From c28ac79c8286073f025dbcc6fa33f4e6d37b77ce Mon Sep 17 00:00:00 2001
From: mbertozzi <mbertozzi@unknown>
Date: Mon, 18 Nov 2013 21:44:35 +0000
Subject: [PATCH] HBASE-9973 Users with 'Admin' ACL permission will lose
 permissions after upgrade to 0.96.x from 0.94.x or 0.92.x (Himanshu
 Vashishtha)

git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1543179 13f79535-47bb-0310-9956-ffa450edef68
---
 .../hbase/migration/NamespaceUpgrade.java     | 35 ++++++++++++++++---
 1 file changed, 31 insertions(+), 4 deletions(-)

diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/migration/NamespaceUpgrade.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/migration/NamespaceUpgrade.java
index 2245946ef6f..52155b53450 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/migration/NamespaceUpgrade.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/migration/NamespaceUpgrade.java
@@ -32,6 +32,8 @@ import org.apache.hadoop.fs.FileStatus;
 import org.apache.hadoop.fs.FileSystem;
 import org.apache.hadoop.fs.Path;
 import org.apache.hadoop.fs.PathFilter;
+import org.apache.hadoop.hbase.Cell;
+import org.apache.hadoop.hbase.CellUtil;
 import org.apache.hadoop.hbase.HConstants;
 import org.apache.hadoop.hbase.HRegionInfo;
 import org.apache.hadoop.hbase.HTableDescriptor;
@@ -39,6 +41,10 @@ import org.apache.hadoop.hbase.NamespaceDescriptor;
 import org.apache.hadoop.hbase.ServerName;
 import org.apache.hadoop.hbase.TableName;
 import org.apache.hadoop.hbase.catalog.MetaEditor;
+import org.apache.hadoop.hbase.client.Delete;
+import org.apache.hadoop.hbase.client.Get;
+import org.apache.hadoop.hbase.client.Put;
+import org.apache.hadoop.hbase.client.Result;
 import org.apache.hadoop.hbase.exceptions.DeserializationException;
 import org.apache.hadoop.hbase.regionserver.HRegion;
 import org.apache.hadoop.hbase.regionserver.HRegionFileSystem;
@@ -400,10 +406,9 @@ public class NamespaceUpgrade implements Tool {
                 oldDesc,
                 null);
         region.initialize();
-        //Run major compaction to archive old stores
-        //to keep any snapshots to _acl_ unbroken
-        region.compactStores(true);
-        region.waitForFlushesAndCompactions();
+        updateAcls(region);
+        // closing the region would flush it so we don't need an explicit flush to save
+        // acl changes.
         region.close();
 
         //Create new region dir
@@ -443,6 +448,28 @@ public class NamespaceUpgrade implements Tool {
     }
   }
 
+  /**
+   * Deletes the old _acl_ entry, and inserts a new one using namespace.
+   * @param region
+   * @throws IOException
+   */
+  private void updateAcls(HRegion region) throws IOException {
+    byte[] rowKey = Bytes.toBytes(NamespaceUpgrade.OLD_ACL);
+    // get the old _acl_ entry, if present.
+    Get g = new Get(rowKey);
+    Result r = region.get(g);
+    if (r == null || r.size() == 0) return;
+    // create a put for new _acl_ entry with rowkey as hbase:acl
+    Put p = new Put(AccessControlLists.ACL_GLOBAL_NAME);
+    for (Cell c : r.rawCells()) {
+      p.add(CellUtil.cloneFamily(c), CellUtil.cloneQualifier(c), CellUtil.cloneValue(c));
+    }
+    region.put(p);
+    // delete the old entry
+    Delete del = new Delete(rowKey);
+    region.delete(del);
+  }
+
   //Culled from FSTableDescriptors
   private static HTableDescriptor readTableDescriptor(FileSystem fs,
                                                       FileStatus status) throws IOException {