwfitzgerald lwfitzgerald marked this pull request as ready for review September 29, 2025 08:12
jonbannister
jonbannister reviewed Sep 29, 2025
View reviewed changes
Fokko
Fokko approved these changes Sep 30, 2025
View reviewed changes
Copy link
Contributor

@Fokko Fokko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks reasonable to me, thanks @lwfitzgerald for working on this 👍

@Fokko Fokko merged commit 40521c8 into apache:main Oct 1, 2025
10 checks passed
@Fokko
Copy link
Contributor

Fokko commented Oct 1, 2025

Thanks @lwfitzgerald for working on this, and thanks @jonbannister for the review 🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Fokko Fokko Fokko approved these changes

+1 more reviewer

@jonbannister jonbannister jonbannister approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lwfitzgerald @Fokko @jonbannister