HBASE-13767 Allow ZKAclReset to set and not just clear ZK ACLs

hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java

@@ -1015,10 +1015,15 @@ public class ZKUtil {
   }
 
   private static ArrayList<ACL> createACL(ZooKeeperWatcher zkw, String node) {
+    return createACL(zkw, node, isSecureZooKeeper(zkw.getConfiguration()));
+  }
+
+  protected static ArrayList<ACL> createACL(ZooKeeperWatcher zkw, String node,
+      boolean isSecureZooKeeper) {
     if (!node.startsWith(zkw.baseZNode)) {
       return Ids.OPEN_ACL_UNSAFE;
     }
-    if (isSecureZooKeeper(zkw.getConfiguration())) {
+    if (isSecureZooKeeper) {
       String superUser = zkw.getConfiguration().get("hbase.superuser");
       ArrayList<ACL> acls = new ArrayList<ACL>();
       // add permission to hbase supper user

hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZkAclReset.java

@@ -25,14 +25,12 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.conf.Configured;
-import org.apache.hadoop.hbase.HConstants;
+import org.apache.hadoop.hbase.HBaseConfiguration;
 import org.apache.hadoop.hbase.classification.InterfaceAudience;
 import org.apache.hadoop.util.Tool;
 import org.apache.hadoop.util.ToolRunner;
 import org.apache.zookeeper.ZooDefs;
 import org.apache.zookeeper.ZooKeeper;
-import org.apache.zookeeper.Watcher;
-import org.apache.zookeeper.WatchedEvent;
 
 /**
  * You may add the jaas.conf option
@@ -41,70 +39,78 @@ import org.apache.zookeeper.WatchedEvent;
  * You may also specify -D to set options
  *    "hbase.zookeeper.quorum"    (it should be in hbase-site.xml)
  *    "zookeeper.znode.parent"    (it should be in hbase-site.xml)
+ *
+ * Use -set-acls to set the ACLs, no option to erase ACLs
  */
 @InterfaceAudience.Private
 public class ZkAclReset extends Configured implements Tool {
   private static final Log LOG = LogFactory.getLog(ZkAclReset.class);
 
-  private static final int ZK_SESSION_TIMEOUT_DEFAULT = 5 * 1000;
+  private static void resetAcls(final ZooKeeperWatcher zkw, final String znode,
-
+      final boolean eraseAcls) throws Exception {
-  private static class ZkWatcher implements Watcher {
+    List<String> children = ZKUtil.listChildrenNoWatch(zkw, znode);
-    public ZkWatcher() {
-    }
-
-    @Override
-    public void process(WatchedEvent event) {
-      LOG.info("Received ZooKeeper Event, " +
-          "type=" + event.getType() + ", " +
-          "state=" + event.getState() + ", " +
-          "path=" + event.getPath());
-    }
-  }
-
-  private static void resetAcls(final ZooKeeper zk, final String znode)
-      throws Exception {
-    List<String> children = zk.getChildren(znode, false);
     if (children != null) {
       for (String child: children) {
-        resetAcls(zk, znode + '/' + child);
+        resetAcls(zkw, ZKUtil.joinZNode(znode, child), eraseAcls);
       }
     }
-    LOG.info(" - reset acl for " + znode);
+
+    ZooKeeper zk = zkw.getRecoverableZooKeeper().getZooKeeper();
+    if (eraseAcls) {
+      LOG.info(" - erase ACLs for " + znode);
       zk.setACL(znode, ZooDefs.Ids.OPEN_ACL_UNSAFE, -1);
+    } else {
+      LOG.info(" - set ACLs for " + znode);
+      zk.setACL(znode, ZKUtil.createACL(zkw, znode, true), -1);
+    }
   }
 
-  private static void resetAcls(final String quorumServers, final int zkTimeout, final String znode)
+  private static void resetAcls(final Configuration conf, boolean eraseAcls)
       throws Exception {
-    ZooKeeper zk = new ZooKeeper(quorumServers, zkTimeout, new ZkWatcher());
+    ZooKeeperWatcher zkw = new ZooKeeperWatcher(conf, "ZkAclReset", null);
     try {
-      resetAcls(zk, znode);
+      LOG.info((eraseAcls ? "Erase" : "Set") + " HBase ACLs for " +
+                zkw.getQuorum() + " " + zkw.getBaseZNode());
+      resetAcls(zkw, zkw.getBaseZNode(), eraseAcls);
     } finally {
-      zk.close();
+      zkw.close();
     }
   }
 
-  private void resetHBaseAcls(final Configuration conf) throws Exception {
+  private void printUsageAndExit() {
-    String quorumServers = conf.get("hbase.zookeeper.quorum", HConstants.LOCALHOST);
+    System.err.printf("Usage: bin/hbase %s [options]%n", getClass().getName());
-    int sessionTimeout = conf.getInt("zookeeper.session.timeout", ZK_SESSION_TIMEOUT_DEFAULT);
+    System.err.println(" where [options] are:");
-    String znode = conf.get("zookeeper.znode.parent", HConstants.DEFAULT_ZOOKEEPER_ZNODE_PARENT);
+    System.err.println("  -h|-help                Show this help and exit.");
-    if (quorumServers == null) {
+    System.err.println("  -set-acls               Setup the hbase znode ACLs for a secure cluster");
-      LOG.error("Unable to load hbase.zookeeper.quorum (try with: -conf hbase-site.xml)");
+    System.err.println();
-      return;
+    System.err.println("Examples:");
+    System.err.println("  To reset the ACLs to the unsecure cluster behavior:");
+    System.err.println("  hbase " + getClass().getName());
+    System.err.println();
+    System.err.println("  To reset the ACLs to the secure cluster behavior:");
+    System.err.println("  hbase " + getClass().getName() + " -set-acls");
+    System.exit(1);
   }
 
-    LOG.info("Reset HBase ACLs for " + quorumServers + " " + znode);
-    resetAcls(quorumServers, sessionTimeout, znode);
-  }
-
-
   @Override
   public int run(String[] args) throws Exception {
-    Configuration conf = getConf();
+    boolean eraseAcls = true;
-    resetHBaseAcls(conf);
+
+    for (int i = 0; i < args.length; ++i) {
+      if (args[i].equals("-help")) {
+        printUsageAndExit();
+      } else if (args[i].equals("-set-acls")) {
+        eraseAcls = false;
+      } else {
+        printUsageAndExit();
+      }
+    }
+
+    resetAcls(getConf(), eraseAcls);
     return(0);
   }
 
   public static void main(String[] args) throws Exception {
-    System.exit(ToolRunner.run(new Configuration(), new ZkAclReset(), args));
+    System.exit(ToolRunner.run(HBaseConfiguration.create(), new ZkAclReset(), args));
   }
 }