HBASE-28433 Modify the assembly to not include test jars and their transitive dependencies (#6184)

- Before this change, our assembly included test jars and test dependencies, which added unnecessary bloat to the assembly and classpath. This not only increases the distribution size but also potentially introduces CVE-prone JARs into the binary assemblies.
- With this change, we modify the assembly to exclude these test jars and their dependencies. This will result in a leaner, more secure assembly with a faster startup time.
- To ensure cached_classpath is same as before this change, we retain some jars (including test jars) in assembly pom.xml which we actually remove during tarball creation.

Signed-off-by: Istvan Toth <[email protected]>

Author: NihalJain

bin/hbase

@@ -514,8 +514,9 @@ add_opentelemetry_agent() {
 
 #Add the development env class path stuff
 if $in_dev_env; then
+  # The below line makes available all the jars required in dev_env, even if we may not add them
+  # to assembly. See HBASE-28433 for more info.
   add_maven_deps_to_classpath "cached_classpath.txt"
-
   if [[ $jline_needed ]]; then
     add_maven_deps_to_classpath "cached_classpath_jline.txt"
   elif [[ $jruby_needed ]]; then
@@ -766,13 +767,6 @@ elif [ "$COMMAND" = "copyreppeers" ] ; then
   CLASS='org.apache.hadoop.hbase.replication.CopyReplicationPeers'
 else
   CLASS=$COMMAND
-if [[ "$CLASS" =~ .*IntegrationTest.* ]] ; then
-    for f in ${HBASE_HOME}/lib/test/*.jar; do
-      if [ -f "${f}" ]; then
-        CLASSPATH="${CLASSPATH}:${f}"
-      fi
-    done
-  fi
 fi
 
 add_jdk17_jvm_flags

hbase-assembly/pom.xml

@@ -48,13 +48,17 @@
       <artifactId>hbase-shaded-mapreduce</artifactId>
     </dependency>
     <!-- Intra-project dependencies -->
+    <!-- We don't really add this to assembly tarball, we retain it here just to dump it into
+    cached_classpath.txt ! See HBASE-28433 for more info. -->
     <dependency>
       <groupId>org.apache.hbase</groupId>
       <artifactId>hbase-it</artifactId>
       <type>test-jar</type>
     </dependency>
     <!-- Hamcrest is required by hbase-it (via junit), but as long as we're grabbing the hbase-it test-jar,
          maven dependency resolution won't pick it up for us. -->
+    <!-- We don't really add this to assembly tarball, we retain it here just to dump it into
+    cached_classpath.txt ! See HBASE-28433 for more info. -->
     <dependency>
       <groupId>org.hamcrest</groupId>
       <artifactId>hamcrest-core</artifactId>
@@ -73,6 +77,8 @@
       <groupId>org.apache.hbase</groupId>
       <artifactId>hbase-mapreduce</artifactId>
     </dependency>
+    <!-- We don't really add this to assembly tarball, we retain it here just to dump it into
+    cached_classpath.txt ! See HBASE-28433 for more info. -->
     <dependency>
       <groupId>org.apache.hbase</groupId>
       <artifactId>hbase-mapreduce</artifactId>
@@ -83,6 +89,8 @@
       <groupId>org.apache.hbase</groupId>
       <artifactId>hbase-procedure</artifactId>
     </dependency>
+    <!-- We don't really add this to assembly tarball, we retain it here just to dump it into
+    cached_classpath.txt ! See HBASE-28433 for more info. -->
     <dependency>
       <groupId>org.apache.hbase</groupId>
       <artifactId>hbase-procedure</artifactId>
@@ -115,6 +123,8 @@
       <groupId>org.apache.hbase</groupId>
       <artifactId>hbase-external-blockcache</artifactId>
     </dependency>
+    <!-- We don't really add this to assembly tarball, we retain it here just to dump it into
+    cached_classpath.txt ! See HBASE-28433 for more info. -->
     <dependency>
       <groupId>org.apache.hbase</groupId>
       <artifactId>hbase-testing-util</artifactId>
@@ -235,10 +245,14 @@
       <groupId>io.opentelemetry.javaagent</groupId>
       <artifactId>opentelemetry-javaagent</artifactId>
     </dependency>
+    <!-- We don't really add this to assembly tarball, we retain it here just to dump it into
+    cached_classpath.txt ! See HBASE-28433 for more info. -->
     <dependency>
       <groupId>junit</groupId>
       <artifactId>junit</artifactId>
     </dependency>
+    <!-- We don't really add this to assembly tarball, we retain it here just to dump it into
+   cached_classpath.txt ! See HBASE-28433 for more info. -->
     <dependency>
       <groupId>org.mockito</groupId>
       <artifactId>mockito-core</artifactId>

hbase-assembly/src/main/assembly/client-components.xml

@@ -87,60 +87,5 @@
         <include>*.dylib</include>
       </includes>
     </fileSet>
-    <!-- This is only necessary until maven fixes the intra-project dependency bug
-      in maven 3.0. Until then, we have to include the test jars for sub-projects. When
-      fixed, the below dependencySet stuff is sufficient for pulling in the test jars as
-      well, as long as they are added as dependencies in this project. Right now, we only
-      have 1 submodule to accumulate, but we can copy/paste as necessary until maven is
-      fixed. -->
-    <!-- Used by PE and ltt -->
-    <fileSet>
-      <directory>${project.basedir}/../hbase-server/target/</directory>
-      <outputDirectory>lib</outputDirectory>
-      <includes>
-        <include>${server.test.jar}</include>
-      </includes>
-      <fileMode>0644</fileMode>
-    </fileSet>
-    <fileSet>
-      <directory>${project.basedir}/../hbase-mapreduce/target/</directory>
-      <outputDirectory>lib</outputDirectory>
-      <includes>
-        <include>${mapreduce.test.jar}</include>
-      </includes>
-      <fileMode>0644</fileMode>
-    </fileSet>
-    <fileSet>
-      <directory>${project.basedir}/../hbase-common/target/</directory>
-      <outputDirectory>lib</outputDirectory>
-      <includes>
-        <include>${common.test.jar}</include>
-      </includes>
-      <fileMode>0644</fileMode>
-    </fileSet>
-    <fileSet>
-      <directory>${project.basedir}/../hbase-asyncfs/target/</directory>
-      <outputDirectory>lib</outputDirectory>
-      <includes>
-        <include>${asyncfs.test.jar}</include>
-      </includes>
-      <fileMode>0644</fileMode>
-    </fileSet>
-    <fileSet>
-      <directory>${project.basedir}/../hbase-zookeeper/target/</directory>
-      <outputDirectory>lib</outputDirectory>
-      <includes>
-        <include>${zookeeper.test.jar}</include>
-      </includes>
-      <fileMode>0644</fileMode>
-    </fileSet>
-    <fileSet>
-      <directory>${project.basedir}/../hbase-procedure/target/</directory>
-      <outputDirectory>lib</outputDirectory>
-      <includes>
-        <include>${procedure.test.jar}</include>
-      </includes>
-      <fileMode>0644</fileMode>
-    </fileSet>
   </fileSets>
 </component>

hbase-assembly/src/main/assembly/client.xml

@@ -45,6 +45,8 @@
         <dependencySets>
           <dependencySet>
             <excludes>
+              <exclude>org.apache.hadoop:*:test-jar</exclude>
+              <exclude>org.apache.hbase:*:test-jar</exclude>
             <!-- Exclude J2EE libraries that get pulled in when building on JDK11 -->
               <exclude>com.sun.xml.ws:jaxws-ri</exclude>
             <!-- Exclude libraries that we put in their own dirs under lib/ -->
@@ -167,15 +169,6 @@
         <include>io.opentelemetry.javaagent:*</include>
       </includes>
     </dependencySet>
-    <!-- Adds junit libs to lib/test -->
-    <dependencySet>
-      <outputDirectory>lib/test</outputDirectory>
-      <includes>
-        <include>junit:junit</include>
-        <include>org.hamcrest:hamcrest-core</include>
-        <include>org.mockito:mockito-core</include>
-      </includes>
-    </dependencySet>
   </dependencySets>
 
 </assembly>

hbase-assembly/src/main/assembly/components.xml

@@ -109,75 +109,5 @@
           <include>**/*.h</include>
       </includes>
     </fileSet>
-    <!-- This is only necessary until maven fixes the intra-project dependency bug
-      in maven 3.0. Until then, we have to include the test jars for sub-projects. When
-      fixed, the below dependencySet stuff is sufficient for pulling in the test jars as
-      well, as long as they are added as dependencies in this project. Right now, we only
-      have 1 submodule to accumulate, but we can copy/paste as necessary until maven is
-      fixed. -->
-    <fileSet>
-      <directory>${project.basedir}/../hbase-server/target/</directory>
-      <outputDirectory>lib</outputDirectory>
-      <includes>
-        <include>${server.test.jar}</include>
-      </includes>
-      <fileMode>0644</fileMode>
-    </fileSet>
-    <fileSet>
-      <directory>${project.basedir}/../hbase-it/target/</directory>
-      <outputDirectory>lib</outputDirectory>
-      <includes>
-        <include>${it.test.jar}</include>
-      </includes>
-      <fileMode>0644</fileMode>
-    </fileSet>
-    <fileSet>
-      <directory>${project.basedir}/../hbase-annotations/target/</directory>
-      <outputDirectory>lib</outputDirectory>
-      <includes>
-        <include>${annotations.test.jar}</include>
-      </includes>
-      <fileMode>0644</fileMode>
-    </fileSet>
-    <fileSet>
-      <directory>${project.basedir}/../hbase-common/target/</directory>
-      <outputDirectory>lib</outputDirectory>
-      <includes>
-        <include>${common.test.jar}</include>
-      </includes>
-      <fileMode>0644</fileMode>
-    </fileSet>
-    <fileSet>
-      <directory>${project.basedir}/../hbase-mapreduce/target/</directory>
-      <outputDirectory>lib</outputDirectory>
-      <includes>
-        <include>${mapreduce.test.jar}</include>
-      </includes>
-      <fileMode>0644</fileMode>
-    </fileSet>
-    <fileSet>
-      <directory>${project.basedir}/../hbase-asyncfs/target/</directory>
-      <outputDirectory>lib</outputDirectory>
-      <includes>
-        <include>${asyncfs.test.jar}</include>
-      </includes>
-      <fileMode>0644</fileMode>
-    </fileSet>
-    <fileSet>
-      <directory>${project.basedir}/../hbase-zookeeper/target/</directory>
-      <outputDirectory>lib</outputDirectory>
-      <includes>
-        <include>${zookeeper.test.jar}</include>
-      </includes>
-      <fileMode>0644</fileMode>
-    </fileSet>
-    <fileSet>
-      <directory>${project.basedir}/../hbase-procedure/target/</directory>
-      <outputDirectory>lib</outputDirectory>
-      <includes>
-        <include>${procedure.test.jar}</include>
-      </includes>
-      <fileMode>0644</fileMode>
-    </fileSet>
   </fileSets>
 </component>

hbase-assembly/src/main/assembly/hadoop-three-compat.xml

@@ -33,7 +33,6 @@
       <useAllReactorProjects>true</useAllReactorProjects>
       <includes>
         <!-- Keep this list sorted by name -->
-        <include>org.apache.hbase:hbase-annotations</include>
         <include>org.apache.hbase:hbase-asyncfs</include>
         <include>org.apache.hbase:hbase-backup</include>
         <include>org.apache.hbase:hbase-balancer</include>
@@ -43,7 +42,6 @@
         <include>org.apache.hbase:hbase-external-blockcache</include>
         <include>org.apache.hbase:hbase-hadoop-compat</include>
         <include>org.apache.hbase:hbase-http</include>
-        <include>org.apache.hbase:hbase-it</include>
         <include>org.apache.hbase:hbase-logging</include>
         <include>org.apache.hbase:hbase-mapreduce</include>
         <include>org.apache.hbase:hbase-diagnostics</include>
@@ -55,7 +53,6 @@
         <include>org.apache.hbase:hbase-rest</include>
         <include>org.apache.hbase:hbase-server</include>
         <include>org.apache.hbase:hbase-shell</include>
-        <include>org.apache.hbase:hbase-testing-util</include>
         <include>org.apache.hbase:hbase-thrift</include>
         <include>org.apache.hbase:hbase-zookeeper</include>
       </includes>
@@ -66,6 +63,8 @@
         <dependencySets>
           <dependencySet>
             <excludes>
+              <exclude>org.apache.hadoop:*:test-jar</exclude>
+              <exclude>org.apache.hbase:*:test-jar</exclude>
               <!-- Exclude pom file -->
               <exclude>com.sun.xml.ws:jaxws-ri:pom</exclude>
               <!-- Exclude libraries that we put in their own dirs under lib/ -->
@@ -206,16 +205,6 @@
         <include>io.opentelemetry.javaagent:*</include>
       </includes>
     </dependencySet>
-
-    <!-- Adds junit libs to lib/test -->
-    <dependencySet>
-      <outputDirectory>lib/test</outputDirectory>
-      <includes>
-        <include>junit:junit</include>
-        <include>org.hamcrest:hamcrest-core</include>
-        <include>org.mockito:mockito-core</include>
-      </includes>
-    </dependencySet>
   </dependencySets>
 
 </assembly>

hbase-endpoint/pom.xml

@@ -256,6 +256,7 @@
         <dependency>
           <groupId>org.apache.hadoop</groupId>
           <artifactId>hadoop-minicluster</artifactId>
+          <scope>test</scope>
           <exclusions>
             <exclusion>
               <groupId>com.google.guava</groupId>

hbase-examples/pom.xml

@@ -310,6 +310,7 @@
         <dependency>
           <groupId>org.apache.hadoop</groupId>
           <artifactId>hadoop-minicluster</artifactId>
+          <scope>test</scope>
           <exclusions>
             <exclusion>
               <groupId>javax.xml.bind.</groupId>

hbase-it/pom.xml

@@ -370,6 +370,7 @@
         <dependency>
           <groupId>org.apache.hadoop</groupId>
           <artifactId>hadoop-minicluster</artifactId>
+          <scope>test</scope>
           <exclusions>
             <exclusion>
               <groupId>javax.xml.bind</groupId>
@@ -384,6 +385,7 @@
         <dependency>
           <groupId>org.apache.hadoop</groupId>
           <artifactId>hadoop-minikdc</artifactId>
+          <scope>test</scope>
         </dependency>
       </dependencies>
       <build>

hbase-shell/pom.xml

@@ -190,6 +190,7 @@
         <dependency>
           <groupId>org.apache.hadoop</groupId>
           <artifactId>hadoop-minicluster</artifactId>
+          <scope>test</scope>
           <exclusions>
             <exclusion>
               <groupId>com.google.guava</groupId>
@@ -204,6 +205,7 @@
         <dependency>
           <groupId>org.apache.hadoop</groupId>
           <artifactId>hadoop-minikdc</artifactId>
+          <scope>test</scope>
         </dependency>
       </dependencies>
       <build>