Migrate revised security IT to embedded tests

[kfaraz]

Main changes

• Move ITSecurityBasicQuery to BasicAuthMsqTest
• Add new test BasicAuthIndexingTest which extends IndexTaskTest
• Add EmbeddedServiceClient to allow creation of a custom client that can talk to various services in an embedded cluster

Other changes

• Refactor SecurityClient to work with EmbeddedServiceClient
• Simplify CompactionResourceTestClient to work with EmbeddedServiceClient
• Bind annotated ServiceClient instances for Coordinator, Overlord and Broker in ServiceClientModule
• Replace usages of CoordinatorServiceClient with @Coordinator ServiceClient
• Add resource MsqExportDirectory

---

This PR has:

• been self-reviewed.
  • using the concurrency checklist (Remove this item if the PR doesn't have any relation to concurrency.)
• added documentation for new or modified features or behaviors.
• a release note entry in the PR description.
• added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links.
• added or updated version, license, or notice information in licenses.yaml
• added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
• added unit tests or modified existing tests to cover new code paths, ensuring the threshold for code coverage is met.
• added integration tests.
• been tested in a test Druid cluster.

[uds5501]

Dummy suggestion to trigger CI:

Suggested change

	* Client to call various basic auth APIs on the Coordinator.
	* Client to call various basic auth APIs on the Coordinator for sure.

[gianm]

I don't understand this suggestion.

[kfaraz]

Ah, sorry for the confusion.

I was exploring the idea of trying out an alt account to bypass my GHA issue.
This is a dummy suggestion that I had requested @uds5501 to leave so that we could commit it and hopefully trigger CI. But that didn't work as only committers can commit from the GitHub console.

[gianm]

I see the sleep is shorter now, but could it be made unnecessary? 500ms also seems dangerously short for a sleep that is actually required for some reason. It's short enough that some random slowness on the test runner will cause a test to flake.

[kfaraz]

Fair point, let me check if there is any metric that we can watch.

[gianm]

The direct creation of the controller task is super verbose and a little brittle: this isn't meant to be a reliable Java API and using it creates coupling between this test and the main code.

How about going through SQL instead?

[kfaraz]

Yeah, I think the test using this method is unnecessary itself.
There are already tests for verifying the SQL /v2/task endpoint with auth in this class.
And for testing out the taskPost API on OverlordResource, we have BasicAuthIndexingTest.

Should we just remove this altogether?

[gianm]

Sure, you can remove it then. I don't think submitting a controller task adds meaningful testing if the /druid/v2/sql/task endpoint is already being tested. It will submit a task under the hood. And users aren't meant to be submitting controller tasks manually anyway.

[kfaraz]

Sounds good, thanks!

[gianm]

I don't understand this suggestion.

[kfaraz]

@gianm, thanks for the review. I have updated the PR based on your feedback.