deps: replace all transitive log4j deps with reload4j (#3930)

* deps: replace all transitive log4j deps with reload4j

This breaks the previous assumption that bigtable-hbase doesn't change hbase's classpath. Fortunately due to the severity of the issue, all log4j deps have been removed from hbase1 and replaced with reload4j. The immediate impact is that if the enduser's application depended on log4j, there will now be duplicate log4j classes (from reload4j and the enduser's log4j)

* more tweaks

* more massaging

* more massaging

* missing reload4j dep

* enforce log4j as a banned dep & remove it from another place

* deal with mirroring client

* oops

* fix plugin scope

* add logging for beam tests

Author: igorbernstein2

bigtable-client-core-parent/bigtable-hbase-integration-tests-common/pom.xml

@@ -72,6 +72,19 @@ limitations under the License.
       <artifactId>hbase-shaded-testing-util</artifactId>
       <version>${hbase1.version}</version>
       <scope>test</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
+
+    <dependency>
+      <groupId>ch.qos.reload4j</groupId>
+      <artifactId>reload4j</artifactId>
+      <version>${reload4j.version}</version>
+      <scope>runtime</scope>
     </dependency>
 
     <dependency>

bigtable-client-core-parent/bigtable-hbase/pom.xml

@@ -168,11 +168,17 @@ limitations under the License.
       <version>${hbase1.version}</version>
       <exclusions>
         <exclusion>
-          <groupId>org.slf4j</groupId>
-          <artifactId>slf4j-log4j12</artifactId>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
         </exclusion>
       </exclusions>
     </dependency>
+    <dependency>
+      <groupId>ch.qos.reload4j</groupId>
+      <artifactId>reload4j</artifactId>
+      <version>${reload4j.version}</version>
+      <scope>runtime</scope>
+    </dependency>
 
     <dependency>
       <groupId>net.bytebuddy</groupId>

bigtable-dataflow-parent/bigtable-beam-import/pom.xml

@@ -202,6 +202,12 @@ limitations under the License.
       <groupId>org.apache.hbase</groupId>
       <artifactId>hbase-shaded-server</artifactId>
       <version>${hbase1.version}</version>
+      <exclusions>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
 
@@ -226,6 +232,12 @@ limitations under the License.
       <artifactId>commons-logging</artifactId>
       <version>${commons-logging.version}</version>
     </dependency>
+    <dependency>
+      <groupId>ch.qos.reload4j</groupId>
+      <artifactId>reload4j</artifactId>
+      <version>${reload4j.version}</version>
+      <scope>runtime</scope>
+    </dependency>
     <dependency>
       <groupId>org.slf4j</groupId>
       <artifactId>slf4j-api</artifactId>
@@ -236,9 +248,14 @@ limitations under the License.
       <artifactId>slf4j-log4j12</artifactId>
       <version>${beam-slf4j.version}</version>
       <scope>runtime</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
-
     <!-- CVE Group: force update transitive deps to exclude CVEs -->
     <dependency>
       <groupId>org.apache.commons</groupId>
@@ -269,6 +286,12 @@ limitations under the License.
       <artifactId>hbase-shaded-testing-util</artifactId>
       <version>${hbase1.version}</version>
       <scope>test</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>junit</groupId>

bigtable-dataflow-parent/bigtable-hbase-beam/pom.xml

@@ -93,6 +93,10 @@ limitations under the License.
           <groupId>org.slf4j</groupId>
           <artifactId>slf4j-log4j12</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>ch.qos.reload4j</groupId>
+          <artifactId>reload4j</artifactId>
+        </exclusion>
 
         <!-- google-cloud-bigtable pulls in a newer version of this, but we want to match beam's version-->
         <exclusion>
@@ -137,6 +141,10 @@ limitations under the License.
           <groupId>org.slf4j</groupId>
           <artifactId>slf4j-log4j12</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
 
@@ -184,6 +192,12 @@ limitations under the License.
       <version>${junit.version}</version>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>ch.qos.reload4j</groupId>
+      <artifactId>reload4j</artifactId>
+      <version>${reload4j.version}</version>
+      <scope>test</scope>
+    </dependency>
   </dependencies>
 
   <profiles>

bigtable-hbase-1.x-parent/bigtable-hbase-1.x-hadoop/pom.xml

@@ -85,6 +85,12 @@ limitations under the License.
       <artifactId>commons-logging</artifactId>
       <version>${commons-logging.version}</version>
     </dependency>
+    <dependency>
+      <groupId>ch.qos.reload4j</groupId>
+      <artifactId>reload4j</artifactId>
+      <version>${reload4j.version}</version>
+      <scope>runtime</scope>
+    </dependency>
     <dependency>
       <groupId>io.dropwizard.metrics</groupId>
       <artifactId>metrics-core</artifactId>

bigtable-hbase-1.x-parent/bigtable-hbase-1.x-integration-tests/pom.xml

@@ -181,13 +181,6 @@ limitations under the License.
 
   <dependencies>
     <!-- Project Modules -->
-    <dependency>
-      <groupId>com.google.cloud.bigtable</groupId>
-      <artifactId>bigtable-client-core</artifactId>
-      <version>${bigtable-client-core.version}</version>
-      <scope>test</scope>
-    </dependency>
-
     <dependency>
       <groupId>com.google.cloud.bigtable</groupId>
       <artifactId>bigtable-hbase</artifactId>
@@ -262,6 +255,12 @@ limitations under the License.
       <artifactId>hbase-shaded-testing-util</artifactId>
       <version>${hbase1.version}</version>
       <scope>test</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
 

bigtable-hbase-1.x-parent/bigtable-hbase-1.x-shaded/pom.xml

@@ -134,6 +134,18 @@ limitations under the License.
       <groupId>org.apache.hbase</groupId>
       <artifactId>hbase-shaded-client</artifactId>
       <version>${hbase1.version}</version>
+      <exclusions>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
+    <dependency>
+      <groupId>ch.qos.reload4j</groupId>
+      <artifactId>reload4j</artifactId>
+      <version>${reload4j.version}</version>
+      <scope>runtime</scope>
     </dependency>
 
     <dependency>
@@ -228,6 +240,7 @@ limitations under the License.
                   <!-- exclude user visible deps -->
                   <exclude>io.dropwizard.metrics:metrics-core</exclude>
                   <exclude>commons-logging:commons-logging</exclude>
+                  <exclude>ch.qos.reload4j:reload4j</exclude>
                   <!-- exclude hbase-shaded-client & all of its dependencies -->
                   <exclude>org.apache.hbase:hbase-shaded-client</exclude>
                   <exclude>org.slf4j:slf4j-api</exclude>
@@ -430,6 +443,9 @@ limitations under the License.
               <targetDependencies>
                 <targetDependency>org.apache.hbase:hbase-shaded-client</targetDependency>
               </targetDependencies>
+              <ignoredDependencies>
+                <ignoredDependency>log4j:log4j</ignoredDependency>
+              </ignoredDependencies>
             </configuration>
           </execution>
         </executions>

bigtable-hbase-1.x-parent/bigtable-hbase-1.x/pom.xml

@@ -74,6 +74,18 @@ limitations under the License.
       <groupId>org.apache.hbase</groupId>
       <artifactId>hbase-shaded-client</artifactId>
       <version>${hbase1.version}</version>
+      <exclusions>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
+    <dependency>
+      <groupId>ch.qos.reload4j</groupId>
+      <artifactId>reload4j</artifactId>
+      <version>${reload4j.version}</version>
+      <scope>runtime</scope>
     </dependency>
 
     <dependency>

bigtable-hbase-2.x-parent/bigtable-hbase-2.x-integration-tests/pom.xml

@@ -248,8 +248,18 @@ limitations under the License.
           <groupId>org.slf4j</groupId>
           <artifactId>slf4j-api</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
+    <dependency>
+      <groupId>ch.qos.reload4j</groupId>
+      <artifactId>reload4j</artifactId>
+      <version>${reload4j.version}</version>
+      <scope>runtime</scope>
+    </dependency>
 
     <!-- Misc -->
     <dependency>
@@ -283,6 +293,12 @@ limitations under the License.
       <groupId>org.slf4j</groupId>
       <artifactId>slf4j-log4j12</artifactId>
       <version>${slf4j.version}</version>
+      <exclusions>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+      </exclusions>
       <scope>test</scope>
     </dependency>
 

bigtable-hbase-2.x-parent/bigtable-hbase-2.x-shaded/pom.xml

@@ -228,6 +228,7 @@ limitations under the License.
                   <exclude>org.slf4j:slf4j-api</exclude>
                   <exclude>org.slf4j:slf4j-log4j12</exclude>
                   <exclude>log4j:log4j</exclude>
+                  <exclude>ch.qos.reload4j:reload4j</exclude>
                   <exclude>org.apache.htrace:htrace-core4</exclude>
                   <exclude>org.apache.yetus:audience-annotations</exclude>
                   <exclude>