fix(csharp/src): handle HTTP authorization exception for Thrift-based drivers (apache#3551)

C# Thrift-based drivers using HTTP transport don't throw AdbcException
with AdbcStatusCode of Unauthorized.

As a best practice, drivers should indicate if the connection
encountered an authentication or authorization error when attempting to
open. Connection should throw an AdbcException with Status ==
AdbcStatusCode.Unauthorized.

This handles all Apache (Hive, Impala, Spark) and Databricks drivers
that use HTTP transport.

Notes:
* required an update to Thrift version 0.22.0 (then also
System.Text.Json 9.0.0)

closes apache#3550

Author: birschick-bq

csharp/src/Apache.Arrow.Adbc/AdbcException.cs

@@ -44,6 +44,7 @@ public AdbcException(string message, AdbcStatusCode statusCode)
         public AdbcException(string message, AdbcStatusCode statusCode, Exception innerException)
            : base(message, innerException)
         {
+            _statusCode = statusCode;
         }
 
         public AdbcException(string message, Exception innerException)

csharp/src/Apache.Arrow.Adbc/Apache.Arrow.Adbc.csproj

@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <TargetFrameworks>netstandard2.0;net8.0</TargetFrameworks>
@@ -10,7 +10,7 @@
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="9.0.6" />
   </ItemGroup>
   <ItemGroup Condition="!$([MSBuild]::IsTargetFrameworkCompatible($(TargetFramework), 'net6.0'))">
-    <PackageReference Include="System.Text.Json" Version="8.0.5" />
+    <PackageReference Include="System.Text.Json" Version="9.0.9" />
   </ItemGroup>
   <ItemGroup Condition="$([MSBuild]::IsTargetFrameworkCompatible($(TargetFramework), 'net6.0'))">
     <Compile Remove="C\NativeLibrary.cs" />

csharp/src/Drivers/Apache/Apache.Arrow.Adbc.Drivers.Apache.csproj

@@ -5,11 +5,11 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="ApacheThrift" Version="0.21.0" />
+    <PackageReference Include="ApacheThrift" Version="0.22.0" />
   </ItemGroup>
   <ItemGroup Condition="!$([MSBuild]::IsTargetFrameworkCompatible($(TargetFramework), 'net6.0'))">
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
-    <PackageReference Include="System.Text.Json" Version="8.0.5" />
+    <PackageReference Include="System.Text.Json" Version="9.0.9" />
   </ItemGroup>
 
   <ItemGroup>

csharp/src/Drivers/Apache/Hive2/HiveServer2Connection.cs

@@ -20,6 +20,8 @@
 using System.Diagnostics;
 using System.Diagnostics.CodeAnalysis;
 using System.Linq;
+using System.Net;
+using System.Net.Http;
 using System.Reflection;
 using System.Text;
 using System.Text.RegularExpressions;
@@ -356,6 +358,11 @@ await this.TraceActivity(async activity =>
                     {
                         session = await Client.OpenSession(request, cancellationToken);
                     }
+                    catch (TTransportException transportEx)
+                        when (ApacheUtility.ContainsException(transportEx, out HttpRequestException? httpEx) && IsUnauthorized(httpEx!))
+                    {
+                        throw new HiveServer2Exception(transportEx.Message, AdbcStatusCode.Unauthorized, transportEx);
+                    }
                     catch (Exception)
                     {
                         if (FallbackProtocolVersions.Any())
@@ -381,6 +388,15 @@ await this.TraceActivity(async activity =>
             });
         }
 
+        private static bool IsUnauthorized(HttpRequestException httpEx)
+        {
+#if NET5_0_OR_GREATER
+            return httpEx.StatusCode == HttpStatusCode.Unauthorized;
+#else
+            return httpEx.Message.IndexOf("unauthorized", StringComparison.OrdinalIgnoreCase) >= 0 || httpEx.Message.IndexOf("authenticat", StringComparison.OrdinalIgnoreCase) >= 0;
+#endif
+        }
+
         private async Task<TOpenSessionResp?> TryOpenSessionWithFallbackAsync(TOpenSessionReq originalRequest, CancellationToken cancellationToken)
         {
             Exception? lastException = null;
@@ -405,6 +421,11 @@ await this.TraceActivity(async activity =>
                 {
                     throw new TimeoutException("The operation timed out while attempting to open a session. Please try increasing connect timeout.", ex);
                 }
+                catch (TTransportException transportEx)
+                    when (ApacheUtility.ContainsException(transportEx, out HttpRequestException? httpEx) && IsUnauthorized(httpEx!))
+                {
+                    throw new HiveServer2Exception(transportEx.Message, AdbcStatusCode.Unauthorized, transportEx);
+                }
                 catch (Exception ex)
                 {
                     lastException = ex;

csharp/src/Drivers/BigQuery/Apache.Arrow.Adbc.Drivers.BigQuery.csproj

@@ -9,7 +9,7 @@
     <PackageReference Include="Google.Cloud.BigQuery.V2" Version="3.11.0" />
   </ItemGroup>
   <ItemGroup Condition="!$([MSBuild]::IsTargetFrameworkCompatible($(TargetFramework), 'net6.0'))">
-    <PackageReference Include="System.Text.Json" Version="8.0.5" />
+    <PackageReference Include="System.Text.Json" Version="9.0.9" />
   </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\..\Apache.Arrow.Adbc\Apache.Arrow.Adbc.csproj" />

csharp/src/Telemetry/Traces/Listeners/Apache.Arrow.Adbc.Telemetry.Traces.Listeners.csproj

@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <TargetFrameworks>netstandard2.0;net8.0</TargetFrameworks>
@@ -7,7 +7,7 @@
 
   <ItemGroup>
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="9.0.6" />
-    <PackageReference Include="System.Text.Json" Version="8.0.5" />
+    <PackageReference Include="System.Text.Json" Version="9.0.9" />
     <PackageReference Include="System.Threading.Channels" Version="9.0.8" />
   </ItemGroup>
 

csharp/test/Apache.Arrow.Adbc.Tests/Apache.Arrow.Adbc.Tests.csproj

@@ -13,7 +13,7 @@
     <PackageReference Include="Moq" Version="4.20.72" />
     <PackageReference Include="OpenTelemetry" Version="1.12.0" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="9.0.6" />
-    <PackageReference Include="System.Text.Json" Version="8.0.5" />
+    <PackageReference Include="System.Text.Json" Version="9.0.9" />
     <PackageReference Include="xunit" Version="2.9.3" />
     <PackageReference Include="xunit.runner.visualstudio" Version="3.1.5">
       <PrivateAssets>all</PrivateAssets>

csharp/test/Drivers/Apache/Hive2/DriverTests.cs

@@ -17,6 +17,7 @@
 
 using System;
 using System.Collections.Generic;
+using Apache.Arrow.Adbc.Drivers.Apache;
 using Apache.Arrow.Adbc.Drivers.Apache.Hive2;
 using Xunit;
 using Xunit.Abstractions;
@@ -96,6 +97,8 @@ public override void CanDetectInvalidAuthentication()
 
             AdbcDatabase database = driver.Open(parameters);
             AggregateException exception = Assert.ThrowsAny<AggregateException>(() => database.Connect(parameters));
+            Assert.True(ApacheUtility.ContainsException(exception, out AdbcException? adbcException), $"Expect AdbcException. Actual type: {exception.GetType().Name}");
+            Assert.Equal(AdbcStatusCode.Unauthorized, adbcException!.Status);
             OutputHelper?.WriteLine(exception.Message);
         }
 

csharp/test/Drivers/Apache/Impala/DriverTests.cs

@@ -17,6 +17,7 @@
 
 using System;
 using System.Collections.Generic;
+using Apache.Arrow.Adbc.Drivers.Apache;
 using Apache.Arrow.Adbc.Drivers.Apache.Impala;
 using Apache.Arrow.Adbc.Tests.Metadata;
 using Xunit;
@@ -75,6 +76,8 @@ public override void CanDetectInvalidServer()
 
             AdbcDatabase database = driver.Open(parameters);
             AggregateException exception = Assert.ThrowsAny<AggregateException>(() => database.Connect(parameters));
+            Assert.True(ApacheUtility.ContainsException(exception, out AdbcException? adbcException), $"Expect AdbcException. Actual type: {exception.GetType().Name}");
+            Assert.Equal(AdbcStatusCode.Unauthorized, adbcException!.Status);
             OutputHelper?.WriteLine(exception.Message);
         }
 

csharp/test/Drivers/Databricks/E2E/DriverTests.cs

@@ -18,6 +18,7 @@
 using System;
 using System.Collections.Generic;
 using System.Threading.Tasks;
+using Apache.Arrow.Adbc.Drivers.Apache;
 using Apache.Arrow.Adbc.Drivers.Apache.Spark;
 using Apache.Arrow.Adbc.Tests.Drivers.Apache.Common;
 using Xunit;
@@ -130,6 +131,8 @@ public override void CanDetectInvalidAuthentication()
 
             AdbcDatabase database = driver.Open(parameters);
             AggregateException exception = Assert.ThrowsAny<AggregateException>(() => database.Connect(parameters));
+            Assert.True(ApacheUtility.ContainsException(exception, out AdbcException? adbcException), $"Expect AdbcException. Actual type: {exception.GetType().Name}");
+            Assert.Equal(AdbcStatusCode.Unauthorized, adbcException!.Status);
             OutputHelper?.WriteLine(exception.Message);
         }