diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java index e5639bc456e..55492e49ff5 100644 --- a/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java +++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java @@ -1015,10 +1015,15 @@ public class ZKUtil { } private static ArrayList createACL(ZooKeeperWatcher zkw, String node) { + return createACL(zkw, node, isSecureZooKeeper(zkw.getConfiguration())); + } + + protected static ArrayList createACL(ZooKeeperWatcher zkw, String node, + boolean isSecureZooKeeper) { if (!node.startsWith(zkw.baseZNode)) { return Ids.OPEN_ACL_UNSAFE; } - if (isSecureZooKeeper(zkw.getConfiguration())) { + if (isSecureZooKeeper) { String superUser = zkw.getConfiguration().get("hbase.superuser"); ArrayList acls = new ArrayList(); // add permission to hbase supper user diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZkAclReset.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZkAclReset.java index f5a41df9f68..9bb6bf7775d 100644 --- a/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZkAclReset.java +++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZkAclReset.java @@ -25,14 +25,12 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.conf.Configured; -import org.apache.hadoop.hbase.HConstants; +import org.apache.hadoop.hbase.HBaseConfiguration; import org.apache.hadoop.hbase.classification.InterfaceAudience; import org.apache.hadoop.util.Tool; import org.apache.hadoop.util.ToolRunner; import org.apache.zookeeper.ZooDefs; import org.apache.zookeeper.ZooKeeper; -import org.apache.zookeeper.Watcher; -import org.apache.zookeeper.WatchedEvent; /** * You may add the jaas.conf option @@ -41,70 +39,78 @@ import org.apache.zookeeper.WatchedEvent; * You may also specify -D to set options * "hbase.zookeeper.quorum" (it should be in hbase-site.xml) * "zookeeper.znode.parent" (it should be in hbase-site.xml) + * + * Use -set-acls to set the ACLs, no option to erase ACLs */ @InterfaceAudience.Private public class ZkAclReset extends Configured implements Tool { private static final Log LOG = LogFactory.getLog(ZkAclReset.class); - private static final int ZK_SESSION_TIMEOUT_DEFAULT = 5 * 1000; - - private static class ZkWatcher implements Watcher { - public ZkWatcher() { - } - - @Override - public void process(WatchedEvent event) { - LOG.info("Received ZooKeeper Event, " + - "type=" + event.getType() + ", " + - "state=" + event.getState() + ", " + - "path=" + event.getPath()); - } - } - - private static void resetAcls(final ZooKeeper zk, final String znode) - throws Exception { - List children = zk.getChildren(znode, false); + private static void resetAcls(final ZooKeeperWatcher zkw, final String znode, + final boolean eraseAcls) throws Exception { + List children = ZKUtil.listChildrenNoWatch(zkw, znode); if (children != null) { for (String child: children) { - resetAcls(zk, znode + '/' + child); + resetAcls(zkw, ZKUtil.joinZNode(znode, child), eraseAcls); } } - LOG.info(" - reset acl for " + znode); - zk.setACL(znode, ZooDefs.Ids.OPEN_ACL_UNSAFE, -1); + + ZooKeeper zk = zkw.getRecoverableZooKeeper().getZooKeeper(); + if (eraseAcls) { + LOG.info(" - erase ACLs for " + znode); + zk.setACL(znode, ZooDefs.Ids.OPEN_ACL_UNSAFE, -1); + } else { + LOG.info(" - set ACLs for " + znode); + zk.setACL(znode, ZKUtil.createACL(zkw, znode, true), -1); + } } - private static void resetAcls(final String quorumServers, final int zkTimeout, final String znode) + private static void resetAcls(final Configuration conf, boolean eraseAcls) throws Exception { - ZooKeeper zk = new ZooKeeper(quorumServers, zkTimeout, new ZkWatcher()); + ZooKeeperWatcher zkw = new ZooKeeperWatcher(conf, "ZkAclReset", null); try { - resetAcls(zk, znode); + LOG.info((eraseAcls ? "Erase" : "Set") + " HBase ACLs for " + + zkw.getQuorum() + " " + zkw.getBaseZNode()); + resetAcls(zkw, zkw.getBaseZNode(), eraseAcls); } finally { - zk.close(); + zkw.close(); } } - private void resetHBaseAcls(final Configuration conf) throws Exception { - String quorumServers = conf.get("hbase.zookeeper.quorum", HConstants.LOCALHOST); - int sessionTimeout = conf.getInt("zookeeper.session.timeout", ZK_SESSION_TIMEOUT_DEFAULT); - String znode = conf.get("zookeeper.znode.parent", HConstants.DEFAULT_ZOOKEEPER_ZNODE_PARENT); - if (quorumServers == null) { - LOG.error("Unable to load hbase.zookeeper.quorum (try with: -conf hbase-site.xml)"); - return; - } - - LOG.info("Reset HBase ACLs for " + quorumServers + " " + znode); - resetAcls(quorumServers, sessionTimeout, znode); + private void printUsageAndExit() { + System.err.printf("Usage: bin/hbase %s [options]%n", getClass().getName()); + System.err.println(" where [options] are:"); + System.err.println(" -h|-help Show this help and exit."); + System.err.println(" -set-acls Setup the hbase znode ACLs for a secure cluster"); + System.err.println(); + System.err.println("Examples:"); + System.err.println(" To reset the ACLs to the unsecure cluster behavior:"); + System.err.println(" hbase " + getClass().getName()); + System.err.println(); + System.err.println(" To reset the ACLs to the secure cluster behavior:"); + System.err.println(" hbase " + getClass().getName() + " -set-acls"); + System.exit(1); } - @Override public int run(String[] args) throws Exception { - Configuration conf = getConf(); - resetHBaseAcls(conf); + boolean eraseAcls = true; + + for (int i = 0; i < args.length; ++i) { + if (args[i].equals("-help")) { + printUsageAndExit(); + } else if (args[i].equals("-set-acls")) { + eraseAcls = false; + } else { + printUsageAndExit(); + } + } + + resetAcls(getConf(), eraseAcls); return(0); } public static void main(String[] args) throws Exception { - System.exit(ToolRunner.run(new Configuration(), new ZkAclReset(), args)); + System.exit(ToolRunner.run(HBaseConfiguration.create(), new ZkAclReset(), args)); } }