1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.hadoop.hbase.zookeeper;
21
22 import java.util.List;
23
24 import org.apache.commons.logging.Log;
25 import org.apache.commons.logging.LogFactory;
26 import org.apache.hadoop.conf.Configuration;
27 import org.apache.hadoop.conf.Configured;
28 import org.apache.hadoop.hbase.HBaseConfiguration;
29 import org.apache.hadoop.hbase.classification.InterfaceAudience;
30 import org.apache.hadoop.util.Tool;
31 import org.apache.hadoop.util.ToolRunner;
32 import org.apache.zookeeper.ZooDefs;
33 import org.apache.zookeeper.ZooKeeper;
34
35
36
37
38
39
40
41
42
43
44
45 @InterfaceAudience.Private
46 public class ZkAclReset extends Configured implements Tool {
47 private static final Log LOG = LogFactory.getLog(ZkAclReset.class);
48
49 private static void resetAcls(final ZooKeeperWatcher zkw, final String znode,
50 final boolean eraseAcls) throws Exception {
51 List<String> children = ZKUtil.listChildrenNoWatch(zkw, znode);
52 if (children != null) {
53 for (String child: children) {
54 resetAcls(zkw, ZKUtil.joinZNode(znode, child), eraseAcls);
55 }
56 }
57
58 ZooKeeper zk = zkw.getRecoverableZooKeeper().getZooKeeper();
59 if (eraseAcls) {
60 LOG.info(" - erase ACLs for " + znode);
61 zk.setACL(znode, ZooDefs.Ids.OPEN_ACL_UNSAFE, -1);
62 } else {
63 LOG.info(" - set ACLs for " + znode);
64 zk.setACL(znode, ZKUtil.createACL(zkw, znode, true), -1);
65 }
66 }
67
68 private static void resetAcls(final Configuration conf, boolean eraseAcls)
69 throws Exception {
70 ZooKeeperWatcher zkw = new ZooKeeperWatcher(conf, "ZkAclReset", null);
71 try {
72 LOG.info((eraseAcls ? "Erase" : "Set") + " HBase ACLs for " +
73 zkw.getQuorum() + " " + zkw.getBaseZNode());
74 resetAcls(zkw, zkw.getBaseZNode(), eraseAcls);
75 } finally {
76 zkw.close();
77 }
78 }
79
80 private void printUsageAndExit() {
81 System.err.printf("Usage: bin/hbase %s [options]%n", getClass().getName());
82 System.err.println(" where [options] are:");
83 System.err.println(" -h|-help Show this help and exit.");
84 System.err.println(" -set-acls Setup the hbase znode ACLs for a secure cluster");
85 System.err.println();
86 System.err.println("Examples:");
87 System.err.println(" To reset the ACLs to the unsecure cluster behavior:");
88 System.err.println(" hbase " + getClass().getName());
89 System.err.println();
90 System.err.println(" To reset the ACLs to the secure cluster behavior:");
91 System.err.println(" hbase " + getClass().getName() + " -set-acls");
92 System.exit(1);
93 }
94
95 @Override
96 public int run(String[] args) throws Exception {
97 boolean eraseAcls = true;
98
99 for (int i = 0; i < args.length; ++i) {
100 if (args[i].equals("-help")) {
101 printUsageAndExit();
102 } else if (args[i].equals("-set-acls")) {
103 eraseAcls = false;
104 } else {
105 printUsageAndExit();
106 }
107 }
108
109 resetAcls(getConf(), eraseAcls);
110 return(0);
111 }
112
113 public static void main(String[] args) throws Exception {
114 System.exit(ToolRunner.run(HBaseConfiguration.create(), new ZkAclReset(), args));
115 }
116 }