HBASE-29080 Validate Negotiated SASL QoP Against Requested

[stoty]

No description provided.

[anmolnar]

lgtm, but number of tests added seems a bit small to me. Don't we already tests for Sasl negotiation that we could extend?

[Apache9]

Is it possible to add a test at rpc level?

[Apache9]

Just let the exception be thrown? In this way we could see more detailed failure message...

[stoty]

Done.

[Apache9]

Use assertThrows

[stoty]

Done.

[Apache9]

So in the old code, SimpleServerRpcConnection does not call finishSaslNegotiation? Seems a bit strange...

[stoty]

That's a good point.
finishSaslNegotiation does the same thing, it's better to call that from here.

[stoty]

Refactored SimpleServerRpcConnection to use finishSaslNegotiation.

[stoty]

@anmolnar @Apache9
We have some integration tests that involve SASL, but none of them modify the SASL behviour.

Adding an integration test a that mocks/spies the SASL behaviour would be quite a task, and I don't really know how to go about that.

If you think that it is needed, and better yet if you have some suggestions on how to write it, I can attempt to write one.

[Apache9]

@anmolnar @Apache9 We have some integration tests that involve SASL, but none of them modify the SASL behviour.

Adding an integration test a that mocks/spies the SASL behaviour would be quite a task, and I don't really know how to go about that.

If you think that it is needed, and better yet if you have some suggestions on how to write it, I can attempt to write one.

I think there are SASL related rpc tests? You can check the tests under o.a.h.h.security package in hbase-server's src/test.

[Apache-HBase]

🎊 +1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 35s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 1s		No case conflicting files found.
+0 🆗	codespell	0m 0s		codespell was not available.
+0 🆗	detsecrets	0m 0s		detect-secrets was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
+1 💚	hbaseanti	0m 0s		Patch does not have any anti-patterns.
			_ master Compile Tests _
+0 🆗	mvndep	0m 12s		Maven dependency ordering for branch
+1 💚	mvninstall	4m 4s		master passed
+1 💚	compile	4m 36s		master passed
+1 💚	checkstyle	1m 2s		master passed
+1 💚	spotbugs	2m 45s		master passed
+1 💚	spotless	0m 58s		branch has no errors when running spotless:check.
			_ Patch Compile Tests _
+0 🆗	mvndep	0m 12s		Maven dependency ordering for patch
+1 💚	mvninstall	3m 46s		the patch passed
+1 💚	compile	4m 20s		the patch passed
-0 ⚠️	javac	0m 50s	/results-compile-javac-hbase-client.txt	hbase-client generated 2 new + 101 unchanged - 2 fixed = 103 total (was 103)
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	checkstyle	1m 2s		the patch passed
+1 💚	spotbugs	3m 10s		the patch passed
+1 💚	hadoopcheck	13m 40s		Patch does not cause any errors with Hadoop 3.3.6 3.4.0.
+1 💚	spotless	0m 53s		patch has no errors when running spotless:check.
			_ Other Tests _
+1 💚	asflicense	0m 22s		The patch does not generate ASF License warnings.
		50m 6s

Subsystem	Report/Notes
Docker	ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6601/4/artifact/yetus-general-check/output/Dockerfile
GITHUB PR	#6601
Optional Tests	dupname asflicense javac spotbugs checkstyle codespell detsecrets compile hadoopcheck hbaseanti spotless
uname	Linux 6b3aa3e67a75 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	master / 3c23b62
Default Java	Eclipse Adoptium-17.0.11+9
Max. process+thread count	84 (vs. ulimit of 30000)
modules	C: hbase-client hbase-server U: .
Console output	https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6601/4/console
versions	git=2.34.1 maven=3.9.8 spotbugs=4.7.3
Powered by	Apache Yetus 0.15.0 https://yetus.apache.org

This message was automatically generated.

[Apache-HBase]

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 33s		Docker mode activated.
-0 ⚠️	yetus	0m 3s		Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --author-ignore-list --blanks-eol-ignore-file --blanks-tabs-ignore-file --quick-hadoopcheck
			_ Prechecks _
			_ master Compile Tests _
+0 🆗	mvndep	0m 12s		Maven dependency ordering for branch
+1 💚	mvninstall	3m 40s		master passed
+1 💚	compile	1m 37s		master passed
+1 💚	javadoc	0m 53s		master passed
+1 💚	shadedjars	6m 33s		branch has no errors when building our shaded downstream artifacts.
			_ Patch Compile Tests _
+0 🆗	mvndep	0m 14s		Maven dependency ordering for patch
+1 💚	mvninstall	3m 39s		the patch passed
+1 💚	compile	1m 41s		the patch passed
+1 💚	javac	1m 41s		the patch passed
+1 💚	javadoc	0m 55s		the patch passed
+1 💚	shadedjars	7m 8s		patch has no errors when building our shaded downstream artifacts.
			_ Other Tests _
+1 💚	unit	2m 6s		hbase-client in the patch passed.
-1 ❌	unit	247m 45s	/patch-unit-hbase-server.txt	hbase-server in the patch failed.
		282m 0s

Subsystem	Report/Notes
Docker	ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6601/4/artifact/yetus-jdk17-hadoop3-check/output/Dockerfile
GITHUB PR	#6601
Optional Tests	javac javadoc unit compile shadedjars
uname	Linux fd3a669236e7 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	master / 3c23b62
Default Java	Eclipse Adoptium-17.0.11+9
Test Results	https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6601/4/testReport/
Max. process+thread count	4431 (vs. ulimit of 30000)
modules	C: hbase-client hbase-server U: .
Console output	https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6601/4/console
versions	git=2.34.1 maven=3.9.8
Powered by	Apache Yetus 0.15.0 https://yetus.apache.org

This message was automatically generated.

[anmolnar]

@stoty Take a quick look at TestSecureIPC, AbstractTestSecureIPC and friends. I see a few tests related to negotiated QoP that you could extend maybe.