[jira] [Resolved] (HBASE-26027) The calling of HTable.batch blocked at AsyncRequestFutureImpl.waitUntilDone caused by ArrayStoreException

2021-12-09 Thread Zheng Wang (Jira) 


 [ 
https://issues.apache.org/jira/browse/HBASE-26027?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Zheng Wang resolved HBASE-26027.

Resolution: Fixed

> The calling of HTable.batch blocked at AsyncRequestFutureImpl.waitUntilDone 
> caused by ArrayStoreException
> -
>
> Key: HBASE-26027
> URL: https://issues.apache.org/jira/browse/HBASE-26027
> Project: HBase
>  Issue Type: Bug
>  Components: Client
>Affects Versions: 2.2.7, 2.5.0, 2.3.5, 2.4.4
>Reporter: Zheng Wang
>Assignee: Zheng Wang
>Priority: Major
> Fix For: 2.6.0
>
>
> The batch api of HTable contains a param named results to store result or 
> exception, its type is Object[].
> If user pass an array with other type, eg: 
> org.apache.hadoop.hbase.client.Result, and if we need to put an exception 
> into it by some reason, then the ArrayStoreException will occur in 
> AsyncRequestFutureImpl.updateResult, then the 
> AsyncRequestFutureImpl.decActionCounter will be skipped, then in the 
> AsyncRequestFutureImpl.waitUntilDone we will stuck at here checking the 
> actionsInProgress again and again, forever.
> It is better to add an cutoff calculated by operationTimeout, instead of only 
> depend on the value of actionsInProgress.
> BTW, this issue only for 2.x, since 3.x the implement has refactored.
> How to reproduce:
> 1: add sleep in RSRpcServices.multi to mock slow response
> {code:java}
> try {
>  Thread.sleep(2000);
>  } catch (InterruptedException e) {
>  e.printStackTrace();
>  }
> {code}
> 2: set time out in config
> {code:java}
> conf.set("hbase.rpc.timeout","2000");
> conf.set("hbase.client.operation.timeout","6000");
> {code}
> 3: call batch api
> {code:java}
> Table table = HbaseUtil.getTable("test");
>  byte[] cf = Bytes.toBytes("f");
>  byte[] c = Bytes.toBytes("c1");
>  List gets = new ArrayList<>();
>  for (int i = 0; i < 10; i++) {
>  byte[] rk = Bytes.toBytes("rk-" + i);
>  Get get = new Get(rk);
>  get.addColumn(cf, c);
>  gets.add(get);
>  }
>  Result[] results = new Result[gets.size()];
>  table.batch(gets, results);
> {code}
> The log will looks like below:
> {code:java}
> [ERROR] [2021/06/22 23:23:00,676] hconnection-0x6b927fb-shared-pool3-t1 - 
> id=1 error for test processing localhost,16020,1624343786295
> java.lang.ArrayStoreException: org.apache.hadoop.hbase.DoNotRetryIOException
>   at 
> org.apache.hadoop.hbase.client.AsyncRequestFutureImpl.updateResult(AsyncRequestFutureImpl.java:1242)
>   at 
> org.apache.hadoop.hbase.client.AsyncRequestFutureImpl.trySetResultSimple(AsyncRequestFutureImpl.java:1087)
>   at 
> org.apache.hadoop.hbase.client.AsyncRequestFutureImpl.setError(AsyncRequestFutureImpl.java:1021)
>   at 
> org.apache.hadoop.hbase.client.AsyncRequestFutureImpl.manageError(AsyncRequestFutureImpl.java:683)
>   at 
> org.apache.hadoop.hbase.client.AsyncRequestFutureImpl.receiveGlobalFailure(AsyncRequestFutureImpl.java:716)
>   at 
> org.apache.hadoop.hbase.client.AsyncRequestFutureImpl.access$1500(AsyncRequestFutureImpl.java:69)
>   at 
> org.apache.hadoop.hbase.client.AsyncRequestFutureImpl$SingleServerRequestRunnable.run(AsyncRequestFutureImpl.java:219)
>   at 
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>   at java.util.concurrent.FutureTask.run$$$capture(FutureTask.java:266)
>   at java.util.concurrent.FutureTask.run(FutureTask.java)
>   at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>   at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>   at java.lang.Thread.run(Thread.java:748)
> [INFO ] [2021/06/22 23:23:10,375] main - #1, waiting for 10  actions to 
> finish on table: test
> [INFO ] [2021/06/22 23:23:20,378] main - #1, waiting for 10  actions to 
> finish on table: test
> [INFO ] [2021/06/22 23:23:30,384] main - #1, waiting for 10  actions to 
> finish on table: 
> [INFO ] [2021/06/22 23:23:40,387] main - #1, waiting for 10  actions to 
> finish on table: test
> [INFO ] [2021/06/22 23:23:50,397] main - #1, waiting for 10  actions to 
> finish on table: test
> [INFO ] [2021/06/22 23:24:00,400] main - #1, waiting for 10  actions to 
> finish on table: test
> [INFO ] [2021/06/22 23:24:10,408] main - #1, waiting for 10  actions to 
> finish on table: test
> [INFO ] [2021/06/22 23:24:20,413] main - #1, waiting for 10  actions to 
> finish on table: test
> {code}



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Re: [NOTICE] Apache log4j2 security vulnerability

2021-12-09 Thread Tak Lon (Stephen) Wu 
Thanks for sharing! I found another post [2] that said how to perform such
an attack.

Should we have a JIRA and keep tracking the solution for it?

[2] https://www.lunasec.io/docs/blog/log4j-zero-day/

-Stephen

On Thu, Dec 9, 2021 at 8:09 PM 张铎(Duo Zhang)  wrote:

> See this PR
>
> https://github.com/apache/logging-log4j2/pull/608
>
> Although the final 2.15.0 release for log4j2 has not been published yet, at
> least on the Chinese internet the details and how to make use of
> this vulnerability has already been public[1].
>
> HBase 3.0.0-alpha-1 is affected, so once 2.15.0 is out, we will push a
> 3.0.0-alpha-2 release out soon. And for those who already use HBase
> 3.0.0-alpha-1, please consider using the following ways to disable JNDI
>
> Add '-Dlog4j2.formatMsgNoLookups=true' when starting JVM
> Add 'log4j2.formatMsgNoLookups=True' to config file
> 'export FORMAT_MESSAGES_PATTERN_DISABLE_LOOKUPS=true' before starting JVM
>
> Thanks.
>
> 1. https://nosec.org/home/detail/4917.html
>

Re: [VOTE] The second release condidate for hbase-thirdparty 4.0.0 is available for download

2021-12-09 Thread Duo Zhang 
With 4 binding +1s, no -1, the vote passes.

Let me push out the release.

Thanks all for voting!

张铎(Duo Zhang)  于2021年12月10日周五 13:40写道:

> Here is my +1, I've been testing it by opening a PR against hbase master
> branch and it works.
>
> See https://github.com/apache/hbase/pull/3910
>
> Yu Li  于2021年12月10日周五 09:37写道:
>
>> +1
>>
>> Checked the diff between 3.5.1 and 4.0.0-rc1: OK (
>> https://github.com/apache/hbase-thirdparty/compare/rel/3.5.1...4.0.0RC1)
>> Checked release note and changes: OK
>> Checked sums and signatures: OK
>> Maven clean install from source (1.8.0_121): OK
>> - Minor: I tried to build a tarball from source following README but
>> failed
>> with "No assembly descriptors found" error
>> Checked the jars in the staging repo: OK
>>
>> btw, I haven't followed up for a while and could anyone kindly let me know
>> where to find this fancy hbase-vote.sh script, so next time I could also
>> try it out? Thanks :-)
>>
>> Best Regards,
>> Yu
>>
>>
>> On Fri, 10 Dec 2021 at 05:46, Nick Dimiduk  wrote:
>>
>> > +1
>> >
>> > I've used the hbase-vote.sh script to evaluate this artifact and
>> there's a
>> > problem in the final `run_tests` , executed after `build_from_source`.
>> >
>> > * Signature: ok
>> > * Checksum : ok
>> > * Rat check (11.0.11): ok
>> >  - mvn clean apache-rat:check
>> > * Built from source (11.0.11): ok
>> >  - mvn clean install  -DskipTests
>> > * Unit tests pass (11.0.11): failed
>> >  - mvn package -P runAllTests
>> -Dsurefire.rerunFailingTestsCount=3
>> >
>> > [WARNING] The requested profile "runAllTests" could not be activated
>> > because it does not exist.
>> > [ERROR] Failed to execute goal
>> > org.apache.maven.plugins:maven-shade-plugin:3.2.4:shade (default) on
>> > project hbase-shaded-jackson-jaxrs-json-provider: Error creating shaded
>> > jar: duplicate entry:
>> > META-INF/services/org.apache.hbase.thirdparty.javax.ws.rs
>> > .ext.MessageBodyWriter
>> >
>> > Manually running `mvn clean package` within the source tarball, we
>> succeed.
>> >
>> > I have also triggered a PR build of HBASE-25864 / PR#3243 that uses this
>> > RC. The tests are still running.
>> >
>> >
>> https://ci-hadoop.apache.org/blue/organizations/jenkins/HBase%2FHBase-PreCommit-GitHub-PR/detail/PR-3243/5/pipeline/
>> >
>> > On Tue, Dec 7, 2021 at 6:02 PM 张铎(Duo Zhang) 
>> > wrote:
>> >
>> > > Ah, Thanks Nick for explaining and thanks Andrew for testing.
>> > >
>> > > We still need one more +1 to close this vote.
>> > >
>> > > Andrew Purtell  于2021年12月7日周二 05:50写道:
>> > >
>> > > > Ok, change my vote to +1 (binding). The hbase-thirdparty build and
>> > > > artifacts are good.
>> > > >
>> > > > > On Dec 6, 2021, at 1:18 PM, Nick Dimiduk 
>> > wrote:
>> > > > >
>> > > > > On Mon, Dec 6, 2021 at 11:49 AM Andrew Purtell <
>> apurt...@apache.org
>> > >
>> > > > wrote:
>> > > > >
>> > > > >> -1 (binding)
>> > > > >>
>> > > > >> Checked sums and signature, ok
>> > > > >> RAT check passed, ok
>> > > > >> Built from source, ok
>> > > > >> Built HEAD of master (d9315fa043) with
>> > > -Dhbase-thirdparty.version=4.0.0,
>> > > > >> hbase-http module tests fail
>> > > > >>
>> > > > >
>> > > > > Adoption of this dependency will require changes to master. I had
>> > > posted
>> > > > > necessary changes on https://github.com/apache/hbase/pull/3243
>> and
>> > Duo
>> > > > did
>> > > > > his own on https://github.com/apache/hbase/pull/3910.
>> > > > >
>> > > > > [ERROR] Tests run: 17, Failures: 0, Errors: 1, Skipped: 2, Time
>> > > elapsed:
>> > > > >> 2.29 s <<< FAILURE! - in
>> org.apache.hadoop.hbase.http.TestHttpServer
>> > > > >> [ERROR] org.apache.hadoop.hbase.http.TestHttpServer.testJersey
>> Time
>> > > > >> elapsed: 0.123 s  <<< ERROR!
>> > > > >> java.io.FileNotFoundException:
>> > > http://localhost:55106/jersey/foo?op=bar
>> > > > >> at
>> > > > >>
>> > > > >>
>> > > >
>> > >
>> >
>> sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1898)
>> > > > >> at
>> > > > >>
>> > > > >>
>> > > >
>> > >
>> >
>> sun.net.www.protocol.http.HttpURLConnection.access$200(HttpURLConnection.java:92)
>> > > > >> at
>> > > > >>
>> > > > >>
>> > > >
>> > >
>> >
>> sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1492)
>> > > > >> at
>> > > > >>
>> > > > >>
>> > > >
>> > >
>> >
>> sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1490)
>> > > > >> at java.security.AccessController.doPrivileged(Native Method)
>> > > > >> at
>> > > > >>
>> > > > >>
>> > > >
>> > >
>> >
>> java.security.AccessController.doPrivilegedWithCombiner(AccessController.java:784)
>> > > > >> at
>> > > > >>
>> > > > >>
>> > > >
>> > >
>> >
>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1489)
>> > > > >> at
>> > > > >>
>> > > > >>
>> > > >
>> > >
>> >
>> org.apache.hadoop.hbase.http.HttpServerFunctionalTest.readOutput(HttpServerFunctionalTest.java:248)
>> > > > >> at
>> >

Re: [VOTE] The second release condidate for hbase-thirdparty 4.0.0 is available for download

2021-12-09 Thread Duo Zhang 
Here is my +1, I've been testing it by opening a PR against hbase master
branch and it works.

See https://github.com/apache/hbase/pull/3910

Yu Li  于2021年12月10日周五 09:37写道:

> +1
>
> Checked the diff between 3.5.1 and 4.0.0-rc1: OK (
> https://github.com/apache/hbase-thirdparty/compare/rel/3.5.1...4.0.0RC1)
> Checked release note and changes: OK
> Checked sums and signatures: OK
> Maven clean install from source (1.8.0_121): OK
> - Minor: I tried to build a tarball from source following README but failed
> with "No assembly descriptors found" error
> Checked the jars in the staging repo: OK
>
> btw, I haven't followed up for a while and could anyone kindly let me know
> where to find this fancy hbase-vote.sh script, so next time I could also
> try it out? Thanks :-)
>
> Best Regards,
> Yu
>
>
> On Fri, 10 Dec 2021 at 05:46, Nick Dimiduk  wrote:
>
> > +1
> >
> > I've used the hbase-vote.sh script to evaluate this artifact and there's
> a
> > problem in the final `run_tests` , executed after `build_from_source`.
> >
> > * Signature: ok
> > * Checksum : ok
> > * Rat check (11.0.11): ok
> >  - mvn clean apache-rat:check
> > * Built from source (11.0.11): ok
> >  - mvn clean install  -DskipTests
> > * Unit tests pass (11.0.11): failed
> >  - mvn package -P runAllTests
> -Dsurefire.rerunFailingTestsCount=3
> >
> > [WARNING] The requested profile "runAllTests" could not be activated
> > because it does not exist.
> > [ERROR] Failed to execute goal
> > org.apache.maven.plugins:maven-shade-plugin:3.2.4:shade (default) on
> > project hbase-shaded-jackson-jaxrs-json-provider: Error creating shaded
> > jar: duplicate entry:
> > META-INF/services/org.apache.hbase.thirdparty.javax.ws.rs
> > .ext.MessageBodyWriter
> >
> > Manually running `mvn clean package` within the source tarball, we
> succeed.
> >
> > I have also triggered a PR build of HBASE-25864 / PR#3243 that uses this
> > RC. The tests are still running.
> >
> >
> https://ci-hadoop.apache.org/blue/organizations/jenkins/HBase%2FHBase-PreCommit-GitHub-PR/detail/PR-3243/5/pipeline/
> >
> > On Tue, Dec 7, 2021 at 6:02 PM 张铎(Duo Zhang) 
> > wrote:
> >
> > > Ah, Thanks Nick for explaining and thanks Andrew for testing.
> > >
> > > We still need one more +1 to close this vote.
> > >
> > > Andrew Purtell  于2021年12月7日周二 05:50写道:
> > >
> > > > Ok, change my vote to +1 (binding). The hbase-thirdparty build and
> > > > artifacts are good.
> > > >
> > > > > On Dec 6, 2021, at 1:18 PM, Nick Dimiduk 
> > wrote:
> > > > >
> > > > > On Mon, Dec 6, 2021 at 11:49 AM Andrew Purtell <
> apurt...@apache.org
> > >
> > > > wrote:
> > > > >
> > > > >> -1 (binding)
> > > > >>
> > > > >> Checked sums and signature, ok
> > > > >> RAT check passed, ok
> > > > >> Built from source, ok
> > > > >> Built HEAD of master (d9315fa043) with
> > > -Dhbase-thirdparty.version=4.0.0,
> > > > >> hbase-http module tests fail
> > > > >>
> > > > >
> > > > > Adoption of this dependency will require changes to master. I had
> > > posted
> > > > > necessary changes on https://github.com/apache/hbase/pull/3243 and
> > Duo
> > > > did
> > > > > his own on https://github.com/apache/hbase/pull/3910.
> > > > >
> > > > > [ERROR] Tests run: 17, Failures: 0, Errors: 1, Skipped: 2, Time
> > > elapsed:
> > > > >> 2.29 s <<< FAILURE! - in
> org.apache.hadoop.hbase.http.TestHttpServer
> > > > >> [ERROR] org.apache.hadoop.hbase.http.TestHttpServer.testJersey
> Time
> > > > >> elapsed: 0.123 s  <<< ERROR!
> > > > >> java.io.FileNotFoundException:
> > > http://localhost:55106/jersey/foo?op=bar
> > > > >> at
> > > > >>
> > > > >>
> > > >
> > >
> >
> sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1898)
> > > > >> at
> > > > >>
> > > > >>
> > > >
> > >
> >
> sun.net.www.protocol.http.HttpURLConnection.access$200(HttpURLConnection.java:92)
> > > > >> at
> > > > >>
> > > > >>
> > > >
> > >
> >
> sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1492)
> > > > >> at
> > > > >>
> > > > >>
> > > >
> > >
> >
> sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1490)
> > > > >> at java.security.AccessController.doPrivileged(Native Method)
> > > > >> at
> > > > >>
> > > > >>
> > > >
> > >
> >
> java.security.AccessController.doPrivilegedWithCombiner(AccessController.java:784)
> > > > >> at
> > > > >>
> > > > >>
> > > >
> > >
> >
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1489)
> > > > >> at
> > > > >>
> > > > >>
> > > >
> > >
> >
> org.apache.hadoop.hbase.http.HttpServerFunctionalTest.readOutput(HttpServerFunctionalTest.java:248)
> > > > >> at
> > > > >>
> > > > >>
> > > >
> > >
> >
> org.apache.hadoop.hbase.http.TestHttpServer.testJersey(TestHttpServer.java:519)
> > > > >>
> > > > >>
> > > > >>> On Fri, Dec 3, 2021 at 6:23 AM 张铎(Duo Zhang) <
> > palomino...@gmail.com>
> > > > >>> wrote:
> > > > >>>
> > > > >>> Please vote on this Apache hbase

[jira] [Created] (HBASE-26557) log4j2 has a critical RCE vulnerability

2021-12-09 Thread Yutong Xiao (Jira) 
Yutong Xiao created HBASE-26557:
---

 Summary: log4j2 has a critical RCE vulnerability
 Key: HBASE-26557
 URL: https://issues.apache.org/jira/browse/HBASE-26557
 Project: HBase
  Issue Type: Bug
Reporter: Yutong Xiao
Assignee: Yutong Xiao






--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[NOTICE] Apache log4j2 security vulnerability

2021-12-09 Thread Duo Zhang 
See this PR

https://github.com/apache/logging-log4j2/pull/608

Although the final 2.15.0 release for log4j2 has not been published yet, at
least on the Chinese internet the details and how to make use of
this vulnerability has already been public[1].

HBase 3.0.0-alpha-1 is affected, so once 2.15.0 is out, we will push a
3.0.0-alpha-2 release out soon. And for those who already use HBase
3.0.0-alpha-1, please consider using the following ways to disable JNDI

Add '-Dlog4j2.formatMsgNoLookups=true' when starting JVM
Add 'log4j2.formatMsgNoLookups=True' to config file
'export FORMAT_MESSAGES_PATTERN_DISABLE_LOOKUPS=true' before starting JVM

Thanks.

1. https://nosec.org/home/detail/4917.html

Re: [VOTE] The second release condidate for hbase-thirdparty 4.0.0 is available for download

2021-12-09 Thread Yu Li 
+1

Checked the diff between 3.5.1 and 4.0.0-rc1: OK (
https://github.com/apache/hbase-thirdparty/compare/rel/3.5.1...4.0.0RC1)
Checked release note and changes: OK
Checked sums and signatures: OK
Maven clean install from source (1.8.0_121): OK
- Minor: I tried to build a tarball from source following README but failed
with "No assembly descriptors found" error
Checked the jars in the staging repo: OK

btw, I haven't followed up for a while and could anyone kindly let me know
where to find this fancy hbase-vote.sh script, so next time I could also
try it out? Thanks :-)

Best Regards,
Yu


On Fri, 10 Dec 2021 at 05:46, Nick Dimiduk  wrote:

> +1
>
> I've used the hbase-vote.sh script to evaluate this artifact and there's a
> problem in the final `run_tests` , executed after `build_from_source`.
>
> * Signature: ok
> * Checksum : ok
> * Rat check (11.0.11): ok
>  - mvn clean apache-rat:check
> * Built from source (11.0.11): ok
>  - mvn clean install  -DskipTests
> * Unit tests pass (11.0.11): failed
>  - mvn package -P runAllTests  -Dsurefire.rerunFailingTestsCount=3
>
> [WARNING] The requested profile "runAllTests" could not be activated
> because it does not exist.
> [ERROR] Failed to execute goal
> org.apache.maven.plugins:maven-shade-plugin:3.2.4:shade (default) on
> project hbase-shaded-jackson-jaxrs-json-provider: Error creating shaded
> jar: duplicate entry:
> META-INF/services/org.apache.hbase.thirdparty.javax.ws.rs
> .ext.MessageBodyWriter
>
> Manually running `mvn clean package` within the source tarball, we succeed.
>
> I have also triggered a PR build of HBASE-25864 / PR#3243 that uses this
> RC. The tests are still running.
>
> https://ci-hadoop.apache.org/blue/organizations/jenkins/HBase%2FHBase-PreCommit-GitHub-PR/detail/PR-3243/5/pipeline/
>
> On Tue, Dec 7, 2021 at 6:02 PM 张铎(Duo Zhang) 
> wrote:
>
> > Ah, Thanks Nick for explaining and thanks Andrew for testing.
> >
> > We still need one more +1 to close this vote.
> >
> > Andrew Purtell  于2021年12月7日周二 05:50写道:
> >
> > > Ok, change my vote to +1 (binding). The hbase-thirdparty build and
> > > artifacts are good.
> > >
> > > > On Dec 6, 2021, at 1:18 PM, Nick Dimiduk 
> wrote:
> > > >
> > > > On Mon, Dec 6, 2021 at 11:49 AM Andrew Purtell  >
> > > wrote:
> > > >
> > > >> -1 (binding)
> > > >>
> > > >> Checked sums and signature, ok
> > > >> RAT check passed, ok
> > > >> Built from source, ok
> > > >> Built HEAD of master (d9315fa043) with
> > -Dhbase-thirdparty.version=4.0.0,
> > > >> hbase-http module tests fail
> > > >>
> > > >
> > > > Adoption of this dependency will require changes to master. I had
> > posted
> > > > necessary changes on https://github.com/apache/hbase/pull/3243 and
> Duo
> > > did
> > > > his own on https://github.com/apache/hbase/pull/3910.
> > > >
> > > > [ERROR] Tests run: 17, Failures: 0, Errors: 1, Skipped: 2, Time
> > elapsed:
> > > >> 2.29 s <<< FAILURE! - in org.apache.hadoop.hbase.http.TestHttpServer
> > > >> [ERROR] org.apache.hadoop.hbase.http.TestHttpServer.testJersey  Time
> > > >> elapsed: 0.123 s  <<< ERROR!
> > > >> java.io.FileNotFoundException:
> > http://localhost:55106/jersey/foo?op=bar
> > > >> at
> > > >>
> > > >>
> > >
> >
> sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1898)
> > > >> at
> > > >>
> > > >>
> > >
> >
> sun.net.www.protocol.http.HttpURLConnection.access$200(HttpURLConnection.java:92)
> > > >> at
> > > >>
> > > >>
> > >
> >
> sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1492)
> > > >> at
> > > >>
> > > >>
> > >
> >
> sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1490)
> > > >> at java.security.AccessController.doPrivileged(Native Method)
> > > >> at
> > > >>
> > > >>
> > >
> >
> java.security.AccessController.doPrivilegedWithCombiner(AccessController.java:784)
> > > >> at
> > > >>
> > > >>
> > >
> >
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1489)
> > > >> at
> > > >>
> > > >>
> > >
> >
> org.apache.hadoop.hbase.http.HttpServerFunctionalTest.readOutput(HttpServerFunctionalTest.java:248)
> > > >> at
> > > >>
> > > >>
> > >
> >
> org.apache.hadoop.hbase.http.TestHttpServer.testJersey(TestHttpServer.java:519)
> > > >>
> > > >>
> > > >>> On Fri, Dec 3, 2021 at 6:23 AM 张铎(Duo Zhang) <
> palomino...@gmail.com>
> > > >>> wrote:
> > > >>>
> > > >>> Please vote on this Apache hbase thirdparty release candidate,
> > > >>> hbase-thirdparty-4.0.0RC1
> > > >>>
> > > >>> The VOTE will remain open for at least 72 hours.
> > > >>>
> > > >>> [ ] +1 Release this package as Apache hbase thirdparty 4.0.0
> > > >>> [ ] -1 Do not release this package because ...
> > > >>>
> > > >>> The tag to be voted on is 4.0.0RC1:
> > > >>>
> > > >>>  https://github.com/apache/hbase-thirdparty/tree/4.0.0RC1
> > > >>>
> > > >>> This tag currently points to git reference
> > > >>>
> > > >>>

[jira] [Created] (HBASE-26556) IT and Chaos Monkey improvements

2021-12-09 Thread Wellington Chevreuil (Jira) 
Wellington Chevreuil created HBASE-26556:


 Summary: IT and Chaos Monkey improvements
 Key: HBASE-26556
 URL: https://issues.apache.org/jira/browse/HBASE-26556
 Project: HBase
  Issue Type: Improvement
  Components: integration tests
Reporter: Wellington Chevreuil
Assignee: Wellington Chevreuil


While running the IntegrationTestIngest with slowDeterministic chaos monkey in 
our environment, we faced some issues with some of the chaos actions that 
required run some linux shell commands, due to the way we set hbase environment 
variables and start/stop scripts.

This patch allows for defining extensions of HBaseShellCommandProvider in the 
configuration, so that custom commands can be used. It also extends 
SlowDeterministicMonkeyFactory to provide the ability to configure the 
destructive actions to be executed.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Re: [DISCUSS] In flight work to complete before 2.5.0RC0

2021-12-09 Thread Nick Dimiduk 
The OpenTelemetry improvements are tracked as subtasks of HBASE-26419 [0].
More eyes on the open PRs would be very helpful, and if anyone is
interested in joining the discussion in the CNCF community, you can join
their Slack [1]. One change often depends on the previous, so I have been
working through the list and pushing patches onto a feature branch [2].

Thanks,
Nick

[0]: https://issues.apache.org/jira/browse/HBASE-26419
[1]: https://cloud-native.slack.com/archives/C0150QF88FL
[2]: https://github.com/ndimiduk/hbase/tree/26419-otel-semantic-conventions

On Wed, Dec 8, 2021 at 6:09 PM 张铎(Duo Zhang)  wrote:

> OpenTracing -> OpenTelemetry :)
>
> For me, I think the OpenTelemetry part is a blocker, we must finish it
> before cutting an RC since the current implementation is already landed on
> branch-2.5 and it breaks some Otel best practises, so we should not release
> it out.
>
> Now it is only Nick doing the work and Tak Lon Wu and I reviewing the PRs.
> And I also joined the CNCF slack channel and saw Nick is working hard in
> communication with the Otel community on how to better implement tracing in
> HBase, for example, how to trace big scans.
> I would encourage more people in our community to involve so we can make
> progress faster.
>
> Thanks.
>
> Sean Busbey  于2021年12月9日周四 10:02写道:
>
> > If we don't want to wait for HBASE-26543 (fix arg parsing for shell)
> > then we should revert HBASE-24772 from branch-2.5 prior to an RC.
> >
> >
> > On Wed, Dec 8, 2021 at 7:34 PM Andrew Purtell 
> wrote:
> > >
> > > As your branch-2.5 RM I am assembling a list of work items that should
> be
> > > completed before a 2.5.0RC0 candidate is submitted for the PMC's
> > > consideration.
> > >
> > > I have so far:
> > >
> > > - OpenTracing span naming convention and coverage improvements.
> > >
> > > - Shell exit code fixes/improvements.
> > >
> > > - The "encryption improvements umbrella". Arguable, but let's include
> it
> > > for now. Can all be resolved as Later if need be.
> > >
> > > Let's discuss what else, if anything, should be on this list, or if one
> > or
> > > more of the above items does not constitute a release blocker. I
> consider
> > > incomplete work-in-progress a blocker. Obviously all of the work in
> > > progress should land before release. For WIP, let's also agree on a
> > > definition of done.
> > >
> > > --
> > > Best regards,
> > > Andrew
> > >
> > > Words like orphans lost among the crosstalk, meaning torn from truth's
> > > decrepit hands
> > >- A23, Crosstalk
> >
>

A tweak to our checkstyle configuration

2021-12-09 Thread Nick Dimiduk 
Heya,

I have posted a small change to our checkstyle configuration on
HBASE-26536. This change will relax the whitespace rules regarding the
left-curly-bracket ('{') character. Specifically, I intend this change to
allow short expressions that include a nested scope that fits entirely on
one line. The example I provide is:

if (foo == null) { return null; }

This whitespace style is already present (though I think not in popular
usage) within the codebase. Please take a look and let me know if you have
any concerns about making this change.

Thanks,
Nick

https://issues.apache.org/jira/browse/HBASE-26536
https://github.com/apache/hbase/pull/3913

[jira] [Created] (HBASE-26555) Fix findbugs/spotbugs findings

2021-12-09 Thread Andrew Kyle Purtell (Jira) 
Andrew Kyle Purtell created HBASE-26555:
---

 Summary: Fix findbugs/spotbugs findings
 Key: HBASE-26555
 URL: https://issues.apache.org/jira/browse/HBASE-26555
 Project: HBase
  Issue Type: Task
Reporter: Andrew Kyle Purtell
 Fix For: 2.5.0, 3.0.0-alpha-2, 2.3.8, 2.4.9, 2.6.0


Clean up findbugs/spotbugs findings on branch HEADs (master, branch-2, 
branch-2.5, branch-2.4, branch-2.3) 

For example, from recent precommits: 

Possible null pointer dereference in 
org.apache.hadoop.hbase.coprocessor.MetaTableMetrics$ExampleRegionObserverMeta.opMeterName(Object)
 due to return value of called method Dereferenced at 
MetaTableMetrics.java:org.apache.hadoop.hbase.coprocessor.MetaTableMetrics$ExampleRegionObserverMeta.opMeterName(Object)
 due to return value of called method Dereferenced at 
MetaTableMetrics.java:[line 230]

Possible null pointer dereference in 
org.apache.hadoop.hbase.coprocessor.MetaTableMetrics$ExampleRegionObserverMeta.opWithClientMeterName(Object)
 due to return value of called method Dereferenced at 
MetaTableMetrics.java:org.apache.hadoop.hbase.coprocessor.MetaTableMetrics$ExampleRegionObserverMeta.opWithClientMeterName(Object)
 due to return value of called method Dereferenced at 
MetaTableMetrics.java:[line 210]

Possible null pointer dereference in 
org.apache.hadoop.hbase.io.hfile.LruCachedBlockQueue.add(LruCachedBlock) due to 
return value of called method Method invoked at 
LruCachedBlockQueue.java:org.apache.hadoop.hbase.io.hfile.LruCachedBlockQueue.add(LruCachedBlock)
 due to return value of called method Method invoked at 
LruCachedBlockQueue.java:[line 73]

Possible null pointer dereference in 
org.apache.hadoop.hbase.io.hfile.bucket.CachedEntryQueue.add(Map$Entry) due to 
return value of called method Dereferenced at 
CachedEntryQueue.java:org.apache.hadoop.hbase.io.hfile.bucket.CachedEntryQueue.add(Map$Entry)
 due to return value of called method Dereferenced at 
CachedEntryQueue.java:[line 79]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Resolved] (HBASE-26122) Limit max result size of individual Gets

2021-12-09 Thread Bryan Beaudreault (Jira) 


 [ 
https://issues.apache.org/jira/browse/HBASE-26122?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bryan Beaudreault resolved HBASE-26122.
---
Fix Version/s: (was: 3.0.0-alpha-2)
   (was: 2.6.0)
 Release Note:   (was: Can now call Get.setMaxResultSize(). When set to a 
positive value, the server will return the results when that threshold is met. 
This may result in partial results for large rows, so the caller is expected to 
handle the case where Result#mayHaveMoreCellsInRow() is true when 
setMaxResultSize is used. Possible options include paginating using PageFilter, 
reducing the returned data set using other filters, converting the Get to a 
Scan (which can take advantage of partial response stitching), or throwing a 
non-retryable exception if using this as a guardrail. See below for example 
usage in shell:

Create table

hbase:005:0> create 't1', 'f1'
Created table t1
Took 1.1306 seconds

Insert test data

hbase:012:0> put 't1', 'r1', 'f1:c1', 'a'
Took 0.0416 seconds
hbase:014:0> put 't1', 'r1', 'f1:c2', 'b'
Took 0.0059 seconds
hbase:015:0> put 't1', 'r1', 'f1:c3', 'c'
Took 0.0097 seconds

Get without setMaxResultSize, returns full row and mayHaveMoreCellsInRow = false

hbase:037:0> g = Get.new('r1'.to_s.to_java_bytes)
=> #
hbase:038:0> result = @hbase.table('t1', 
@shell).instance_variable_get(:@table).get(g)
=> #
hbase:039:0> result.mayHaveMoreCellsInRow
=> false
hbase:040:0> result.toString
=> "keyvalues={r1/f1:c1/1627498270850/Put/vlen=1/seqid=0, 
r1/f1:c2/1627498276326/Put/vlen=1/seqid=0, 
r1/f1:c3/1627498280413/Put/vlen=1/seqid=0}"

Get with setMaxResultSize, returns first two columns and mayHaveMoreCellsInRow 
= true

hbase:059:0> g = Get.new('r1'.to_s.to_java_bytes).setMaxResultSize(100)
=> #
hbase:060:0> result = @hbase.table('t1', 
@shell).instance_variable_get(:@table).get(g)
=> #
hbase:061:0> result.mayHaveMoreCellsInRow
=> true
hbase:062:0> result.toString
=> "keyvalues={r1/f1:c1/1627498270850/Put/vlen=1/seqid=0, 
r1/f1:c2/1627498276326/Put/vlen=1/seqid=0}")
   Resolution: Won't Fix

> Limit max result size of individual Gets
> 
>
> Key: HBASE-26122
> URL: https://issues.apache.org/jira/browse/HBASE-26122
> Project: HBase
>  Issue Type: New Feature
>  Components: Client, regionserver
>Reporter: Bryan Beaudreault
>Assignee: Bryan Beaudreault
>Priority: Major
>
> Scans have the ability to have a configured max result size, which causes 
> them to return a partial result once the limit has been reached. MultiGets 
> also can throw MultiActionResultTooLarge if the response size is over a 
> configured quota. Neither of these really accounts for a single Get of a 
> too-large row. Such too-large Gets can cause substantial GC pressure or worse 
> if sent at volume.
> Currently one can work around this by converting their Get to a single row 
> Scan, but this requires a developer to proactively know about and prepare for 
> the issue by using a Scan upfront or wait for the RegionServer to choke on a 
> large request and only then rewrite the Get for future requests.
> We should implement the same response size limits for for Get as for Scan, 
> whereby the server returns a partial result to the client for handling.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Re: [VOTE] The second release condidate for hbase-thirdparty 4.0.0 is available for download

2021-12-09 Thread Nick Dimiduk 
+1

I've used the hbase-vote.sh script to evaluate this artifact and there's a
problem in the final `run_tests` , executed after `build_from_source`.

* Signature: ok
* Checksum : ok
* Rat check (11.0.11): ok
 - mvn clean apache-rat:check
* Built from source (11.0.11): ok
 - mvn clean install  -DskipTests
* Unit tests pass (11.0.11): failed
 - mvn package -P runAllTests  -Dsurefire.rerunFailingTestsCount=3

[WARNING] The requested profile "runAllTests" could not be activated
because it does not exist.
[ERROR] Failed to execute goal
org.apache.maven.plugins:maven-shade-plugin:3.2.4:shade (default) on
project hbase-shaded-jackson-jaxrs-json-provider: Error creating shaded
jar: duplicate entry:
META-INF/services/org.apache.hbase.thirdparty.javax.ws.rs.ext.MessageBodyWriter

Manually running `mvn clean package` within the source tarball, we succeed.

I have also triggered a PR build of HBASE-25864 / PR#3243 that uses this
RC. The tests are still running.
https://ci-hadoop.apache.org/blue/organizations/jenkins/HBase%2FHBase-PreCommit-GitHub-PR/detail/PR-3243/5/pipeline/

On Tue, Dec 7, 2021 at 6:02 PM 张铎(Duo Zhang)  wrote:

> Ah, Thanks Nick for explaining and thanks Andrew for testing.
>
> We still need one more +1 to close this vote.
>
> Andrew Purtell  于2021年12月7日周二 05:50写道:
>
> > Ok, change my vote to +1 (binding). The hbase-thirdparty build and
> > artifacts are good.
> >
> > > On Dec 6, 2021, at 1:18 PM, Nick Dimiduk  wrote:
> > >
> > > On Mon, Dec 6, 2021 at 11:49 AM Andrew Purtell 
> > wrote:
> > >
> > >> -1 (binding)
> > >>
> > >> Checked sums and signature, ok
> > >> RAT check passed, ok
> > >> Built from source, ok
> > >> Built HEAD of master (d9315fa043) with
> -Dhbase-thirdparty.version=4.0.0,
> > >> hbase-http module tests fail
> > >>
> > >
> > > Adoption of this dependency will require changes to master. I had
> posted
> > > necessary changes on https://github.com/apache/hbase/pull/3243 and Duo
> > did
> > > his own on https://github.com/apache/hbase/pull/3910.
> > >
> > > [ERROR] Tests run: 17, Failures: 0, Errors: 1, Skipped: 2, Time
> elapsed:
> > >> 2.29 s <<< FAILURE! - in org.apache.hadoop.hbase.http.TestHttpServer
> > >> [ERROR] org.apache.hadoop.hbase.http.TestHttpServer.testJersey  Time
> > >> elapsed: 0.123 s  <<< ERROR!
> > >> java.io.FileNotFoundException:
> http://localhost:55106/jersey/foo?op=bar
> > >> at
> > >>
> > >>
> >
> sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1898)
> > >> at
> > >>
> > >>
> >
> sun.net.www.protocol.http.HttpURLConnection.access$200(HttpURLConnection.java:92)
> > >> at
> > >>
> > >>
> >
> sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1492)
> > >> at
> > >>
> > >>
> >
> sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1490)
> > >> at java.security.AccessController.doPrivileged(Native Method)
> > >> at
> > >>
> > >>
> >
> java.security.AccessController.doPrivilegedWithCombiner(AccessController.java:784)
> > >> at
> > >>
> > >>
> >
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1489)
> > >> at
> > >>
> > >>
> >
> org.apache.hadoop.hbase.http.HttpServerFunctionalTest.readOutput(HttpServerFunctionalTest.java:248)
> > >> at
> > >>
> > >>
> >
> org.apache.hadoop.hbase.http.TestHttpServer.testJersey(TestHttpServer.java:519)
> > >>
> > >>
> > >>> On Fri, Dec 3, 2021 at 6:23 AM 张铎(Duo Zhang) 
> > >>> wrote:
> > >>>
> > >>> Please vote on this Apache hbase thirdparty release candidate,
> > >>> hbase-thirdparty-4.0.0RC1
> > >>>
> > >>> The VOTE will remain open for at least 72 hours.
> > >>>
> > >>> [ ] +1 Release this package as Apache hbase thirdparty 4.0.0
> > >>> [ ] -1 Do not release this package because ...
> > >>>
> > >>> The tag to be voted on is 4.0.0RC1:
> > >>>
> > >>>  https://github.com/apache/hbase-thirdparty/tree/4.0.0RC1
> > >>>
> > >>> This tag currently points to git reference
> > >>>
> > >>>  c81cf5c3d10e85f2f5168b09b51ce14468deddbd
> > >>>
> > >>> The release files, including signatures, digests, as well as
> CHANGES.md
> > >>> and RELEASENOTES.md included in this RC can be found at:
> > >>>
> > >>>
> > >>
> https://dist.apache.org/repos/dist/dev/hbase/hbase-thirdparty-4.0.0RC1/
> > >>>
> > >>> Maven artifacts are available in a staging repository at:
> > >>>
> > >>>
> > >>
> https://repository.apache.org/content/repositories/orgapachehbase-1471/
> > >>>
> > >>> Artifacts were signed with the 9AD2AE49 key which can be found in:
> > >>>
> > >>>  https://downloads.apache.org/hbase/KEYS
> > >>>
> > >>> To learn more about Apache hbase thirdparty, please see
> > >>>
> > >>>  http://hbase.apache.org/
> > >>>
> > >>> Thanks,
> > >>> Your HBase Release Manager
> > >>>
> > >>
> > >>
> > >> --
> > >> Best regards,
> > >> Andrew
> > >>
> > >> Words like orphans lost among the crosstalk, meaning torn from truth's
> > >> decrepit hands
> > >>   - A23, Crosstalk
> > >>
> >

Re: [DISCUSS] releasing hbase-connector 1.1.0 ?

2021-12-09 Thread Tak Lon (Stephen) Wu 
1. to Sean's point of "convenience binaries compiled against Spark 3 as
well", sorry that I didn't get your words at the beginning, I will make
sure the 1.1.0 release will have compiled binaries for spark 2 and spark 3
(if anything fails spark3, I will file JIRAs for them)

2. (cont.) update on this thread, HBASE-16247 has been sidelined (thanks
Sean), HBASE-24356 and HBASE-22338 should be the blockers, and let's see
how the communication goes (I may pick up them if needed).
In addition, I'm proposing to have a 1.1.0 instead of 1.0.1 release, and
move all the removed JIRAs with a fixed version of 1.0.1 to 1.1.0.

I should be actively working on them next week before doing the actual
release.

(sorry that I used a different email in my last reply)

-Stephen


On Tue, Dec 7, 2021 at 10:29 AM Stephen Wu 
wrote:

> Thanks Sean and Duo for your inputs, I have few questions before we
> move forward.
>
> 1. For Spark 3.0 support, HBASE-25326 seems to already allow building
> it with spark-3.0, or doesn't it work?
> 2. For the upcoming release version, after reviewing the comments on
> HBASE-26491, I found two pending releases, 1.1.0 (3 overall item, 0
> pending issues) and 1.0.1 (46 issues, 3 pending issues, HBASE-22338,
> HBASE-25326, HBASE-16247). should we have a 1.0.1 release?
>
> Thanks,
> Stephen
>
>
> On Tue, Dec 7, 2021 at 12:26 AM 张铎(Duo Zhang) 
> wrote:
> >
> > Thank you Tak Lon Wu. This is really a great news.
> >
> > https://issues.apache.org/jira/browse/HBASE-26491
> >
> > In this issue, we noticed that the problem has already been fixed but not
> > released yet...
> >
> > It will be good if we could have a 1.1.0 release soon.
> >
> > Sean Busbey  于2021年12月7日周二 07:45写道:
> >
> > > That'd be great!
> > >
> > > I can help with release process.
> > >
> > > I'd like us to ensure this go around we have convenience binaries
> compiled
> > > against  Spark 3 as well. That's been a long standing need.
> > >
> > > On Mon, Dec 6, 2021, 16:43 Tak Lon (Stephen) Wu 
> wrote:
> > >
> > > > Hi guys,
> > > >
> > > > While I'm learning how to release a minor version of hbase via
> > > > https://hbase.apache.org/book.html#releasing and an example of 2.3.7
> > > > via HBASE-26373, I found hbase-connector was last released on 2019
> > > > April.
> > > >
> > > > So, I'm wondering if I could help to release hbase-connector e.g.
> > > > 1.1.0 and get familiar with the release process, at the same time, I
> > > > may need a mentor/adviser and discuss the steps/tasks about it (my
> > > > plan is to create JIRAs like HBASE-26373).
> > > >
> > > > any comments?
> > > >
> > > > Thanks,
> > > > Stephen
> > > >
> > >
>

[jira] [Created] (HBASE-26554) Introduce a new parameter in jmx servlet to exclude the specific mbean

2021-12-09 Thread ruanhui (Jira) 
ruanhui created HBASE-26554:
---

 Summary: Introduce a new parameter in jmx servlet to exclude the 
specific mbean
 Key: HBASE-26554
 URL: https://issues.apache.org/jira/browse/HBASE-26554
 Project: HBase
  Issue Type: Improvement
  Components: metrics
Affects Versions: 2.4.8
Reporter: ruanhui
Assignee: ruanhui
 Fix For: 3.0.0-alpha-2


There are many regionservers serving over a thousand regions, and the metric 
load is pretty big.
I tried to exclude some huge mbean like 
'Hadoop:service=HBase,name=RegionServer,sub=Regions' with regex, but didn't 
succeed.
So I want to propose a new parameter 'excl' in jmx servlet to exclude the 
splecific bean or beans.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Re: New dedicated Jenkins Conrtoller

2021-12-09 Thread Duo Zhang 
Thanks you Gavin.

You can do it in your convenience, just let me know so I could change the
label in the jenkinsfile of our jenkins jobs, at least our pre commit job
still uses the Hadoop label.

And another thing is about the hbase_generate_website job, it needs to be
executed on the nodes under the git-websites label. I'm not sure if the
label is still available after the migration.

Gavin McDonald  于2021年12月8日周三 17:28写道:

> Hi HBase devs.
>
> This is to let you know that Infra has created a dedicated Jenkins
> Controller at https://ci-hbase.apache.org .
>
> You have new incoming donated agents which will get connected to this new
> controller by Infra.
>
> You also have 10 or so agents connected to https://ci-hadoop.apache.org -
> I
> would like to move these agents - and all of your jobs - over to the new
> controller as soon as possible.
>
> You may or may not need to reconfigure your jobs and or JenkinsFile or
> other.
>
> Can I get the go ahead to move these at my convenience or suggest please a
> timeline for Infra to move these agents.
>
> Thanks!
>
> --
>
> *Gavin McDonald*
> Systems Administrator
> ASF Infrastructure Team
>

[jira] [Created] (HBASE-26553) OAuth Bearer authentication mech plugin for SASL

2021-12-09 Thread Andor Molnar (Jira) 
Andor Molnar created HBASE-26553:


 Summary: OAuth Bearer authentication mech plugin for SASL
 Key: HBASE-26553
 URL: https://issues.apache.org/jira/browse/HBASE-26553
 Project: HBase
  Issue Type: New Feature
  Components: security
Reporter: Andor Molnar
Assignee: Andor Molnar


Implementation of a new SASL plugin to add support for OAuth Bearer token 
authentication for HBase client RPC.
 * The plugin supports secured (cryptographically signed) JSON Web Token 
authentication as defined in 
[RFC-7628|https://datatracker.ietf.org/doc/html/rfc7628]  and the JWT format in 
[RFC-7519|https://datatracker.ietf.org/doc/html/rfc7519] .
 * The implementation is inspired by [Apache Kafka's OAuth Bearer 
token|https://docs.confluent.io/platform/current/kafka/authentication_sasl/authentication_sasl_oauth.html]
 support with the important difference that HBase version is intended for 
production usage. The two main differences are that Kafka supports unsecured 
tokens only and it issues the tokens for itself which breaks the principle of 
OAuth token authentication.
 * We use the [Nimbus JOSE + 
JWT|https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/] Java library 
for signature verification and token processing and we add it as a new 
dependency to HBase.
 * We add secure JWT support and verification of digital signatures with 
multiple algorithms as supported by Nimbus. Json-formatted JWK set is required 
for the signature verification as defined in 
[RFC-7517|https://datatracker.ietf.org/doc/html/rfc7517].
 * The impl is verified with Apache Knox issued tokens, because that's the 
primary use case of this new feature.
 * New client example is added to the hbase-examples project to showcase the 
feature.
 * It's important that this Jira does not cover the solution for obtaining a 
token from Knox. The assumption is that the client already has a valid token in 
base64 encoded string and we only provide a helper method for adding it to 
user's credentials.
 * Renewing expired tokens is also the responsibility of the client. We don't 
provide a mechanism for that in this Jira, but it's planned to be covered in a 
follow-up ticket.

The following new parameters are introduced in hbase-site.xml:
 * hbase.security.oauth.jwt.jwks.file - Path of a local file for JWK set. 
(required if URL not specified)
 * hbase.security.oauth.jwt.jwks.url - URL to download the JWK set. (required 
if File not specified)
 * hbase.security.oauth.jwt.requiredaudience - Required audience of the JWT. 
(optional)



--
This message was sent by Atlassian Jira
(v8.20.1#820001)