Source code

001/*
002 *
003 * Licensed to the Apache Software Foundation (ASF) under one
004 * or more contributor license agreements.  See the NOTICE file
005 * distributed with this work for additional information
006 * regarding copyright ownership.  The ASF licenses this file
007 * to you under the Apache License, Version 2.0 (the
008 * "License"); you may not use this file except in compliance
009 * with the License.  You may obtain a copy of the License at
010 *
011 *     http://www.apache.org/licenses/LICENSE-2.0
012 *
013 * Unless required by applicable law or agreed to in writing, software
014 * distributed under the License is distributed on an "AS IS" BASIS,
015 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
016 * See the License for the specific language governing permissions and
017 * limitations under the License.
018 */
019
020package org.apache.hadoop.hbase.zookeeper;
021
022import java.util.List;
023
024import org.apache.hadoop.conf.Configuration;
025import org.apache.hadoop.conf.Configured;
026import org.apache.hadoop.hbase.HBaseConfiguration;
027import org.apache.hadoop.util.Tool;
028import org.apache.hadoop.util.ToolRunner;
029import org.apache.yetus.audience.InterfaceAudience;
030import org.apache.zookeeper.ZooDefs;
031import org.apache.zookeeper.ZooKeeper;
032import org.slf4j.Logger;
033import org.slf4j.LoggerFactory;
034
035/**
036 * You may add the jaas.conf option
037 *    -Djava.security.auth.login.config=/PATH/jaas.conf
038 *
039 * You may also specify -D to set options
040 *    "hbase.zookeeper.quorum"    (it should be in hbase-site.xml)
041 *    "zookeeper.znode.parent"    (it should be in hbase-site.xml)
042 *
043 * Use -set-acls to set the ACLs, no option to erase ACLs
044 */
045@InterfaceAudience.Private
046public class ZKAclReset extends Configured implements Tool {
047  private static final Logger LOG = LoggerFactory.getLogger(ZKAclReset.class);
048
049  private static void resetAcls(final ZKWatcher zkw, final String znode,
050                                final boolean eraseAcls) throws Exception {
051    List<String> children = ZKUtil.listChildrenNoWatch(zkw, znode);
052    if (children != null) {
053      for (String child: children) {
054        resetAcls(zkw, ZNodePaths.joinZNode(znode, child), eraseAcls);
055      }
056    }
057
058    ZooKeeper zk = zkw.getRecoverableZooKeeper().getZooKeeper();
059    if (eraseAcls) {
060      LOG.info(" - erase ACLs for " + znode);
061      zk.setACL(znode, ZooDefs.Ids.OPEN_ACL_UNSAFE, -1);
062    } else {
063      LOG.info(" - set ACLs for " + znode);
064      zk.setACL(znode, ZKUtil.createACL(zkw, znode, true), -1);
065    }
066  }
067
068  private static void resetAcls(final Configuration conf, boolean eraseAcls)
069      throws Exception {
070    ZKWatcher zkw = new ZKWatcher(conf, "ZKAclReset", null);
071    try {
072      LOG.info((eraseAcls ? "Erase" : "Set") + " HBase ACLs for " +
073                zkw.getQuorum() + " " + zkw.getZNodePaths().baseZNode);
074      resetAcls(zkw, zkw.getZNodePaths().baseZNode, eraseAcls);
075    } finally {
076      zkw.close();
077    }
078  }
079
080  private void printUsageAndExit() {
081    System.err.printf("Usage: hbase %s [options]%n", getClass().getName());
082    System.err.println(" where [options] are:");
083    System.err.println("  -h|-help                Show this help and exit.");
084    System.err.println("  -set-acls               Setup the hbase znode ACLs for a secure cluster");
085    System.err.println();
086    System.err.println("Examples:");
087    System.err.println("  To reset the ACLs to the unsecure cluster behavior:");
088    System.err.println("  hbase " + getClass().getName());
089    System.err.println();
090    System.err.println("  To reset the ACLs to the secure cluster behavior:");
091    System.err.println("  hbase " + getClass().getName() + " -set-acls");
092    System.exit(1);
093  }
094
095  @Override
096  public int run(String[] args) throws Exception {
097    boolean eraseAcls = true;
098
099    for (int i = 0; i < args.length; ++i) {
100      if (args[i].equals("-help")) {
101        printUsageAndExit();
102      } else if (args[i].equals("-set-acls")) {
103        eraseAcls = false;
104      } else {
105        printUsageAndExit();
106      }
107    }
108
109    resetAcls(getConf(), eraseAcls);
110    return(0);
111  }
112
113  public static void main(String[] args) throws Exception {
114    System.exit(ToolRunner.run(HBaseConfiguration.create(), new ZKAclReset(), args));
115  }
116}