HBASE-28970 Get asyncfs working with custom SASL mechanisms

[stoty]

No description provided.

[stoty]

This should be good, but I'm waiting for the Hadoop side fixes before landing this one.

[Apache-HBase]

🎊 +1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 41s		Docker mode activated.
-0 ⚠️	yetus	0m 4s		Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --author-ignore-list --blanks-eol-ignore-file --blanks-tabs-ignore-file --quick-hadoopcheck
			_ Prechecks _
			_ master Compile Tests _
+1 💚	mvninstall	2m 34s		master passed
+1 💚	compile	0m 15s		master passed
+1 💚	javadoc	0m 13s		master passed
+1 💚	shadedjars	4m 52s		branch has no errors when building our shaded downstream artifacts.
			_ Patch Compile Tests _
+1 💚	mvninstall	2m 38s		the patch passed
+1 💚	compile	0m 17s		the patch passed
+1 💚	javac	0m 17s		the patch passed
+1 💚	javadoc	0m 13s		the patch passed
+1 💚	shadedjars	4m 49s		patch has no errors when building our shaded downstream artifacts.
			_ Other Tests _
+1 💚	unit	1m 21s		hbase-asyncfs in the patch passed.
		18m 43s

Subsystem	Report/Notes
Docker	ClientAPI=1.47 ServerAPI=1.47 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6507/3/artifact/yetus-jdk17-hadoop3-check/output/Dockerfile
GITHUB PR	#6507
Optional Tests	javac javadoc unit compile shadedjars
uname	Linux e2c3549551f0 5.4.0-195-generic #215-Ubuntu SMP Fri Aug 2 18:28:05 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	master / 56a7d83
Default Java	Eclipse Adoptium-17.0.11+9
Test Results	https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6507/3/testReport/
Max. process+thread count	652 (vs. ulimit of 30000)
modules	C: hbase-asyncfs U: hbase-asyncfs
Console output	https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6507/3/console
versions	git=2.34.1 maven=3.9.8
Powered by	Apache Yetus 0.15.0 https://yetus.apache.org

This message was automatically generated.

[Apache-HBase]

🎊 +1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 33s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 0s		codespell was not available.
+0 🆗	detsecrets	0m 0s		detect-secrets was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
+1 💚	hbaseanti	0m 0s		Patch does not have any anti-patterns.
			_ master Compile Tests _
+1 💚	mvninstall	2m 51s		master passed
+1 💚	compile	0m 19s		master passed
+1 💚	checkstyle	0m 7s		master passed
+1 💚	spotbugs	0m 21s		master passed
+1 💚	spotless	0m 41s		branch has no errors when running spotless:check.
			_ Patch Compile Tests _
+1 💚	mvninstall	2m 50s		the patch passed
+1 💚	compile	0m 19s		the patch passed
+1 💚	javac	0m 19s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	checkstyle	0m 8s		the patch passed
+1 💚	spotbugs	0m 29s		the patch passed
+1 💚	hadoopcheck	10m 40s		Patch does not cause any errors with Hadoop 3.3.6 3.4.0.
+1 💚	spotless	0m 41s		patch has no errors when running spotless:check.
			_ Other Tests _
+1 💚	asflicense	0m 8s		The patch does not generate ASF License warnings.
		26m 45s

Subsystem	Report/Notes
Docker	ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6507/3/artifact/yetus-general-check/output/Dockerfile
GITHUB PR	#6507
Optional Tests	dupname asflicense javac spotbugs checkstyle codespell detsecrets compile hadoopcheck hbaseanti spotless
uname	Linux dffd481fbb01 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	master / 56a7d83
Default Java	Eclipse Adoptium-17.0.11+9
Max. process+thread count	83 (vs. ulimit of 30000)
modules	C: hbase-asyncfs U: hbase-asyncfs
Console output	https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6507/3/console
versions	git=2.34.1 maven=3.9.8 spotbugs=4.7.3
Powered by	Apache Yetus 0.15.0 https://yetus.apache.org

This message was automatically generated.

[stoty]

The standard HBase SASL code already works like this.

[anmolnar]

Quick question.

[anmolnar]

I don't see why is this necessary here. It's only effective within this private method and doesn't make any difference in the verification at line 517, while it hides that there was no negotiated QoP with the client.

Since rest of the code handles "auth" and null equally, it'd make sense to return "auth" by the getNegotiatedQop() if null was negotiated effectively making sure that negotiatedQop will never be null. That would probably make some of the code in this class simpler, but still not strictly required for this patch.

[stoty]

That's not true.

The Hadoop code always requests some kind of QOP, at least "auth".

SASL mechanisms that don't support QOP at all, like SCRAM, will ignore the requested QOP and always return null negotiated qop.

Without this if, we could not use SCRAM at all, as ["auth"] does not contain null.

The rest of the code does not check the negotiated QOP against the requested one, so a null check is fine there.

This is the simplest way I can think of to handle non-QOP capable SASL mechanisms.

[anmolnar]

So, basically in case of SCRAM requestedQop is ["auth"], but negotiatedQop is NULL?
Do you put this hack here to pretend "auth" was negotiated?

[Apache9]

Do you have any real use cases?

IIRC we have done the same fix in hbase's own rpc implementation, but I can not recall the details...