HADOOP-19308: FastSaslClientFactory failing to initialise due to NPE

[Abhey]

Description of PR

• This PR introduces the changes to the constructor of the FastSaslClientFactory to set props to an empty HashMap in case null value is passed.
• Adittionally, This PR adds a try-catch block around the logic where the factoryCache is being populated. This is being done to prevent a bad SaslClientFactory from stopping the instantiation of the FastSaslClientFactory object.

How was this patch tested?

• We applied this patch in our internal fork and were able to resolve the issue reported in the JIRA.

For code changes:

• Does the title or this PR starts with the corresponding JIRA issue id (e.g. 'HADOOP-17799. Your PR title ...')?
• Object storage: have the integration tests been executed and the endpoint declared according to the connector-specific documentation?
• If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
• If applicable, have you updated the LICENSE, LICENSE-binary, NOTICE-binary files?

[Abhey]

@apurtell Please review the PR.

[hadoop-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	17m 46s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 0s		codespell was not available.
+0 🆗	detsecrets	0m 0s		detect-secrets was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
-1 ❌	test4tests	0m 0s		The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
			_ branch-3.4.0 Compile Tests _
+1 💚	mvninstall	49m 18s		branch-3.4.0 passed
+1 💚	compile	19m 42s		branch-3.4.0 passed with JDK Ubuntu-11.0.24+8-post-Ubuntu-1ubuntu320.04
+1 💚	compile	17m 57s		branch-3.4.0 passed with JDK Private Build-1.8.0_422-8u422-b05-1~20.04-b05
+1 💚	checkstyle	1m 21s		branch-3.4.0 passed
+1 💚	mvnsite	1m 44s		branch-3.4.0 passed
+1 💚	javadoc	1m 17s		branch-3.4.0 passed with JDK Ubuntu-11.0.24+8-post-Ubuntu-1ubuntu320.04
+1 💚	javadoc	0m 53s		branch-3.4.0 passed with JDK Private Build-1.8.0_422-8u422-b05-1~20.04-b05
-1 ❌	spotbugs	2m 36s	/branch-spotbugs-hadoop-common-project_hadoop-common-warnings.html	hadoop-common-project/hadoop-common in branch-3.4.0 has 1 extant spotbugs warnings.
+1 💚	shadedclient	41m 4s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+1 💚	mvninstall	0m 56s		the patch passed
+1 💚	compile	18m 50s		the patch passed with JDK Ubuntu-11.0.24+8-post-Ubuntu-1ubuntu320.04
+1 💚	javac	18m 50s		the patch passed
+1 💚	compile	18m 1s		the patch passed with JDK Private Build-1.8.0_422-8u422-b05-1~20.04-b05
+1 💚	javac	18m 1s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
-0 ⚠️	checkstyle	1m 13s	/results-checkstyle-hadoop-common-project_hadoop-common.txt	hadoop-common-project/hadoop-common: The patch generated 1 new + 0 unchanged - 0 fixed = 1 total (was 0)
+1 💚	mvnsite	1m 44s		the patch passed
+1 💚	javadoc	1m 12s		the patch passed with JDK Ubuntu-11.0.24+8-post-Ubuntu-1ubuntu320.04
+1 💚	javadoc	0m 54s		the patch passed with JDK Private Build-1.8.0_422-8u422-b05-1~20.04-b05
+1 💚	spotbugs	2m 43s		the patch passed
+1 💚	shadedclient	41m 26s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
+1 💚	unit	19m 15s		hadoop-common in the patch passed.
+1 💚	asflicense	1m 4s		The patch does not generate ASF License warnings.
		261m 55s

Subsystem	Report/Notes
Docker	ClientAPI=1.47 ServerAPI=1.47 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-7112/1/artifact/out/Dockerfile
GITHUB PR	#7112
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient spotbugs checkstyle codespell detsecrets
uname	Linux 2eda308f0fb9 5.15.0-119-generic #129-Ubuntu SMP Fri Aug 2 19:25:20 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	branch-3.4.0 / 3db94c7
Default Java	Private Build-1.8.0_422-8u422-b05-1~20.04-b05
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.24+8-post-Ubuntu-1ubuntu320.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_422-8u422-b05-1~20.04-b05
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-7112/1/testReport/
Max. process+thread count	3137 (vs. ulimit of 5500)
modules	C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-7112/1/console
versions	git=2.25.1 maven=3.6.3 spotbugs=4.2.2
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

[ayushtkn]

The NPE is from

org.apache.qpid.client.security.amqplain.AmqPlainSaslClientFactory.getMechanismNames(AmqPlainSaslClientFactory.java:50)  

If you read the javadoc of the SaslClientFactory#getMechanismNames

  /**
     * Returns an array of names of mechanisms that match the specified
     * mechanism selection policies.
     * @param props The possibly null set of properties used to specify the
     * security policy of the SASL mechanisms. For example, if {@code props}
     * contains the {@code Sasl.POLICY_NOPLAINTEXT} property with the value
     * {@code "true"}, then the factory must not return any SASL mechanisms
     * that are susceptible to simple plain passive attacks.
     * See the {@code Sasl} class for a complete list of policy properties.
     * Non-policy related properties, if present in {@code props}, are ignored,
     * including any map entries with non-String keys.
     * @return A non-null array containing a IANA-registered SASL mechanism names.
     */
    public abstract String[] getMechanismNames(Map<String,?> props);

For props it does say props The possibly null set of properties, So props can be null, AmqPlainSaslClientFactory should handle the null cases, not us

[shahrs87]

So props can be null, AmqPlainSaslClientFactory should handle the null cases, not us

I agree that fix should be in AmqPlainSaslClientFactory but can we just set the props to empty map if it is set to null?
It is complex process to fix it in AmqPlainSaslClientFactory, release qpid and then change the qpid version within our application. @ayushtkn WDYT?

@Abhey I am somewhat hesitant to catch the exception and continue even if loading of some SaslClientFactory fails.

[ayushtkn]

Fundamentally to me that seems wrong only, any implementation is free to have different logic for null & different for empty map & we don't know at the Hadoop layer what all implements that or comment about internal implementations...

Moreover for the ones doing the null check already for them it would be an extra redundant check.

It is complex process to fix it in AmqPlainSaslClientFactory, release qpid and then change the qpid version within our application

you have to patch hadoop, release it & change that version in the client, that goes with any code change in any layer, this can't be a reason to do a change in Hadoop :-)