HBASE-23347 Allowable custom authentication methods for RPCs #884

joshelser · 2019-11-28T00:04:06Z

This is a big one. Sorry ;)

Start here with a one-page writeup: https://github.com/joshelser/hbase/blob/23347-pluggable-authentication/dev-support/design-docs/HBASE-23347-pluggable-authentication.md

Next, look at the client side interfaces: https://github.com/joshelser/hbase/tree/23347-pluggable-authentication/hbase-client/src/main/java/org/apache/hadoop/hbase/security/provider

Then, the server side interfaces: https://github.com/joshelser/hbase/tree/23347-pluggable-authentication/hbase-server/src/main/java/org/apache/hadoop/hbase/security/provider

Finally, an end-to-end example of how you can use this: https://github.com/joshelser/hbase/blob/23347-pluggable-authentication/hbase-server/src/test/java/org/apache/hadoop/hbase/security/provider/TestCustomSaslAuthenticationProvider.java

This is very-much a first draft. This is "new art" for HBase and I expect some discussion on how we want to safely do this. I'm fully expecting lots of revisions.

Relevant tests should be passing, but this is also partially for me to let QA-bot run. Everything I did was in attempts to retain backwards compatibility with older clients, as well as RPC-impl compatibility. This should all be implementation-details inside of HBase.

Apache-HBase · 2019-11-28T02:07:37Z

💔 -1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	1m 57s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 1s	No case conflicting files found.
+0 🆗	markdownlint	0m 1s	markdownlint was not available.
+1 💚	hbaseanti	0m 0s	Patch does not have any anti-patterns.
+1 💚	@author	0m 0s	The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s	The patch appears to include 6 new or modified test files.
		_ master Compile Tests _
+0 🆗	mvndep	0m 35s	Maven dependency ordering for branch
+1 💚	mvninstall	5m 16s	master passed
+1 💚	compile	3m 1s	master passed
+1 💚	checkstyle	2m 32s	master passed
+1 💚	shadedjars	4m 36s	branch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	4m 4s	master passed
+0 🆗	spotbugs	3m 45s	Used deprecated FindBugs config; considering switching to SpotBugs.
+1 💚	findbugs	19m 27s	master passed
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 17s	Maven dependency ordering for patch
+1 💚	mvninstall	5m 46s	the patch passed
+1 💚	compile	3m 24s	the patch passed
+1 💚	javac	3m 24s	the patch passed
-1 ❌	checkstyle	2m 33s	root: The patch generated 71 new + 49 unchanged - 12 fixed = 120 total (was 61)
-1 ❌	whitespace	0m 0s	The patch has 9 line(s) that end in whitespace. Use git apply --whitespace=fix <<patch_file>>. Refer https://git-scm.com/docs/git-apply
-1 ❌	shadedjars	0m 13s	patch has 7 errors when building our shaded downstream artifacts.
+1 💚	hadoopcheck	15m 55s	Patch does not cause any errors with Hadoop 2.8.5 2.9.2 or 3.1.2.
-1 ❌	javadoc	0m 24s	hbase-client generated 4 new + 2 unchanged - 0 fixed = 6 total (was 2)
-1 ❌	javadoc	2m 49s	root generated 4 new + 3 unchanged - 0 fixed = 7 total (was 3)
-1 ❌	findbugs	4m 20s	hbase-server generated 1 new + 0 unchanged - 0 fixed = 1 total (was 0)
-1 ❌	findbugs	13m 32s	root generated 1 new + 0 unchanged - 0 fixed = 1 total (was 0)
		_ Other Tests _
-1 ❌	unit	10m 11s	root in the patch failed.
-1 ❌	asflicense	0m 58s	The patch generated 4 ASF License warnings.
		112m 20s

Reason	Tests
FindBugs	module:hbase-server
	Should org.apache.hadoop.hbase.security.provider.DigestSaslServerAuthenticationProvider$SaslDigestCallbackHandler be a static inner class? At DigestSaslServerAuthenticationProvider.java:inner class? At DigestSaslServerAuthenticationProvider.java:[lines 66-119]
FindBugs	module:root
	Should org.apache.hadoop.hbase.security.provider.DigestSaslServerAuthenticationProvider$SaslDigestCallbackHandler be a static inner class? At DigestSaslServerAuthenticationProvider.java:inner class? At DigestSaslServerAuthenticationProvider.java:[lines 66-119]
Failed junit tests	hadoop.hbase.security.provider.TestSaslClientAuthenticationProviders

Subsystem	Report/Notes
Docker	Client=19.03.5 Server=19.03.5 base: https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/1/artifact/out/Dockerfile
GITHUB PR	#884
Optional Tests	dupname asflicense markdownlint javac javadoc unit spotbugs findbugs shadedjars hadoopcheck hbaseanti checkstyle compile
uname	Linux a4005708683f 4.15.0-60-generic #67-Ubuntu SMP Thu Aug 22 16:55:30 UTC 2019 x86_64 GNU/Linux
Build tool	maven
Personality	/home/jenkins/jenkins-slave/workspace/HBase-PreCommit-GitHub-PR_PR-884/out/precommit/personality/provided.sh
git revision	master / `636fa2c`
Default Java	1.8.0_181
checkstyle	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/1/artifact/out/diff-checkstyle-root.txt
whitespace	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/1/artifact/out/whitespace-eol.txt
shadedjars	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/1/artifact/out/patch-shadedjars.txt
javadoc	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/1/artifact/out/diff-javadoc-javadoc-hbase-client.txt
javadoc	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/1/artifact/out/diff-javadoc-javadoc-root.txt
findbugs	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/1/artifact/out/new-findbugs-hbase-server.html
findbugs	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/1/artifact/out/new-findbugs-root.html
unit	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/1/artifact/out/patch-unit-root.txt
Test Results	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/1/testReport/
asflicense	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/1/artifact/out/patch-asflicense-problems.txt
Max. process+thread count	298 (vs. ulimit of 10000)
modules	C: hbase-common hbase-client hbase-server . U: .
Console output	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/1/console
versions	git=2.11.0 maven=2018-06-17T18:33:14Z) findbugs=3.1.11
Powered by	Apache Yetus 0.11.1 https://yetus.apache.org

This message was automatically generated.

wchevreuil

Great work on making the RPC authentication "pluggable", @joshelser ! Kind of a big one to digest, but had made some small nit comments, together with some thoughts about kerberos specific references in some parts of client rpc code. Still got go through the tests.

PluggableRpcAuthentication.md

hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/RpcConnection.java

hbase-client/src/main/java/org/apache/hadoop/hbase/security/AbstractHBaseSaslRpcClient.java

wchevreuil · 2019-11-28T16:05:17Z

hbase-client/src/main/java/org/apache/hadoop/hbase/security/AbstractHBaseSaslRpcClient.java

-        throw new IOException("Unknown authentication method " + method);
-    }
+
+    saslClient = provider.createClient(conf, serverPrincipal, token, fallbackAllowed, saslProps);


This is great, much simpler, but do we still need a server principal along here? Couldn't that be something the kerberos provider defines internally, and sets accordingly on its created client?

I agree with your line of thinking, but struggle to suggest a better way to do it. Right now, the client authentication provider will be used to create a new SaslClient every time we try to RPC to a remote service. That might be the Master, RS, Thrift server (or anything else in SecurityInfo).

We could push the SecurityInfo from RpcConnection down into the AuthenticationProvider -- maybe that's cleaner than the Kerberos principal itself? If we have the SecurityInfo, we could re-compute the kerberos name just inside the authnprovider where we need it to create teh SaslClient.

Let me try.

wchevreuil · 2019-11-28T16:20:23Z

...java/org/apache/hadoop/hbase/security/provider/AbstractSaslClientAuthenticationProvider.java

+ */
+@InterfaceAudience.LimitedPrivate(HBaseInterfaceAudience.AUTHENTICATION)
+@InterfaceStability.Evolving
+public abstract class AbstractSaslClientAuthenticationProvider implements SaslClientAuthenticationProvider {


Do we really need an extra layer of inheritance here, or could we just have the interface with default implementations?

hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java

...c/main/java/org/apache/hadoop/hbase/security/provider/SaslServerAuthenticationProviders.java

saintstack

Reviewed bottom half only.

Nice write-up for reviewers. Helped.

How will compat be managed? You have a use-case?

hbase-server/src/test/resources/log4j.properties

...st/java/org/apache/hadoop/hbase/security/provider/TestSaslServerAuthenticationProviders.java

...est/java/org/apache/hadoop/hbase/security/provider/TestCustomSaslAuthenticationProvider.java

...META-INF/services/org.apache.hadoop.hbase.security.provider.SaslServerAuthenticationProvider

...n/java/org/apache/hadoop/hbase/security/provider/SimpleSaslServerAuthenticationProvider.java

...main/java/org/apache/hadoop/hbase/security/provider/GssSaslServerAuthenticationProvider.java

Apache-HBase · 2019-12-03T22:47:30Z

💔 -1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	0m 36s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 1s	No case conflicting files found.
+0 🆗	markdownlint	0m 1s	markdownlint was not available.
+1 💚	hbaseanti	0m 0s	Patch does not have any anti-patterns.
+1 💚	@author	0m 0s	The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s	The patch appears to include 6 new or modified test files.
		_ master Compile Tests _
+0 🆗	mvndep	0m 35s	Maven dependency ordering for branch
+1 💚	mvninstall	5m 30s	master passed
+1 💚	compile	3m 4s	master passed
+1 💚	checkstyle	2m 38s	master passed
+1 💚	shadedjars	4m 47s	branch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	4m 21s	master passed
+0 🆗	spotbugs	3m 52s	Used deprecated FindBugs config; considering switching to SpotBugs.
+1 💚	findbugs	20m 56s	master passed
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 15s	Maven dependency ordering for patch
+1 💚	mvninstall	4m 58s	the patch passed
+1 💚	compile	3m 3s	the patch passed
+1 💚	javac	3m 3s	the patch passed
-1 ❌	checkstyle	2m 32s	root: The patch generated 71 new + 49 unchanged - 12 fixed = 120 total (was 61)
-1 ❌	whitespace	0m 0s	The patch has 9 line(s) that end in whitespace. Use git apply --whitespace=fix <<patch_file>>. Refer https://git-scm.com/docs/git-apply
-1 ❌	shadedjars	0m 12s	patch has 7 errors when building our shaded downstream artifacts.
+1 💚	hadoopcheck	15m 40s	Patch does not cause any errors with Hadoop 2.8.5 2.9.2 or 3.1.2.
-1 ❌	javadoc	0m 24s	hbase-client generated 4 new + 2 unchanged - 0 fixed = 6 total (was 2)
-1 ❌	javadoc	2m 48s	root generated 4 new + 3 unchanged - 0 fixed = 7 total (was 3)
-1 ❌	findbugs	4m 16s	hbase-server generated 1 new + 0 unchanged - 0 fixed = 1 total (was 0)
-1 ❌	findbugs	13m 39s	root generated 1 new + 0 unchanged - 0 fixed = 1 total (was 0)
		_ Other Tests _
-1 ❌	unit	10m 23s	root in the patch failed.
-1 ❌	asflicense	0m 58s	The patch generated 4 ASF License warnings.
		112m 4s

Reason	Tests
FindBugs	module:hbase-server
	Should org.apache.hadoop.hbase.security.provider.DigestSaslServerAuthenticationProvider$SaslDigestCallbackHandler be a static inner class? At DigestSaslServerAuthenticationProvider.java:inner class? At DigestSaslServerAuthenticationProvider.java:[lines 66-119]
FindBugs	module:root
	Should org.apache.hadoop.hbase.security.provider.DigestSaslServerAuthenticationProvider$SaslDigestCallbackHandler be a static inner class? At DigestSaslServerAuthenticationProvider.java:inner class? At DigestSaslServerAuthenticationProvider.java:[lines 66-119]
Failed junit tests	hadoop.hbase.security.provider.TestSaslClientAuthenticationProviders

Subsystem	Report/Notes
Docker	Client=19.03.5 Server=19.03.5 base: https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/2/artifact/out/Dockerfile
GITHUB PR	#884
Optional Tests	dupname asflicense markdownlint javac javadoc unit spotbugs findbugs shadedjars hadoopcheck hbaseanti checkstyle compile
uname	Linux 25a259dae9fa 4.15.0-60-generic #67-Ubuntu SMP Thu Aug 22 16:55:30 UTC 2019 x86_64 GNU/Linux
Build tool	maven
Personality	/home/jenkins/jenkins-slave/workspace/HBase-PreCommit-GitHub-PR_PR-884/out/precommit/personality/provided.sh
git revision	master / `0f166ed`
Default Java	1.8.0_181
checkstyle	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/2/artifact/out/diff-checkstyle-root.txt
whitespace	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/2/artifact/out/whitespace-eol.txt
shadedjars	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/2/artifact/out/patch-shadedjars.txt
javadoc	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/2/artifact/out/diff-javadoc-javadoc-hbase-client.txt
javadoc	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/2/artifact/out/diff-javadoc-javadoc-root.txt
findbugs	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/2/artifact/out/new-findbugs-hbase-server.html
findbugs	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/2/artifact/out/new-findbugs-root.html
unit	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/2/artifact/out/patch-unit-root.txt
Test Results	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/2/testReport/
asflicense	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/2/artifact/out/patch-asflicense-problems.txt
Max. process+thread count	313 (vs. ulimit of 10000)
modules	C: hbase-common hbase-client hbase-server . U: .
Console output	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/2/console
versions	git=2.11.0 maven=2018-06-17T18:33:14Z) findbugs=3.1.11
Powered by	Apache Yetus 0.11.1 https://yetus.apache.org

This message was automatically generated.

joshelser · 2019-12-03T23:26:32Z

Slowly working through review comments. Keep 'em coming.

joshelser · 2019-12-04T17:51:59Z

Client fallback

It looks like we had copied an idea from Hadoop where the client which was configured to auth'n over Kerberos, could fall back to trying to authenticate via SIMPLE. This seems silly to me and is off by default. I see one instance of someone poking at this https://issues.apache.org/jira/browse/HBASE-20993 but I'm missing the "why". I can't think of a reason that we would want to encourage this (not using the correct configuration to talk to HBase).

Am I missing a use-case?

How will compat be managed?

Great question. I specifically avoided being prescriptive as to how compatibility should be maintained within some AuthenticationProvider. We have a couple ways that compatibility rears its head.

RPC client/server <-> AuthenticationProvider interface

I think this shouldn't be too bad to maintain since the interfaces are presently not tied to any RPC-related classes. Meaning, the RPC impl can do whatever processing it needs to do and just needs to extract the info to make the calls into the AuthProvider methods.

ClientAuthnProvider v1 to ServerAuthnProvider v2 (etc)

Clearly, each client/server AuthenticationProvider impl needs to have compatibility across versions to ensure that clients can continue to authenticate properly. I specifically avoided being prescriptive as to how implementations should account for this. The current interfaces don't leave much to "extrapolate" in the current interface -- I don't see much being able to change on the surface.

Presently, I've only done stuff with Auth'nProviders which still rely on Hadoop Tokens. In theory, we could set up TLS in some other way, but that's a can of worms I didn't want to open. The other related piece here is that the LimitedPrivate annotation I marked this code with comes with a "you bet your butt it's gonna evolve" message. I think we have a good start, but expect that there's a world of other kinds of auth'n where these interfaces fall short (but I just don't know enough to plan for them all).

You have a use-case?

Wellington and I have been playing around with an implementation where we hook up HBase to Linux PAM. Client creates a new Token (ala TokenUtil) in which they put in their username/password, this is sent across the wire to the Master/RegionServer who asks PAM if the credentials are valid, allowing/disallowing the RPC per PAM's reply. This has been pretty slick in practice -- suddenly, HBase has username/password auth'n and we aren't in the business of storing/managing those passwords.

The problem with this approach is that we have to handle a plaintext password going over HBase RPC. Best as I know, the RPC encryption we get from SASL only comes with the GSSAPI mechanism, not as a function of any SASL mechanism. PAM is (usually for real installations) going against some corporate auth'n database (e.g. active directory), and not just the local password db on each host. When we scale up&out, there's also going to be a worry about how well the backend auth'n database works (and is that going to kill HBase perf).

So, it's a win to me, but it does bring some baggage with it. Hope that helps.

Apache-HBase · 2019-12-04T19:19:30Z

💔 -1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	0m 37s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 0s	No case conflicting files found.
+0 🆗	markdownlint	0m 0s	markdownlint was not available.
+1 💚	hbaseanti	0m 0s	Patch does not have any anti-patterns.
+1 💚	@author	0m 0s	The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s	The patch appears to include 6 new or modified test files.
		_ master Compile Tests _
+0 🆗	mvndep	0m 35s	Maven dependency ordering for branch
+1 💚	mvninstall	5m 19s	master passed
+1 💚	compile	1m 55s	master passed
+1 💚	checkstyle	2m 13s	master passed
+1 💚	shadedjars	4m 42s	branch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	1m 23s	master passed
+0 🆗	spotbugs	4m 29s	Used deprecated FindBugs config; considering switching to SpotBugs.
+1 💚	findbugs	6m 25s	master passed
-0 ⚠️	patch	4m 51s	Used diff version of patch file. Binary files and potentially other changes not applied. Please rebase and squash commits if necessary.
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 15s	Maven dependency ordering for patch
+1 💚	mvninstall	5m 2s	the patch passed
+1 💚	compile	1m 48s	the patch passed
+1 💚	javac	1m 48s	the patch passed
-1 ❌	checkstyle	0m 32s	hbase-client: The patch generated 4 new + 22 unchanged - 10 fixed = 26 total (was 32)
-1 ❌	checkstyle	1m 18s	hbase-server: The patch generated 1 new + 26 unchanged - 3 fixed = 27 total (was 29)
+1 💚	whitespace	0m 0s	The patch has no whitespace issues.
-1 ❌	shadedjars	0m 13s	patch has 7 errors when building our shaded downstream artifacts.
+1 💚	hadoopcheck	15m 52s	Patch does not cause any errors with Hadoop 2.8.5 2.9.2 or 3.1.2.
+1 💚	javadoc	1m 27s	the patch passed
+1 💚	findbugs	6m 31s	the patch passed
		_ Other Tests _
+1 💚	unit	3m 11s	hbase-common in the patch passed.
+1 💚	unit	1m 56s	hbase-client in the patch passed.
-1 ❌	unit	49m 3s	hbase-server in the patch failed.
+1 💚	asflicense	0m 52s	The patch does not generate ASF License warnings.
		119m 3s

Reason	Tests
Failed junit tests	hadoop.hbase.security.access.TestUnloadAccessController
	hadoop.hbase.client.TestAsyncAccessControlAdminApi
	hadoop.hbase.quotas.TestSpaceQuotaOnNonExistingTables
	hadoop.hbase.ipc.TestNettyIPC
	hadoop.hbase.ipc.TestRpcHandlerException
	hadoop.hbase.client.TestMultiActionMetricsFromClient
	hadoop.hbase.TestClientClusterMetrics
	hadoop.hbase.ipc.TestBlockingIPC

Subsystem	Report/Notes
Docker	Client=19.03.5 Server=19.03.5 base: https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/3/artifact/out/Dockerfile
GITHUB PR	#884
Optional Tests	dupname asflicense markdownlint javac javadoc unit spotbugs findbugs shadedjars hadoopcheck hbaseanti checkstyle compile
uname	Linux 3b9b4c9b87d4 4.15.0-60-generic #67-Ubuntu SMP Thu Aug 22 16:55:30 UTC 2019 x86_64 GNU/Linux
Build tool	maven
Personality	/home/jenkins/jenkins-slave/workspace/HBase-PreCommit-GitHub-PR_PR-884/out/precommit/personality/provided.sh
git revision	master / `5e34a59`
Default Java	1.8.0_181
checkstyle	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/3/artifact/out/diff-checkstyle-hbase-client.txt
checkstyle	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/3/artifact/out/diff-checkstyle-hbase-server.txt
shadedjars	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/3/artifact/out/patch-shadedjars.txt
unit	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/3/artifact/out/patch-unit-hbase-server.txt
Test Results	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/3/testReport/
Max. process+thread count	716 (vs. ulimit of 10000)
modules	C: hbase-common hbase-client hbase-server U: .
Console output	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/3/console
versions	git=2.11.0 maven=2018-06-17T18:33:14Z) findbugs=3.1.11
Powered by	Apache Yetus 0.11.1 https://yetus.apache.org

This message was automatically generated.

Apache-HBase · 2019-12-04T22:02:21Z

💔 -1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	0m 34s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 1s	No case conflicting files found.
+0 🆗	markdownlint	0m 1s	markdownlint was not available.
+1 💚	hbaseanti	0m 0s	Patch does not have any anti-patterns.
+1 💚	@author	0m 0s	The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s	The patch appears to include 6 new or modified test files.
		_ master Compile Tests _
+0 🆗	mvndep	0m 37s	Maven dependency ordering for branch
+1 💚	mvninstall	5m 21s	master passed
+1 💚	compile	1m 47s	master passed
+1 💚	checkstyle	2m 20s	master passed
+1 💚	shadedjars	4m 40s	branch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	1m 23s	master passed
+0 🆗	spotbugs	4m 10s	Used deprecated FindBugs config; considering switching to SpotBugs.
+1 💚	findbugs	6m 0s	master passed
-0 ⚠️	patch	4m 34s	Used diff version of patch file. Binary files and potentially other changes not applied. Please rebase and squash commits if necessary.
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 15s	Maven dependency ordering for patch
+1 💚	mvninstall	4m 58s	the patch passed
+1 💚	compile	1m 46s	the patch passed
+1 💚	javac	1m 46s	the patch passed
+1 💚	checkstyle	0m 26s	The patch passed checkstyle in hbase-common
+1 💚	checkstyle	0m 32s	hbase-client: The patch generated 0 new + 22 unchanged - 10 fixed = 22 total (was 32)
+1 💚	checkstyle	1m 18s	hbase-server: The patch generated 0 new + 26 unchanged - 3 fixed = 26 total (was 29)
+1 💚	whitespace	0m 1s	The patch has no whitespace issues.
+1 💚	shadedjars	4m 34s	patch has no errors when building our shaded downstream artifacts.
+1 💚	hadoopcheck	15m 39s	Patch does not cause any errors with Hadoop 2.8.5 2.9.2 or 3.1.2.
+1 💚	javadoc	1m 21s	the patch passed
+1 💚	findbugs	6m 28s	the patch passed
		_ Other Tests _
+1 💚	unit	3m 9s	hbase-common in the patch passed.
+1 💚	unit	1m 54s	hbase-client in the patch passed.
-1 ❌	unit	49m 6s	hbase-server in the patch failed.
+1 💚	asflicense	0m 51s	The patch does not generate ASF License warnings.
		121m 59s

Reason	Tests
Failed junit tests	hadoop.hbase.security.access.TestUnloadAccessController
	hadoop.hbase.quotas.TestSpaceQuotaOnNonExistingTables
	hadoop.hbase.ipc.TestNettyIPC
	hadoop.hbase.client.TestMultiActionMetricsFromClient
	hadoop.hbase.ipc.TestRpcHandlerException
	hadoop.hbase.TestClientClusterMetrics
	hadoop.hbase.client.TestAsyncAccessControlAdminApi
	hadoop.hbase.ipc.TestBlockingIPC

Subsystem	Report/Notes
Docker	Client=19.03.5 Server=19.03.5 base: https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/4/artifact/out/Dockerfile
GITHUB PR	#884
Optional Tests	dupname asflicense markdownlint javac javadoc unit spotbugs findbugs shadedjars hadoopcheck hbaseanti checkstyle compile
uname	Linux cd7051bad42a 4.15.0-60-generic #67-Ubuntu SMP Thu Aug 22 16:55:30 UTC 2019 x86_64 GNU/Linux
Build tool	maven
Personality	/home/jenkins/jenkins-slave/workspace/HBase-PreCommit-GitHub-PR_PR-884/out/precommit/personality/provided.sh
git revision	master / `5e34a59`
Default Java	1.8.0_181
unit	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/4/artifact/out/patch-unit-hbase-server.txt
Test Results	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/4/testReport/
Max. process+thread count	746 (vs. ulimit of 10000)
modules	C: hbase-common hbase-client hbase-server U: .
Console output	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/4/console
versions	git=2.11.0 maven=2018-06-17T18:33:14Z) findbugs=3.1.11
Powered by	Apache Yetus 0.11.1 https://yetus.apache.org

This message was automatically generated.

Apache-HBase · 2019-12-05T20:54:34Z

💔 -1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	0m 35s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 0s	No case conflicting files found.
+0 🆗	markdownlint	0m 0s	markdownlint was not available.
+1 💚	hbaseanti	0m 0s	Patch does not have any anti-patterns.
+1 💚	@author	0m 1s	The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s	The patch appears to include 6 new or modified test files.
		_ master Compile Tests _
+0 🆗	mvndep	0m 36s	Maven dependency ordering for branch
+1 💚	mvninstall	5m 19s	master passed
+1 💚	compile	1m 49s	master passed
+1 💚	checkstyle	2m 19s	master passed
+1 💚	shadedjars	4m 35s	branch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	1m 23s	master passed
+0 🆗	spotbugs	4m 13s	Used deprecated FindBugs config; considering switching to SpotBugs.
+1 💚	findbugs	6m 2s	master passed
-0 ⚠️	patch	4m 36s	Used diff version of patch file. Binary files and potentially other changes not applied. Please rebase and squash commits if necessary.
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 15s	Maven dependency ordering for patch
+1 💚	mvninstall	4m 54s	the patch passed
+1 💚	compile	1m 48s	the patch passed
+1 💚	javac	1m 48s	the patch passed
+1 💚	checkstyle	0m 27s	The patch passed checkstyle in hbase-common
-1 ❌	checkstyle	0m 32s	hbase-client: The patch generated 1 new + 22 unchanged - 10 fixed = 23 total (was 32)
+1 💚	checkstyle	1m 19s	hbase-server: The patch generated 0 new + 26 unchanged - 3 fixed = 26 total (was 29)
+1 💚	whitespace	0m 0s	The patch has no whitespace issues.
+1 💚	xml	0m 2s	The patch has no ill-formed XML file.
+1 💚	shadedjars	4m 49s	patch has no errors when building our shaded downstream artifacts.
+1 💚	hadoopcheck	16m 33s	Patch does not cause any errors with Hadoop 2.8.5 2.9.2 or 3.1.2.
-1 ❌	javadoc	0m 22s	hbase-client generated 2 new + 2 unchanged - 0 fixed = 4 total (was 2)
+1 💚	findbugs	6m 47s	the patch passed
		_ Other Tests _
+1 💚	unit	3m 9s	hbase-common in the patch passed.
+1 💚	unit	1m 56s	hbase-client in the patch passed.
+1 💚	unit	166m 35s	hbase-server in the patch passed.
+1 💚	asflicense	1m 26s	The patch does not generate ASF License warnings.
		241m 39s

Subsystem	Report/Notes
Docker	Client=19.03.5 Server=19.03.5 base: https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/5/artifact/out/Dockerfile
GITHUB PR	#884
Optional Tests	dupname asflicense markdownlint javac javadoc unit spotbugs findbugs shadedjars hadoopcheck hbaseanti checkstyle compile xml
uname	Linux b382b4d045fa 4.15.0-60-generic #67-Ubuntu SMP Thu Aug 22 16:55:30 UTC 2019 x86_64 GNU/Linux
Build tool	maven
Personality	/home/jenkins/jenkins-slave/workspace/HBase-PreCommit-GitHub-PR_PR-884/out/precommit/personality/provided.sh
git revision	master / `6d251ef`
Default Java	1.8.0_181
checkstyle	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/5/artifact/out/diff-checkstyle-hbase-client.txt
javadoc	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/5/artifact/out/diff-javadoc-javadoc-hbase-client.txt
Test Results	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/5/testReport/
Max. process+thread count	4833 (vs. ulimit of 10000)
modules	C: hbase-common hbase-client hbase-server U: .
Console output	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/5/console
versions	git=2.11.0 maven=2018-06-17T18:33:14Z) findbugs=3.1.11
Powered by	Apache Yetus 0.11.1 https://yetus.apache.org

This message was automatically generated.

Apache-HBase · 2019-12-06T01:15:40Z

💔 -1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	0m 32s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 0s	No case conflicting files found.
+0 🆗	markdownlint	0m 0s	markdownlint was not available.
+1 💚	hbaseanti	0m 0s	Patch does not have any anti-patterns.
+1 💚	@author	0m 0s	The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s	The patch appears to include 6 new or modified test files.
		_ master Compile Tests _
+0 🆗	mvndep	0m 37s	Maven dependency ordering for branch
+1 💚	mvninstall	5m 43s	master passed
+1 💚	compile	1m 44s	master passed
+1 💚	checkstyle	2m 28s	master passed
+1 💚	shadedjars	4m 58s	branch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	1m 17s	master passed
+0 🆗	spotbugs	4m 27s	Used deprecated FindBugs config; considering switching to SpotBugs.
+1 💚	findbugs	6m 18s	master passed
-0 ⚠️	patch	4m 47s	Used diff version of patch file. Binary files and potentially other changes not applied. Please rebase and squash commits if necessary.
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 14s	Maven dependency ordering for patch
+1 💚	mvninstall	5m 26s	the patch passed
+1 💚	compile	1m 46s	the patch passed
+1 💚	javac	1m 46s	the patch passed
+1 💚	checkstyle	0m 25s	The patch passed checkstyle in hbase-common
-1 ❌	checkstyle	0m 32s	hbase-client: The patch generated 1 new + 22 unchanged - 10 fixed = 23 total (was 32)
+1 💚	checkstyle	1m 28s	hbase-server: The patch generated 0 new + 26 unchanged - 3 fixed = 26 total (was 29)
+1 💚	whitespace	0m 0s	The patch has no whitespace issues.
+1 💚	xml	0m 1s	The patch has no ill-formed XML file.
+1 💚	shadedjars	4m 59s	patch has no errors when building our shaded downstream artifacts.
+1 💚	hadoopcheck	17m 6s	Patch does not cause any errors with Hadoop 2.8.5 2.9.2 or 3.1.2.
-1 ❌	javadoc	0m 21s	hbase-client generated 2 new + 2 unchanged - 0 fixed = 4 total (was 2)
+1 💚	findbugs	6m 56s	the patch passed
		_ Other Tests _
+1 💚	unit	2m 57s	hbase-common in the patch passed.
+1 💚	unit	1m 50s	hbase-client in the patch passed.
-1 ❌	unit	156m 30s	hbase-server in the patch failed.
+1 💚	asflicense	1m 13s	The patch does not generate ASF License warnings.
		233m 37s

Reason	Tests
Failed junit tests	hadoop.hbase.master.procedure.TestMasterFailoverWithProcedures

Subsystem	Report/Notes
Docker	Client=19.03.4 Server=19.03.4 base: https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/6/artifact/out/Dockerfile
GITHUB PR	#884
Optional Tests	dupname asflicense markdownlint javac javadoc unit spotbugs findbugs shadedjars hadoopcheck hbaseanti checkstyle compile xml
uname	Linux 5c95dd1d06db 4.15.0-70-generic #79-Ubuntu SMP Tue Nov 12 10:36:11 UTC 2019 x86_64 GNU/Linux
Build tool	maven
Personality	/home/jenkins/jenkins-slave/workspace/HBase-PreCommit-GitHub-PR_PR-884/out/precommit/personality/provided.sh
git revision	master / `6d251ef`
Default Java	1.8.0_181
checkstyle	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/6/artifact/out/diff-checkstyle-hbase-client.txt
javadoc	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/6/artifact/out/diff-javadoc-javadoc-hbase-client.txt
unit	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/6/artifact/out/patch-unit-hbase-server.txt
Test Results	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/6/testReport/
Max. process+thread count	4427 (vs. ulimit of 10000)
modules	C: hbase-common hbase-client hbase-server U: .
Console output	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/6/console
versions	git=2.11.0 maven=2018-06-17T18:33:14Z) findbugs=3.1.11
Powered by	Apache Yetus 0.11.1 https://yetus.apache.org

This message was automatically generated.

Apache-HBase · 2019-12-06T05:39:32Z

💔 -1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	1m 56s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 0s	No case conflicting files found.
+0 🆗	markdownlint	0m 0s	markdownlint was not available.
+1 💚	hbaseanti	0m 0s	Patch does not have any anti-patterns.
+1 💚	@author	0m 0s	The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s	The patch appears to include 6 new or modified test files.
		_ master Compile Tests _
+0 🆗	mvndep	0m 35s	Maven dependency ordering for branch
+1 💚	mvninstall	5m 37s	master passed
+1 💚	compile	1m 50s	master passed
+1 💚	checkstyle	2m 16s	master passed
+1 💚	shadedjars	4m 36s	branch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	1m 21s	master passed
+0 🆗	spotbugs	4m 9s	Used deprecated FindBugs config; considering switching to SpotBugs.
+1 💚	findbugs	5m 58s	master passed
-0 ⚠️	patch	4m 32s	Used diff version of patch file. Binary files and potentially other changes not applied. Please rebase and squash commits if necessary.
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 16s	Maven dependency ordering for patch
+1 💚	mvninstall	5m 1s	the patch passed
+1 💚	compile	1m 59s	the patch passed
+1 💚	javac	1m 59s	the patch passed
+1 💚	checkstyle	0m 29s	The patch passed checkstyle in hbase-common
-1 ❌	checkstyle	0m 34s	hbase-client: The patch generated 1 new + 22 unchanged - 10 fixed = 23 total (was 32)
+1 💚	checkstyle	1m 21s	hbase-server: The patch generated 0 new + 26 unchanged - 3 fixed = 26 total (was 29)
-1 ❌	whitespace	0m 0s	The patch has 1 line(s) that end in whitespace. Use git apply --whitespace=fix <<patch_file>>. Refer https://git-scm.com/docs/git-apply
+1 💚	xml	0m 2s	The patch has no ill-formed XML file.
+1 💚	shadedjars	4m 41s	patch has no errors when building our shaded downstream artifacts.
+1 💚	hadoopcheck	16m 8s	Patch does not cause any errors with Hadoop 2.8.5 2.9.2 or 3.1.2.
+1 💚	javadoc	1m 22s	the patch passed
+1 💚	findbugs	6m 34s	the patch passed
		_ Other Tests _
+1 💚	unit	3m 10s	hbase-common in the patch passed.
+1 💚	unit	1m 57s	hbase-client in the patch passed.
+1 💚	unit	147m 31s	hbase-server in the patch passed.
+1 💚	asflicense	1m 39s	The patch does not generate ASF License warnings.
		224m 13s

Subsystem	Report/Notes
Docker	Client=19.03.5 Server=19.03.5 base: https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/7/artifact/out/Dockerfile
GITHUB PR	#884
Optional Tests	dupname asflicense markdownlint javac javadoc unit spotbugs findbugs shadedjars hadoopcheck hbaseanti checkstyle compile xml
uname	Linux 08ada1d62fcd 4.15.0-60-generic #67-Ubuntu SMP Thu Aug 22 16:55:30 UTC 2019 x86_64 GNU/Linux
Build tool	maven
Personality	/home/jenkins/jenkins-slave/workspace/HBase-PreCommit-GitHub-PR_PR-884/out/precommit/personality/provided.sh
git revision	master / `6d251ef`
Default Java	1.8.0_181
checkstyle	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/7/artifact/out/diff-checkstyle-hbase-client.txt
whitespace	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/7/artifact/out/whitespace-eol.txt
Test Results	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/7/testReport/
Max. process+thread count	4434 (vs. ulimit of 10000)
modules	C: hbase-common hbase-client hbase-server U: .
Console output	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/7/console
versions	git=2.11.0 maven=2018-06-17T18:33:14Z) findbugs=3.1.11
Powered by	Apache Yetus 0.11.1 https://yetus.apache.org

This message was automatically generated.

wchevreuil

LGTM. Just have some small remarks, not something that should prevent this from getting through.

dev-support/design-docs/HBASE-23347-pluggable-authentication.md

...-client/src/main/java/org/apache/hadoop/hbase/security/provider/DefaultProviderSelector.java

hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java

joshelser · 2019-12-06T21:14:17Z

270f5ba makes the parsing on DefaultProviderSelector a bit more stringent
c07ae33 breaks apart the SaslAuthenticationProvider interface(s)

Apache-HBase · 2019-12-07T00:13:54Z

💔 -1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	2m 31s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 1s	No case conflicting files found.
+0 🆗	markdownlint	0m 1s	markdownlint was not available.
+1 💚	hbaseanti	0m 0s	Patch does not have any anti-patterns.
+1 💚	@author	0m 0s	The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s	The patch appears to include 7 new or modified test files.
		_ master Compile Tests _
+0 🆗	mvndep	0m 41s	Maven dependency ordering for branch
+1 💚	mvninstall	7m 8s	master passed
+1 💚	compile	2m 1s	master passed
+1 💚	checkstyle	2m 38s	master passed
+1 💚	shadedjars	5m 38s	branch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	1m 32s	master passed
+0 🆗	spotbugs	4m 51s	Used deprecated FindBugs config; considering switching to SpotBugs.
+1 💚	findbugs	6m 58s	master passed
-0 ⚠️	patch	5m 13s	Used diff version of patch file. Binary files and potentially other changes not applied. Please rebase and squash commits if necessary.
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 15s	Maven dependency ordering for patch
+1 💚	mvninstall	6m 8s	the patch passed
+1 💚	compile	2m 1s	the patch passed
+1 💚	javac	2m 1s	the patch passed
+1 💚	checkstyle	0m 29s	The patch passed checkstyle in hbase-common
-1 ❌	checkstyle	0m 36s	hbase-client: The patch generated 1 new + 22 unchanged - 10 fixed = 23 total (was 32)
+1 💚	checkstyle	1m 34s	hbase-server: The patch generated 0 new + 26 unchanged - 3 fixed = 26 total (was 29)
-1 ❌	whitespace	0m 0s	The patch has 2 line(s) that end in whitespace. Use git apply --whitespace=fix <<patch_file>>. Refer https://git-scm.com/docs/git-apply
+1 💚	xml	0m 1s	The patch has no ill-formed XML file.
-1 ❌	shadedjars	2m 57s	patch has 10 errors when building our shaded downstream artifacts.
+1 💚	hadoopcheck	19m 37s	Patch does not cause any errors with Hadoop 2.8.5 2.9.2 or 3.1.2.
+1 💚	javadoc	1m 34s	the patch passed
-1 ❌	findbugs	1m 31s	hbase-client generated 4 new + 0 unchanged - 0 fixed = 4 total (was 0)
		_ Other Tests _
+1 💚	unit	3m 24s	hbase-common in the patch passed.
+1 💚	unit	2m 6s	hbase-client in the patch passed.
-1 ❌	unit	260m 38s	hbase-server in the patch failed.
-1 ❌	asflicense	1m 40s	The patch generated 1 ASF License warnings.
		348m 13s

Reason	Tests
FindBugs	module:hbase-client
	Inconsistent synchronization of org.apache.hadoop.hbase.security.provider.DefaultProviderSelector.conf; locked 66% of time Unsynchronized access at DefaultProviderSelector.java:66% of time Unsynchronized access at DefaultProviderSelector.java:[line 86]
	Inconsistent synchronization of org.apache.hadoop.hbase.security.provider.DefaultProviderSelector.digestAuth; locked 60% of time Unsynchronized access at DefaultProviderSelector.java:60% of time Unsynchronized access at DefaultProviderSelector.java:[line 96]
	Inconsistent synchronization of org.apache.hadoop.hbase.security.provider.DefaultProviderSelector.krbAuth; locked 75% of time Unsynchronized access at DefaultProviderSelector.java:75% of time Unsynchronized access at DefaultProviderSelector.java:[line 102]
	Inconsistent synchronization of org.apache.hadoop.hbase.security.provider.DefaultProviderSelector.simpleAuth; locked 75% of time Unsynchronized access at DefaultProviderSelector.java:75% of time Unsynchronized access at DefaultProviderSelector.java:[line 87]

Subsystem	Report/Notes
Docker	Client=19.03.5 Server=19.03.5 base: https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/8/artifact/out/Dockerfile
GITHUB PR	#884
Optional Tests	dupname asflicense markdownlint javac javadoc unit spotbugs findbugs shadedjars hadoopcheck hbaseanti checkstyle compile xml
uname	Linux bc5673d3157d 4.15.0-65-generic #74-Ubuntu SMP Tue Sep 17 17:06:04 UTC 2019 x86_64 GNU/Linux
Build tool	maven
Personality	/home/jenkins/jenkins-slave/workspace/HBase-PreCommit-GitHub-PR_PR-884/out/precommit/personality/provided.sh
git revision	master / `9c82a65`
Default Java	1.8.0_181
checkstyle	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/8/artifact/out/diff-checkstyle-hbase-client.txt
whitespace	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/8/artifact/out/whitespace-eol.txt
shadedjars	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/8/artifact/out/patch-shadedjars.txt
findbugs	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/8/artifact/out/new-findbugs-hbase-client.html
unit	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/8/artifact/out/patch-unit-hbase-server.txt
Test Results	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/8/testReport/
asflicense	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/8/artifact/out/patch-asflicense-problems.txt
Max. process+thread count	4676 (vs. ulimit of 10000)
modules	C: hbase-common hbase-client hbase-server U: .
Console output	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/8/console
versions	git=2.11.0 maven=2018-06-17T18:33:14Z) findbugs=3.1.11
Powered by	Apache Yetus 0.11.1 https://yetus.apache.org

This message was automatically generated.

Apache-HBase · 2019-12-07T04:00:12Z

💔 -1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	0m 34s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 1s	No case conflicting files found.
+0 🆗	markdownlint	0m 1s	markdownlint was not available.
+1 💚	hbaseanti	0m 0s	Patch does not have any anti-patterns.
+1 💚	@author	0m 0s	The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s	The patch appears to include 7 new or modified test files.
		_ master Compile Tests _
+0 🆗	mvndep	0m 37s	Maven dependency ordering for branch
+1 💚	mvninstall	5m 14s	master passed
+1 💚	compile	1m 49s	master passed
+1 💚	checkstyle	2m 14s	master passed
+1 💚	shadedjars	4m 40s	branch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	1m 23s	master passed
+0 🆗	spotbugs	4m 29s	Used deprecated FindBugs config; considering switching to SpotBugs.
+1 💚	findbugs	6m 24s	master passed
-0 ⚠️	patch	4m 52s	Used diff version of patch file. Binary files and potentially other changes not applied. Please rebase and squash commits if necessary.
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 15s	Maven dependency ordering for patch
+1 💚	mvninstall	5m 2s	the patch passed
+1 💚	compile	1m 46s	the patch passed
+1 💚	javac	1m 46s	the patch passed
+1 💚	checkstyle	0m 26s	The patch passed checkstyle in hbase-common
+1 💚	checkstyle	0m 31s	hbase-client: The patch generated 0 new + 22 unchanged - 10 fixed = 22 total (was 32)
+1 💚	checkstyle	1m 18s	hbase-server: The patch generated 0 new + 26 unchanged - 3 fixed = 26 total (was 29)
-1 ❌	whitespace	0m 0s	The patch has 2 line(s) that end in whitespace. Use git apply --whitespace=fix <<patch_file>>. Refer https://git-scm.com/docs/git-apply
+1 💚	xml	0m 1s	The patch has no ill-formed XML file.
-1 ❌	shadedjars	2m 30s	patch has 10 errors when building our shaded downstream artifacts.
+1 💚	hadoopcheck	15m 56s	Patch does not cause any errors with Hadoop 2.8.5 2.9.2 or 3.1.2.
+1 💚	javadoc	1m 23s	the patch passed
-1 ❌	findbugs	1m 17s	hbase-client generated 4 new + 0 unchanged - 0 fixed = 4 total (was 0)
		_ Other Tests _
+1 💚	unit	3m 7s	hbase-common in the patch passed.
+1 💚	unit	1m 55s	hbase-client in the patch passed.
+1 💚	unit	152m 31s	hbase-server in the patch passed.
-1 ❌	asflicense	1m 26s	The patch generated 1 ASF License warnings.
		225m 2s

Reason	Tests
FindBugs	module:hbase-client
	Inconsistent synchronization of org.apache.hadoop.hbase.security.provider.DefaultProviderSelector.conf; locked 66% of time Unsynchronized access at DefaultProviderSelector.java:66% of time Unsynchronized access at DefaultProviderSelector.java:[line 86]
	Inconsistent synchronization of org.apache.hadoop.hbase.security.provider.DefaultProviderSelector.digestAuth; locked 60% of time Unsynchronized access at DefaultProviderSelector.java:60% of time Unsynchronized access at DefaultProviderSelector.java:[line 96]
	Inconsistent synchronization of org.apache.hadoop.hbase.security.provider.DefaultProviderSelector.krbAuth; locked 75% of time Unsynchronized access at DefaultProviderSelector.java:75% of time Unsynchronized access at DefaultProviderSelector.java:[line 102]
	Inconsistent synchronization of org.apache.hadoop.hbase.security.provider.DefaultProviderSelector.simpleAuth; locked 75% of time Unsynchronized access at DefaultProviderSelector.java:75% of time Unsynchronized access at DefaultProviderSelector.java:[line 87]

Subsystem	Report/Notes
Docker	Client=19.03.5 Server=19.03.5 base: https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/9/artifact/out/Dockerfile
GITHUB PR	#884
Optional Tests	dupname asflicense markdownlint javac javadoc unit spotbugs findbugs shadedjars hadoopcheck hbaseanti checkstyle compile xml
uname	Linux fa75fc3bc3af 4.15.0-60-generic #67-Ubuntu SMP Thu Aug 22 16:55:30 UTC 2019 x86_64 GNU/Linux
Build tool	maven
Personality	/home/jenkins/jenkins-slave/workspace/HBase-PreCommit-GitHub-PR_PR-884/out/precommit/personality/provided.sh
git revision	master / `60d9430`
Default Java	1.8.0_181
whitespace	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/9/artifact/out/whitespace-eol.txt
shadedjars	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/9/artifact/out/patch-shadedjars.txt
findbugs	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/9/artifact/out/new-findbugs-hbase-client.html
Test Results	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/9/testReport/
asflicense	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/9/artifact/out/patch-asflicense-problems.txt
Max. process+thread count	4500 (vs. ulimit of 10000)
modules	C: hbase-common hbase-client hbase-server U: .
Console output	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/9/console
versions	git=2.11.0 maven=2018-06-17T18:33:14Z) findbugs=3.1.11
Powered by	Apache Yetus 0.11.1 https://yetus.apache.org

This message was automatically generated.

wchevreuil

New round of reviews. Latest updates on the interfaces hierarchy looking great! Again, just minor remarks, now related to simple authentication and the fallback.

hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ServerRpcConnection.java

hbase-server/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcServer.java

...n/java/org/apache/hadoop/hbase/security/provider/SimpleSaslServerAuthenticationProvider.java

Apache-HBase · 2019-12-09T23:48:30Z

💔 -1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	0m 33s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 1s	No case conflicting files found.
+0 🆗	markdownlint	0m 1s	markdownlint was not available.
+1 💚	hbaseanti	0m 0s	Patch does not have any anti-patterns.
+1 💚	@author	0m 0s	The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s	The patch appears to include 7 new or modified test files.
		_ master Compile Tests _
+0 🆗	mvndep	0m 35s	Maven dependency ordering for branch
+1 💚	mvninstall	5m 8s	master passed
+1 💚	compile	1m 45s	master passed
+1 💚	checkstyle	2m 18s	master passed
+1 💚	shadedjars	4m 35s	branch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	1m 22s	master passed
+0 🆗	spotbugs	4m 5s	Used deprecated FindBugs config; considering switching to SpotBugs.
+1 💚	findbugs	5m 56s	master passed
-0 ⚠️	patch	4m 28s	Used diff version of patch file. Binary files and potentially other changes not applied. Please rebase and squash commits if necessary.
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 15s	Maven dependency ordering for patch
+1 💚	mvninstall	4m 58s	the patch passed
+1 💚	compile	1m 44s	the patch passed
+1 💚	javac	1m 44s	the patch passed
+1 💚	checkstyle	0m 26s	The patch passed checkstyle in hbase-common
+1 💚	checkstyle	0m 34s	hbase-client: The patch generated 0 new + 22 unchanged - 10 fixed = 22 total (was 32)
+1 💚	checkstyle	1m 19s	hbase-server: The patch generated 0 new + 26 unchanged - 3 fixed = 26 total (was 29)
-1 ❌	whitespace	0m 0s	The patch has 2 line(s) that end in whitespace. Use git apply --whitespace=fix <<patch_file>>. Refer https://git-scm.com/docs/git-apply
+1 💚	xml	0m 1s	The patch has no ill-formed XML file.
+1 💚	shadedjars	4m 33s	patch has no errors when building our shaded downstream artifacts.
+1 💚	hadoopcheck	15m 41s	Patch does not cause any errors with Hadoop 2.8.5 2.9.2 or 3.1.2.
+1 💚	javadoc	1m 19s	the patch passed
+1 💚	findbugs	6m 19s	the patch passed
		_ Other Tests _
+1 💚	unit	3m 8s	hbase-common in the patch passed.
+1 💚	unit	1m 55s	hbase-client in the patch passed.
-1 ❌	unit	154m 32s	hbase-server in the patch failed.
+1 💚	asflicense	1m 39s	The patch does not generate ASF License warnings.
		227m 47s

Subsystem	Report/Notes
Docker	Client=19.03.5 Server=19.03.5 base: https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/10/artifact/out/Dockerfile
GITHUB PR	#884
Optional Tests	dupname asflicense markdownlint javac javadoc unit spotbugs findbugs shadedjars hadoopcheck hbaseanti checkstyle compile xml
uname	Linux 46e92cfb39f0 4.15.0-58-generic #64-Ubuntu SMP Tue Aug 6 11:12:41 UTC 2019 x86_64 GNU/Linux
Build tool	maven
Personality	/home/jenkins/jenkins-slave/workspace/HBase-PreCommit-GitHub-PR_PR-884/out/precommit/personality/provided.sh
git revision	master / `82e155e`
Default Java	1.8.0_181
whitespace	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/10/artifact/out/whitespace-eol.txt
unit	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/10/artifact/out/patch-unit-hbase-server.txt
Test Results	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/10/testReport/
Max. process+thread count	4830 (vs. ulimit of 10000)
modules	C: hbase-common hbase-client hbase-server U: .
Console output	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/10/console
versions	git=2.11.0 maven=2018-06-17T18:33:14Z) findbugs=3.1.11
Powered by	Apache Yetus 0.11.1 https://yetus.apache.org

This message was automatically generated.

Apache-HBase · 2019-12-10T03:38:16Z

💔 -1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	0m 34s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 1s	No case conflicting files found.
+0 🆗	markdownlint	0m 1s	markdownlint was not available.
+1 💚	hbaseanti	0m 0s	Patch does not have any anti-patterns.
+1 💚	@author	0m 0s	The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s	The patch appears to include 7 new or modified test files.
		_ master Compile Tests _
+0 🆗	mvndep	0m 36s	Maven dependency ordering for branch
+1 💚	mvninstall	5m 15s	master passed
+1 💚	compile	1m 47s	master passed
+1 💚	checkstyle	2m 21s	master passed
+1 💚	shadedjars	4m 36s	branch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	1m 29s	master passed
+0 🆗	spotbugs	4m 10s	Used deprecated FindBugs config; considering switching to SpotBugs.
+1 💚	findbugs	6m 6s	master passed
-0 ⚠️	patch	4m 34s	Used diff version of patch file. Binary files and potentially other changes not applied. Please rebase and squash commits if necessary.
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 21s	Maven dependency ordering for patch
+1 💚	mvninstall	4m 58s	the patch passed
+1 💚	compile	1m 46s	the patch passed
+1 💚	javac	1m 46s	the patch passed
+1 💚	checkstyle	0m 26s	The patch passed checkstyle in hbase-common
+1 💚	checkstyle	0m 32s	hbase-client: The patch generated 0 new + 22 unchanged - 10 fixed = 22 total (was 32)
-1 ❌	checkstyle	1m 18s	hbase-server: The patch generated 2 new + 26 unchanged - 3 fixed = 28 total (was 29)
-1 ❌	whitespace	0m 0s	The patch has 2 line(s) that end in whitespace. Use git apply --whitespace=fix <<patch_file>>. Refer https://git-scm.com/docs/git-apply
+1 💚	xml	0m 1s	The patch has no ill-formed XML file.
+1 💚	shadedjars	4m 39s	patch has no errors when building our shaded downstream artifacts.
+1 💚	hadoopcheck	15m 40s	Patch does not cause any errors with Hadoop 2.8.5 2.9.2 or 3.1.2.
+1 💚	javadoc	1m 20s	the patch passed
+1 💚	findbugs	6m 20s	the patch passed
		_ Other Tests _
+1 💚	unit	3m 8s	hbase-common in the patch passed.
+1 💚	unit	1m 57s	hbase-client in the patch passed.
+1 💚	unit	154m 36s	hbase-server in the patch passed.
+1 💚	asflicense	1m 41s	The patch does not generate ASF License warnings.
		228m 42s

Subsystem	Report/Notes
Docker	Client=19.03.5 Server=19.03.5 base: https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/11/artifact/out/Dockerfile
GITHUB PR	#884
Optional Tests	dupname asflicense markdownlint javac javadoc unit spotbugs findbugs shadedjars hadoopcheck hbaseanti checkstyle compile xml
uname	Linux 164128e29848 4.15.0-60-generic #67-Ubuntu SMP Thu Aug 22 16:55:30 UTC 2019 x86_64 GNU/Linux
Build tool	maven
Personality	/home/jenkins/jenkins-slave/workspace/HBase-PreCommit-GitHub-PR_PR-884/out/precommit/personality/provided.sh
git revision	master / `82e155e`
Default Java	1.8.0_181
checkstyle	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/11/artifact/out/diff-checkstyle-hbase-server.txt
whitespace	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/11/artifact/out/whitespace-eol.txt
Test Results	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/11/testReport/
Max. process+thread count	4944 (vs. ulimit of 10000)
modules	C: hbase-common hbase-client hbase-server U: .
Console output	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/11/console
versions	git=2.11.0 maven=2018-06-17T18:33:14Z) findbugs=3.1.11
Powered by	Apache Yetus 0.11.1 https://yetus.apache.org

This message was automatically generated.

wchevreuil

Just a typo and a minor nit left, but no other concerns regarding the code itself, so LGTM +1.

dev-support/design-docs/HBASE-23347-pluggable-authentication.md

hbase-client/src/main/java/org/apache/hadoop/hbase/security/AbstractHBaseSaslRpcClient.java

hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java

hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/RpcConnection.java

joshelser · 2019-12-11T17:54:47Z

@belugabehr thanks for taking a look. Can you do me a solid?

Batch up requests into a review rather than adding a single comment (keeps my inbox from blowing up)
Try to focus on the changes this PR introduces, rather than verbatim copy-pastes from before.

We provide a number of implementations of our LimitedPrivate interface but these are provided for user authentication, not as stable extension points for end-users. They may copy and modify this code, but should not rely on these implementations in their own code. Thanks to Duo for the suggestion.

These are kept separate because they are largely changing code that was otherwise unchanged by this changeset.

Also improve the javadoc on the new `getRealUser` method. Try to do a better job explaining why this is here.

…s ServiceLoader-related updates

Apache-HBase · 2020-01-15T01:56:56Z

💔 -1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	2m 5s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 1s	No case conflicting files found.
+0 🆗	markdownlint	0m 1s	markdownlint was not available.
+1 💚	hbaseanti	0m 0s	Patch does not have any anti-patterns.
+1 💚	@author	0m 0s	The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s	The patch appears to include 8 new or modified test files.
		_ master Compile Tests _
+0 🆗	mvndep	0m 36s	Maven dependency ordering for branch
+1 💚	mvninstall	5m 12s	master passed
+1 💚	compile	2m 13s	master passed
+1 💚	checkstyle	2m 31s	master passed
+1 💚	shadedjars	4m 35s	branch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	1m 42s	master passed
+0 🆗	spotbugs	4m 20s	Used deprecated FindBugs config; considering switching to SpotBugs.
+1 💚	findbugs	6m 50s	master passed
-0 ⚠️	patch	4m 51s	Used diff version of patch file. Binary files and potentially other changes not applied. Please rebase and squash commits if necessary.
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 16s	Maven dependency ordering for patch
+1 💚	mvninstall	5m 5s	the patch passed
+1 💚	compile	2m 16s	the patch passed
+1 💚	javac	2m 16s	the patch passed
+1 💚	checkstyle	0m 26s	The patch passed checkstyle in hbase-common
+1 💚	checkstyle	0m 33s	hbase-client: The patch generated 0 new + 22 unchanged - 10 fixed = 22 total (was 32)
+1 💚	checkstyle	1m 19s	hbase-server: The patch generated 0 new + 21 unchanged - 3 fixed = 21 total (was 24)
-1 ❌	checkstyle	0m 15s	hbase-examples: The patch generated 4 new + 0 unchanged - 0 fixed = 4 total (was 0)
-1 ❌	whitespace	0m 0s	The patch has 17 line(s) that end in whitespace. Use git apply --whitespace=fix <<patch_file>>. Refer https://git-scm.com/docs/git-apply
+1 💚	xml	0m 3s	The patch has no ill-formed XML file.
+1 💚	shadedjars	4m 36s	patch has no errors when building our shaded downstream artifacts.
+1 💚	hadoopcheck	15m 35s	Patch does not cause any errors with Hadoop 2.8.5 2.9.2 or 3.1.2.
+1 💚	javadoc	1m 41s	the patch passed
-1 ❌	findbugs	0m 51s	hbase-examples generated 1 new + 0 unchanged - 0 fixed = 1 total (was 0)
		_ Other Tests _
+1 💚	unit	3m 19s	hbase-common in the patch passed.
+1 💚	unit	2m 5s	hbase-client in the patch passed.
+1 💚	unit	153m 43s	hbase-server in the patch passed.
-1 ❌	unit	2m 10s	hbase-examples in the patch failed.
+1 💚	asflicense	2m 5s	The patch does not generate ASF License warnings.
		236m 1s

Reason	Tests
FindBugs	module:hbase-examples
	Return value of String.trim() ignored in org.apache.hadoop.hbase.security.provider.example.ShadeSaslServerAuthenticationProvider.readPasswordDB(Configuration) At ShadeSaslServerAuthenticationProvider.java:in org.apache.hadoop.hbase.security.provider.example.ShadeSaslServerAuthenticationProvider.readPasswordDB(Configuration) At ShadeSaslServerAuthenticationProvider.java:[line 93]
Failed junit tests	hadoop.hbase.security.provider.example.TestShadeSaslAuthenticationProvider

Subsystem	Report/Notes
Docker	Client=19.03.5 Server=19.03.5 base: https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/17/artifact/out/Dockerfile
GITHUB PR	#884
Optional Tests	dupname asflicense markdownlint javac javadoc unit spotbugs findbugs shadedjars hadoopcheck hbaseanti checkstyle compile xml
uname	Linux 0bf77a133d1a 4.15.0-60-generic #67-Ubuntu SMP Thu Aug 22 16:55:30 UTC 2019 x86_64 GNU/Linux
Build tool	maven
Personality	/home/jenkins/jenkins-slave/workspace/HBase-PreCommit-GitHub-PR_PR-884/out/precommit/personality/provided.sh
git revision	master / `499ff32`
Default Java	1.8.0_181
checkstyle	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/17/artifact/out/diff-checkstyle-hbase-examples.txt
whitespace	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/17/artifact/out/whitespace-eol.txt
findbugs	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/17/artifact/out/new-findbugs-hbase-examples.html
unit	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/17/artifact/out/patch-unit-hbase-examples.txt
Test Results	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/17/testReport/
Max. process+thread count	5496 (vs. ulimit of 10000)
modules	C: hbase-common hbase-client hbase-server hbase-examples U: .
Console output	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/17/console
versions	git=2.11.0 maven=2018-06-17T18:33:14Z) findbugs=3.1.11
Powered by	Apache Yetus 0.11.1 https://yetus.apache.org

This message was automatically generated.

Apache-HBase · 2020-01-15T02:54:00Z

💔 -1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	0m 35s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 1s	No case conflicting files found.
+0 🆗	markdownlint	0m 1s	markdownlint was not available.
+1 💚	hbaseanti	0m 0s	Patch does not have any anti-patterns.
+1 💚	@author	0m 0s	The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s	The patch appears to include 8 new or modified test files.
		_ master Compile Tests _
+0 🆗	mvndep	0m 37s	Maven dependency ordering for branch
+1 💚	mvninstall	5m 9s	master passed
+1 💚	compile	2m 13s	master passed
+1 💚	checkstyle	2m 35s	master passed
+1 💚	shadedjars	4m 37s	branch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	1m 41s	master passed
+0 🆗	spotbugs	4m 29s	Used deprecated FindBugs config; considering switching to SpotBugs.
+1 💚	findbugs	6m 54s	master passed
-0 ⚠️	patch	4m 59s	Used diff version of patch file. Binary files and potentially other changes not applied. Please rebase and squash commits if necessary.
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 16s	Maven dependency ordering for patch
-1 ❌	mvninstall	2m 37s	root in the patch failed.
-1 ❌	compile	0m 55s	hbase-server in the patch failed.
-1 ❌	compile	0m 24s	hbase-examples in the patch failed.
-1 ❌	javac	0m 55s	hbase-server in the patch failed.
-1 ❌	javac	0m 24s	hbase-examples in the patch failed.
+1 💚	checkstyle	0m 25s	The patch passed checkstyle in hbase-common
-1 ❌	checkstyle	0m 30s	hbase-client: The patch generated 1 new + 22 unchanged - 10 fixed = 23 total (was 32)
+1 💚	checkstyle	1m 16s	hbase-server: The patch generated 0 new + 21 unchanged - 3 fixed = 21 total (was 24)
-1 ❌	checkstyle	0m 14s	hbase-examples: The patch generated 5 new + 0 unchanged - 0 fixed = 5 total (was 0)
-1 ❌	whitespace	0m 0s	The patch has 7 line(s) that end in whitespace. Use git apply --whitespace=fix <<patch_file>>. Refer https://git-scm.com/docs/git-apply
+1 💚	xml	0m 3s	The patch has no ill-formed XML file.
-1 ❌	shadedjars	3m 38s	patch has 16 errors when building our shaded downstream artifacts.
-1 ❌	hadoopcheck	1m 58s	The patch causes 16 errors with Hadoop v2.8.5.
-1 ❌	hadoopcheck	4m 0s	The patch causes 16 errors with Hadoop v2.9.2.
-1 ❌	hadoopcheck	6m 8s	The patch causes 16 errors with Hadoop v3.1.2.
-1 ❌	javadoc	0m 22s	hbase-client generated 1 new + 2 unchanged - 0 fixed = 3 total (was 2)
-1 ❌	javadoc	0m 19s	hbase-examples generated 4 new + 0 unchanged - 0 fixed = 4 total (was 0)
-1 ❌	findbugs	1m 12s	hbase-client generated 1 new + 0 unchanged - 0 fixed = 1 total (was 0)
-1 ❌	findbugs	0m 52s	hbase-server in the patch failed.
-1 ❌	findbugs	0m 25s	hbase-examples in the patch failed.
		_ Other Tests _
+1 💚	unit	3m 18s	hbase-common in the patch passed.
+1 💚	unit	2m 2s	hbase-client in the patch passed.
-1 ❌	unit	0m 53s	hbase-server in the patch failed.
-1 ❌	unit	0m 24s	hbase-examples in the patch failed.
+1 💚	asflicense	0m 44s	The patch does not generate ASF License warnings.
		55m 53s

Reason	Tests
FindBugs	module:hbase-client
	Nullcheck of clusterId at line 110 of value previously dereferenced in org.apache.hadoop.hbase.security.provider.BuiltInProviderSelector.selectProvider(String, UserGroupInformation) At BuiltInProviderSelector.java:110 of value previously dereferenced in org.apache.hadoop.hbase.security.provider.BuiltInProviderSelector.selectProvider(String, UserGroupInformation) At BuiltInProviderSelector.java:[line 103]

Subsystem	Report/Notes
Docker	Client=19.03.5 Server=19.03.5 base: https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/18/artifact/out/Dockerfile
GITHUB PR	#884
Optional Tests	dupname asflicense markdownlint javac javadoc unit spotbugs findbugs shadedjars hadoopcheck hbaseanti checkstyle compile xml
uname	Linux 0600279b82b7 4.15.0-60-generic #67-Ubuntu SMP Thu Aug 22 16:55:30 UTC 2019 x86_64 GNU/Linux
Build tool	maven
Personality	/home/jenkins/jenkins-slave/workspace/HBase-PreCommit-GitHub-PR_PR-884/out/precommit/personality/provided.sh
git revision	master / `499ff32`
Default Java	1.8.0_181
mvninstall	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/18/artifact/out/patch-mvninstall-root.txt
compile	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/18/artifact/out/patch-compile-hbase-server.txt
compile	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/18/artifact/out/patch-compile-hbase-examples.txt
javac	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/18/artifact/out/patch-compile-hbase-server.txt
javac	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/18/artifact/out/patch-compile-hbase-examples.txt
checkstyle	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/18/artifact/out/diff-checkstyle-hbase-client.txt
checkstyle	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/18/artifact/out/diff-checkstyle-hbase-examples.txt
whitespace	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/18/artifact/out/whitespace-eol.txt
shadedjars	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/18/artifact/out/patch-shadedjars.txt
hadoopcheck	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/18/artifact/out/patch-javac-2.8.5.txt
hadoopcheck	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/18/artifact/out/patch-javac-2.9.2.txt
hadoopcheck	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/18/artifact/out/patch-javac-3.1.2.txt
javadoc	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/18/artifact/out/diff-javadoc-javadoc-hbase-client.txt
javadoc	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/18/artifact/out/diff-javadoc-javadoc-hbase-examples.txt
findbugs	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/18/artifact/out/new-findbugs-hbase-client.html
findbugs	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/18/artifact/out/patch-findbugs-hbase-server.txt
findbugs	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/18/artifact/out/patch-findbugs-hbase-examples.txt
unit	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/18/artifact/out/patch-unit-hbase-server.txt
unit	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/18/artifact/out/patch-unit-hbase-examples.txt
Test Results	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/18/testReport/
Max. process+thread count	285 (vs. ulimit of 10000)
modules	C: hbase-common hbase-client hbase-server hbase-examples U: .
Console output	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/18/console
versions	git=2.11.0 maven=2018-06-17T18:33:14Z) findbugs=3.1.11
Powered by	Apache Yetus 0.11.1 https://yetus.apache.org

This message was automatically generated.

Adds a unit test to have some general confidence about this being called automatically. Cleans up the provided Providers a little (most don't need to do any initialization).

joshelser · 2020-01-15T17:26:57Z

Progress update with what i've pushed since Monday.

some Text nits from Andrew
Wellington's suggestion for an init(Configuration)
UGI to User
removal of SASL from name/structure suggestions from Andrew to (maybe now?) implement.
finishing up the hbase-example addition

joshelser · 2020-01-15T18:39:55Z

Trying to parse Andrew's approval with a request for some changes as non-blocking (specifically, just the SASL renaming), I plan to commit this once QA comes back clean again. Please shout if I'm misinterpreting.

Should this go back to branch-2 as well? I don't think our compatibility guarantees preclude this change from going to branch-2 and master. I'll re-read, but please shout if anyone feels strongly.

(FWIW, this technically could hit 2.1 and 2.2, but I don't want to risk destabilization. Old clients should continue to function as they did -- nothing changed in the wire format)

joshelser · 2020-01-15T21:17:33Z

@Apache9 Github seems to have "lost" your review because of my rebase earlier this morning. I think it was just asking for an addition to hbase-examples (which is here now). At-mentioning because I might have it completely wrong and don't want to miss something.

Apache-HBase · 2020-01-15T21:27:49Z

💔 -1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	0m 32s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 1s	No case conflicting files found.
+0 🆗	markdownlint	0m 1s	markdownlint was not available.
+1 💚	hbaseanti	0m 0s	Patch does not have any anti-patterns.
+1 💚	@author	0m 0s	The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s	The patch appears to include 8 new or modified test files.
		_ master Compile Tests _
+0 🆗	mvndep	0m 37s	Maven dependency ordering for branch
+1 💚	mvninstall	5m 10s	master passed
+1 💚	compile	2m 14s	master passed
+1 💚	checkstyle	2m 36s	master passed
+1 💚	shadedjars	4m 33s	branch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	1m 45s	master passed
+0 🆗	spotbugs	4m 31s	Used deprecated FindBugs config; considering switching to SpotBugs.
+1 💚	findbugs	7m 2s	master passed
-0 ⚠️	patch	5m 2s	Used diff version of patch file. Binary files and potentially other changes not applied. Please rebase and squash commits if necessary.
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 16s	Maven dependency ordering for patch
+1 💚	mvninstall	5m 2s	the patch passed
+1 💚	compile	2m 14s	the patch passed
+1 💚	javac	2m 14s	the patch passed
+1 💚	checkstyle	0m 26s	The patch passed checkstyle in hbase-common
-1 ❌	checkstyle	0m 33s	hbase-client: The patch generated 1 new + 22 unchanged - 10 fixed = 23 total (was 32)
+1 💚	checkstyle	1m 22s	hbase-server: The patch generated 0 new + 21 unchanged - 3 fixed = 21 total (was 24)
-1 ❌	checkstyle	0m 15s	hbase-examples: The patch generated 5 new + 0 unchanged - 0 fixed = 5 total (was 0)
-1 ❌	whitespace	0m 0s	The patch has 7 line(s) that end in whitespace. Use git apply --whitespace=fix <<patch_file>>. Refer https://git-scm.com/docs/git-apply
+1 💚	xml	0m 3s	The patch has no ill-formed XML file.
+1 💚	shadedjars	4m 38s	patch has no errors when building our shaded downstream artifacts.
+1 💚	hadoopcheck	17m 29s	Patch does not cause any errors with Hadoop 2.8.5 2.9.2 or 3.1.2.
-1 ❌	javadoc	0m 24s	hbase-client generated 1 new + 2 unchanged - 0 fixed = 3 total (was 2)
-1 ❌	findbugs	1m 13s	hbase-client generated 1 new + 0 unchanged - 0 fixed = 1 total (was 0)
-1 ❌	findbugs	0m 54s	hbase-examples generated 1 new + 0 unchanged - 0 fixed = 1 total (was 0)
		_ Other Tests _
+1 💚	unit	3m 19s	hbase-common in the patch passed.
+1 💚	unit	2m 3s	hbase-client in the patch passed.
+1 💚	unit	153m 0s	hbase-server in the patch passed.
+1 💚	unit	2m 6s	hbase-examples in the patch passed.
+1 💚	asflicense	2m 7s	The patch does not generate ASF License warnings.
		236m 47s

Reason	Tests
FindBugs	module:hbase-client
	Nullcheck of clusterId at line 110 of value previously dereferenced in org.apache.hadoop.hbase.security.provider.BuiltInProviderSelector.selectProvider(String, UserGroupInformation) At BuiltInProviderSelector.java:110 of value previously dereferenced in org.apache.hadoop.hbase.security.provider.BuiltInProviderSelector.selectProvider(String, UserGroupInformation) At BuiltInProviderSelector.java:[line 103]
FindBugs	module:hbase-examples
	Return value of String.trim() ignored in org.apache.hadoop.hbase.security.provider.example.ShadeSaslServerAuthenticationProvider.readPasswordDB(Configuration) At ShadeSaslServerAuthenticationProvider.java:in org.apache.hadoop.hbase.security.provider.example.ShadeSaslServerAuthenticationProvider.readPasswordDB(Configuration) At ShadeSaslServerAuthenticationProvider.java:[line 97]

Subsystem	Report/Notes
Docker	Client=19.03.5 Server=19.03.5 base: https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/19/artifact/out/Dockerfile
GITHUB PR	#884
Optional Tests	dupname asflicense markdownlint javac javadoc unit spotbugs findbugs shadedjars hadoopcheck hbaseanti checkstyle compile xml
uname	Linux f10231454bf2 4.15.0-60-generic #67-Ubuntu SMP Thu Aug 22 16:55:30 UTC 2019 x86_64 GNU/Linux
Build tool	maven
Personality	/home/jenkins/jenkins-slave/workspace/HBase-PreCommit-GitHub-PR_PR-884/out/precommit/personality/provided.sh
git revision	master / `fd05aab`
Default Java	1.8.0_181
checkstyle	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/19/artifact/out/diff-checkstyle-hbase-client.txt
checkstyle	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/19/artifact/out/diff-checkstyle-hbase-examples.txt
whitespace	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/19/artifact/out/whitespace-eol.txt
javadoc	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/19/artifact/out/diff-javadoc-javadoc-hbase-client.txt
findbugs	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/19/artifact/out/new-findbugs-hbase-client.html
findbugs	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/19/artifact/out/new-findbugs-hbase-examples.html
Test Results	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/19/testReport/
Max. process+thread count	5007 (vs. ulimit of 10000)
modules	C: hbase-common hbase-client hbase-server hbase-examples U: .
Console output	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/19/console
versions	git=2.11.0 maven=2018-06-17T18:33:14Z) findbugs=3.1.11
Powered by	Apache Yetus 0.11.1 https://yetus.apache.org

This message was automatically generated.

Apache-HBase · 2020-01-16T01:53:09Z

🎊 +1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	0m 34s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 1s	No case conflicting files found.
+0 🆗	markdownlint	0m 1s	markdownlint was not available.
+1 💚	hbaseanti	0m 0s	Patch does not have any anti-patterns.
+1 💚	@author	0m 0s	The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s	The patch appears to include 8 new or modified test files.
		_ master Compile Tests _
+0 🆗	mvndep	0m 45s	Maven dependency ordering for branch
+1 💚	mvninstall	5m 54s	master passed
+1 💚	compile	2m 40s	master passed
+1 💚	checkstyle	3m 7s	master passed
+1 💚	shadedjars	6m 5s	branch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	1m 52s	master passed
+0 🆗	spotbugs	5m 4s	Used deprecated FindBugs config; considering switching to SpotBugs.
+1 💚	findbugs	8m 13s	master passed
-0 ⚠️	patch	5m 36s	Used diff version of patch file. Binary files and potentially other changes not applied. Please rebase and squash commits if necessary.
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 16s	Maven dependency ordering for patch
+1 💚	mvninstall	6m 29s	the patch passed
+1 💚	compile	2m 40s	the patch passed
+1 💚	javac	2m 40s	the patch passed
+1 💚	checkstyle	0m 30s	The patch passed checkstyle in hbase-common
+1 💚	checkstyle	0m 39s	hbase-client: The patch generated 0 new + 22 unchanged - 10 fixed = 22 total (was 32)
+1 💚	checkstyle	1m 44s	hbase-server: The patch generated 0 new + 21 unchanged - 3 fixed = 21 total (was 24)
+1 💚	checkstyle	0m 17s	The patch passed checkstyle in hbase-examples
+1 💚	whitespace	0m 0s	The patch has no whitespace issues.
+1 💚	xml	0m 3s	The patch has no ill-formed XML file.
+1 💚	shadedjars	5m 40s	patch has no errors when building our shaded downstream artifacts.
+1 💚	hadoopcheck	20m 1s	Patch does not cause any errors with Hadoop 2.8.5 2.9.2 or 3.1.2.
+1 💚	javadoc	1m 54s	the patch passed
+1 💚	findbugs	8m 6s	the patch passed
		_ Other Tests _
+1 💚	unit	3m 25s	hbase-common in the patch passed.
+1 💚	unit	2m 7s	hbase-client in the patch passed.
+1 💚	unit	153m 54s	hbase-server in the patch passed.
+1 💚	unit	2m 18s	hbase-examples in the patch passed.
+1 💚	asflicense	2m 5s	The patch does not generate ASF License warnings.
		250m 30s

Subsystem	Report/Notes
Docker	Client=19.03.5 Server=19.03.5 base: https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/21/artifact/out/Dockerfile
GITHUB PR	#884
Optional Tests	dupname asflicense markdownlint javac javadoc unit spotbugs findbugs shadedjars hadoopcheck hbaseanti checkstyle compile xml
uname	Linux b88b12d736c9 4.15.0-60-generic #67-Ubuntu SMP Thu Aug 22 16:55:30 UTC 2019 x86_64 GNU/Linux
Build tool	maven
Personality	/home/jenkins/jenkins-slave/workspace/HBase-PreCommit-GitHub-PR_PR-884/out/precommit/personality/provided.sh
git revision	master / `a44f3b5`
Default Java	1.8.0_181
Test Results	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/21/testReport/
Max. process+thread count	5166 (vs. ulimit of 10000)
modules	C: hbase-common hbase-client hbase-server hbase-examples U: .
Console output	https://builds.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-884/21/console
versions	git=2.11.0 maven=2018-06-17T18:33:14Z) findbugs=3.1.11
Powered by	Apache Yetus 0.11.1 https://yetus.apache.org

This message was automatically generated.

joshelser requested review from Apache9, busbey, saintstack and wchevreuil November 28, 2019 00:09

wchevreuil reviewed Nov 28, 2019

View reviewed changes

saintstack reviewed Nov 30, 2019

View reviewed changes

wchevreuil reviewed Dec 6, 2019

View reviewed changes

wchevreuil reviewed Dec 9, 2019

View reviewed changes

wchevreuil approved these changes Dec 10, 2019

View reviewed changes

dev-support/design-docs/HBASE-23347-pluggable-authentication.md Outdated Show resolved Hide resolved

hbase-client/src/main/java/org/apache/hadoop/hbase/security/AbstractHBaseSaslRpcClient.java Outdated Show resolved Hide resolved

belugabehr reviewed Dec 11, 2019

View reviewed changes

hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java Outdated Show resolved Hide resolved

belugabehr reviewed Dec 11, 2019

View reviewed changes

hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java Outdated Show resolved Hide resolved

belugabehr reviewed Dec 11, 2019

View reviewed changes

hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java Outdated Show resolved Hide resolved

belugabehr reviewed Dec 11, 2019

View reviewed changes

hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java Outdated Show resolved Hide resolved

belugabehr reviewed Dec 11, 2019

View reviewed changes

hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/BlockingRpcConnection.java Show resolved Hide resolved

belugabehr reviewed Dec 11, 2019

View reviewed changes

hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/RpcConnection.java Outdated Show resolved Hide resolved

joshelser added 9 commits January 14, 2020 12:37

Rename DefaultProviderSelector and expand on docs

aba0930

All of belugabehr's logging and exception-throwing changes

69485a0

These are kept separate because they are largely changing code that was otherwise unchanged by this changeset.

Come up with a better name and interface for unwrapUgi

3773f40

Also improve the javadoc on the new `getRealUser` method. Try to do a better job explaining why this is here.

Next round of checkstyle/javadoc issue fixing.

e73ca7f

Fix compilation error

e2b950d

WIP, stubbing out ShadeSaslAP, missing lots of stuff, still.

fabf242

Finish out the rest of the impl

d9da2bf

Get the hbase-example working

d546b8a

joshelser force-pushed the 23347-pluggable-authentication branch from f7f126b to d546b8a Compare January 14, 2020 21:56

joshelser added 3 commits January 14, 2020 17:01

Add a note for developers to remind them that TokenIdentifier require…

1e39093

…s ServiceLoader-related updates

Start ripping out Text from API, sub for String

f0d64f1

Some more text, some more cleanup

37ad980

joshelser added 3 commits January 15, 2020 11:29

A couple of straggling Text's still hanging around.

60b0289

Add SaslServerAuthenticationProvider#init(Configuration)

664b7bc

Adds a unit test to have some general confidence about this being called automatically. Cleans up the provided Providers a little (most don't need to do any initialization).

Fix up some broken tests

af3c6e7

Swap UGI for User

68ceacd

Undo this, meant it to come in via HBASE-23695

e391c19

Fix more QABot found issues

fa30516

asfgit closed this in 04d789f Jan 16, 2020

HBASE-23347 Allowable custom authentication methods for RPCs #884

HBASE-23347 Allowable custom authentication methods for RPCs #884

Uh oh!

Conversation

joshelser commented Nov 28, 2019 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Apache-HBase commented Nov 28, 2019

Uh oh!

wchevreuil left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

wchevreuil Nov 28, 2019

Choose a reason for hiding this comment

Uh oh!

joshelser Dec 4, 2019

Choose a reason for hiding this comment

Uh oh!

wchevreuil Nov 28, 2019

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

saintstack left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Apache-HBase commented Dec 3, 2019

Uh oh!

joshelser commented Dec 3, 2019

Uh oh!

joshelser commented Dec 4, 2019

Client fallback

How will compat be managed?

RPC client/server <-> AuthenticationProvider interface

ClientAuthnProvider v1 to ServerAuthnProvider v2 (etc)

You have a use-case?

Uh oh!

Apache-HBase commented Dec 4, 2019

Uh oh!

Apache-HBase commented Dec 4, 2019

Uh oh!

Apache-HBase commented Dec 5, 2019

Uh oh!

Apache-HBase commented Dec 6, 2019

Uh oh!

Apache-HBase commented Dec 6, 2019

Uh oh!

wchevreuil left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

joshelser commented Dec 6, 2019

Uh oh!

Apache-HBase commented Dec 7, 2019

Uh oh!

Apache-HBase commented Dec 7, 2019

Uh oh!

wchevreuil left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Apache-HBase commented Dec 9, 2019

joshelser commented Nov 28, 2019 •

edited

Loading

joshelser commented Jan 15, 2020 •

edited

Loading