hbase-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From te...@apache.org
Subject hbase git commit: HBASE-11013: Clone Snapshots on Secure Cluster Should provide option to apply Retained User Permissions
Date Tue, 09 May 2017 16:32:31 GMT
Repository: hbase
Updated Branches:
  refs/heads/master ac1024af2 -> 951b23a44


HBASE-11013: Clone Snapshots on Secure Cluster Should provide option to apply Retained User Permissions

Signed-off-by: tedyu <yuzhihong@gmail.com>


Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/951b23a4
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/951b23a4
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/951b23a4

Branch: refs/heads/master
Commit: 951b23a44cd90ae4afed9b255de0e678fbfba946
Parents: ac1024a
Author: huzheng <openinx@gmail.com>
Authored: Mon May 8 21:01:47 2017 +0800
Committer: tedyu <yuzhihong@gmail.com>
Committed: Tue May 9 09:32:48 2017 -0700

----------------------------------------------------------------------
 .../org/apache/hadoop/hbase/client/Admin.java   |  13 +
 .../apache/hadoop/hbase/client/HBaseAdmin.java  |  25 +-
 .../hbase/security/access/TablePermission.java  |   4 +
 .../shaded/protobuf/generated/MasterProtos.java | 597 +++++++++++--------
 .../src/main/protobuf/Master.proto              |   1 +
 .../org/apache/hadoop/hbase/master/HMaster.java |   5 +-
 .../hadoop/hbase/master/MasterRpcServices.java  |   4 +-
 .../procedure/CloneSnapshotProcedure.java       |  21 +-
 .../hbase/master/snapshot/SnapshotManager.java  |  17 +-
 .../master/snapshot/TakeSnapshotHandler.java    |   3 +
 .../security/access/AccessControlLists.java     |   2 +-
 .../snapshot/SnapshotDescriptionUtils.java      |  97 ++-
 .../hbase/client/TestSnapshotWithAcl.java       | 203 +++++++
 .../hbase/security/access/SecureTestUtil.java   |   2 +-
 hbase-shell/src/main/ruby/hbase/admin.rb        |   4 +-
 hbase-shell/src/main/ruby/hbase_constants.rb    |   1 +
 .../main/ruby/shell/commands/clone_snapshot.rb  |  11 +-
 .../hbase/client/TestReplicationShell.java      |   1 -
 18 files changed, 727 insertions(+), 284 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Admin.java
----------------------------------------------------------------------
diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Admin.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Admin.java
index 8a9dc61..414c5ac 100644
--- a/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Admin.java
+++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Admin.java
@@ -1534,6 +1534,19 @@ public interface Admin extends Abortable, Closeable {
 
   /**
    * Create a new table by cloning the snapshot content.
+   * @param snapshotName name of the snapshot to be cloned
+   * @param tableName name of the table where the snapshot will be restored
+   * @param restoreAcl true to clone acl into newly created table
+   * @throws IOException if a remote or network exception occurs
+   * @throws TableExistsException if table to be created already exists
+   * @throws RestoreSnapshotException if snapshot failed to be cloned
+   * @throws IllegalArgumentException if the specified table has not a valid name
+   */
+  void cloneSnapshot(final String snapshotName, final TableName tableName, final boolean restoreAcl)
+      throws IOException, TableExistsException, RestoreSnapshotException;
+
+  /**
+   * Create a new table by cloning the snapshot content.
    *
    * @param snapshotName name of the snapshot to be cloned
    * @param tableName name of the table where the snapshot will be restored

http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-client/src/main/java/org/apache/hadoop/hbase/client/HBaseAdmin.java
----------------------------------------------------------------------
diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/client/HBaseAdmin.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/client/HBaseAdmin.java
index 0c62688..ac5c239 100644
--- a/hbase-client/src/main/java/org/apache/hadoop/hbase/client/HBaseAdmin.java
+++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/client/HBaseAdmin.java
@@ -2572,7 +2572,7 @@ public class HBaseAdmin implements Admin {
     try {
       // Restore snapshot
       get(
-        internalRestoreSnapshotAsync(snapshotName, tableName),
+        internalRestoreSnapshotAsync(snapshotName, tableName, false),
         syncWaitTimeout,
         TimeUnit.MILLISECONDS);
     } catch (IOException e) {
@@ -2581,7 +2581,7 @@ public class HBaseAdmin implements Admin {
       if (takeFailSafeSnapshot) {
         try {
           get(
-            internalRestoreSnapshotAsync(failSafeSnapshotSnapshotName, tableName),
+            internalRestoreSnapshotAsync(failSafeSnapshotSnapshotName, tableName, false),
             syncWaitTimeout,
             TimeUnit.MILLISECONDS);
           String msg = "Restore snapshot=" + snapshotName +
@@ -2624,7 +2624,7 @@ public class HBaseAdmin implements Admin {
       throw new TableNotDisabledException(tableName);
     }
 
-    return internalRestoreSnapshotAsync(snapshotName, tableName);
+    return internalRestoreSnapshotAsync(snapshotName, tableName, false);
   }
 
   @Override
@@ -2634,24 +2634,30 @@ public class HBaseAdmin implements Admin {
   }
 
   @Override
-  public void cloneSnapshot(final String snapshotName, final TableName tableName)
+  public void cloneSnapshot(String snapshotName, TableName tableName, boolean restoreAcl)
       throws IOException, TableExistsException, RestoreSnapshotException {
     if (tableExists(tableName)) {
       throw new TableExistsException(tableName);
     }
     get(
-      internalRestoreSnapshotAsync(snapshotName, tableName),
+      internalRestoreSnapshotAsync(snapshotName, tableName, restoreAcl),
       Integer.MAX_VALUE,
       TimeUnit.MILLISECONDS);
   }
 
   @Override
+  public void cloneSnapshot(final String snapshotName, final TableName tableName)
+      throws IOException, TableExistsException, RestoreSnapshotException {
+    cloneSnapshot(snapshotName, tableName, false);
+  }
+
+  @Override
   public Future<Void> cloneSnapshotAsync(final String snapshotName, final TableName tableName)
       throws IOException, TableExistsException {
     if (tableExists(tableName)) {
       throw new TableExistsException(tableName);
     }
-    return internalRestoreSnapshotAsync(snapshotName, tableName);
+    return internalRestoreSnapshotAsync(snapshotName, tableName, false);
   }
 
   @Override
@@ -2739,9 +2745,9 @@ public class HBaseAdmin implements Admin {
    * @throws RestoreSnapshotException if snapshot failed to be restored
    * @throws IllegalArgumentException if the restore request is formatted incorrectly
    */
-  private Future<Void> internalRestoreSnapshotAsync(
-      final String snapshotName,
-      final TableName tableName) throws IOException, RestoreSnapshotException {
+  private Future<Void> internalRestoreSnapshotAsync(final String snapshotName,
+      final TableName tableName, final boolean restoreAcl)
+      throws IOException, RestoreSnapshotException {
     final HBaseProtos.SnapshotDescription snapshot = HBaseProtos.SnapshotDescription.newBuilder()
         .setName(snapshotName).setTable(tableName.getNameAsString()).build();
 
@@ -2756,6 +2762,7 @@ public class HBaseAdmin implements Admin {
             .setSnapshot(snapshot)
             .setNonceGroup(ng.getNonceGroup())
             .setNonce(ng.newNonce())
+            .setRestoreACL(restoreAcl)
             .build();
         return master.restoreSnapshot(getRpcController(), request);
       }

http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java
----------------------------------------------------------------------
diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java
index 4804b30..8e88a8c 100644
--- a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java
+++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java
@@ -155,6 +155,10 @@ public class TablePermission extends Permission {
     return table;
   }
 
+  public void setTableName(TableName table) {
+    this.table = table;
+  }
+
   public boolean hasFamily() {
     return family != null;
   }

http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-protocol-shaded/src/main/java/org/apache/hadoop/hbase/shaded/protobuf/generated/MasterProtos.java
----------------------------------------------------------------------
diff --git a/hbase-protocol-shaded/src/main/java/org/apache/hadoop/hbase/shaded/protobuf/generated/MasterProtos.java b/hbase-protocol-shaded/src/main/java/org/apache/hadoop/hbase/shaded/protobuf/generated/MasterProtos.java
index e4ce4cb..76dee12 100644
--- a/hbase-protocol-shaded/src/main/java/org/apache/hadoop/hbase/shaded/protobuf/generated/MasterProtos.java
+++ b/hbase-protocol-shaded/src/main/java/org/apache/hadoop/hbase/shaded/protobuf/generated/MasterProtos.java
@@ -44884,6 +44884,15 @@ public final class MasterProtos {
      * <code>optional uint64 nonce = 3 [default = 0];</code>
      */
     long getNonce();
+
+    /**
+     * <code>optional bool restoreACL = 4 [default = false];</code>
+     */
+    boolean hasRestoreACL();
+    /**
+     * <code>optional bool restoreACL = 4 [default = false];</code>
+     */
+    boolean getRestoreACL();
   }
   /**
    * Protobuf type {@code hbase.pb.RestoreSnapshotRequest}
@@ -44899,6 +44908,7 @@ public final class MasterProtos {
     private RestoreSnapshotRequest() {
       nonceGroup_ = 0L;
       nonce_ = 0L;
+      restoreACL_ = false;
     }
 
     @java.lang.Override
@@ -44952,6 +44962,11 @@ public final class MasterProtos {
               nonce_ = input.readUInt64();
               break;
             }
+            case 32: {
+              bitField0_ |= 0x00000008;
+              restoreACL_ = input.readBool();
+              break;
+            }
           }
         }
       } catch (org.apache.hadoop.hbase.shaded.com.google.protobuf.InvalidProtocolBufferException e) {
@@ -45028,6 +45043,21 @@ public final class MasterProtos {
       return nonce_;
     }
 
+    public static final int RESTOREACL_FIELD_NUMBER = 4;
+    private boolean restoreACL_;
+    /**
+     * <code>optional bool restoreACL = 4 [default = false];</code>
+     */
+    public boolean hasRestoreACL() {
+      return ((bitField0_ & 0x00000008) == 0x00000008);
+    }
+    /**
+     * <code>optional bool restoreACL = 4 [default = false];</code>
+     */
+    public boolean getRestoreACL() {
+      return restoreACL_;
+    }
+
     private byte memoizedIsInitialized = -1;
     public final boolean isInitialized() {
       byte isInitialized = memoizedIsInitialized;
@@ -45057,6 +45087,9 @@ public final class MasterProtos {
       if (((bitField0_ & 0x00000004) == 0x00000004)) {
         output.writeUInt64(3, nonce_);
       }
+      if (((bitField0_ & 0x00000008) == 0x00000008)) {
+        output.writeBool(4, restoreACL_);
+      }
       unknownFields.writeTo(output);
     }
 
@@ -45077,6 +45110,10 @@ public final class MasterProtos {
         size += org.apache.hadoop.hbase.shaded.com.google.protobuf.CodedOutputStream
           .computeUInt64Size(3, nonce_);
       }
+      if (((bitField0_ & 0x00000008) == 0x00000008)) {
+        size += org.apache.hadoop.hbase.shaded.com.google.protobuf.CodedOutputStream
+          .computeBoolSize(4, restoreACL_);
+      }
       size += unknownFields.getSerializedSize();
       memoizedSize = size;
       return size;
@@ -45109,6 +45146,11 @@ public final class MasterProtos {
         result = result && (getNonce()
             == other.getNonce());
       }
+      result = result && (hasRestoreACL() == other.hasRestoreACL());
+      if (hasRestoreACL()) {
+        result = result && (getRestoreACL()
+            == other.getRestoreACL());
+      }
       result = result && unknownFields.equals(other.unknownFields);
       return result;
     }
@@ -45134,6 +45176,11 @@ public final class MasterProtos {
         hash = (53 * hash) + org.apache.hadoop.hbase.shaded.com.google.protobuf.Internal.hashLong(
             getNonce());
       }
+      if (hasRestoreACL()) {
+        hash = (37 * hash) + RESTOREACL_FIELD_NUMBER;
+        hash = (53 * hash) + org.apache.hadoop.hbase.shaded.com.google.protobuf.Internal.hashBoolean(
+            getRestoreACL());
+      }
       hash = (29 * hash) + unknownFields.hashCode();
       memoizedHashCode = hash;
       return hash;
@@ -45263,6 +45310,8 @@ public final class MasterProtos {
         bitField0_ = (bitField0_ & ~0x00000002);
         nonce_ = 0L;
         bitField0_ = (bitField0_ & ~0x00000004);
+        restoreACL_ = false;
+        bitField0_ = (bitField0_ & ~0x00000008);
         return this;
       }
 
@@ -45303,6 +45352,10 @@ public final class MasterProtos {
           to_bitField0_ |= 0x00000004;
         }
         result.nonce_ = nonce_;
+        if (((from_bitField0_ & 0x00000008) == 0x00000008)) {
+          to_bitField0_ |= 0x00000008;
+        }
+        result.restoreACL_ = restoreACL_;
         result.bitField0_ = to_bitField0_;
         onBuilt();
         return result;
@@ -45354,6 +45407,9 @@ public final class MasterProtos {
         if (other.hasNonce()) {
           setNonce(other.getNonce());
         }
+        if (other.hasRestoreACL()) {
+          setRestoreACL(other.getRestoreACL());
+        }
         this.mergeUnknownFields(other.unknownFields);
         onChanged();
         return this;
@@ -45569,6 +45625,38 @@ public final class MasterProtos {
         onChanged();
         return this;
       }
+
+      private boolean restoreACL_ ;
+      /**
+       * <code>optional bool restoreACL = 4 [default = false];</code>
+       */
+      public boolean hasRestoreACL() {
+        return ((bitField0_ & 0x00000008) == 0x00000008);
+      }
+      /**
+       * <code>optional bool restoreACL = 4 [default = false];</code>
+       */
+      public boolean getRestoreACL() {
+        return restoreACL_;
+      }
+      /**
+       * <code>optional bool restoreACL = 4 [default = false];</code>
+       */
+      public Builder setRestoreACL(boolean value) {
+        bitField0_ |= 0x00000008;
+        restoreACL_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       * <code>optional bool restoreACL = 4 [default = false];</code>
+       */
+      public Builder clearRestoreACL() {
+        bitField0_ = (bitField0_ & ~0x00000008);
+        restoreACL_ = false;
+        onChanged();
+        return this;
+      }
       public final Builder setUnknownFields(
           final org.apache.hadoop.hbase.shaded.com.google.protobuf.UnknownFieldSet unknownFields) {
         return super.setUnknownFields(unknownFields);
@@ -77796,259 +77884,260 @@ public final class MasterProtos {
       "base.pb.SnapshotDescription\"H\n\025DeleteSna" +
       "pshotRequest\022/\n\010snapshot\030\001 \002(\0132\035.hbase.p" +
       "b.SnapshotDescription\"\030\n\026DeleteSnapshotR",
-      "esponse\"s\n\026RestoreSnapshotRequest\022/\n\010sna" +
-      "pshot\030\001 \002(\0132\035.hbase.pb.SnapshotDescripti" +
-      "on\022\026\n\013nonce_group\030\002 \001(\004:\0010\022\020\n\005nonce\030\003 \001(" +
-      "\004:\0010\"*\n\027RestoreSnapshotResponse\022\017\n\007proc_" +
-      "id\030\001 \002(\004\"H\n\025IsSnapshotDoneRequest\022/\n\010sna" +
-      "pshot\030\001 \001(\0132\035.hbase.pb.SnapshotDescripti" +
-      "on\"^\n\026IsSnapshotDoneResponse\022\023\n\004done\030\001 \001" +
-      "(\010:\005false\022/\n\010snapshot\030\002 \001(\0132\035.hbase.pb.S" +
-      "napshotDescription\"O\n\034IsRestoreSnapshotD" +
-      "oneRequest\022/\n\010snapshot\030\001 \001(\0132\035.hbase.pb.",
-      "SnapshotDescription\"4\n\035IsRestoreSnapshot" +
-      "DoneResponse\022\023\n\004done\030\001 \001(\010:\005false\"F\n\033Get" +
-      "SchemaAlterStatusRequest\022\'\n\ntable_name\030\001" +
-      " \002(\0132\023.hbase.pb.TableName\"T\n\034GetSchemaAl" +
-      "terStatusResponse\022\035\n\025yet_to_update_regio" +
-      "ns\030\001 \001(\r\022\025\n\rtotal_regions\030\002 \001(\r\"\213\001\n\032GetT" +
-      "ableDescriptorsRequest\022(\n\013table_names\030\001 " +
-      "\003(\0132\023.hbase.pb.TableName\022\r\n\005regex\030\002 \001(\t\022" +
-      "!\n\022include_sys_tables\030\003 \001(\010:\005false\022\021\n\tna" +
-      "mespace\030\004 \001(\t\"J\n\033GetTableDescriptorsResp",
-      "onse\022+\n\014table_schema\030\001 \003(\0132\025.hbase.pb.Ta" +
-      "bleSchema\"[\n\024GetTableNamesRequest\022\r\n\005reg" +
-      "ex\030\001 \001(\t\022!\n\022include_sys_tables\030\002 \001(\010:\005fa" +
-      "lse\022\021\n\tnamespace\030\003 \001(\t\"A\n\025GetTableNamesR" +
-      "esponse\022(\n\013table_names\030\001 \003(\0132\023.hbase.pb." +
-      "TableName\"?\n\024GetTableStateRequest\022\'\n\ntab" +
-      "le_name\030\001 \002(\0132\023.hbase.pb.TableName\"B\n\025Ge" +
-      "tTableStateResponse\022)\n\013table_state\030\001 \002(\013" +
-      "2\024.hbase.pb.TableState\"\031\n\027GetClusterStat" +
-      "usRequest\"K\n\030GetClusterStatusResponse\022/\n",
-      "\016cluster_status\030\001 \002(\0132\027.hbase.pb.Cluster" +
-      "Status\"\030\n\026IsMasterRunningRequest\"4\n\027IsMa" +
-      "sterRunningResponse\022\031\n\021is_master_running" +
-      "\030\001 \002(\010\"I\n\024ExecProcedureRequest\0221\n\tproced" +
-      "ure\030\001 \002(\0132\036.hbase.pb.ProcedureDescriptio" +
-      "n\"F\n\025ExecProcedureResponse\022\030\n\020expected_t" +
-      "imeout\030\001 \001(\003\022\023\n\013return_data\030\002 \001(\014\"K\n\026IsP" +
-      "rocedureDoneRequest\0221\n\tprocedure\030\001 \001(\0132\036" +
-      ".hbase.pb.ProcedureDescription\"`\n\027IsProc" +
-      "edureDoneResponse\022\023\n\004done\030\001 \001(\010:\005false\0220",
-      "\n\010snapshot\030\002 \001(\0132\036.hbase.pb.ProcedureDes" +
-      "cription\",\n\031GetProcedureResultRequest\022\017\n" +
-      "\007proc_id\030\001 \002(\004\"\375\001\n\032GetProcedureResultRes" +
-      "ponse\0229\n\005state\030\001 \002(\0162*.hbase.pb.GetProce" +
-      "dureResultResponse.State\022\026\n\016submitted_ti" +
-      "me\030\002 \001(\004\022\023\n\013last_update\030\003 \001(\004\022\016\n\006result\030" +
-      "\004 \001(\014\0224\n\texception\030\005 \001(\0132!.hbase.pb.Fore" +
-      "ignExceptionMessage\"1\n\005State\022\r\n\tNOT_FOUN" +
-      "D\020\000\022\013\n\007RUNNING\020\001\022\014\n\010FINISHED\020\002\"M\n\025AbortP" +
-      "rocedureRequest\022\017\n\007proc_id\030\001 \002(\004\022#\n\025mayI",
-      "nterruptIfRunning\030\002 \001(\010:\004true\"6\n\026AbortPr" +
-      "ocedureResponse\022\034\n\024is_procedure_aborted\030" +
-      "\001 \002(\010\"\027\n\025ListProceduresRequest\"@\n\026ListPr" +
-      "oceduresResponse\022&\n\tprocedure\030\001 \003(\0132\023.hb" +
-      "ase.pb.Procedure\"\022\n\020ListLocksRequest\"5\n\021" +
-      "ListLocksResponse\022 \n\004lock\030\001 \003(\0132\022.hbase." +
-      "pb.LockInfo\"\315\001\n\017SetQuotaRequest\022\021\n\tuser_" +
-      "name\030\001 \001(\t\022\022\n\nuser_group\030\002 \001(\t\022\021\n\tnamesp" +
-      "ace\030\003 \001(\t\022\'\n\ntable_name\030\004 \001(\0132\023.hbase.pb" +
-      ".TableName\022\022\n\nremove_all\030\005 \001(\010\022\026\n\016bypass",
-      "_globals\030\006 \001(\010\022+\n\010throttle\030\007 \001(\0132\031.hbase" +
-      ".pb.ThrottleRequest\"\022\n\020SetQuotaResponse\"" +
-      "J\n\037MajorCompactionTimestampRequest\022\'\n\nta" +
-      "ble_name\030\001 \002(\0132\023.hbase.pb.TableName\"U\n(M" +
-      "ajorCompactionTimestampForRegionRequest\022" +
-      ")\n\006region\030\001 \002(\0132\031.hbase.pb.RegionSpecifi" +
-      "er\"@\n MajorCompactionTimestampResponse\022\034" +
-      "\n\024compaction_timestamp\030\001 \002(\003\"\035\n\033Security" +
-      "CapabilitiesRequest\"\354\001\n\034SecurityCapabili" +
-      "tiesResponse\022G\n\014capabilities\030\001 \003(\01621.hba",
-      "se.pb.SecurityCapabilitiesResponse.Capab" +
-      "ility\"\202\001\n\nCapability\022\031\n\025SIMPLE_AUTHENTIC" +
-      "ATION\020\000\022\031\n\025SECURE_AUTHENTICATION\020\001\022\021\n\rAU" +
-      "THORIZATION\020\002\022\026\n\022CELL_AUTHORIZATION\020\003\022\023\n" +
-      "\017CELL_VISIBILITY\020\004\"\"\n ListDrainingRegion" +
-      "ServersRequest\"N\n!ListDrainingRegionServ" +
-      "ersResponse\022)\n\013server_name\030\001 \003(\0132\024.hbase" +
-      ".pb.ServerName\"F\n\031DrainRegionServersRequ" +
-      "est\022)\n\013server_name\030\001 \003(\0132\024.hbase.pb.Serv" +
-      "erName\"\034\n\032DrainRegionServersResponse\"P\n#",
-      "RemoveDrainFromRegionServersRequest\022)\n\013s" +
-      "erver_name\030\001 \003(\0132\024.hbase.pb.ServerName\"&" +
-      "\n$RemoveDrainFromRegionServersResponse*(" +
-      "\n\020MasterSwitchType\022\t\n\005SPLIT\020\000\022\t\n\005MERGE\020\001" +
-      "2\2074\n\rMasterService\022e\n\024GetSchemaAlterStat" +
-      "us\022%.hbase.pb.GetSchemaAlterStatusReques" +
-      "t\032&.hbase.pb.GetSchemaAlterStatusRespons" +
-      "e\022b\n\023GetTableDescriptors\022$.hbase.pb.GetT" +
-      "ableDescriptorsRequest\032%.hbase.pb.GetTab" +
-      "leDescriptorsResponse\022P\n\rGetTableNames\022\036",
-      ".hbase.pb.GetTableNamesRequest\032\037.hbase.p" +
-      "b.GetTableNamesResponse\022Y\n\020GetClusterSta" +
-      "tus\022!.hbase.pb.GetClusterStatusRequest\032\"" +
-      ".hbase.pb.GetClusterStatusResponse\022V\n\017Is" +
-      "MasterRunning\022 .hbase.pb.IsMasterRunning" +
-      "Request\032!.hbase.pb.IsMasterRunningRespon" +
-      "se\022D\n\tAddColumn\022\032.hbase.pb.AddColumnRequ" +
-      "est\032\033.hbase.pb.AddColumnResponse\022M\n\014Dele" +
-      "teColumn\022\035.hbase.pb.DeleteColumnRequest\032" +
-      "\036.hbase.pb.DeleteColumnResponse\022M\n\014Modif",
-      "yColumn\022\035.hbase.pb.ModifyColumnRequest\032\036" +
-      ".hbase.pb.ModifyColumnResponse\022G\n\nMoveRe" +
-      "gion\022\033.hbase.pb.MoveRegionRequest\032\034.hbas" +
-      "e.pb.MoveRegionResponse\022\\\n\021MergeTableReg" +
-      "ions\022\".hbase.pb.MergeTableRegionsRequest" +
-      "\032#.hbase.pb.MergeTableRegionsResponse\022M\n" +
-      "\014AssignRegion\022\035.hbase.pb.AssignRegionReq" +
-      "uest\032\036.hbase.pb.AssignRegionResponse\022S\n\016" +
-      "UnassignRegion\022\037.hbase.pb.UnassignRegion" +
-      "Request\032 .hbase.pb.UnassignRegionRespons",
-      "e\022P\n\rOfflineRegion\022\036.hbase.pb.OfflineReg" +
-      "ionRequest\032\037.hbase.pb.OfflineRegionRespo" +
-      "nse\022J\n\013DeleteTable\022\034.hbase.pb.DeleteTabl" +
-      "eRequest\032\035.hbase.pb.DeleteTableResponse\022" +
-      "P\n\rtruncateTable\022\036.hbase.pb.TruncateTabl" +
-      "eRequest\032\037.hbase.pb.TruncateTableRespons" +
-      "e\022J\n\013EnableTable\022\034.hbase.pb.EnableTableR" +
-      "equest\032\035.hbase.pb.EnableTableResponse\022M\n" +
-      "\014DisableTable\022\035.hbase.pb.DisableTableReq" +
-      "uest\032\036.hbase.pb.DisableTableResponse\022J\n\013",
-      "ModifyTable\022\034.hbase.pb.ModifyTableReques" +
-      "t\032\035.hbase.pb.ModifyTableResponse\022J\n\013Crea" +
-      "teTable\022\034.hbase.pb.CreateTableRequest\032\035." +
-      "hbase.pb.CreateTableResponse\022A\n\010Shutdown" +
-      "\022\031.hbase.pb.ShutdownRequest\032\032.hbase.pb.S" +
-      "hutdownResponse\022G\n\nStopMaster\022\033.hbase.pb" +
-      ".StopMasterRequest\032\034.hbase.pb.StopMaster" +
-      "Response\022h\n\031IsMasterInMaintenanceMode\022$." +
-      "hbase.pb.IsInMaintenanceModeRequest\032%.hb" +
-      "ase.pb.IsInMaintenanceModeResponse\022>\n\007Ba",
-      "lance\022\030.hbase.pb.BalanceRequest\032\031.hbase." +
-      "pb.BalanceResponse\022_\n\022SetBalancerRunning" +
-      "\022#.hbase.pb.SetBalancerRunningRequest\032$." +
-      "hbase.pb.SetBalancerRunningResponse\022\\\n\021I" +
-      "sBalancerEnabled\022\".hbase.pb.IsBalancerEn" +
-      "abledRequest\032#.hbase.pb.IsBalancerEnable" +
-      "dResponse\022k\n\026SetSplitOrMergeEnabled\022\'.hb" +
-      "ase.pb.SetSplitOrMergeEnabledRequest\032(.h" +
-      "base.pb.SetSplitOrMergeEnabledResponse\022h" +
-      "\n\025IsSplitOrMergeEnabled\022&.hbase.pb.IsSpl",
-      "itOrMergeEnabledRequest\032\'.hbase.pb.IsSpl" +
-      "itOrMergeEnabledResponse\022D\n\tNormalize\022\032." +
-      "hbase.pb.NormalizeRequest\032\033.hbase.pb.Nor" +
-      "malizeResponse\022e\n\024SetNormalizerRunning\022%" +
-      ".hbase.pb.SetNormalizerRunningRequest\032&." +
-      "hbase.pb.SetNormalizerRunningResponse\022b\n" +
-      "\023IsNormalizerEnabled\022$.hbase.pb.IsNormal" +
-      "izerEnabledRequest\032%.hbase.pb.IsNormaliz" +
-      "erEnabledResponse\022S\n\016RunCatalogScan\022\037.hb" +
-      "ase.pb.RunCatalogScanRequest\032 .hbase.pb.",
-      "RunCatalogScanResponse\022e\n\024EnableCatalogJ" +
-      "anitor\022%.hbase.pb.EnableCatalogJanitorRe" +
-      "quest\032&.hbase.pb.EnableCatalogJanitorRes" +
-      "ponse\022n\n\027IsCatalogJanitorEnabled\022(.hbase" +
-      ".pb.IsCatalogJanitorEnabledRequest\032).hba" +
-      "se.pb.IsCatalogJanitorEnabledResponse\022V\n" +
-      "\017RunCleanerChore\022 .hbase.pb.RunCleanerCh" +
-      "oreRequest\032!.hbase.pb.RunCleanerChoreRes" +
-      "ponse\022k\n\026SetCleanerChoreRunning\022\'.hbase." +
-      "pb.SetCleanerChoreRunningRequest\032(.hbase",
-      ".pb.SetCleanerChoreRunningResponse\022h\n\025Is" +
-      "CleanerChoreEnabled\022&.hbase.pb.IsCleaner" +
-      "ChoreEnabledRequest\032\'.hbase.pb.IsCleaner" +
-      "ChoreEnabledResponse\022^\n\021ExecMasterServic" +
-      "e\022#.hbase.pb.CoprocessorServiceRequest\032$" +
-      ".hbase.pb.CoprocessorServiceResponse\022A\n\010" +
-      "Snapshot\022\031.hbase.pb.SnapshotRequest\032\032.hb" +
-      "ase.pb.SnapshotResponse\022h\n\025GetCompletedS" +
-      "napshots\022&.hbase.pb.GetCompletedSnapshot" +
-      "sRequest\032\'.hbase.pb.GetCompletedSnapshot",
-      "sResponse\022S\n\016DeleteSnapshot\022\037.hbase.pb.D" +
-      "eleteSnapshotRequest\032 .hbase.pb.DeleteSn" +
-      "apshotResponse\022S\n\016IsSnapshotDone\022\037.hbase" +
-      ".pb.IsSnapshotDoneRequest\032 .hbase.pb.IsS" +
-      "napshotDoneResponse\022V\n\017RestoreSnapshot\022 " +
-      ".hbase.pb.RestoreSnapshotRequest\032!.hbase" +
-      ".pb.RestoreSnapshotResponse\022P\n\rExecProce" +
-      "dure\022\036.hbase.pb.ExecProcedureRequest\032\037.h" +
-      "base.pb.ExecProcedureResponse\022W\n\024ExecPro" +
-      "cedureWithRet\022\036.hbase.pb.ExecProcedureRe",
-      "quest\032\037.hbase.pb.ExecProcedureResponse\022V" +
-      "\n\017IsProcedureDone\022 .hbase.pb.IsProcedure" +
-      "DoneRequest\032!.hbase.pb.IsProcedureDoneRe" +
-      "sponse\022V\n\017ModifyNamespace\022 .hbase.pb.Mod" +
-      "ifyNamespaceRequest\032!.hbase.pb.ModifyNam" +
-      "espaceResponse\022V\n\017CreateNamespace\022 .hbas" +
-      "e.pb.CreateNamespaceRequest\032!.hbase.pb.C" +
-      "reateNamespaceResponse\022V\n\017DeleteNamespac" +
-      "e\022 .hbase.pb.DeleteNamespaceRequest\032!.hb" +
-      "ase.pb.DeleteNamespaceResponse\022k\n\026GetNam",
-      "espaceDescriptor\022\'.hbase.pb.GetNamespace" +
-      "DescriptorRequest\032(.hbase.pb.GetNamespac" +
-      "eDescriptorResponse\022q\n\030ListNamespaceDesc" +
-      "riptors\022).hbase.pb.ListNamespaceDescript" +
-      "orsRequest\032*.hbase.pb.ListNamespaceDescr" +
-      "iptorsResponse\022\206\001\n\037ListTableDescriptorsB" +
-      "yNamespace\0220.hbase.pb.ListTableDescripto" +
-      "rsByNamespaceRequest\0321.hbase.pb.ListTabl" +
-      "eDescriptorsByNamespaceResponse\022t\n\031ListT" +
-      "ableNamesByNamespace\022*.hbase.pb.ListTabl",
-      "eNamesByNamespaceRequest\032+.hbase.pb.List" +
-      "TableNamesByNamespaceResponse\022P\n\rGetTabl" +
-      "eState\022\036.hbase.pb.GetTableStateRequest\032\037" +
-      ".hbase.pb.GetTableStateResponse\022A\n\010SetQu" +
-      "ota\022\031.hbase.pb.SetQuotaRequest\032\032.hbase.p" +
-      "b.SetQuotaResponse\022x\n\037getLastMajorCompac" +
-      "tionTimestamp\022).hbase.pb.MajorCompaction" +
-      "TimestampRequest\032*.hbase.pb.MajorCompact" +
-      "ionTimestampResponse\022\212\001\n(getLastMajorCom" +
-      "pactionTimestampForRegion\0222.hbase.pb.Maj",
-      "orCompactionTimestampForRegionRequest\032*." +
-      "hbase.pb.MajorCompactionTimestampRespons" +
-      "e\022_\n\022getProcedureResult\022#.hbase.pb.GetPr" +
-      "ocedureResultRequest\032$.hbase.pb.GetProce" +
-      "dureResultResponse\022h\n\027getSecurityCapabil" +
-      "ities\022%.hbase.pb.SecurityCapabilitiesReq" +
-      "uest\032&.hbase.pb.SecurityCapabilitiesResp" +
-      "onse\022S\n\016AbortProcedure\022\037.hbase.pb.AbortP" +
-      "rocedureRequest\032 .hbase.pb.AbortProcedur" +
-      "eResponse\022S\n\016ListProcedures\022\037.hbase.pb.L",
-      "istProceduresRequest\032 .hbase.pb.ListProc" +
-      "eduresResponse\022D\n\tListLocks\022\032.hbase.pb.L" +
-      "istLocksRequest\032\033.hbase.pb.ListLocksResp" +
-      "onse\022_\n\022AddReplicationPeer\022#.hbase.pb.Ad" +
-      "dReplicationPeerRequest\032$.hbase.pb.AddRe" +
-      "plicationPeerResponse\022h\n\025RemoveReplicati" +
-      "onPeer\022&.hbase.pb.RemoveReplicationPeerR" +
-      "equest\032\'.hbase.pb.RemoveReplicationPeerR" +
-      "esponse\022h\n\025EnableReplicationPeer\022&.hbase" +
-      ".pb.EnableReplicationPeerRequest\032\'.hbase",
-      ".pb.EnableReplicationPeerResponse\022k\n\026Dis" +
-      "ableReplicationPeer\022\'.hbase.pb.DisableRe" +
-      "plicationPeerRequest\032(.hbase.pb.DisableR" +
-      "eplicationPeerResponse\022q\n\030GetReplication" +
-      "PeerConfig\022).hbase.pb.GetReplicationPeer" +
-      "ConfigRequest\032*.hbase.pb.GetReplicationP" +
-      "eerConfigResponse\022z\n\033UpdateReplicationPe" +
-      "erConfig\022,.hbase.pb.UpdateReplicationPee" +
-      "rConfigRequest\032-.hbase.pb.UpdateReplicat" +
-      "ionPeerConfigResponse\022e\n\024ListReplication",
-      "Peers\022%.hbase.pb.ListReplicationPeersReq" +
-      "uest\032&.hbase.pb.ListReplicationPeersResp" +
-      "onse\022t\n\031listDrainingRegionServers\022*.hbas" +
-      "e.pb.ListDrainingRegionServersRequest\032+." +
-      "hbase.pb.ListDrainingRegionServersRespon" +
-      "se\022_\n\022drainRegionServers\022#.hbase.pb.Drai" +
-      "nRegionServersRequest\032$.hbase.pb.DrainRe" +
-      "gionServersResponse\022}\n\034removeDrainFromRe" +
-      "gionServers\022-.hbase.pb.RemoveDrainFromRe" +
-      "gionServersRequest\032..hbase.pb.RemoveDrai",
-      "nFromRegionServersResponseBI\n1org.apache" +
-      ".hadoop.hbase.shaded.protobuf.generatedB" +
-      "\014MasterProtosH\001\210\001\001\240\001\001"
+      "esponse\"\216\001\n\026RestoreSnapshotRequest\022/\n\010sn" +
+      "apshot\030\001 \002(\0132\035.hbase.pb.SnapshotDescript" +
+      "ion\022\026\n\013nonce_group\030\002 \001(\004:\0010\022\020\n\005nonce\030\003 \001" +
+      "(\004:\0010\022\031\n\nrestoreACL\030\004 \001(\010:\005false\"*\n\027Rest" +
+      "oreSnapshotResponse\022\017\n\007proc_id\030\001 \002(\004\"H\n\025" +
+      "IsSnapshotDoneRequest\022/\n\010snapshot\030\001 \001(\0132" +
+      "\035.hbase.pb.SnapshotDescription\"^\n\026IsSnap" +
+      "shotDoneResponse\022\023\n\004done\030\001 \001(\010:\005false\022/\n" +
+      "\010snapshot\030\002 \001(\0132\035.hbase.pb.SnapshotDescr" +
+      "iption\"O\n\034IsRestoreSnapshotDoneRequest\022/",
+      "\n\010snapshot\030\001 \001(\0132\035.hbase.pb.SnapshotDesc" +
+      "ription\"4\n\035IsRestoreSnapshotDoneResponse" +
+      "\022\023\n\004done\030\001 \001(\010:\005false\"F\n\033GetSchemaAlterS" +
+      "tatusRequest\022\'\n\ntable_name\030\001 \002(\0132\023.hbase" +
+      ".pb.TableName\"T\n\034GetSchemaAlterStatusRes" +
+      "ponse\022\035\n\025yet_to_update_regions\030\001 \001(\r\022\025\n\r" +
+      "total_regions\030\002 \001(\r\"\213\001\n\032GetTableDescript" +
+      "orsRequest\022(\n\013table_names\030\001 \003(\0132\023.hbase." +
+      "pb.TableName\022\r\n\005regex\030\002 \001(\t\022!\n\022include_s" +
+      "ys_tables\030\003 \001(\010:\005false\022\021\n\tnamespace\030\004 \001(",
+      "\t\"J\n\033GetTableDescriptorsResponse\022+\n\014tabl" +
+      "e_schema\030\001 \003(\0132\025.hbase.pb.TableSchema\"[\n" +
+      "\024GetTableNamesRequest\022\r\n\005regex\030\001 \001(\t\022!\n\022" +
+      "include_sys_tables\030\002 \001(\010:\005false\022\021\n\tnames" +
+      "pace\030\003 \001(\t\"A\n\025GetTableNamesResponse\022(\n\013t" +
+      "able_names\030\001 \003(\0132\023.hbase.pb.TableName\"?\n" +
+      "\024GetTableStateRequest\022\'\n\ntable_name\030\001 \002(" +
+      "\0132\023.hbase.pb.TableName\"B\n\025GetTableStateR" +
+      "esponse\022)\n\013table_state\030\001 \002(\0132\024.hbase.pb." +
+      "TableState\"\031\n\027GetClusterStatusRequest\"K\n",
+      "\030GetClusterStatusResponse\022/\n\016cluster_sta" +
+      "tus\030\001 \002(\0132\027.hbase.pb.ClusterStatus\"\030\n\026Is" +
+      "MasterRunningRequest\"4\n\027IsMasterRunningR" +
+      "esponse\022\031\n\021is_master_running\030\001 \002(\010\"I\n\024Ex" +
+      "ecProcedureRequest\0221\n\tprocedure\030\001 \002(\0132\036." +
+      "hbase.pb.ProcedureDescription\"F\n\025ExecPro" +
+      "cedureResponse\022\030\n\020expected_timeout\030\001 \001(\003" +
+      "\022\023\n\013return_data\030\002 \001(\014\"K\n\026IsProcedureDone" +
+      "Request\0221\n\tprocedure\030\001 \001(\0132\036.hbase.pb.Pr" +
+      "ocedureDescription\"`\n\027IsProcedureDoneRes",
+      "ponse\022\023\n\004done\030\001 \001(\010:\005false\0220\n\010snapshot\030\002" +
+      " \001(\0132\036.hbase.pb.ProcedureDescription\",\n\031" +
+      "GetProcedureResultRequest\022\017\n\007proc_id\030\001 \002" +
+      "(\004\"\375\001\n\032GetProcedureResultResponse\0229\n\005sta" +
+      "te\030\001 \002(\0162*.hbase.pb.GetProcedureResultRe" +
+      "sponse.State\022\026\n\016submitted_time\030\002 \001(\004\022\023\n\013" +
+      "last_update\030\003 \001(\004\022\016\n\006result\030\004 \001(\014\0224\n\texc" +
+      "eption\030\005 \001(\0132!.hbase.pb.ForeignException" +
+      "Message\"1\n\005State\022\r\n\tNOT_FOUND\020\000\022\013\n\007RUNNI" +
+      "NG\020\001\022\014\n\010FINISHED\020\002\"M\n\025AbortProcedureRequ",
+      "est\022\017\n\007proc_id\030\001 \002(\004\022#\n\025mayInterruptIfRu" +
+      "nning\030\002 \001(\010:\004true\"6\n\026AbortProcedureRespo" +
+      "nse\022\034\n\024is_procedure_aborted\030\001 \002(\010\"\027\n\025Lis" +
+      "tProceduresRequest\"@\n\026ListProceduresResp" +
+      "onse\022&\n\tprocedure\030\001 \003(\0132\023.hbase.pb.Proce" +
+      "dure\"\022\n\020ListLocksRequest\"5\n\021ListLocksRes" +
+      "ponse\022 \n\004lock\030\001 \003(\0132\022.hbase.pb.LockInfo\"" +
+      "\315\001\n\017SetQuotaRequest\022\021\n\tuser_name\030\001 \001(\t\022\022" +
+      "\n\nuser_group\030\002 \001(\t\022\021\n\tnamespace\030\003 \001(\t\022\'\n" +
+      "\ntable_name\030\004 \001(\0132\023.hbase.pb.TableName\022\022",
+      "\n\nremove_all\030\005 \001(\010\022\026\n\016bypass_globals\030\006 \001" +
+      "(\010\022+\n\010throttle\030\007 \001(\0132\031.hbase.pb.Throttle" +
+      "Request\"\022\n\020SetQuotaResponse\"J\n\037MajorComp" +
+      "actionTimestampRequest\022\'\n\ntable_name\030\001 \002" +
+      "(\0132\023.hbase.pb.TableName\"U\n(MajorCompacti" +
+      "onTimestampForRegionRequest\022)\n\006region\030\001 " +
+      "\002(\0132\031.hbase.pb.RegionSpecifier\"@\n MajorC" +
+      "ompactionTimestampResponse\022\034\n\024compaction" +
+      "_timestamp\030\001 \002(\003\"\035\n\033SecurityCapabilities" +
+      "Request\"\354\001\n\034SecurityCapabilitiesResponse",
+      "\022G\n\014capabilities\030\001 \003(\01621.hbase.pb.Securi" +
+      "tyCapabilitiesResponse.Capability\"\202\001\n\nCa" +
+      "pability\022\031\n\025SIMPLE_AUTHENTICATION\020\000\022\031\n\025S" +
+      "ECURE_AUTHENTICATION\020\001\022\021\n\rAUTHORIZATION\020" +
+      "\002\022\026\n\022CELL_AUTHORIZATION\020\003\022\023\n\017CELL_VISIBI" +
+      "LITY\020\004\"\"\n ListDrainingRegionServersReque" +
+      "st\"N\n!ListDrainingRegionServersResponse\022" +
+      ")\n\013server_name\030\001 \003(\0132\024.hbase.pb.ServerNa" +
+      "me\"F\n\031DrainRegionServersRequest\022)\n\013serve" +
+      "r_name\030\001 \003(\0132\024.hbase.pb.ServerName\"\034\n\032Dr",
+      "ainRegionServersResponse\"P\n#RemoveDrainF" +
+      "romRegionServersRequest\022)\n\013server_name\030\001" +
+      " \003(\0132\024.hbase.pb.ServerName\"&\n$RemoveDrai" +
+      "nFromRegionServersResponse*(\n\020MasterSwit" +
+      "chType\022\t\n\005SPLIT\020\000\022\t\n\005MERGE\020\0012\2074\n\rMasterS" +
+      "ervice\022e\n\024GetSchemaAlterStatus\022%.hbase.p" +
+      "b.GetSchemaAlterStatusRequest\032&.hbase.pb" +
+      ".GetSchemaAlterStatusResponse\022b\n\023GetTabl" +
+      "eDescriptors\022$.hbase.pb.GetTableDescript" +
+      "orsRequest\032%.hbase.pb.GetTableDescriptor",
+      "sResponse\022P\n\rGetTableNames\022\036.hbase.pb.Ge" +
+      "tTableNamesRequest\032\037.hbase.pb.GetTableNa" +
+      "mesResponse\022Y\n\020GetClusterStatus\022!.hbase." +
+      "pb.GetClusterStatusRequest\032\".hbase.pb.Ge" +
+      "tClusterStatusResponse\022V\n\017IsMasterRunnin" +
+      "g\022 .hbase.pb.IsMasterRunningRequest\032!.hb" +
+      "ase.pb.IsMasterRunningResponse\022D\n\tAddCol" +
+      "umn\022\032.hbase.pb.AddColumnRequest\032\033.hbase." +
+      "pb.AddColumnResponse\022M\n\014DeleteColumn\022\035.h" +
+      "base.pb.DeleteColumnRequest\032\036.hbase.pb.D",
+      "eleteColumnResponse\022M\n\014ModifyColumn\022\035.hb" +
+      "ase.pb.ModifyColumnRequest\032\036.hbase.pb.Mo" +
+      "difyColumnResponse\022G\n\nMoveRegion\022\033.hbase" +
+      ".pb.MoveRegionRequest\032\034.hbase.pb.MoveReg" +
+      "ionResponse\022\\\n\021MergeTableRegions\022\".hbase" +
+      ".pb.MergeTableRegionsRequest\032#.hbase.pb." +
+      "MergeTableRegionsResponse\022M\n\014AssignRegio" +
+      "n\022\035.hbase.pb.AssignRegionRequest\032\036.hbase" +
+      ".pb.AssignRegionResponse\022S\n\016UnassignRegi" +
+      "on\022\037.hbase.pb.UnassignRegionRequest\032 .hb",
+      "ase.pb.UnassignRegionResponse\022P\n\rOffline" +
+      "Region\022\036.hbase.pb.OfflineRegionRequest\032\037" +
+      ".hbase.pb.OfflineRegionResponse\022J\n\013Delet" +
+      "eTable\022\034.hbase.pb.DeleteTableRequest\032\035.h" +
+      "base.pb.DeleteTableResponse\022P\n\rtruncateT" +
+      "able\022\036.hbase.pb.TruncateTableRequest\032\037.h" +
+      "base.pb.TruncateTableResponse\022J\n\013EnableT" +
+      "able\022\034.hbase.pb.EnableTableRequest\032\035.hba" +
+      "se.pb.EnableTableResponse\022M\n\014DisableTabl" +
+      "e\022\035.hbase.pb.DisableTableRequest\032\036.hbase",
+      ".pb.DisableTableResponse\022J\n\013ModifyTable\022" +
+      "\034.hbase.pb.ModifyTableRequest\032\035.hbase.pb" +
+      ".ModifyTableResponse\022J\n\013CreateTable\022\034.hb" +
+      "ase.pb.CreateTableRequest\032\035.hbase.pb.Cre" +
+      "ateTableResponse\022A\n\010Shutdown\022\031.hbase.pb." +
+      "ShutdownRequest\032\032.hbase.pb.ShutdownRespo" +
+      "nse\022G\n\nStopMaster\022\033.hbase.pb.StopMasterR" +
+      "equest\032\034.hbase.pb.StopMasterResponse\022h\n\031" +
+      "IsMasterInMaintenanceMode\022$.hbase.pb.IsI" +
+      "nMaintenanceModeRequest\032%.hbase.pb.IsInM",
+      "aintenanceModeResponse\022>\n\007Balance\022\030.hbas" +
+      "e.pb.BalanceRequest\032\031.hbase.pb.BalanceRe" +
+      "sponse\022_\n\022SetBalancerRunning\022#.hbase.pb." +
+      "SetBalancerRunningRequest\032$.hbase.pb.Set" +
+      "BalancerRunningResponse\022\\\n\021IsBalancerEna" +
+      "bled\022\".hbase.pb.IsBalancerEnabledRequest" +
+      "\032#.hbase.pb.IsBalancerEnabledResponse\022k\n" +
+      "\026SetSplitOrMergeEnabled\022\'.hbase.pb.SetSp" +
+      "litOrMergeEnabledRequest\032(.hbase.pb.SetS" +
+      "plitOrMergeEnabledResponse\022h\n\025IsSplitOrM",
+      "ergeEnabled\022&.hbase.pb.IsSplitOrMergeEna" +
+      "bledRequest\032\'.hbase.pb.IsSplitOrMergeEna" +
+      "bledResponse\022D\n\tNormalize\022\032.hbase.pb.Nor" +
+      "malizeRequest\032\033.hbase.pb.NormalizeRespon" +
+      "se\022e\n\024SetNormalizerRunning\022%.hbase.pb.Se" +
+      "tNormalizerRunningRequest\032&.hbase.pb.Set" +
+      "NormalizerRunningResponse\022b\n\023IsNormalize" +
+      "rEnabled\022$.hbase.pb.IsNormalizerEnabledR" +
+      "equest\032%.hbase.pb.IsNormalizerEnabledRes" +
+      "ponse\022S\n\016RunCatalogScan\022\037.hbase.pb.RunCa",
+      "talogScanRequest\032 .hbase.pb.RunCatalogSc" +
+      "anResponse\022e\n\024EnableCatalogJanitor\022%.hba" +
+      "se.pb.EnableCatalogJanitorRequest\032&.hbas" +
+      "e.pb.EnableCatalogJanitorResponse\022n\n\027IsC" +
+      "atalogJanitorEnabled\022(.hbase.pb.IsCatalo" +
+      "gJanitorEnabledRequest\032).hbase.pb.IsCata" +
+      "logJanitorEnabledResponse\022V\n\017RunCleanerC" +
+      "hore\022 .hbase.pb.RunCleanerChoreRequest\032!" +
+      ".hbase.pb.RunCleanerChoreResponse\022k\n\026Set" +
+      "CleanerChoreRunning\022\'.hbase.pb.SetCleane",
+      "rChoreRunningRequest\032(.hbase.pb.SetClean" +
+      "erChoreRunningResponse\022h\n\025IsCleanerChore" +
+      "Enabled\022&.hbase.pb.IsCleanerChoreEnabled" +
+      "Request\032\'.hbase.pb.IsCleanerChoreEnabled" +
+      "Response\022^\n\021ExecMasterService\022#.hbase.pb" +
+      ".CoprocessorServiceRequest\032$.hbase.pb.Co" +
+      "processorServiceResponse\022A\n\010Snapshot\022\031.h" +
+      "base.pb.SnapshotRequest\032\032.hbase.pb.Snaps" +
+      "hotResponse\022h\n\025GetCompletedSnapshots\022&.h" +
+      "base.pb.GetCompletedSnapshotsRequest\032\'.h",
+      "base.pb.GetCompletedSnapshotsResponse\022S\n" +
+      "\016DeleteSnapshot\022\037.hbase.pb.DeleteSnapsho" +
+      "tRequest\032 .hbase.pb.DeleteSnapshotRespon" +
+      "se\022S\n\016IsSnapshotDone\022\037.hbase.pb.IsSnapsh" +
+      "otDoneRequest\032 .hbase.pb.IsSnapshotDoneR" +
+      "esponse\022V\n\017RestoreSnapshot\022 .hbase.pb.Re" +
+      "storeSnapshotRequest\032!.hbase.pb.RestoreS" +
+      "napshotResponse\022P\n\rExecProcedure\022\036.hbase" +
+      ".pb.ExecProcedureRequest\032\037.hbase.pb.Exec" +
+      "ProcedureResponse\022W\n\024ExecProcedureWithRe",
+      "t\022\036.hbase.pb.ExecProcedureRequest\032\037.hbas" +
+      "e.pb.ExecProcedureResponse\022V\n\017IsProcedur" +
+      "eDone\022 .hbase.pb.IsProcedureDoneRequest\032" +
+      "!.hbase.pb.IsProcedureDoneResponse\022V\n\017Mo" +
+      "difyNamespace\022 .hbase.pb.ModifyNamespace" +
+      "Request\032!.hbase.pb.ModifyNamespaceRespon" +
+      "se\022V\n\017CreateNamespace\022 .hbase.pb.CreateN" +
+      "amespaceRequest\032!.hbase.pb.CreateNamespa" +
+      "ceResponse\022V\n\017DeleteNamespace\022 .hbase.pb" +
+      ".DeleteNamespaceRequest\032!.hbase.pb.Delet",
+      "eNamespaceResponse\022k\n\026GetNamespaceDescri" +
+      "ptor\022\'.hbase.pb.GetNamespaceDescriptorRe" +
+      "quest\032(.hbase.pb.GetNamespaceDescriptorR" +
+      "esponse\022q\n\030ListNamespaceDescriptors\022).hb" +
+      "ase.pb.ListNamespaceDescriptorsRequest\032*" +
+      ".hbase.pb.ListNamespaceDescriptorsRespon" +
+      "se\022\206\001\n\037ListTableDescriptorsByNamespace\0220" +
+      ".hbase.pb.ListTableDescriptorsByNamespac" +
+      "eRequest\0321.hbase.pb.ListTableDescriptors" +
+      "ByNamespaceResponse\022t\n\031ListTableNamesByN",
+      "amespace\022*.hbase.pb.ListTableNamesByName" +
+      "spaceRequest\032+.hbase.pb.ListTableNamesBy" +
+      "NamespaceResponse\022P\n\rGetTableState\022\036.hba" +
+      "se.pb.GetTableStateRequest\032\037.hbase.pb.Ge" +
+      "tTableStateResponse\022A\n\010SetQuota\022\031.hbase." +
+      "pb.SetQuotaRequest\032\032.hbase.pb.SetQuotaRe" +
+      "sponse\022x\n\037getLastMajorCompactionTimestam" +
+      "p\022).hbase.pb.MajorCompactionTimestampReq" +
+      "uest\032*.hbase.pb.MajorCompactionTimestamp" +
+      "Response\022\212\001\n(getLastMajorCompactionTimes",
+      "tampForRegion\0222.hbase.pb.MajorCompaction" +
+      "TimestampForRegionRequest\032*.hbase.pb.Maj" +
+      "orCompactionTimestampResponse\022_\n\022getProc" +
+      "edureResult\022#.hbase.pb.GetProcedureResul" +
+      "tRequest\032$.hbase.pb.GetProcedureResultRe" +
+      "sponse\022h\n\027getSecurityCapabilities\022%.hbas" +
+      "e.pb.SecurityCapabilitiesRequest\032&.hbase" +
+      ".pb.SecurityCapabilitiesResponse\022S\n\016Abor" +
+      "tProcedure\022\037.hbase.pb.AbortProcedureRequ" +
+      "est\032 .hbase.pb.AbortProcedureResponse\022S\n",
+      "\016ListProcedures\022\037.hbase.pb.ListProcedure" +
+      "sRequest\032 .hbase.pb.ListProceduresRespon" +
+      "se\022D\n\tListLocks\022\032.hbase.pb.ListLocksRequ" +
+      "est\032\033.hbase.pb.ListLocksResponse\022_\n\022AddR" +
+      "eplicationPeer\022#.hbase.pb.AddReplication" +
+      "PeerRequest\032$.hbase.pb.AddReplicationPee" +
+      "rResponse\022h\n\025RemoveReplicationPeer\022&.hba" +
+      "se.pb.RemoveReplicationPeerRequest\032\'.hba" +
+      "se.pb.RemoveReplicationPeerResponse\022h\n\025E" +
+      "nableReplicationPeer\022&.hbase.pb.EnableRe",
+      "plicationPeerRequest\032\'.hbase.pb.EnableRe" +
+      "plicationPeerResponse\022k\n\026DisableReplicat" +
+      "ionPeer\022\'.hbase.pb.DisableReplicationPee" +
+      "rRequest\032(.hbase.pb.DisableReplicationPe" +
+      "erResponse\022q\n\030GetReplicationPeerConfig\022)" +
+      ".hbase.pb.GetReplicationPeerConfigReques" +
+      "t\032*.hbase.pb.GetReplicationPeerConfigRes" +
+      "ponse\022z\n\033UpdateReplicationPeerConfig\022,.h" +
+      "base.pb.UpdateReplicationPeerConfigReque" +
+      "st\032-.hbase.pb.UpdateReplicationPeerConfi",
+      "gResponse\022e\n\024ListReplicationPeers\022%.hbas" +
+      "e.pb.ListReplicationPeersRequest\032&.hbase" +
+      ".pb.ListReplicationPeersResponse\022t\n\031list" +
+      "DrainingRegionServers\022*.hbase.pb.ListDra" +
+      "iningRegionServersRequest\032+.hbase.pb.Lis" +
+      "tDrainingRegionServersResponse\022_\n\022drainR" +
+      "egionServers\022#.hbase.pb.DrainRegionServe" +
+      "rsRequest\032$.hbase.pb.DrainRegionServersR" +
+      "esponse\022}\n\034removeDrainFromRegionServers\022" +
+      "-.hbase.pb.RemoveDrainFromRegionServersR",
+      "equest\032..hbase.pb.RemoveDrainFromRegionS" +
+      "erversResponseBI\n1org.apache.hadoop.hbas" +
+      "e.shaded.protobuf.generatedB\014MasterProto" +
+      "sH\001\210\001\001\240\001\001"
     };
     org.apache.hadoop.hbase.shaded.com.google.protobuf.Descriptors.FileDescriptor.InternalDescriptorAssigner assigner =
         new org.apache.hadoop.hbase.shaded.com.google.protobuf.Descriptors.FileDescriptor.    InternalDescriptorAssigner() {
@@ -78567,7 +78656,7 @@ public final class MasterProtos {
     internal_static_hbase_pb_RestoreSnapshotRequest_fieldAccessorTable = new
       org.apache.hadoop.hbase.shaded.com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
         internal_static_hbase_pb_RestoreSnapshotRequest_descriptor,
-        new java.lang.String[] { "Snapshot", "NonceGroup", "Nonce", });
+        new java.lang.String[] { "Snapshot", "NonceGroup", "Nonce", "RestoreACL", });
     internal_static_hbase_pb_RestoreSnapshotResponse_descriptor =
       getDescriptor().getMessageTypes().get(83);
     internal_static_hbase_pb_RestoreSnapshotResponse_fieldAccessorTable = new

http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-protocol-shaded/src/main/protobuf/Master.proto
----------------------------------------------------------------------
diff --git a/hbase-protocol-shaded/src/main/protobuf/Master.proto b/hbase-protocol-shaded/src/main/protobuf/Master.proto
index 0c3da02..bd4f696 100644
--- a/hbase-protocol-shaded/src/main/protobuf/Master.proto
+++ b/hbase-protocol-shaded/src/main/protobuf/Master.proto
@@ -405,6 +405,7 @@ message RestoreSnapshotRequest {
   required SnapshotDescription snapshot = 1;
   optional uint64 nonce_group = 2 [default = 0];
   optional uint64 nonce = 3 [default = 0];
+  optional bool restoreACL = 4 [default = false];
 }
 
 message RestoreSnapshotResponse {

http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
index 762dda0..82aaf20 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
@@ -2309,7 +2309,7 @@ public class HMaster extends HRegionServer implements MasterServices {
   }
 
   public long restoreSnapshot(final SnapshotDescription snapshotDesc,
-      final long nonceGroup, final long nonce) throws IOException {
+      final long nonceGroup, final long nonce, final boolean restoreAcl) throws IOException {
     checkInitialized();
     getSnapshotManager().checkSnapshotSupport();
 
@@ -2321,7 +2321,8 @@ public class HMaster extends HRegionServer implements MasterServices {
         new MasterProcedureUtil.NonceProcedureRunnable(this, nonceGroup, nonce) {
       @Override
       protected void run() throws IOException {
-        setProcId(getSnapshotManager().restoreOrCloneSnapshot(snapshotDesc, getNonceKey()));
+          setProcId(
+            getSnapshotManager().restoreOrCloneSnapshot(snapshotDesc, getNonceKey(), restoreAcl));
       }
 
       @Override

http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java
index 40c4a71..219960b 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java
@@ -1221,8 +1221,8 @@ public class MasterRpcServices extends RSRpcServices
   public RestoreSnapshotResponse restoreSnapshot(RpcController controller,
       RestoreSnapshotRequest request) throws ServiceException {
     try {
-      long procId = master.restoreSnapshot(request.getSnapshot(),
-          request.getNonceGroup(), request.getNonce());
+      long procId = master.restoreSnapshot(request.getSnapshot(), request.getNonceGroup(),
+        request.getNonce(), request.getRestoreACL());
       return RestoreSnapshotResponse.newBuilder().setProcId(procId).build();
     } catch (ForeignException e) {
       throw new ServiceException(e.getCause());

http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/CloneSnapshotProcedure.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/CloneSnapshotProcedure.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/CloneSnapshotProcedure.java
index 347d01d..8b74c43 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/CloneSnapshotProcedure.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/CloneSnapshotProcedure.java
@@ -69,6 +69,7 @@ public class CloneSnapshotProcedure
 
   private HTableDescriptor hTableDescriptor;
   private SnapshotDescription snapshot;
+  private boolean restoreAcl;
   private List<HRegionInfo> newRegions = null;
   private Map<String, Pair<String, String> > parentsToChildrenPairMap = new HashMap<>();
 
@@ -83,6 +84,11 @@ public class CloneSnapshotProcedure
   public CloneSnapshotProcedure() {
   }
 
+  public CloneSnapshotProcedure(final MasterProcedureEnv env,
+      final HTableDescriptor hTableDescriptor, final SnapshotDescription snapshot) {
+    this(env, hTableDescriptor, snapshot, false);
+  }
+
   /**
    * Constructor
    * @param env MasterProcedureEnv
@@ -90,10 +96,12 @@ public class CloneSnapshotProcedure
    * @param snapshot snapshot to clone from
    */
   public CloneSnapshotProcedure(final MasterProcedureEnv env,
-      final HTableDescriptor hTableDescriptor, final SnapshotDescription snapshot) {
+      final HTableDescriptor hTableDescriptor, final SnapshotDescription snapshot,
+      final boolean restoreAcl) {
     super(env);
     this.hTableDescriptor = hTableDescriptor;
     this.snapshot = snapshot;
+    this.restoreAcl = restoreAcl;
 
     getMonitorStatus();
   }
@@ -109,6 +117,16 @@ public class CloneSnapshotProcedure
     return monitorStatus;
   }
 
+  private void restoreSnapshotAcl(MasterProcedureEnv env) throws IOException {
+    Configuration conf = env.getMasterServices().getConfiguration();
+    if (restoreAcl && SnapshotDescriptionUtils.isSecurityAvailable(conf)) {
+      MasterFileSystem fileSystemManager = env.getMasterServices().getMasterFileSystem();
+      SnapshotDescriptionUtils.grantSnapshotAcl(
+        SnapshotDescriptionUtils.getCompletedSnapshotDir(snapshot, fileSystemManager.getRootDir()),
+        fileSystemManager.getFileSystem(), hTableDescriptor.getTableName(), conf);
+    }
+  }
+
   @Override
   protected Flow executeFromState(final MasterProcedureEnv env, final CloneSnapshotState state)
       throws InterruptedException {
@@ -143,6 +161,7 @@ public class CloneSnapshotProcedure
         case CLONE_SNAPSHOT_POST_OPERATION:
           postCloneSnapshot(env);
 
+          restoreSnapshotAcl(env);
           MetricsSnapshot metricsSnapshot = new MetricsSnapshot();
           metricsSnapshot.addSnapshotClone(
             getMonitorStatus().getCompletionTimestamp() - getMonitorStatus().getStartTime());

http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java
index 55d58e0..6825745 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java
@@ -680,7 +680,7 @@ public class SnapshotManager extends MasterProcedureManager implements Stoppable
    */
   private long cloneSnapshot(final SnapshotDescription reqSnapshot, final TableName tableName,
       final SnapshotDescription snapshot, final HTableDescriptor snapshotTableDesc,
-      final NonceKey nonceKey) throws IOException {
+      final NonceKey nonceKey, final boolean restoreAcl) throws IOException {
     MasterCoprocessorHost cpHost = master.getMasterCoprocessorHost();
     HTableDescriptor htd = new HTableDescriptor(tableName, snapshotTableDesc);
     if (cpHost != null) {
@@ -688,7 +688,7 @@ public class SnapshotManager extends MasterProcedureManager implements Stoppable
     }
     long procId;
     try {
-      procId = cloneSnapshot(snapshot, htd, nonceKey);
+      procId = cloneSnapshot(snapshot, htd, nonceKey, restoreAcl);
     } catch (IOException e) {
       LOG.error("Exception occurred while cloning the snapshot " + snapshot.getName()
         + " as table " + tableName.getNameAsString(), e);
@@ -712,7 +712,7 @@ public class SnapshotManager extends MasterProcedureManager implements Stoppable
    * @return procId the ID of the clone snapshot procedure
    */
   synchronized long cloneSnapshot(final SnapshotDescription snapshot,
-      final HTableDescriptor hTableDescriptor, final NonceKey nonceKey)
+      final HTableDescriptor hTableDescriptor, final NonceKey nonceKey, final boolean restoreAcl)
       throws HBaseSnapshotException {
     TableName tableName = hTableDescriptor.getTableName();
 
@@ -728,8 +728,8 @@ public class SnapshotManager extends MasterProcedureManager implements Stoppable
 
     try {
       long procId = master.getMasterProcedureExecutor().submitProcedure(
-        new CloneSnapshotProcedure(
-          master.getMasterProcedureExecutor().getEnvironment(), hTableDescriptor, snapshot),
+        new CloneSnapshotProcedure(master.getMasterProcedureExecutor().getEnvironment(),
+            hTableDescriptor, snapshot, restoreAcl),
         nonceKey);
       this.restoreTableToProcIdMap.put(tableName, procId);
       return procId;
@@ -747,8 +747,8 @@ public class SnapshotManager extends MasterProcedureManager implements Stoppable
    * @param nonceKey unique identifier to prevent duplicated RPC
    * @throws IOException
    */
-  public long restoreOrCloneSnapshot(final SnapshotDescription reqSnapshot, final NonceKey nonceKey)
-      throws IOException {
+  public long restoreOrCloneSnapshot(final SnapshotDescription reqSnapshot, final NonceKey nonceKey,
+      final boolean restoreAcl) throws IOException {
     FileSystem fs = master.getMasterFileSystem().getFileSystem();
     Path snapshotDir = SnapshotDescriptionUtils.getCompletedSnapshotDir(reqSnapshot, rootDir);
 
@@ -779,7 +779,8 @@ public class SnapshotManager extends MasterProcedureManager implements Stoppable
     if (MetaTableAccessor.tableExists(master.getConnection(), tableName)) {
       procId = restoreSnapshot(reqSnapshot, tableName, snapshot, snapshotTableDesc, nonceKey);
     } else {
-      procId = cloneSnapshot(reqSnapshot, tableName, snapshot, snapshotTableDesc, nonceKey);
+      procId =
+          cloneSnapshot(reqSnapshot, tableName, snapshot, snapshotTableDesc, nonceKey, restoreAcl);
     }
     return procId;
   }

http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/TakeSnapshotHandler.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/TakeSnapshotHandler.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/TakeSnapshotHandler.java
index 123758f..e117211 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/TakeSnapshotHandler.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/TakeSnapshotHandler.java
@@ -169,6 +169,9 @@ public abstract class TakeSnapshotHandler extends EventHandler implements Snapsh
       snapshotManifest.addTableDescriptor(this.htd);
       monitor.rethrowException();
 
+      // write down the table acl info in the working directory.
+      SnapshotDescriptionUtils.writeTableAclInfo(snapshot, workingDir, fs, conf);
+
       List<Pair<HRegionInfo, ServerName>> regionsAndLocations;
       if (TableName.META_TABLE_NAME.equals(snapshotTable)) {
         regionsAndLocations = new MetaTableLocator().getMetaRegionsAndLocations(

http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
index c1aad93..b719eba 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
@@ -461,7 +461,7 @@ public class AccessControlLists {
     return allPerms;
   }
 
-  static ListMultimap<String, TablePermission> getTablePermissions(Configuration conf,
+  public static ListMultimap<String, TablePermission> getTablePermissions(Configuration conf,
       TableName tableName) throws IOException {
     return getPermissions(conf, tableName != null ? tableName.getName() : null, null);
   }

http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-server/src/main/java/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.java
index 0a482d8..afa6d91 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.java
@@ -19,22 +19,33 @@ package org.apache.hadoop.hbase.snapshot;
 
 import java.io.FileNotFoundException;
 import java.io.IOException;
+import java.security.PrivilegedExceptionAction;
 import java.util.Collections;
+import java.util.Map.Entry;
 
+import com.google.common.collect.ListMultimap;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.fs.FSDataInputStream;
 import org.apache.hadoop.fs.FSDataOutputStream;
+import org.apache.hadoop.fs.FileStatus;
 import org.apache.hadoop.fs.FileSystem;
 import org.apache.hadoop.fs.Path;
 import org.apache.hadoop.fs.permission.FsPermission;
 import org.apache.hadoop.hbase.HConstants;
+import org.apache.hadoop.hbase.TableName;
 import org.apache.hadoop.hbase.classification.InterfaceAudience;
+import org.apache.hadoop.hbase.client.Admin;
+import org.apache.hadoop.hbase.client.Connection;
+import org.apache.hadoop.hbase.client.ConnectionFactory;
+import org.apache.hadoop.hbase.exceptions.DeserializationException;
+import org.apache.hadoop.hbase.security.access.AccessControlClient;
+import org.apache.hadoop.hbase.security.access.AccessControlLists;
+import org.apache.hadoop.hbase.security.access.TablePermission;
 import org.apache.hadoop.hbase.shaded.protobuf.ProtobufUtil;
 import org.apache.hadoop.hbase.shaded.protobuf.generated.HBaseProtos.SnapshotDescription;
 import org.apache.hadoop.hbase.security.User;
-import org.apache.hadoop.hbase.snapshot.SnapshotManifestV2;
 import org.apache.hadoop.hbase.util.EnvironmentEdgeManager;
 import org.apache.hadoop.hbase.util.FSUtils;
 
@@ -54,6 +65,7 @@ import org.apache.hadoop.hbase.util.FSUtils;
  *
  * <pre>
  * /hbase/.snapshots/completed
+ *                   .aclinfo               &lt;--- TablePermission of the origin table
  *                   .snapshotinfo          &lt;--- Description of the snapshot
  *                   .tableinfo             &lt;--- Copy of the tableinfo
  *                    /.logs
@@ -98,6 +110,7 @@ public final class SnapshotDescriptionUtils {
   public static final int SNAPSHOT_LAYOUT_VERSION = SnapshotManifestV2.DESCRIPTOR_VERSION;
 
   // snapshot directory constants
+  public static final String ACLINFO_FILE = ".aclinfo";
   /**
    * The file contains the snapshot basic information and it is under the directory of a snapshot.
    */
@@ -366,4 +379,86 @@ public final class SnapshotDescriptionUtils {
     if (!snapshot.hasOwner()) return false;
     return snapshot.getOwner().equals(user.getShortName());
   }
+
+  public static boolean isSecurityAvailable(Configuration conf) throws IOException {
+    try (Connection conn = ConnectionFactory.createConnection(conf)) {
+      try (Admin admin = conn.getAdmin()) {
+        return admin.tableExists(AccessControlLists.ACL_TABLE_NAME);
+      }
+    }
+  }
+
+  public static void writeTableAclInfo(SnapshotDescription snapshot, Path workingDir, FileSystem fs,
+      Configuration conf) throws IOException {
+    if (!isSecurityAvailable(conf)) {
+      LOG.warn("security feature is not available, skip saving .aclinfo file.");
+      return;
+    }
+
+    Path aclInfo = new Path(workingDir, SnapshotDescriptionUtils.ACLINFO_FILE);
+    ListMultimap<String, TablePermission> perms =
+        User.runAsLoginUser(new PrivilegedExceptionAction<ListMultimap<String, TablePermission>>() {
+          @Override
+          public ListMultimap<String, TablePermission> run() throws Exception {
+            return AccessControlLists.getTablePermissions(conf,
+              TableName.valueOf(snapshot.getTable()));
+          }
+        });
+    byte[] permBytes = AccessControlLists.writePermissionsAsBytes(perms, conf);
+    FsPermission fsPermission =
+        FSUtils.getFilePermissions(fs, fs.getConf(), HConstants.DATA_FILE_UMASK_KEY);
+    try {
+      FSDataOutputStream out = FSUtils.create(fs, aclInfo, fsPermission, true);
+      try {
+        LOG.debug("write .aclinfo into file, .aclinfo path: " + aclInfo + ", fsPermission: "
+            + fsPermission);
+        out.write(permBytes);
+      } finally {
+        out.close();
+      }
+    } catch (IOException e) {
+      LOG.error("write table acl info file failed: ", e);
+      // if we get an exception, try to remove the snapshot info
+      if (fs.exists(aclInfo) && !fs.delete(aclInfo, false)) {
+        String msg = "Couldn't delete table acl info file: " + aclInfo;
+        LOG.error(msg);
+        throw new IOException(msg);
+      }
+      throw e;
+    }
+  }
+
+  public static void grantSnapshotAcl(Path snapshotDir, FileSystem fs, TableName tableName,
+      Configuration conf) throws IOException {
+    Path aclInfo = new Path(snapshotDir, SnapshotDescriptionUtils.ACLINFO_FILE);
+    if (!fs.exists(aclInfo)) {
+      throw new FileNotFoundException(".aclinfo is not found: " + aclInfo);
+    }
+
+    FSDataInputStream in = null;
+    try (Connection conn = ConnectionFactory.createConnection(conf)) {
+      in = fs.open(aclInfo);
+      FileStatus status = fs.getFileStatus(aclInfo);
+      byte[] bytes = new byte[Math.toIntExact(status.getLen())];
+      int len = in.read(bytes);
+      if (len != status.getLen()) {
+        throw new IOException("read .aclinfo error, length does not match. file size: "
+            + status.getLen() + ", read length: " + len);
+      }
+      ListMultimap<String, TablePermission> perms = AccessControlLists.readPermissions(bytes, conf);
+      for (Entry<String, TablePermission> e : perms.entries()) {
+        String user = e.getKey();
+        TablePermission perm = e.getValue();
+        perm.setTableName(tableName);
+        AccessControlClient.grant(conn, perm.getTableName(), user, perm.getFamily(),
+          perm.getQualifier(), perm.getActions());
+      }
+    } catch (DeserializationException e) {
+      throw new IOException("deserialize .aclinfo bytes to object failed: ", e);
+    } catch (Throwable throwable) {
+      throw new IOException("grant .aclinfo permissions into table failed: ", throwable);
+    } finally {
+      if (in != null) in.close();
+    }
+  }
 }

http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-server/src/test/java/org/apache/hadoop/hbase/client/TestSnapshotWithAcl.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/client/TestSnapshotWithAcl.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/client/TestSnapshotWithAcl.java
new file mode 100644
index 0000000..6ece355
--- /dev/null
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/client/TestSnapshotWithAcl.java
@@ -0,0 +1,203 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.hbase.client;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.hbase.HBaseTestingUtility;
+import org.apache.hadoop.hbase.HColumnDescriptor;
+import org.apache.hadoop.hbase.HTableDescriptor;
+import org.apache.hadoop.hbase.TableName;
+import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
+import org.apache.hadoop.hbase.security.User;
+import org.apache.hadoop.hbase.security.access.AccessControlConstants;
+import org.apache.hadoop.hbase.security.access.AccessController;
+import org.apache.hadoop.hbase.security.access.Permission;
+import org.apache.hadoop.hbase.security.access.SecureTestUtil;
+import org.apache.hadoop.hbase.testclassification.ClientTests;
+import org.apache.hadoop.hbase.testclassification.MediumTests;
+import org.apache.hadoop.hbase.util.Bytes;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import java.io.IOException;
+
+@Category({ MediumTests.class, ClientTests.class })
+public class TestSnapshotWithAcl extends SecureTestUtil {
+
+  public TableName TEST_TABLE = TableName.valueOf("TestSnapshotWithAcl");
+
+  private static final int ROW_COUNT = 30000;
+
+  private static byte[] TEST_FAMILY = Bytes.toBytes("f1");
+  private static byte[] TEST_QUALIFIER = Bytes.toBytes("cq");
+  private static byte[] TEST_ROW = Bytes.toBytes("r1");
+  private static HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
+  private static Configuration conf;
+  private static HBaseAdmin admin = null;
+
+  // user is table owner. will have all permissions on table
+  private static User USER_OWNER;
+  // user with rw permissions on column family.
+  private static User USER_RW;
+  // user with read-only permissions
+  private static User USER_RO;
+  // user with none permissions
+  private static User USER_NONE;
+
+  static class AccessReadAction implements AccessTestAction {
+
+    private TableName tableName;
+
+    public AccessReadAction(TableName tableName) {
+      this.tableName = tableName;
+    }
+
+    @Override
+    public Object run() throws Exception {
+      Get g = new Get(TEST_ROW);
+      g.addFamily(TEST_FAMILY);
+      try (Connection conn = ConnectionFactory.createConnection(conf)) {
+        try (Table t = conn.getTable(tableName)) {
+          t.get(g);
+        }
+      }
+      return null;
+    }
+  };
+
+  static class AccessWriteAction implements AccessTestAction {
+    private TableName tableName;
+
+    public AccessWriteAction(TableName tableName) {
+      this.tableName = tableName;
+    }
+
+    @Override
+    public Object run() throws Exception {
+      Put p = new Put(TEST_ROW);
+      p.addColumn(TEST_FAMILY, TEST_QUALIFIER, Bytes.toBytes(1));
+      try (Connection conn = ConnectionFactory.createConnection(conf)) {
+        try (Table t = conn.getTable(tableName)) {
+          t.put(p);
+        }
+      }
+      return null;
+    }
+  }
+
+
+  @BeforeClass
+  public static void setupBeforeClass() throws Exception {
+    conf = TEST_UTIL.getConfiguration();
+    // Enable security
+    enableSecurity(conf);
+    conf.set(CoprocessorHost.REGION_COPROCESSOR_CONF_KEY, AccessController.class.getName());
+    // Verify enableSecurity sets up what we require
+    verifyConfiguration(conf);
+    // Enable EXEC permission checking
+    conf.setBoolean(AccessControlConstants.EXEC_PERMISSION_CHECKS_KEY, true);
+    TEST_UTIL.startMiniCluster();
+
+    USER_OWNER = User.createUserForTesting(conf, "owner", new String[0]);
+    USER_RW = User.createUserForTesting(conf, "rwuser", new String[0]);
+    USER_RO = User.createUserForTesting(conf, "rouser", new String[0]);
+    USER_NONE = User.createUserForTesting(conf, "usernone", new String[0]);
+  }
+
+  @Before
+  public void setUp() throws Exception {
+    admin = TEST_UTIL.getHBaseAdmin();
+    HTableDescriptor htd = new HTableDescriptor(TEST_TABLE);
+    HColumnDescriptor hcd = new HColumnDescriptor(TEST_FAMILY);
+    hcd.setMaxVersions(100);
+    htd.addFamily(hcd);
+    htd.setOwner(USER_OWNER);
+    admin.createTable(htd, new byte[][] { Bytes.toBytes("s") });
+    TEST_UTIL.waitTableEnabled(TEST_TABLE);
+
+    grantOnTable(TEST_UTIL, USER_RW.getShortName(), TEST_TABLE, TEST_FAMILY, null,
+            Permission.Action.READ, Permission.Action.WRITE);
+
+    grantOnTable(TEST_UTIL, USER_RO.getShortName(), TEST_TABLE, TEST_FAMILY, null,
+            Permission.Action.READ);
+  }
+
+  private void loadData() throws IOException {
+    try (Connection conn = ConnectionFactory.createConnection(conf)) {
+      try (Table t = conn.getTable(TEST_TABLE)) {
+        for (int i = 0; i < ROW_COUNT; i++) {
+          Put put = new Put(Bytes.toBytes(i));
+          put.addColumn(TEST_FAMILY, TEST_QUALIFIER, Bytes.toBytes(i));
+          t.put(put);
+        }
+      }
+    }
+  }
+
+  @AfterClass
+  public static void tearDownAfterClass() throws Exception {
+    TEST_UTIL.shutdownMiniCluster();
+  }
+
+  private void verifyRows(TableName tableName) throws IOException {
+    try (Connection conn = ConnectionFactory.createConnection(conf)) {
+      try (Table t = conn.getTable(tableName)) {
+        try (ResultScanner scanner = t.getScanner(new Scan())) {
+          Result result;
+          int rowCount = 0;
+          while ((result = scanner.next()) != null) {
+            byte[] value = result.getValue(TEST_FAMILY, TEST_QUALIFIER);
+            Assert.assertArrayEquals(value, Bytes.toBytes(rowCount++));
+          }
+          Assert.assertEquals(rowCount, ROW_COUNT);
+        }
+      }
+    }
+  }
+
+  @Test
+  public void testRestoreSnapshot() throws Exception {
+    verifyAllowed(new AccessReadAction(TEST_TABLE), USER_OWNER, USER_RO, USER_RW);
+    verifyDenied(new AccessWriteAction(TEST_TABLE), USER_RO, USER_NONE);
+
+    loadData();
+    verifyRows(TEST_TABLE);
+
+    String snapshotName1 = "testSnapshot1";
+    admin.snapshot(snapshotName1, TEST_TABLE);
+
+    // clone snapshot with restoreAcl true.
+    TableName tableName1 = TableName.valueOf("tableName1");
+    admin.cloneSnapshot(snapshotName1, tableName1, true);
+    verifyRows(tableName1);
+    verifyAllowed(new AccessReadAction(tableName1), USER_OWNER, USER_RO, USER_RW);
+    verifyDenied(new AccessWriteAction(tableName1), USER_RO, USER_NONE);
+
+    // clone snapshot with restoreAcl false.
+    TableName tableName2 = TableName.valueOf("tableName2");
+    admin.cloneSnapshot(snapshotName1, tableName2, false);
+    verifyRows(tableName2);
+    verifyAllowed(new AccessReadAction(tableName2), USER_OWNER);
+    verifyDenied(new AccessWriteAction(tableName2), USER_RO, USER_RW, USER_NONE);
+  }
+}

http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
index 1dd1c3a..1d1a936 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
@@ -167,7 +167,7 @@ public class SecureTestUtil {
    * To indicate the action was not allowed, either throw an AccessDeniedException
    * or return an empty list of KeyValues.
    */
-  static interface AccessTestAction extends PrivilegedExceptionAction<Object> { }
+  protected static interface AccessTestAction extends PrivilegedExceptionAction<Object> { }
 
   /** This fails only in case of ADE or empty list for any of the actions. */
   public static void verifyAllowed(User user, AccessTestAction... actions) throws Exception {

http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-shell/src/main/ruby/hbase/admin.rb
----------------------------------------------------------------------
diff --git a/hbase-shell/src/main/ruby/hbase/admin.rb b/hbase-shell/src/main/ruby/hbase/admin.rb
index 2db89b7..b16c868 100644
--- a/hbase-shell/src/main/ruby/hbase/admin.rb
+++ b/hbase-shell/src/main/ruby/hbase/admin.rb
@@ -978,8 +978,8 @@ module Hbase
 
     #----------------------------------------------------------------------------------------------
     # Create a new table by cloning the snapshot content
-    def clone_snapshot(snapshot_name, table)
-      @admin.cloneSnapshot(snapshot_name, TableName.valueOf(table))
+    def clone_snapshot(snapshot_name, table, restore_acl = false)
+      @admin.cloneSnapshot(snapshot_name, TableName.valueOf(table), restore_acl)
     end
 
     #----------------------------------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-shell/src/main/ruby/hbase_constants.rb
----------------------------------------------------------------------
diff --git a/hbase-shell/src/main/ruby/hbase_constants.rb b/hbase-shell/src/main/ruby/hbase_constants.rb
index 55ae9e7..52819c0 100644
--- a/hbase-shell/src/main/ruby/hbase_constants.rb
+++ b/hbase-shell/src/main/ruby/hbase_constants.rb
@@ -83,6 +83,7 @@ module HBaseConstants
   DATA = 'DATA'
   SERVER_NAME = 'SERVER_NAME'
   LOCALITY_THRESHOLD = 'LOCALITY_THRESHOLD'
+  RESTORE_ACL = 'RESTORE_ACL'
 
   # Load constants from hbase java API
   def self.promote_constants(constants)

http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-shell/src/main/ruby/shell/commands/clone_snapshot.rb
----------------------------------------------------------------------
diff --git a/hbase-shell/src/main/ruby/shell/commands/clone_snapshot.rb b/hbase-shell/src/main/ruby/shell/commands/clone_snapshot.rb
index c57e87f..f95c652 100644
--- a/hbase-shell/src/main/ruby/shell/commands/clone_snapshot.rb
+++ b/hbase-shell/src/main/ruby/shell/commands/clone_snapshot.rb
@@ -28,11 +28,18 @@ And writing on the newly created table will not influence the snapshot data.
 Examples:
   hbase> clone_snapshot 'snapshotName', 'tableName'
   hbase> clone_snapshot 'snapshotName', 'namespace:tableName'
+
+Following command will restore all acl from origin snapshot table into the
+newly created table.
+
+  hbase> clone_snapshot 'snapshotName', 'namespace:tableName', {RESTORE_ACL=>true}
 EOF
       end
 
-      def command(snapshot_name, table)
-        admin.clone_snapshot(snapshot_name, table)
+      def command(snapshot_name, table, args = {})
+        raise(ArgumentError, "Arguments should be a Hash") unless args.kind_of?(Hash)
+        restore_acl = args.delete(RESTORE_ACL) || false
+        admin.clone_snapshot(snapshot_name, table, restore_acl)
       end
 
       def handle_exceptions(cause, *args)

http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-shell/src/test/java/org/apache/hadoop/hbase/client/TestReplicationShell.java
----------------------------------------------------------------------
diff --git a/hbase-shell/src/test/java/org/apache/hadoop/hbase/client/TestReplicationShell.java b/hbase-shell/src/test/java/org/apache/hadoop/hbase/client/TestReplicationShell.java
index 04fbc7a..4279d89 100644
--- a/hbase-shell/src/test/java/org/apache/hadoop/hbase/client/TestReplicationShell.java
+++ b/hbase-shell/src/test/java/org/apache/hadoop/hbase/client/TestReplicationShell.java
@@ -23,7 +23,6 @@ import org.apache.hadoop.hbase.testclassification.ClientTests;
 import org.apache.hadoop.hbase.testclassification.LargeTests;
 import org.jruby.embed.PathType;
 import org.junit.Test;
-import org.junit.Ignore;
 import org.junit.experimental.categories.Category;
 
 @Category({ ClientTests.class, LargeTests.class })


Mime
View raw message