[FLINK-23693][tests] Add principal creation possibilities to SecureTestEnvironment

[gaborgsomogyi]

What is the purpose of the change

There are use-cases where this is needed. A good example is Kerberos authentication handler which is intended to be added as external project in FLINK-23274.

Brief change log

• Fixed some forgotten reference bugs
• Minor re-ordering to see easily what's de-referenced and what's not
• Added additionalPrincipals parameter to SecureTestEnvironment.prepare
• Added default kerberos init app entry to contexts in SecureTestEnvironment.prepare

Verifying this change

• Existing unit tests
• New unit tests with local build in the mentioned Kerberos authentication handler (intended to be published soon)

Does this pull request potentially affect one of the following parts:

• Dependencies (does it add or upgrade a dependency): no
• The public API, i.e., is any changed class annotated with @Public(Evolving): no
• The serializers: no
• The runtime per-record code paths (performance sensitive): no
• Anything that affects deployment or recovery: JobManager (and its components), Checkpointing, Kubernetes/Yarn, ZooKeeper: no
• The S3 file system connector: no

Documentation

• Does this pull request introduce a new feature? no
• If yes, how is the feature documented? not applicable

[gaborgsomogyi]

cc @gyfora

[flinkbot]

Thanks a lot for your contribution to the Apache Flink project. I'm the @flinkbot. I help the community
to review your pull request. We will use this comment to track the progress of the review.

Automated Checks

Last check on commit 2bce8e9 (Tue Aug 10 07:56:42 UTC 2021)

Warnings:

• No documentation files were touched! Remember to keep the Flink docs up to date!

_{Mention the bot in a comment to re-run the automated checks.}

Review Progress

• ❓ 1. The [description] looks good.
• ❓ 2. There is [consensus] that the contribution should go into to Flink.
• ❓ 3. Needs [attention] from.
• ❓ 4. The change fits into the overall [architecture].
• ❓ 5. Overall code [quality] is good.

Please see the Pull Request Review Guide for a full explanation of the review process.

Details

The Bot is tracking the review progress through labels. Labels are applied according to the order of the review items. For consensus, approval by a Flink committer of PMC member is required

Bot commands

The @flinkbot bot supports the following commands:

• @flinkbot approve description to approve one or more aspects (aspects: description, consensus, architecture and quality)
• @flinkbot approve all to approve all aspects
• @flinkbot approve-until architecture to approve everything until architecture
• @flinkbot attention @username1 [@username2 ..] to require somebody's attention
• @flinkbot disapprove architecture to remove an approval you gave earlier

[flinkbot]

CI report:

• e20eee1 Azure: SUCCESS

Bot commands

The @flinkbot bot supports the following commands:

• @flinkbot run travis re-run the last Travis build
• @flinkbot run azure re-run the last Azure build

[gaborgsomogyi]

@flinkbot run azure

[gaborgsomogyi]

The current solution creates a new keytab file which makes the solution wrong. Reworking it...

[gaborgsomogyi]

I've just finished the testing and the provided changes are working as expected.

[gyfora]

@flinkbot approve all