001/*
002 *
003 * Licensed to the Apache Software Foundation (ASF) under one
004 * or more contributor license agreements.  See the NOTICE file
005 * distributed with this work for additional information
006 * regarding copyright ownership.  The ASF licenses this file
007 * to you under the Apache License, Version 2.0 (the
008 * "License"); you may not use this file except in compliance
009 * with the License.  You may obtain a copy of the License at
010 *
011 *     http://www.apache.org/licenses/LICENSE-2.0
012 *
013 * Unless required by applicable law or agreed to in writing, software
014 * distributed under the License is distributed on an "AS IS" BASIS,
015 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
016 * See the License for the specific language governing permissions and
017 * limitations under the License.
018 */
019
020package org.apache.hadoop.hbase.zookeeper;
021
022import java.util.List;
023
024import org.apache.hadoop.conf.Configuration;
025import org.apache.hadoop.conf.Configured;
026import org.apache.hadoop.hbase.HBaseConfiguration;
027import org.apache.hadoop.util.Tool;
028import org.apache.hadoop.util.ToolRunner;
029import org.apache.yetus.audience.InterfaceAudience;
030import org.apache.zookeeper.ZooDefs;
031import org.apache.zookeeper.ZooKeeper;
032import org.slf4j.Logger;
033import org.slf4j.LoggerFactory;
034
035/**
036 * You may add the jaas.conf option
037 *    -Djava.security.auth.login.config=/PATH/jaas.conf
038 *
039 * You may also specify -D to set options
040 *    "hbase.zookeeper.quorum"    (it should be in hbase-site.xml)
041 *    "zookeeper.znode.parent"    (it should be in hbase-site.xml)
042 *
043 * Use -set-acls to set the ACLs, no option to erase ACLs
044 */
045@InterfaceAudience.Private
046public class ZKAclReset extends Configured implements Tool {
047  private static final Logger LOG = LoggerFactory.getLogger(ZKAclReset.class);
048
049  private static void resetAcls(final ZKWatcher zkw, final String znode,
050                                final boolean eraseAcls) throws Exception {
051    List<String> children = ZKUtil.listChildrenNoWatch(zkw, znode);
052    if (children != null) {
053      for (String child: children) {
054        resetAcls(zkw, ZNodePaths.joinZNode(znode, child), eraseAcls);
055      }
056    }
057
058    ZooKeeper zk = zkw.getRecoverableZooKeeper().getZooKeeper();
059    if (eraseAcls) {
060      LOG.info(" - erase ACLs for " + znode);
061      zk.setACL(znode, ZooDefs.Ids.OPEN_ACL_UNSAFE, -1);
062    } else {
063      LOG.info(" - set ACLs for " + znode);
064      zk.setACL(znode, ZKUtil.createACL(zkw, znode, true), -1);
065    }
066  }
067
068  private static void resetAcls(final Configuration conf, boolean eraseAcls)
069      throws Exception {
070    try (ZKWatcher zkw = new ZKWatcher(conf, "ZKAclReset", null)) {
071      LOG.info((eraseAcls ? "Erase" : "Set") + " HBase ACLs for " +
072              zkw.getQuorum() + " " + zkw.znodePaths.baseZNode);
073      resetAcls(zkw, zkw.znodePaths.baseZNode, eraseAcls);
074    }
075  }
076
077  private void printUsageAndExit() {
078    System.err.printf("Usage: hbase %s [options]%n", getClass().getName());
079    System.err.println(" where [options] are:");
080    System.err.println("  -h|-help                Show this help and exit.");
081    System.err.println("  -set-acls               Setup the hbase znode ACLs for a secure cluster");
082    System.err.println();
083    System.err.println("Examples:");
084    System.err.println("  To reset the ACLs to the unsecure cluster behavior:");
085    System.err.println("  hbase " + getClass().getName());
086    System.err.println();
087    System.err.println("  To reset the ACLs to the secure cluster behavior:");
088    System.err.println("  hbase " + getClass().getName() + " -set-acls");
089    System.exit(1);
090  }
091
092  @Override
093  public int run(String[] args) throws Exception {
094    boolean eraseAcls = true;
095
096    for (String arg : args) {
097      switch (arg) {
098        case "-help": {
099          printUsageAndExit();
100          break;
101        }
102        case "-set-acls": {
103          eraseAcls = false;
104          break;
105        }
106        default: {
107          printUsageAndExit();
108          break;
109        }
110      }
111    }
112
113    resetAcls(getConf(), eraseAcls);
114    return(0);
115  }
116
117  public static void main(String[] args) throws Exception {
118    System.exit(ToolRunner.run(HBaseConfiguration.create(), new ZKAclReset(), args));
119  }
120}