Revert "HBASE-29473 Obtain target cluster's token for cross clusters job (#7198)"

Compatibility issue, see JIRA This reverts commit 22ba3bf. Signed-off-by: Andrew Purtell <apurtell@apache.org>

Author: apurtell

hbase-mapreduce/src/main/java/org/apache/hadoop/hbase/mapreduce/HFileOutputFormat2.java

@@ -811,7 +811,7 @@ public static void configureIncrementalLoadMap(Job job, TableDescriptor tableDes
  * @see #REMOTE_CLUSTER_ZOOKEEPER_CLIENT_PORT_CONF_KEY
  * @see #REMOTE_CLUSTER_ZOOKEEPER_ZNODE_PARENT_CONF_KEY
  */
- public static void configureRemoteCluster(Job job, Configuration clusterConf) throws IOException {
+ public static void configureRemoteCluster(Job job, Configuration clusterConf) {
  Configuration conf = job.getConfiguration();
 
  if (!conf.getBoolean(LOCALITY_SENSITIVE_CONF_KEY, DEFAULT_LOCALITY_SENSITIVE)) {
@@ -828,8 +828,6 @@ public static void configureRemoteCluster(Job job, Configuration clusterConf) th
  conf.setInt(REMOTE_CLUSTER_ZOOKEEPER_CLIENT_PORT_CONF_KEY, clientPort);
  conf.set(REMOTE_CLUSTER_ZOOKEEPER_ZNODE_PARENT_CONF_KEY, parent);
 
- TableMapReduceUtil.initCredentialsForCluster(job, clusterConf);
-
  LOG.info("ZK configs for remote cluster of bulkload is configured: " + quorum + ":" + clientPort
  + "/" + parent);
  }

hbase-mapreduce/src/test/java/org/apache/hadoop/hbase/mapreduce/TestHFileOutputFormat2WithSecurity.java

@@ -29,8 +29,15 @@
 import org.apache.hadoop.hbase.HBaseClassTestRule;
 import org.apache.hadoop.hbase.HBaseTestingUtility;
 import org.apache.hadoop.hbase.client.Scan;
+import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
+import org.apache.hadoop.hbase.security.HBaseKerberosUtils;
+import org.apache.hadoop.hbase.security.access.AccessController;
+import org.apache.hadoop.hbase.security.access.PermissionStorage;
+import org.apache.hadoop.hbase.security.access.SecureTestUtil;
 import org.apache.hadoop.hbase.security.provider.SaslClientAuthenticationProviders;
 import org.apache.hadoop.hbase.security.token.AuthenticationTokenIdentifier;
+import org.apache.hadoop.hbase.security.token.TokenProvider;
+import org.apache.hadoop.hbase.security.visibility.VisibilityTestUtil;
 import org.apache.hadoop.hbase.testclassification.MapReduceTests;
 import org.apache.hadoop.hbase.testclassification.MediumTests;
 import org.apache.hadoop.hbase.util.Bytes;
@@ -41,6 +48,7 @@
 import org.apache.hadoop.minikdc.MiniKdc;
 import org.apache.hadoop.security.Credentials;
 import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.authentication.util.KerberosName;
 import org.apache.hadoop.security.token.Token;
 import org.apache.hadoop.security.token.TokenIdentifier;
 import org.junit.After;
@@ -126,6 +134,33 @@ public void testInitTableMapperJob4() throws Exception {
  assertEquals("Table", job.getConfiguration().get(TableInputFormat.INPUT_TABLE));
  }
 
+ private static Closeable startSecureMiniCluster(HBaseTestingUtility util, MiniKdc kdc,
+ String principal) throws Exception {
+ Configuration conf = util.getConfiguration();
+
+ SecureTestUtil.enableSecurity(conf);
+ VisibilityTestUtil.enableVisiblityLabels(conf);
+ SecureTestUtil.verifyConfiguration(conf);
+
+ conf.set(CoprocessorHost.REGION_COPROCESSOR_CONF_KEY,
+ AccessController.class.getName() + ',' + TokenProvider.class.getName());
+
+ HBaseKerberosUtils.setSecuredConfiguration(conf, principal + '@' + kdc.getRealm(),
+ HTTP_PRINCIPAL + '@' + kdc.getRealm());
+
+ KerberosName.resetDefaultRealm();
+
+ util.startMiniCluster();
+ try {
+ util.waitUntilAllRegionsAssigned(PermissionStorage.ACL_TABLE_NAME);
+ } catch (Exception e) {
+ util.shutdownMiniCluster();
+ throw e;
+ }
+
+ return util::shutdownMiniCluster;
+ }
+
  @Test
  public void testInitCredentialsForCluster1() throws Exception {
  HBaseTestingUtility util1 = new HBaseTestingUtility();
@@ -164,9 +199,8 @@ public void testInitCredentialsForCluster2() throws Exception {
  kdc.createPrincipal(keytab, userPrincipal, HTTP_PRINCIPAL);
  loginUserFromKeytab(userPrincipal + '@' + kdc.getRealm(), keytab.getAbsolutePath());
 
- try (
- Closeable util1Closeable = util1.startSecureMiniCluster(kdc, userPrincipal, HTTP_PRINCIPAL);
- Closeable util2Closeable = util2.startSecureMiniCluster(kdc, userPrincipal, HTTP_PRINCIPAL)) {
+ try (Closeable util1Closeable = startSecureMiniCluster(util1, kdc, userPrincipal);
+ Closeable util2Closeable = startSecureMiniCluster(util2, kdc, userPrincipal)) {
  try {
  Configuration conf1 = util1.getConfiguration();
  Job job = Job.getInstance(conf1);
@@ -199,8 +233,7 @@ public void testInitCredentialsForCluster3() throws Exception {
  kdc.createPrincipal(keytab, userPrincipal, HTTP_PRINCIPAL);
  loginUserFromKeytab(userPrincipal + '@' + kdc.getRealm(), keytab.getAbsolutePath());
 
- try (
- Closeable util1Closeable = util1.startSecureMiniCluster(kdc, userPrincipal, HTTP_PRINCIPAL)) {
+ try (Closeable util1Closeable = startSecureMiniCluster(util1, kdc, userPrincipal)) {
  try {
  HBaseTestingUtility util2 = new HBaseTestingUtility();
  // Assume util2 is insecure cluster
@@ -236,8 +269,7 @@ public void testInitCredentialsForCluster4() throws Exception {
  kdc.createPrincipal(keytab, userPrincipal, HTTP_PRINCIPAL);
  loginUserFromKeytab(userPrincipal + '@' + kdc.getRealm(), keytab.getAbsolutePath());
 
- try (
- Closeable util2Closeable = util2.startSecureMiniCluster(kdc, userPrincipal, HTTP_PRINCIPAL)) {
+ try (Closeable util2Closeable = startSecureMiniCluster(util2, kdc, userPrincipal)) {
  try {
  Configuration conf1 = util1.getConfiguration();
  Job job = Job.getInstance(conf1);

hbase-mapreduce/src/test/java/org/apache/hadoop/hbase/mapreduce/TestTableMapReduceUtil.java

@@ -22,7 +22,6 @@
 import static org.junit.Assert.fail;
 
 import edu.umd.cs.findbugs.annotations.Nullable;
-import java.io.Closeable;
 import java.io.File;
 import java.io.IOException;
 import java.io.OutputStream;
@@ -89,7 +88,6 @@
 import org.apache.hadoop.hbase.client.TableDescriptor;
 import org.apache.hadoop.hbase.client.TableDescriptorBuilder;
 import org.apache.hadoop.hbase.client.TableState;
-import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
 import org.apache.hadoop.hbase.fs.HFileSystem;
 import org.apache.hadoop.hbase.io.compress.Compression;
 import org.apache.hadoop.hbase.io.compress.Compression.Algorithm;
@@ -122,12 +120,7 @@
 import org.apache.hadoop.hbase.regionserver.RegionServerStoppedException;
 import org.apache.hadoop.hbase.security.HBaseKerberosUtils;
 import org.apache.hadoop.hbase.security.User;
-import org.apache.hadoop.hbase.security.access.AccessController;
-import org.apache.hadoop.hbase.security.access.PermissionStorage;
-import org.apache.hadoop.hbase.security.access.SecureTestUtil;
-import org.apache.hadoop.hbase.security.token.TokenProvider;
 import org.apache.hadoop.hbase.security.visibility.VisibilityLabelsCache;
-import org.apache.hadoop.hbase.security.visibility.VisibilityTestUtil;
 import org.apache.hadoop.hbase.util.Bytes;
 import org.apache.hadoop.hbase.util.CommonFSUtils;
 import org.apache.hadoop.hbase.util.EnvironmentEdgeManager;
@@ -156,7 +149,6 @@
 import org.apache.hadoop.mapred.JobConf;
 import org.apache.hadoop.mapred.MiniMRCluster;
 import org.apache.hadoop.minikdc.MiniKdc;
-import org.apache.hadoop.security.authentication.util.KerberosName;
 import org.apache.yetus.audience.InterfaceAudience;
 import org.apache.zookeeper.WatchedEvent;
 import org.apache.zookeeper.ZooKeeper;
@@ -399,42 +391,6 @@ public static void closeRegionAndWAL(final HRegion r) throws IOException {
  r.getWAL().close();
  }
 
- /**
- * Start mini secure cluster with given kdc and principals.
- * @param kdc Mini kdc server
- * @param servicePrincipal Service principal without realm.
- * @param spnegoPrincipal Spnego principal without realm.
- * @return Handler to shutdown the cluster
- */
- public Closeable startSecureMiniCluster(MiniKdc kdc, String servicePrincipal,
- String spnegoPrincipal) throws Exception {
- Configuration conf = getConfiguration();
-
- SecureTestUtil.enableSecurity(conf);
- VisibilityTestUtil.enableVisiblityLabels(conf);
- SecureTestUtil.verifyConfiguration(conf);
-
- // Reset the static default realm forcibly for hadoop-2.0.
- // It has no impact but not required for hadoop-3.0.
- KerberosName.resetDefaultRealm();
-
- conf.set(CoprocessorHost.REGION_COPROCESSOR_CONF_KEY,
- AccessController.class.getName() + ',' + TokenProvider.class.getName());
-
- HBaseKerberosUtils.setSecuredConfiguration(conf, servicePrincipal + '@' + kdc.getRealm(),
- spnegoPrincipal + '@' + kdc.getRealm());
-
- startMiniCluster();
- try {
- waitUntilAllRegionsAssigned(PermissionStorage.ACL_TABLE_NAME);
- } catch (Exception e) {
- shutdownMiniCluster();
- throw e;
- }
-
- return this::shutdownMiniCluster;
- }
-
  /**
  * Returns this classes's instance of {@link Configuration}. Be careful how you use the returned
  * Configuration since {@link Connection} instances can be shared. The Map of Connections is keyed