HADOOP-19151. Support configurable SASL mechanism.

[szetszwo]

Description of PR

Currently, the SASL mechanism is hard coded to DIGEST-MD5. As mentioned in HADOOP-14811, DIGEST-MD5 is known to be insecure; see rfc6331.

In this JIRA, we will make the SASL mechanism configurable. The default mechanism will still be DIGEST-MD5 in order to maintain compatibility.

We use a new environment variable instead of adding new properties to the xml files since a Configuration object may be unavailable when initializing SASL.

HADOOP-19151

How was this patch tested?

By existing tests and manually test.

For code changes:

• Does the title or this PR starts with the corresponding JIRA issue id (e.g. 'HADOOP-17799. Your PR title ...')?
• [NA] Object storage: have the integration tests been executed and the endpoint declared according to the connector-specific documentation?
• [NA] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
• [NA] If applicable, have you updated the LICENSE, LICENSE-binary, NOTICE-binary files?

[hadoop-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	11m 34s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 1s		No case conflicting files found.
+0 🆗	codespell	0m 0s		codespell was not available.
+0 🆗	detsecrets	0m 0s		detect-secrets was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s		The patch appears to include 2 new or modified test files.
			_ trunk Compile Tests _
+0 🆗	mvndep	14m 54s		Maven dependency ordering for branch
+1 💚	mvninstall	32m 54s		trunk passed
+1 💚	compile	17m 30s		trunk passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu220.04.1
+1 💚	compile	16m 6s		trunk passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~20.04-b06
+1 💚	checkstyle	4m 21s		trunk passed
+1 💚	mvnsite	5m 47s		trunk passed
+1 💚	javadoc	4m 35s		trunk passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu220.04.1
+1 💚	javadoc	4m 53s		trunk passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~20.04-b06
+1 💚	spotbugs	10m 54s		trunk passed
+1 💚	shadedclient	35m 6s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+0 🆗	mvndep	0m 33s		Maven dependency ordering for patch
+1 💚	mvninstall	3m 44s		the patch passed
+1 💚	compile	16m 49s		the patch passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu220.04.1
+1 💚	javac	16m 49s		the patch passed
+1 💚	compile	16m 11s		the patch passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~20.04-b06
+1 💚	javac	16m 11s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
-0 ⚠️	checkstyle	4m 51s	/results-checkstyle-root.txt	root: The patch generated 4 new + 138 unchanged - 2 fixed = 142 total (was 140)
+1 💚	mvnsite	5m 53s		the patch passed
+1 💚	javadoc	4m 27s		the patch passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu220.04.1
+1 💚	javadoc	4m 50s		the patch passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~20.04-b06
+1 💚	spotbugs	11m 46s		the patch passed
+1 💚	shadedclient	35m 12s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
-1 ❌	unit	19m 31s	/patch-unit-hadoop-common-project_hadoop-common.txt	hadoop-common in the patch passed.
+1 💚	unit	2m 46s		hadoop-hdfs-client in the patch passed.
+1 💚	unit	228m 26s		hadoop-hdfs in the patch passed.
+1 💚	unit	120m 54s		hadoop-yarn-server-resourcemanager in the patch passed.
+1 💚	asflicense	1m 13s		The patch does not generate ASF License warnings.
		641m 47s

Reason	Tests
Failed junit tests	hadoop.ipc.TestSaslRPC

Subsystem	Report/Notes
Docker	ClientAPI=1.45 ServerAPI=1.45 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6740/1/artifact/out/Dockerfile
GITHUB PR	#6740
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient spotbugs checkstyle codespell detsecrets
uname	Linux 6a002d7875ff 5.15.0-101-generic #111-Ubuntu SMP Tue Mar 5 20:16:58 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / 99e0caa
Default Java	Private Build-1.8.0_402-8u402-ga-2ubuntu1~20.04-b06
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu220.04.1 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_402-8u402-ga-2ubuntu1~20.04-b06
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6740/1/testReport/
Max. process+thread count	4487 (vs. ulimit of 5500)
modules	C: hadoop-common-project/hadoop-common hadoop-hdfs-project/hadoop-hdfs-client hadoop-hdfs-project/hadoop-hdfs hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager U: .
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6740/1/console
versions	git=2.25.1 maven=3.6.3 spotbugs=4.2.2
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

[hadoop-yetus]

🎊 +1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 30s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 1s		codespell was not available.
+0 🆗	detsecrets	0m 1s		detect-secrets was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
+1 💚	test4tests	0m 0s		The patch appears to include 2 new or modified test files.
			_ trunk Compile Tests _
+0 🆗	mvndep	14m 51s		Maven dependency ordering for branch
+1 💚	mvninstall	32m 22s		trunk passed
+1 💚	compile	17m 34s		trunk passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu220.04.1
+1 💚	compile	16m 2s		trunk passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~20.04-b06
+1 💚	checkstyle	4m 18s		trunk passed
+1 💚	mvnsite	5m 46s		trunk passed
+1 💚	javadoc	4m 37s		trunk passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu220.04.1
+1 💚	javadoc	4m 47s		trunk passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~20.04-b06
+1 💚	spotbugs	10m 53s		trunk passed
+1 💚	shadedclient	35m 51s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+0 🆗	mvndep	0m 33s		Maven dependency ordering for patch
+1 💚	mvninstall	3m 46s		the patch passed
+1 💚	compile	16m 45s		the patch passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu220.04.1
+1 💚	javac	16m 45s		the patch passed
+1 💚	compile	16m 19s		the patch passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~20.04-b06
+1 💚	javac	16m 19s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
-0 ⚠️	checkstyle	4m 22s	/results-checkstyle-root.txt	root: The patch generated 4 new + 138 unchanged - 2 fixed = 142 total (was 140)
+1 💚	mvnsite	5m 41s		the patch passed
+1 💚	javadoc	4m 34s		the patch passed with JDK Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu220.04.1
+1 💚	javadoc	4m 56s		the patch passed with JDK Private Build-1.8.0_402-8u402-ga-2ubuntu1~20.04-b06
+1 💚	spotbugs	11m 40s		the patch passed
+1 💚	shadedclient	34m 56s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	unit	19m 21s		hadoop-common in the patch passed.
+1 💚	unit	2m 46s		hadoop-hdfs-client in the patch passed.
+1 💚	unit	227m 13s		hadoop-hdfs in the patch passed.
+1 💚	unit	105m 56s		hadoop-yarn-server-resourcemanager in the patch passed.
+1 💚	asflicense	1m 14s		The patch does not generate ASF License warnings.
		613m 36s

Subsystem	Report/Notes
Docker	ClientAPI=1.45 ServerAPI=1.45 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6740/2/artifact/out/Dockerfile
GITHUB PR	#6740
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient spotbugs checkstyle codespell detsecrets
uname	Linux f5ba92714eda 5.15.0-101-generic #111-Ubuntu SMP Tue Mar 5 20:16:58 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / c4700b8
Default Java	Private Build-1.8.0_402-8u402-ga-2ubuntu1~20.04-b06
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.22+7-post-Ubuntu-0ubuntu220.04.1 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_402-8u402-ga-2ubuntu1~20.04-b06
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6740/2/testReport/
Max. process+thread count	3737 (vs. ulimit of 5500)
modules	C: hadoop-common-project/hadoop-common hadoop-hdfs-project/hadoop-hdfs-client hadoop-hdfs-project/hadoop-hdfs hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager U: .
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-6740/2/console
versions	git=2.25.1 maven=3.6.3 spotbugs=4.2.2
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

[hadoop-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
			_ Prechecks _
+1 💚	dupname	0m 01s		No case conflicting files found.
+0 🆗	spotbugs	0m 00s		spotbugs executables are not available.
+0 🆗	codespell	0m 00s		codespell was not available.
+0 🆗	detsecrets	0m 00s		detect-secrets was not available.
+1 💚	@author	0m 00s		The patch does not contain any @author tags.
+1 💚	test4tests	0m 00s		The patch appears to include 2 new or modified test files.
			_ trunk Compile Tests _
+0 🆗	mvndep	2m 13s		Maven dependency ordering for branch
+1 💚	mvninstall	87m 55s		trunk passed
+1 💚	compile	38m 59s		trunk passed
+1 💚	checkstyle	5m 48s		trunk passed
-1 ❌	mvnsite	4m 17s	/branch-mvnsite-hadoop-common-project_hadoop-common.txt	hadoop-common in trunk failed.
+1 💚	javadoc	20m 15s		trunk passed
+1 💚	shadedclient	181m 08s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+0 🆗	mvndep	2m 13s		Maven dependency ordering for patch
+1 💚	mvninstall	16m 42s		the patch passed
+1 💚	compile	37m 02s		the patch passed
+1 💚	javac	37m 02s		the patch passed
+1 💚	blanks	0m 00s		The patch has no blanks issues.
+1 💚	checkstyle	5m 46s		the patch passed
-1 ❌	mvnsite	4m 17s	/patch-mvnsite-hadoop-common-project_hadoop-common.txt	hadoop-common in the patch failed.
+1 💚	javadoc	21m 09s		the patch passed
+1 💚	shadedclient	193m 21s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	asflicense	5m 58s		The patch does not generate ASF License warnings.
		571m 39s

Subsystem	Report/Notes
GITHUB PR	#6740
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient spotbugs checkstyle codespell detsecrets
uname	MINGW64_NT-10.0-17763 f3bb3ac3fa73 3.4.10-87d57229.x86_64 2024-02-14 20:17 UTC x86_64 Msys
Build tool	maven
Personality	/c/hadoop/dev-support/bin/hadoop.sh
git revision	trunk / a82ffdc
Default Java	Azul Systems, Inc.-1.8.0_332-b09
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch-windows-10/job/PR-6740/1/testReport/
modules	C: hadoop-common-project/hadoop-common hadoop-hdfs-project/hadoop-hdfs-client hadoop-hdfs-project/hadoop-hdfs hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager U: .
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch-windows-10/job/PR-6740/1/console
versions	git=2.44.0.windows.1
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

[szetszwo]

The mvnsite failure is not related to this.

[hadoop-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
			_ Prechecks _
+1 💚	dupname	0m 01s		No case conflicting files found.
+0 🆗	spotbugs	0m 01s		spotbugs executables are not available.
+0 🆗	codespell	0m 01s		codespell was not available.
+0 🆗	detsecrets	0m 01s		detect-secrets was not available.
+1 💚	@author	0m 00s		The patch does not contain any @author tags.
+1 💚	test4tests	0m 00s		The patch appears to include 2 new or modified test files.
			_ trunk Compile Tests _
+0 🆗	mvndep	2m 29s		Maven dependency ordering for branch
+1 💚	mvninstall	93m 34s		trunk passed
+1 💚	compile	42m 03s		trunk passed
+1 💚	checkstyle	6m 36s		trunk passed
-1 ❌	mvnsite	4m 42s	/branch-mvnsite-hadoop-common-project_hadoop-common.txt	hadoop-common in trunk failed.
+1 💚	javadoc	22m 14s		trunk passed
+1 💚	shadedclient	195m 43s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+0 🆗	mvndep	2m 24s		Maven dependency ordering for patch
+1 💚	mvninstall	19m 16s		the patch passed
+1 💚	compile	40m 11s		the patch passed
+1 💚	javac	40m 11s		the patch passed
+1 💚	blanks	0m 00s		The patch has no blanks issues.
+1 💚	checkstyle	6m 22s		the patch passed
-1 ❌	mvnsite	4m 44s	/patch-mvnsite-hadoop-common-project_hadoop-common.txt	hadoop-common in the patch failed.
+1 💚	javadoc	22m 38s		the patch passed
+1 💚	shadedclient	207m 52s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	asflicense	6m 12s		The patch does not generate ASF License warnings.
		615m 54s

Subsystem	Report/Notes
GITHUB PR	#6740
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient spotbugs checkstyle codespell detsecrets
uname	MINGW64_NT-10.0-17763 6d747d52caa4 3.4.10-87d57229.x86_64 2024-02-14 20:17 UTC x86_64 Msys
Build tool	maven
Personality	/c/hadoop/dev-support/bin/hadoop.sh
git revision	trunk / a82ffdc
Default Java	Azul Systems, Inc.-1.8.0_332-b09
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch-windows-10/job/PR-6740/2/testReport/
modules	C: hadoop-common-project/hadoop-common hadoop-hdfs-project/hadoop-hdfs-client hadoop-hdfs-project/hadoop-hdfs hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager U: .
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch-windows-10/job/PR-6740/2/console
versions	git=2.44.0.windows.1
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

[jojochuang]

LGTM

[szetszwo]

@jojochuang , thanks a lot for reviewing this!

[nstang01]

This MR just makes the algorithm configurable. Are there any recommended configuration values? @szetszwo

[szetszwo]

Hi @nstang01 , any SASL mechanism listed in https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml should work. Of course, it is not recommended to use the OBSOLETE mechanisms such as DIGEST-MD5.