HBASE-26553 OAuth Bearer authentication mech plugin for SASL

[anmolnar]

Initial commit for JWT authentication.

Details are in the Jira: https://issues.apache.org/jira/browse/HBASE-26553

[Apache-HBase]

🎊 +1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	1m 7s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 0s	No case conflicting files found.
+1 💚	hbaseanti	0m 0s	Patch does not have any anti-patterns.
+1 💚	@author	0m 0s	The patch does not contain any @author tags.
		_ master Compile Tests _
+0 🆗	mvndep	0m 27s	Maven dependency ordering for branch
+1 💚	mvninstall	4m 57s	master passed
+1 💚	compile	10m 57s	master passed
+1 💚	checkstyle	2m 26s	master passed
+1 💚	spotbugs	19m 1s	master passed
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 23s	Maven dependency ordering for patch
+1 💚	mvninstall	4m 36s	the patch passed
+1 💚	compile	11m 4s	the patch passed
-0 ⚠️	javac	11m 4s	root generated 34 new + 1632 unchanged - 0 fixed = 1666 total (was 1632)
-0 ⚠️	checkstyle	2m 26s	root: The patch generated 12 new + 17 unchanged - 0 fixed = 29 total (was 17)
+1 💚	whitespace	0m 0s	The patch has no whitespace issues.
+1 💚	xml	0m 4s	The patch has no ill-formed XML file.
+1 💚	hadoopcheck	23m 50s	Patch does not cause any errors with Hadoop 3.1.2 3.2.2 3.3.1.
+1 💚	spotbugs	20m 25s	the patch passed
		_ Other Tests _
+1 💚	asflicense	1m 17s	The patch does not generate ASF License warnings.
		114m 26s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/1/artifact/yetus-general-check/output/Dockerfile
GITHUB PR	#3934
Optional Tests	dupname asflicense javac spotbugs hadoopcheck hbaseanti checkstyle compile xml
uname	Linux 4a0ed75e831f 4.15.0-163-generic #171-Ubuntu SMP Fri Nov 5 11:55:11 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	master / b5cf3cd
Default Java	AdoptOpenJDK-1.8.0_282-b08
javac	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/1/artifact/yetus-general-check/output/diff-compile-javac-root.txt
checkstyle	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/1/artifact/yetus-general-check/output/diff-checkstyle-root.txt
Max. process+thread count	126 (vs. ulimit of 30000)
modules	C: hbase-common hbase-client hbase-resource-bundle hbase-server hbase-examples . U: .
Console output	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/1/console
versions	git=2.17.1 maven=3.6.3 spotbugs=4.2.2
Powered by	Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

[Apache-HBase]

🎊 +1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	0m 26s	Docker mode activated.
-0 ⚠️	yetus	0m 4s	Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck
		_ Prechecks _
		_ master Compile Tests _
+0 🆗	mvndep	0m 27s	Maven dependency ordering for branch
+1 💚	mvninstall	4m 40s	master passed
+1 💚	compile	3m 9s	master passed
+1 💚	shadedjars	8m 11s	branch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	4m 56s	master passed
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 22s	Maven dependency ordering for patch
+1 💚	mvninstall	4m 23s	the patch passed
+1 💚	compile	3m 9s	the patch passed
+1 💚	javac	3m 9s	the patch passed
+1 💚	shadedjars	8m 22s	patch has no errors when building our shaded downstream artifacts.
-0 ⚠️	javadoc	0m 24s	hbase-common generated 1 new + 12 unchanged - 0 fixed = 13 total (was 12)
-0 ⚠️	javadoc	2m 49s	root generated 1 new + 171 unchanged - 0 fixed = 172 total (was 171)
		_ Other Tests _
+1 💚	unit	186m 15s	root in the patch passed.
		233m 34s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/1/artifact/yetus-jdk11-hadoop3-check/output/Dockerfile
GITHUB PR	#3934
Optional Tests	javac javadoc unit shadedjars compile
uname	Linux d3f2cba9fdbd 4.15.0-112-generic #113-Ubuntu SMP Thu Jul 9 23:41:39 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	master / b5cf3cd
Default Java	AdoptOpenJDK-11.0.10+9
javadoc	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/1/artifact/yetus-jdk11-hadoop3-check/output/diff-javadoc-javadoc-hbase-common.txt
javadoc	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/1/artifact/yetus-jdk11-hadoop3-check/output/diff-javadoc-javadoc-root.txt
Test Results	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/1/testReport/
Max. process+thread count	7242 (vs. ulimit of 30000)
modules	C: hbase-common hbase-client hbase-resource-bundle hbase-server hbase-examples . U: .
Console output	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/1/console
versions	git=2.17.1 maven=3.6.3
Powered by	Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

[Apache-HBase]

💔 -1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	0m 27s	Docker mode activated.
-0 ⚠️	yetus	0m 3s	Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck
		_ Prechecks _
		_ master Compile Tests _
+0 🆗	mvndep	0m 25s	Maven dependency ordering for branch
+1 💚	mvninstall	4m 7s	master passed
+1 💚	compile	2m 49s	master passed
+1 💚	shadedjars	8m 23s	branch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	4m 6s	master passed
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 23s	Maven dependency ordering for patch
+1 💚	mvninstall	3m 49s	the patch passed
+1 💚	compile	2m 47s	the patch passed
+1 💚	javac	2m 47s	the patch passed
+1 💚	shadedjars	8m 18s	patch has no errors when building our shaded downstream artifacts.
-0 ⚠️	javadoc	0m 22s	hbase-common generated 2 new + 0 unchanged - 0 fixed = 2 total (was 0)
-0 ⚠️	javadoc	2m 14s	root generated 2 new + 54 unchanged - 0 fixed = 56 total (was 54)
		_ Other Tests _
-1 ❌	unit	285m 45s	root in the patch failed.
		328m 37s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/1/artifact/yetus-jdk8-hadoop3-check/output/Dockerfile
GITHUB PR	#3934
Optional Tests	javac javadoc unit shadedjars compile
uname	Linux 48f73397b479 4.15.0-58-generic #64-Ubuntu SMP Tue Aug 6 11:12:41 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	master / b5cf3cd
Default Java	AdoptOpenJDK-1.8.0_282-b08
javadoc	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/1/artifact/yetus-jdk8-hadoop3-check/output/diff-javadoc-javadoc-hbase-common.txt
javadoc	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/1/artifact/yetus-jdk8-hadoop3-check/output/diff-javadoc-javadoc-root.txt
unit	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/1/artifact/yetus-jdk8-hadoop3-check/output/patch-unit-root.txt
Test Results	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/1/testReport/
Max. process+thread count	4488 (vs. ulimit of 30000)
modules	C: hbase-common hbase-client hbase-resource-bundle hbase-server hbase-examples . U: .
Console output	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/1/console
versions	git=2.17.1 maven=3.6.3
Powered by	Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

[taklwu]

sorry that I didn't give much comment on the JWT integration, I will come back on after another review.

at the same time, can you fix those javac, javadoc, and checkstyle -0 ?

[Apache-HBase]

🎊 +1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	4m 1s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 1s	No case conflicting files found.
+1 💚	hbaseanti	0m 0s	Patch does not have any anti-patterns.
+1 💚	@author	0m 0s	The patch does not contain any @author tags.
		_ master Compile Tests _
+0 🆗	mvndep	0m 17s	Maven dependency ordering for branch
+1 💚	mvninstall	4m 2s	master passed
+1 💚	compile	9m 1s	master passed
+1 💚	checkstyle	2m 0s	master passed
+1 💚	spotbugs	14m 41s	master passed
-0 ⚠️	patch	2m 52s	Used diff version of patch file. Binary files and potentially other changes not applied. Please rebase and squash commits if necessary.
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 22s	Maven dependency ordering for patch
+1 💚	mvninstall	3m 52s	the patch passed
+1 💚	compile	9m 0s	the patch passed
-0 ⚠️	javac	9m 0s	root generated 11 new + 1628 unchanged - 0 fixed = 1639 total (was 1628)
-0 ⚠️	checkstyle	2m 0s	root: The patch generated 2 new + 17 unchanged - 0 fixed = 19 total (was 17)
+1 💚	whitespace	0m 0s	The patch has no whitespace issues.
+1 💚	xml	0m 3s	The patch has no ill-formed XML file.
+1 💚	hadoopcheck	19m 48s	Patch does not cause any errors with Hadoop 3.1.2 3.2.2 3.3.1.
+1 💚	spotbugs	15m 57s	the patch passed
		_ Other Tests _
+1 💚	asflicense	1m 22s	The patch does not generate ASF License warnings.
		96m 11s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/4/artifact/yetus-general-check/output/Dockerfile
GITHUB PR	#3934
Optional Tests	dupname asflicense javac spotbugs hadoopcheck hbaseanti checkstyle compile xml
uname	Linux 190f6f2c74a8 4.15.0-58-generic #64-Ubuntu SMP Tue Aug 6 11:12:41 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	master / e96df8b
Default Java	AdoptOpenJDK-1.8.0_282-b08
javac	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/4/artifact/yetus-general-check/output/diff-compile-javac-root.txt
checkstyle	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/4/artifact/yetus-general-check/output/diff-checkstyle-root.txt
Max. process+thread count	141 (vs. ulimit of 30000)
modules	C: hbase-common hbase-client hbase-resource-bundle hbase-server hbase-examples . U: .
Console output	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/4/console
versions	git=2.17.1 maven=3.6.3 spotbugs=4.2.2
Powered by	Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

[Apache-HBase]

🎊 +1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	0m 30s	Docker mode activated.
-0 ⚠️	yetus	0m 3s	Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck
		_ Prechecks _
		_ master Compile Tests _
+0 🆗	mvndep	0m 27s	Maven dependency ordering for branch
+1 💚	mvninstall	5m 42s	master passed
+1 💚	compile	3m 48s	master passed
+1 💚	shadedjars	9m 6s	branch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	4m 58s	master passed
-0 ⚠️	patch	14m 57s	Used diff version of patch file. Binary files and potentially other changes not applied. Please rebase and squash commits if necessary.
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 22s	Maven dependency ordering for patch
+1 💚	mvninstall	4m 27s	the patch passed
+1 💚	compile	3m 14s	the patch passed
+1 💚	javac	3m 14s	the patch passed
+1 💚	shadedjars	8m 13s	patch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	4m 59s	the patch passed
		_ Other Tests _
+1 💚	unit	190m 50s	root in the patch passed.
		240m 49s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/4/artifact/yetus-jdk11-hadoop3-check/output/Dockerfile
GITHUB PR	#3934
Optional Tests	javac javadoc unit shadedjars compile
uname	Linux e4a26493b416 4.15.0-58-generic #64-Ubuntu SMP Tue Aug 6 11:12:41 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	master / e96df8b
Default Java	AdoptOpenJDK-11.0.10+9
Test Results	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/4/testReport/
Max. process+thread count	7037 (vs. ulimit of 30000)
modules	C: hbase-common hbase-client hbase-resource-bundle hbase-server hbase-examples . U: .
Console output	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/4/console
versions	git=2.17.1 maven=3.6.3
Powered by	Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

[Apache-HBase]

💔 -1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	1m 51s	Docker mode activated.
-0 ⚠️	yetus	0m 6s	Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck
		_ Prechecks _
		_ master Compile Tests _
+0 🆗	mvndep	0m 47s	Maven dependency ordering for branch
+1 💚	mvninstall	4m 40s	master passed
+1 💚	compile	3m 7s	master passed
+1 💚	shadedjars	9m 33s	branch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	4m 22s	master passed
-0 ⚠️	patch	14m 40s	Used diff version of patch file. Binary files and potentially other changes not applied. Please rebase and squash commits if necessary.
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 21s	Maven dependency ordering for patch
+1 💚	mvninstall	4m 32s	the patch passed
+1 💚	compile	3m 3s	the patch passed
+1 💚	javac	3m 3s	the patch passed
+1 💚	shadedjars	9m 8s	patch has no errors when building our shaded downstream artifacts.
-0 ⚠️	javadoc	0m 21s	hbase-common generated 1 new + 0 unchanged - 0 fixed = 1 total (was 0)
-0 ⚠️	javadoc	2m 47s	root generated 1 new + 57 unchanged - 0 fixed = 58 total (was 57)
		_ Other Tests _
-1 ❌	unit	447m 52s	root in the patch failed.
		497m 1s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/4/artifact/yetus-jdk8-hadoop3-check/output/Dockerfile
GITHUB PR	#3934
Optional Tests	javac javadoc unit shadedjars compile
uname	Linux 02f8d6c7992b 4.15.0-153-generic #160-Ubuntu SMP Thu Jul 29 06:54:29 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	master / e96df8b
Default Java	AdoptOpenJDK-1.8.0_282-b08
javadoc	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/4/artifact/yetus-jdk8-hadoop3-check/output/diff-javadoc-javadoc-hbase-common.txt
javadoc	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/4/artifact/yetus-jdk8-hadoop3-check/output/diff-javadoc-javadoc-root.txt
unit	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/4/artifact/yetus-jdk8-hadoop3-check/output/patch-unit-root.txt
Test Results	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/4/testReport/
Max. process+thread count	4412 (vs. ulimit of 30000)
modules	C: hbase-common hbase-client hbase-resource-bundle hbase-server hbase-examples . U: .
Console output	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/4/console
versions	git=2.17.1 maven=3.6.3
Powered by	Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

[Apache-HBase]

🎊 +1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	1m 19s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 0s	No case conflicting files found.
+1 💚	hbaseanti	0m 0s	Patch does not have any anti-patterns.
+1 💚	@author	0m 0s	The patch does not contain any @author tags.
		_ master Compile Tests _
+0 🆗	mvndep	0m 26s	Maven dependency ordering for branch
+1 💚	mvninstall	4m 6s	master passed
+1 💚	compile	9m 7s	master passed
+1 💚	checkstyle	1m 59s	master passed
+1 💚	spotbugs	14m 42s	master passed
-0 ⚠️	patch	2m 55s	Used diff version of patch file. Binary files and potentially other changes not applied. Please rebase and squash commits if necessary.
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 22s	Maven dependency ordering for patch
+1 💚	mvninstall	3m 50s	the patch passed
+1 💚	compile	9m 7s	the patch passed
-0 ⚠️	javac	9m 7s	root generated 3 new + 1628 unchanged - 0 fixed = 1631 total (was 1628)
+1 💚	checkstyle	2m 1s	the patch passed
+1 💚	whitespace	0m 1s	The patch has no whitespace issues.
+1 💚	xml	0m 3s	The patch has no ill-formed XML file.
+1 💚	hadoopcheck	19m 50s	Patch does not cause any errors with Hadoop 3.1.2 3.2.2 3.3.1.
+1 💚	spotbugs	15m 57s	the patch passed
		_ Other Tests _
+1 💚	asflicense	1m 23s	The patch does not generate ASF License warnings.
		94m 12s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/5/artifact/yetus-general-check/output/Dockerfile
GITHUB PR	#3934
Optional Tests	dupname asflicense javac spotbugs hadoopcheck hbaseanti checkstyle compile xml
uname	Linux c6c6a188993e 4.15.0-156-generic #163-Ubuntu SMP Thu Aug 19 23:31:58 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	master / 70cb9b0
Default Java	AdoptOpenJDK-1.8.0_282-b08
javac	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/5/artifact/yetus-general-check/output/diff-compile-javac-root.txt
Max. process+thread count	141 (vs. ulimit of 30000)
modules	C: hbase-common hbase-client hbase-resource-bundle hbase-server hbase-examples . U: .
Console output	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/5/console
versions	git=2.17.1 maven=3.6.3 spotbugs=4.2.2
Powered by	Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

[taklwu]

LGTM, please add the @ClassRule/CLASS_RULE and @Category annotations for new test classes, rerun the tests or see if the failures are related

[Apache-HBase]

🎊 +1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	0m 25s	Docker mode activated.
-0 ⚠️	yetus	0m 3s	Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck
		_ Prechecks _
		_ master Compile Tests _
+0 🆗	mvndep	0m 24s	Maven dependency ordering for branch
+1 💚	mvninstall	4m 27s	master passed
+1 💚	compile	3m 12s	master passed
+1 💚	shadedjars	8m 26s	branch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	4m 57s	master passed
-0 ⚠️	patch	14m 26s	Used diff version of patch file. Binary files and potentially other changes not applied. Please rebase and squash commits if necessary.
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 21s	Maven dependency ordering for patch
+1 💚	mvninstall	4m 28s	the patch passed
+1 💚	compile	3m 16s	the patch passed
+1 💚	javac	3m 16s	the patch passed
+1 💚	shadedjars	8m 19s	patch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	5m 0s	the patch passed
		_ Other Tests _
+1 💚	unit	194m 42s	root in the patch passed.
		242m 52s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/5/artifact/yetus-jdk11-hadoop3-check/output/Dockerfile
GITHUB PR	#3934
Optional Tests	javac javadoc unit shadedjars compile
uname	Linux ae9d3a0d81b7 4.15.0-58-generic #64-Ubuntu SMP Tue Aug 6 11:12:41 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	master / 70cb9b0
Default Java	AdoptOpenJDK-11.0.10+9
Test Results	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/5/testReport/
Max. process+thread count	6963 (vs. ulimit of 30000)
modules	C: hbase-common hbase-client hbase-resource-bundle hbase-server hbase-examples . U: .
Console output	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/5/console
versions	git=2.17.1 maven=3.6.3
Powered by	Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

[Apache-HBase]

💔 -1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	1m 7s	Docker mode activated.
-0 ⚠️	yetus	0m 3s	Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck
		_ Prechecks _
		_ master Compile Tests _
+0 🆗	mvndep	0m 21s	Maven dependency ordering for branch
+1 💚	mvninstall	4m 21s	master passed
+1 💚	compile	3m 0s	master passed
+1 💚	shadedjars	9m 4s	branch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	4m 7s	master passed
-0 ⚠️	patch	14m 0s	Used diff version of patch file. Binary files and potentially other changes not applied. Please rebase and squash commits if necessary.
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 19s	Maven dependency ordering for patch
+1 💚	mvninstall	4m 19s	the patch passed
+1 💚	compile	3m 2s	the patch passed
+1 💚	javac	3m 2s	the patch passed
+1 💚	shadedjars	9m 8s	patch has no errors when building our shaded downstream artifacts.
-0 ⚠️	javadoc	0m 20s	hbase-common generated 1 new + 0 unchanged - 0 fixed = 1 total (was 0)
-0 ⚠️	javadoc	2m 18s	root generated 1 new + 57 unchanged - 0 fixed = 58 total (was 57)
		_ Other Tests _
-1 ❌	unit	427m 24s	root in the patch failed.
		473m 36s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/5/artifact/yetus-jdk8-hadoop3-check/output/Dockerfile
GITHUB PR	#3934
Optional Tests	javac javadoc unit shadedjars compile
uname	Linux be5b43feb684 4.15.0-153-generic #160-Ubuntu SMP Thu Jul 29 06:54:29 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	master / 70cb9b0
Default Java	AdoptOpenJDK-1.8.0_282-b08
javadoc	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/5/artifact/yetus-jdk8-hadoop3-check/output/diff-javadoc-javadoc-hbase-common.txt
javadoc	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/5/artifact/yetus-jdk8-hadoop3-check/output/diff-javadoc-javadoc-root.txt
unit	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/5/artifact/yetus-jdk8-hadoop3-check/output/patch-unit-root.txt
Test Results	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/5/testReport/
Max. process+thread count	4502 (vs. ulimit of 30000)
modules	C: hbase-common hbase-client hbase-resource-bundle hbase-server hbase-examples . U: .
Console output	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/5/console
versions	git=2.17.1 maven=3.6.3
Powered by	Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

[joshelser]

WIP review but wanted to get this out.

[joshelser]

Would be nice to then add a new PrivateCredential with a lesser lifetimeMs, just to make sure that the sorting is working properly (since you test the life times generated in sorted order, 1, 2, 3, 4).

[joshelser]

We typically use the DoNotRetryIOException through the public API to indicate an operation (especially those which might come from a Master/RegionServer) should not be intrinsically retried. Since this is a RuntimeException, it might be treated as something that is non-retriable already.

[anmolnar]

I see 2 problems with that:

1. DoNotRetryIOException is in hbase-client module and cannot be used in hbase-common
2. It's not a RuntimeException so cannot be replaced easily.

Though this exception is only used at one place in the PR, so I'm happy with any suggestion to get rid of that.

[anmolnar]

It's thrown here.
The overriden method must throw SaslException, so we don't have to many options.

[joshelser]

Users would not be implementing this directly, would they? I think good to start this off as "Private"

[joshelser]

I thought SASL had some extra header on the data packet which unwrap and wrap were handling. Maybe it's only important when we have SASL QOP set to integrity or confidentiality? With the bearer token approach we'll have to make sure that the data on the wire is encrypted.

[Apache-HBase]

🎊 +1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	1m 3s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 1s	No case conflicting files found.
+1 💚	hbaseanti	0m 0s	Patch does not have any anti-patterns.
+1 💚	@author	0m 1s	The patch does not contain any @author tags.
		_ master Compile Tests _
+0 🆗	mvndep	0m 26s	Maven dependency ordering for branch
+1 💚	mvninstall	4m 4s	master passed
+1 💚	compile	9m 1s	master passed
+1 💚	checkstyle	2m 0s	master passed
+1 💚	spotbugs	14m 52s	master passed
-0 ⚠️	patch	2m 52s	Used diff version of patch file. Binary files and potentially other changes not applied. Please rebase and squash commits if necessary.
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 23s	Maven dependency ordering for patch
+1 💚	mvninstall	3m 51s	the patch passed
+1 💚	compile	8m 57s	the patch passed
-0 ⚠️	javac	8m 57s	root generated 3 new + 1628 unchanged - 0 fixed = 1631 total (was 1628)
+1 💚	checkstyle	1m 57s	the patch passed
+1 💚	whitespace	0m 0s	The patch has no whitespace issues.
+1 💚	xml	0m 2s	The patch has no ill-formed XML file.
+1 💚	hadoopcheck	19m 28s	Patch does not cause any errors with Hadoop 3.1.2 3.2.2 3.3.1.
+1 💚	spotbugs	15m 47s	the patch passed
		_ Other Tests _
+1 💚	asflicense	1m 23s	The patch does not generate ASF License warnings.
		92m 58s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/6/artifact/yetus-general-check/output/Dockerfile
GITHUB PR	#3934
Optional Tests	dupname asflicense javac spotbugs hadoopcheck hbaseanti checkstyle compile xml
uname	Linux a8ee68066013 4.15.0-65-generic #74-Ubuntu SMP Tue Sep 17 17:06:04 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	master / baeb51f
Default Java	AdoptOpenJDK-1.8.0_282-b08
javac	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/6/artifact/yetus-general-check/output/diff-compile-javac-root.txt
Max. process+thread count	141 (vs. ulimit of 30000)
modules	C: hbase-common hbase-client hbase-resource-bundle hbase-server hbase-examples . U: .
Console output	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/6/console
versions	git=2.17.1 maven=3.6.3 spotbugs=4.2.2
Powered by	Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

[Apache-HBase]

🎊 +1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	0m 26s	Docker mode activated.
-0 ⚠️	yetus	0m 3s	Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck
		_ Prechecks _
		_ master Compile Tests _
+0 🆗	mvndep	0m 36s	Maven dependency ordering for branch
+1 💚	mvninstall	4m 32s	master passed
+1 💚	compile	3m 13s	master passed
+1 💚	shadedjars	8m 19s	branch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	4m 56s	master passed
-0 ⚠️	patch	14m 18s	Used diff version of patch file. Binary files and potentially other changes not applied. Please rebase and squash commits if necessary.
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 21s	Maven dependency ordering for patch
+1 💚	mvninstall	4m 27s	the patch passed
+1 💚	compile	3m 15s	the patch passed
+1 💚	javac	3m 15s	the patch passed
+1 💚	shadedjars	8m 13s	patch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	4m 56s	the patch passed
		_ Other Tests _
+1 💚	unit	191m 38s	root in the patch passed.
		239m 12s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/6/artifact/yetus-jdk11-hadoop3-check/output/Dockerfile
GITHUB PR	#3934
Optional Tests	javac javadoc unit shadedjars compile
uname	Linux 3c7f2bd4a469 4.15.0-58-generic #64-Ubuntu SMP Tue Aug 6 11:12:41 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	master / baeb51f
Default Java	AdoptOpenJDK-11.0.10+9
Test Results	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/6/testReport/
Max. process+thread count	7035 (vs. ulimit of 30000)
modules	C: hbase-common hbase-client hbase-resource-bundle hbase-server hbase-examples . U: .
Console output	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/6/console
versions	git=2.17.1 maven=3.6.3
Powered by	Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

[joshelser]

Lots of content here. I'm trying to unpack it all :)

1. There's a lot of code around the SaslExtensions and the related Callbacks, but I'm struggling to understand if there's a good reason for us to keep these around. Are they just something that was in the Kafka implementation or are they critical to basic authentication via JWT working?
2. I know that you mentioned in the Jira issue that you were leveraging Knox as the authorization server. I think it would go a very long way if we could provide a relatively simple authorization server such that other developers could try this out locally. I'm not seeing anything simple that nimbus-jose-jwt includes (but maybe it wouldn't be bad to just support Knox in a simple mode?)
3. There's some checks you have around NO_PLAINTEXT sasl options. My understanding is that, for JWT based authentication to be secure (not subject to replay attacks), we need to have an encrypted channel (no plain text on the wire). Traditionally, we enabled wire encryption for HBase with SASL+GSSAPI/Kerberos by setting hbase.rpc.protection=privacy (which sets the SASL qop to be auth-conf). However, I believe this encryption depends on GSSAPI as the mechanism and would not be effective for this OAuthBearer solution. We also have commons-crypto based encryption as described in https://issues.apache.org/jira/browse/HBASE-16414. If this wire encryption works, I think we should just require it to be on to use the OauthBearer provider.

[joshelser]

Boolean.valueOf(String.valueOf(props.get(Sasl.POLICY_NOPLAINTEXT))) is a little more succient.

[joshelser]

I'm also tryign to make sure I understand this check -- if we disallow plaintext mechanism, we also disallow oauth bearer mechanism?

In the context of HBase, would we ever want to allow the user to run HBase with oauth-bearer authentication without wire encryption? For a production scenario, I think the answer would be "no".

[joshelser]

I think it might be better to fail hard (throw exception) if we try to construct the SaslServer in an inherently insecure manner. Then we could get rid of all of the indirection in this class about compatibility with mechanism/policy.

[joshelser]

Is the value of 0 disabling the clock skew validation?

[joshelser]

Unless there's a reason, could we construct this via one constructor with all of the options or make a Builder class? (which could automatically validate when we construct the Token)

[joshelser]

Are the \u0001 characters in here from the serialization done in OAuthBearerStringUtils? Would be nice to use the corresponding API to generate this String.

[joshelser]

nit: In general, try to avoid making changes to unrelated files.

[Apache-HBase]

🎊 +1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	1m 12s	Docker mode activated.
-0 ⚠️	yetus	0m 3s	Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck
		_ Prechecks _
		_ master Compile Tests _
+0 🆗	mvndep	0m 36s	Maven dependency ordering for branch
+1 💚	mvninstall	4m 41s	master passed
+1 💚	compile	3m 39s	master passed
+1 💚	shadedjars	10m 27s	branch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	4m 57s	master passed
-0 ⚠️	patch	16m 17s	Used diff version of patch file. Binary files and potentially other changes not applied. Please rebase and squash commits if necessary.
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 22s	Maven dependency ordering for patch
+1 💚	mvninstall	4m 55s	the patch passed
+1 💚	compile	3m 24s	the patch passed
+1 💚	javac	3m 24s	the patch passed
+1 💚	shadedjars	10m 44s	patch has no errors when building our shaded downstream artifacts.
-0 ⚠️	javadoc	0m 26s	hbase-common generated 1 new + 0 unchanged - 0 fixed = 1 total (was 0)
-0 ⚠️	javadoc	3m 2s	root generated 1 new + 57 unchanged - 0 fixed = 58 total (was 57)
		_ Other Tests _
+1 💚	unit	446m 4s	root in the patch passed.
		499m 10s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/6/artifact/yetus-jdk8-hadoop3-check/output/Dockerfile
GITHUB PR	#3934
Optional Tests	javac javadoc unit shadedjars compile
uname	Linux f6b45885180d 4.15.0-153-generic #160-Ubuntu SMP Thu Jul 29 06:54:29 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	master / baeb51f
Default Java	AdoptOpenJDK-1.8.0_282-b08
javadoc	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/6/artifact/yetus-jdk8-hadoop3-check/output/diff-javadoc-javadoc-hbase-common.txt
javadoc	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/6/artifact/yetus-jdk8-hadoop3-check/output/diff-javadoc-javadoc-root.txt
Test Results	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/6/testReport/
Max. process+thread count	4510 (vs. ulimit of 30000)
modules	C: hbase-common hbase-client hbase-resource-bundle hbase-server hbase-examples . U: .
Console output	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/6/console
versions	git=2.17.1 maven=3.6.3
Powered by	Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

[Apache-HBase]

🎊 +1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	1m 26s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 1s	No case conflicting files found.
+1 💚	hbaseanti	0m 0s	Patch does not have any anti-patterns.
+1 💚	@author	0m 0s	The patch does not contain any @author tags.
		_ master Compile Tests _
+0 🆗	mvndep	0m 33s	Maven dependency ordering for branch
+1 💚	mvninstall	4m 26s	master passed
+1 💚	compile	10m 5s	master passed
+1 💚	checkstyle	2m 22s	master passed
+1 💚	spotbugs	18m 1s	master passed
-0 ⚠️	patch	13m 33s	Used diff version of patch file. Binary files and potentially other changes not applied. Please rebase and squash commits if necessary.
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 22s	Maven dependency ordering for patch
+1 💚	mvninstall	4m 20s	the patch passed
+1 💚	compile	11m 18s	the patch passed
-0 ⚠️	javac	11m 18s	root generated 1 new + 1628 unchanged - 0 fixed = 1629 total (was 1628)
+1 💚	checkstyle	2m 57s	root: The patch generated 0 new + 17 unchanged - 1 fixed = 17 total (was 18)
+1 💚	whitespace	0m 0s	The patch has no whitespace issues.
+1 💚	xml	0m 3s	The patch has no ill-formed XML file.
+1 💚	hadoopcheck	25m 52s	Patch does not cause any errors with Hadoop 3.1.2 3.2.2 3.3.1.
+1 💚	spotbugs	22m 43s	the patch passed
		_ Other Tests _
+1 💚	asflicense	1m 13s	The patch does not generate ASF License warnings.
		118m 21s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/7/artifact/yetus-general-check/output/Dockerfile
GITHUB PR	#3934
Optional Tests	dupname asflicense javac spotbugs hadoopcheck hbaseanti checkstyle compile xml
uname	Linux a1e770168d8c 4.15.0-153-generic #160-Ubuntu SMP Thu Jul 29 06:54:29 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	master / 7972b2e
Default Java	AdoptOpenJDK-1.8.0_282-b08
javac	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/7/artifact/yetus-general-check/output/diff-compile-javac-root.txt
Max. process+thread count	126 (vs. ulimit of 30000)
modules	C: hbase-common hbase-client hbase-resource-bundle hbase-server hbase-examples . U: .
Console output	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/7/console
versions	git=2.17.1 maven=3.6.3 spotbugs=4.2.2
Powered by	Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

[Apache-HBase]

💔 -1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	0m 28s	Docker mode activated.
-0 ⚠️	yetus	0m 4s	Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck
		_ Prechecks _
		_ master Compile Tests _
+0 🆗	mvndep	0m 26s	Maven dependency ordering for branch
+1 💚	mvninstall	4m 56s	master passed
+1 💚	compile	3m 18s	master passed
+1 💚	shadedjars	8m 32s	branch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	5m 24s	master passed
-0 ⚠️	patch	14m 43s	Used diff version of patch file. Binary files and potentially other changes not applied. Please rebase and squash commits if necessary.
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 21s	Maven dependency ordering for patch
+1 💚	mvninstall	4m 36s	the patch passed
+1 💚	compile	3m 16s	the patch passed
+1 💚	javac	3m 16s	the patch passed
+1 💚	shadedjars	8m 50s	patch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	5m 54s	the patch passed
		_ Other Tests _
-1 ❌	unit	172m 14s	root in the patch failed.
		221m 11s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/7/artifact/yetus-jdk11-hadoop3-check/output/Dockerfile
GITHUB PR	#3934
Optional Tests	javac javadoc unit shadedjars compile
uname	Linux cc204cba9dc5 4.15.0-58-generic #64-Ubuntu SMP Tue Aug 6 11:12:41 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	master / 7972b2e
Default Java	AdoptOpenJDK-11.0.10+9
unit	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/7/artifact/yetus-jdk11-hadoop3-check/output/patch-unit-root.txt
Test Results	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/7/testReport/
Max. process+thread count	3785 (vs. ulimit of 30000)
modules	C: hbase-common hbase-client hbase-resource-bundle hbase-server hbase-examples . U: .
Console output	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/7/console
versions	git=2.17.1 maven=3.6.3
Powered by	Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

[Apache-HBase]

💔 -1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	0m 29s	Docker mode activated.
-0 ⚠️	yetus	0m 3s	Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck
		_ Prechecks _
		_ master Compile Tests _
+0 🆗	mvndep	0m 25s	Maven dependency ordering for branch
+1 💚	mvninstall	4m 13s	master passed
+1 💚	compile	2m 47s	master passed
+1 💚	shadedjars	8m 21s	branch has no errors when building our shaded downstream artifacts.
+1 💚	javadoc	4m 16s	master passed
-0 ⚠️	patch	13m 25s	Used diff version of patch file. Binary files and potentially other changes not applied. Please rebase and squash commits if necessary.
		_ Patch Compile Tests _
+0 🆗	mvndep	0m 23s	Maven dependency ordering for patch
+1 💚	mvninstall	4m 6s	the patch passed
+1 💚	compile	2m 44s	the patch passed
+1 💚	javac	2m 44s	the patch passed
+1 💚	shadedjars	8m 25s	patch has no errors when building our shaded downstream artifacts.
-0 ⚠️	javadoc	0m 21s	hbase-common generated 1 new + 0 unchanged - 0 fixed = 1 total (was 0)
-0 ⚠️	javadoc	2m 13s	root generated 1 new + 57 unchanged - 0 fixed = 58 total (was 57)
		_ Other Tests _
-1 ❌	unit	382m 56s	root in the patch failed.
		426m 34s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/7/artifact/yetus-jdk8-hadoop3-check/output/Dockerfile
GITHUB PR	#3934
Optional Tests	javac javadoc unit shadedjars compile
uname	Linux 4df5c30cde57 4.15.0-58-generic #64-Ubuntu SMP Tue Aug 6 11:12:41 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/hbase-personality.sh
git revision	master / 7972b2e
Default Java	AdoptOpenJDK-1.8.0_282-b08
javadoc	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/7/artifact/yetus-jdk8-hadoop3-check/output/diff-javadoc-javadoc-hbase-common.txt
javadoc	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/7/artifact/yetus-jdk8-hadoop3-check/output/diff-javadoc-javadoc-root.txt
unit	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/7/artifact/yetus-jdk8-hadoop3-check/output/patch-unit-root.txt
Test Results	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/7/testReport/
Max. process+thread count	5178 (vs. ulimit of 30000)
modules	C: hbase-common hbase-client hbase-resource-bundle hbase-server hbase-examples . U: .
Console output	https://ci-hadoop.apache.org/job/HBase/job/HBase-PreCommit-GitHub-PR/job/PR-3934/7/console
versions	git=2.17.1 maven=3.6.3
Powered by	Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

[joshelser]

Alright! I was actually able to test this out today using Knox. I think there are a couple of high level things we need to figure out

• HBase clients will expect that renewals transparently happen. Either, we need a renewer thread in hbase to get a new bearer token before it expires (I think this is possible, but we'd have to know where to get the new one from). Otherwise, we'd have to think about usign the bearer token to get an hbase delegation token (which seems like too many tokens, tbh)
• How will users provide the bearer token into their HBase client? Environment variable? Well-known file?
• I tried enabling the RPC encryption from HBASE-16414 but regrettably can still see plaintext data going over the wire. Maybe that's just a bug in this patch, or maybe it's a bigger HBase SASL issue. Either way, we need encryption if we enable this auth'n feature.
• I would like to see a standalone (no external service dependency) test included in hbase-examples, rather than just a client. However, I don't know of a JWT-providing server we could easily embedded into a test. Maybe knox could do this, or maybe nimbus has some testing server?
• Need to get some additions to the hbase book.

Now, given how big this patch is already, I think I'd suggest we work through these on a feature branch rather than try to do them in a single commit. WDYT, Andor? I think this approach would let us do some iteration more easily.

[anmolnar]

Closing this PR due to feature branch request.

[anmolnar]

Follow-up PR #4019