fix: isolate per-record failures in Kafka sink transformer and guard DLQ reporter

[xinlian12]

Problem

When a single SinkRecord in a batch fails during transformation (ID generation or value conversion), the entire batch fails and all records are routed to the DLQ — not just the malformed record.

Root cause: SinkRecordTransformer.transform() lacked per-record error isolation. An exception from idStrategy.generateId() or StructToJsonMap.toJsonMap() would abort the entire transform() call before records reached the writer-level DLQ handling.

Additionally, CosmosWriterBase.sendToDlqIfConfigured() did not guard against ErrantRecordReporter.report() failures, meaning a DLQ error could mask the original write failure.

Solution

1. Per-record try-catch in transformer — each record is processed independently; failures are isolated to the bad record only.
2. DLQ report is fire-and-forget — always report to ErrantRecordReporter if available, guarded against reporter failures per Kafka Connect best practices.
3. Tolerance level controls flow — ALL skips and continues, NONE throws (regardless of whether DLQ reporter is present).
4. Writer DLQ guard — CosmosWriterBase.sendToDlqIfConfigured() now guards against reporter failures too.

Scenario	ErrantRecordReporter	ToleranceOnErrorLevel	Behavior
DLQ configured	Available	ALL	Report to DLQ, skip bad record, continue
DLQ configured	Available	NONE	Report to DLQ, then throw (fail-fast)
DLQ not configured	null	ALL	Log warning, skip bad record, continue
DLQ not configured	null	NONE	Throw (fail-fast, preserves existing behavior)
DLQ reporter fails	Available (throws)	ALL	Log DLQ error, skip bad record, continue
DLQ reporter fails	Available (throws)	NONE	Log DLQ error, throw original exception

Changes

• SinkRecordTransformer.java
  • Added ErrantRecordReporter and ToleranceOnErrorLevel fields
  • Wrapped per-record processing in try-catch with DLQ/tolerance handling
  • Guarded ErrantRecordReporter.report() against secondary failures
  • Added package-private constructor for testability
  • Made createIdStrategy() static for constructor chain
• CosmosWriterBase.java
  • Added try-catch guard around errantRecordReporter.report() in sendToDlqIfConfigured() so DLQ failures do not mask original errors
• CosmosSinkTask.java
  • Pass errantRecordReporter and toleranceOnErrorLevel to SinkRecordTransformer
  • Fix bookkeeping to count transformedRecords.size() (post-filter) instead of entry.getValue().size() (pre-filter)
• SinkRecordTransformerTest.java — 10 unit tests:
  • T1: Mixed batch with reporter + tolerance ALL → bad→DLQ, good records survive
  • T2: Tolerance ALL without reporter → bad record skipped
  • T3: Tolerance NONE without reporter → exception thrown (fail-fast)
  • T4: All valid records → all in output, reporter never called (regression)
  • T5: All bad with reporter + tolerance ALL → all→DLQ, empty output
  • T6: Reporter throws + tolerance NONE → original exception rethrown
  • T7: Reporter throws + tolerance ALL → record skipped, continues
  • T8: Tolerance NONE with reporter → DLQ report AND exception thrown
  • T9: Struct conversion failure with reporter + tolerance ALL → DLQ + skip
  • T10: Struct conversion failure with tolerance NONE → exception thrown

Fixes #49268

[Copilot]

Pull request overview

This PR updates the Cosmos DB Kafka Sink connector to isolate per-record ID-generation/transform failures so that a single malformed SinkRecord no longer aborts the entire batch and routes all records to the DLQ.

Changes:

• Added per-record exception isolation in SinkRecordTransformer.transform() with DLQ reporting (when available) and tolerance-driven continue vs fail-fast behavior.
• Wired ErrantRecordReporter and ToleranceOnErrorLevel into CosmosSinkTask and fixed written-record bookkeeping to count post-transform records.
• Added unit tests covering mixed/invalid batches, reporter failures, and tolerance behaviors.

Show a summary per file

File	Description
sdk/cosmos/azure-cosmos-kafka-connect/src/main/java/com/azure/cosmos/kafka/connect/implementation/sink/SinkRecordTransformer.java	Adds per-record try/catch, optional DLQ reporting, and tolerance-based control flow during record transformation/ID injection.
sdk/cosmos/azure-cosmos-kafka-connect/src/main/java/com/azure/cosmos/kafka/connect/implementation/sink/CosmosSinkTask.java	Passes reporter/tolerance into the transformer and fixes per-container written record counting to use transformed output size.
sdk/cosmos/azure-cosmos-kafka-connect/src/test/java/com/azure/cosmos/kafka/connect/implementation/sink/SinkRecordTransformerTest.java	Introduces unit tests validating per-record isolation, DLQ reporting behavior, and tolerance handling.
.gitignore	Ignores .coding-harness/ directory.

Copilot's findings

• Files reviewed: 3/3 changed files
• Comments generated: 2

[xinlian12]

@sdkReviewAgent

[xinlian12]

✅ Review complete (37:40)

Posted 1 inline comment(s).

_{Steps: ✓ context, correctness, cross-sdk, design, history, past-prs, synthesis, test-coverage}

[xinlian12]

/azp run java - cosmos - kafka

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[tvaron3]

LGTM

[kushagraThapar]

LGTM, thanks @xinlian12

[xinlian12]

/azp run java - cosmos - kafka

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).