Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id C3D88200C6F for ; Tue, 9 May 2017 18:32:34 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id C276B160BB6; Tue, 9 May 2017 16:32:34 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 96429160B9A for ; Tue, 9 May 2017 18:32:32 +0200 (CEST) Received: (qmail 61629 invoked by uid 500); 9 May 2017 16:32:31 -0000 Mailing-List: contact commits-help@hbase.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@hbase.apache.org Delivered-To: mailing list commits@hbase.apache.org Received: (qmail 61620 invoked by uid 99); 9 May 2017 16:32:31 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 09 May 2017 16:32:31 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 9E269DFDAC; Tue, 9 May 2017 16:32:31 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: tedyu@apache.org To: commits@hbase.apache.org Message-Id: <03d2083912ce46bf9cbb3cbf3f5d3e49@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: hbase git commit: HBASE-11013: Clone Snapshots on Secure Cluster Should provide option to apply Retained User Permissions Date: Tue, 9 May 2017 16:32:31 +0000 (UTC) archived-at: Tue, 09 May 2017 16:32:35 -0000 Repository: hbase Updated Branches: refs/heads/master ac1024af2 -> 951b23a44 HBASE-11013: Clone Snapshots on Secure Cluster Should provide option to apply Retained User Permissions Signed-off-by: tedyu Project: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/951b23a4 Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/951b23a4 Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/951b23a4 Branch: refs/heads/master Commit: 951b23a44cd90ae4afed9b255de0e678fbfba946 Parents: ac1024a Author: huzheng Authored: Mon May 8 21:01:47 2017 +0800 Committer: tedyu Committed: Tue May 9 09:32:48 2017 -0700 ---------------------------------------------------------------------- .../org/apache/hadoop/hbase/client/Admin.java | 13 + .../apache/hadoop/hbase/client/HBaseAdmin.java | 25 +- .../hbase/security/access/TablePermission.java | 4 + .../shaded/protobuf/generated/MasterProtos.java | 597 +++++++++++-------- .../src/main/protobuf/Master.proto | 1 + .../org/apache/hadoop/hbase/master/HMaster.java | 5 +- .../hadoop/hbase/master/MasterRpcServices.java | 4 +- .../procedure/CloneSnapshotProcedure.java | 21 +- .../hbase/master/snapshot/SnapshotManager.java | 17 +- .../master/snapshot/TakeSnapshotHandler.java | 3 + .../security/access/AccessControlLists.java | 2 +- .../snapshot/SnapshotDescriptionUtils.java | 97 ++- .../hbase/client/TestSnapshotWithAcl.java | 203 +++++++ .../hbase/security/access/SecureTestUtil.java | 2 +- hbase-shell/src/main/ruby/hbase/admin.rb | 4 +- hbase-shell/src/main/ruby/hbase_constants.rb | 1 + .../main/ruby/shell/commands/clone_snapshot.rb | 11 +- .../hbase/client/TestReplicationShell.java | 1 - 18 files changed, 727 insertions(+), 284 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Admin.java ---------------------------------------------------------------------- diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Admin.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Admin.java index 8a9dc61..414c5ac 100644 --- a/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Admin.java +++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/client/Admin.java @@ -1534,6 +1534,19 @@ public interface Admin extends Abortable, Closeable { /** * Create a new table by cloning the snapshot content. + * @param snapshotName name of the snapshot to be cloned + * @param tableName name of the table where the snapshot will be restored + * @param restoreAcl true to clone acl into newly created table + * @throws IOException if a remote or network exception occurs + * @throws TableExistsException if table to be created already exists + * @throws RestoreSnapshotException if snapshot failed to be cloned + * @throws IllegalArgumentException if the specified table has not a valid name + */ + void cloneSnapshot(final String snapshotName, final TableName tableName, final boolean restoreAcl) + throws IOException, TableExistsException, RestoreSnapshotException; + + /** + * Create a new table by cloning the snapshot content. * * @param snapshotName name of the snapshot to be cloned * @param tableName name of the table where the snapshot will be restored http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-client/src/main/java/org/apache/hadoop/hbase/client/HBaseAdmin.java ---------------------------------------------------------------------- diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/client/HBaseAdmin.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/client/HBaseAdmin.java index 0c62688..ac5c239 100644 --- a/hbase-client/src/main/java/org/apache/hadoop/hbase/client/HBaseAdmin.java +++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/client/HBaseAdmin.java @@ -2572,7 +2572,7 @@ public class HBaseAdmin implements Admin { try { // Restore snapshot get( - internalRestoreSnapshotAsync(snapshotName, tableName), + internalRestoreSnapshotAsync(snapshotName, tableName, false), syncWaitTimeout, TimeUnit.MILLISECONDS); } catch (IOException e) { @@ -2581,7 +2581,7 @@ public class HBaseAdmin implements Admin { if (takeFailSafeSnapshot) { try { get( - internalRestoreSnapshotAsync(failSafeSnapshotSnapshotName, tableName), + internalRestoreSnapshotAsync(failSafeSnapshotSnapshotName, tableName, false), syncWaitTimeout, TimeUnit.MILLISECONDS); String msg = "Restore snapshot=" + snapshotName + @@ -2624,7 +2624,7 @@ public class HBaseAdmin implements Admin { throw new TableNotDisabledException(tableName); } - return internalRestoreSnapshotAsync(snapshotName, tableName); + return internalRestoreSnapshotAsync(snapshotName, tableName, false); } @Override @@ -2634,24 +2634,30 @@ public class HBaseAdmin implements Admin { } @Override - public void cloneSnapshot(final String snapshotName, final TableName tableName) + public void cloneSnapshot(String snapshotName, TableName tableName, boolean restoreAcl) throws IOException, TableExistsException, RestoreSnapshotException { if (tableExists(tableName)) { throw new TableExistsException(tableName); } get( - internalRestoreSnapshotAsync(snapshotName, tableName), + internalRestoreSnapshotAsync(snapshotName, tableName, restoreAcl), Integer.MAX_VALUE, TimeUnit.MILLISECONDS); } @Override + public void cloneSnapshot(final String snapshotName, final TableName tableName) + throws IOException, TableExistsException, RestoreSnapshotException { + cloneSnapshot(snapshotName, tableName, false); + } + + @Override public Future cloneSnapshotAsync(final String snapshotName, final TableName tableName) throws IOException, TableExistsException { if (tableExists(tableName)) { throw new TableExistsException(tableName); } - return internalRestoreSnapshotAsync(snapshotName, tableName); + return internalRestoreSnapshotAsync(snapshotName, tableName, false); } @Override @@ -2739,9 +2745,9 @@ public class HBaseAdmin implements Admin { * @throws RestoreSnapshotException if snapshot failed to be restored * @throws IllegalArgumentException if the restore request is formatted incorrectly */ - private Future internalRestoreSnapshotAsync( - final String snapshotName, - final TableName tableName) throws IOException, RestoreSnapshotException { + private Future internalRestoreSnapshotAsync(final String snapshotName, + final TableName tableName, final boolean restoreAcl) + throws IOException, RestoreSnapshotException { final HBaseProtos.SnapshotDescription snapshot = HBaseProtos.SnapshotDescription.newBuilder() .setName(snapshotName).setTable(tableName.getNameAsString()).build(); @@ -2756,6 +2762,7 @@ public class HBaseAdmin implements Admin { .setSnapshot(snapshot) .setNonceGroup(ng.getNonceGroup()) .setNonce(ng.newNonce()) + .setRestoreACL(restoreAcl) .build(); return master.restoreSnapshot(getRpcController(), request); } http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java ---------------------------------------------------------------------- diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java index 4804b30..8e88a8c 100644 --- a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java +++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/TablePermission.java @@ -155,6 +155,10 @@ public class TablePermission extends Permission { return table; } + public void setTableName(TableName table) { + this.table = table; + } + public boolean hasFamily() { return family != null; } http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-protocol-shaded/src/main/java/org/apache/hadoop/hbase/shaded/protobuf/generated/MasterProtos.java ---------------------------------------------------------------------- diff --git a/hbase-protocol-shaded/src/main/java/org/apache/hadoop/hbase/shaded/protobuf/generated/MasterProtos.java b/hbase-protocol-shaded/src/main/java/org/apache/hadoop/hbase/shaded/protobuf/generated/MasterProtos.java index e4ce4cb..76dee12 100644 --- a/hbase-protocol-shaded/src/main/java/org/apache/hadoop/hbase/shaded/protobuf/generated/MasterProtos.java +++ b/hbase-protocol-shaded/src/main/java/org/apache/hadoop/hbase/shaded/protobuf/generated/MasterProtos.java @@ -44884,6 +44884,15 @@ public final class MasterProtos { * optional uint64 nonce = 3 [default = 0]; */ long getNonce(); + + /** + * optional bool restoreACL = 4 [default = false]; + */ + boolean hasRestoreACL(); + /** + * optional bool restoreACL = 4 [default = false]; + */ + boolean getRestoreACL(); } /** * Protobuf type {@code hbase.pb.RestoreSnapshotRequest} @@ -44899,6 +44908,7 @@ public final class MasterProtos { private RestoreSnapshotRequest() { nonceGroup_ = 0L; nonce_ = 0L; + restoreACL_ = false; } @java.lang.Override @@ -44952,6 +44962,11 @@ public final class MasterProtos { nonce_ = input.readUInt64(); break; } + case 32: { + bitField0_ |= 0x00000008; + restoreACL_ = input.readBool(); + break; + } } } } catch (org.apache.hadoop.hbase.shaded.com.google.protobuf.InvalidProtocolBufferException e) { @@ -45028,6 +45043,21 @@ public final class MasterProtos { return nonce_; } + public static final int RESTOREACL_FIELD_NUMBER = 4; + private boolean restoreACL_; + /** + * optional bool restoreACL = 4 [default = false]; + */ + public boolean hasRestoreACL() { + return ((bitField0_ & 0x00000008) == 0x00000008); + } + /** + * optional bool restoreACL = 4 [default = false]; + */ + public boolean getRestoreACL() { + return restoreACL_; + } + private byte memoizedIsInitialized = -1; public final boolean isInitialized() { byte isInitialized = memoizedIsInitialized; @@ -45057,6 +45087,9 @@ public final class MasterProtos { if (((bitField0_ & 0x00000004) == 0x00000004)) { output.writeUInt64(3, nonce_); } + if (((bitField0_ & 0x00000008) == 0x00000008)) { + output.writeBool(4, restoreACL_); + } unknownFields.writeTo(output); } @@ -45077,6 +45110,10 @@ public final class MasterProtos { size += org.apache.hadoop.hbase.shaded.com.google.protobuf.CodedOutputStream .computeUInt64Size(3, nonce_); } + if (((bitField0_ & 0x00000008) == 0x00000008)) { + size += org.apache.hadoop.hbase.shaded.com.google.protobuf.CodedOutputStream + .computeBoolSize(4, restoreACL_); + } size += unknownFields.getSerializedSize(); memoizedSize = size; return size; @@ -45109,6 +45146,11 @@ public final class MasterProtos { result = result && (getNonce() == other.getNonce()); } + result = result && (hasRestoreACL() == other.hasRestoreACL()); + if (hasRestoreACL()) { + result = result && (getRestoreACL() + == other.getRestoreACL()); + } result = result && unknownFields.equals(other.unknownFields); return result; } @@ -45134,6 +45176,11 @@ public final class MasterProtos { hash = (53 * hash) + org.apache.hadoop.hbase.shaded.com.google.protobuf.Internal.hashLong( getNonce()); } + if (hasRestoreACL()) { + hash = (37 * hash) + RESTOREACL_FIELD_NUMBER; + hash = (53 * hash) + org.apache.hadoop.hbase.shaded.com.google.protobuf.Internal.hashBoolean( + getRestoreACL()); + } hash = (29 * hash) + unknownFields.hashCode(); memoizedHashCode = hash; return hash; @@ -45263,6 +45310,8 @@ public final class MasterProtos { bitField0_ = (bitField0_ & ~0x00000002); nonce_ = 0L; bitField0_ = (bitField0_ & ~0x00000004); + restoreACL_ = false; + bitField0_ = (bitField0_ & ~0x00000008); return this; } @@ -45303,6 +45352,10 @@ public final class MasterProtos { to_bitField0_ |= 0x00000004; } result.nonce_ = nonce_; + if (((from_bitField0_ & 0x00000008) == 0x00000008)) { + to_bitField0_ |= 0x00000008; + } + result.restoreACL_ = restoreACL_; result.bitField0_ = to_bitField0_; onBuilt(); return result; @@ -45354,6 +45407,9 @@ public final class MasterProtos { if (other.hasNonce()) { setNonce(other.getNonce()); } + if (other.hasRestoreACL()) { + setRestoreACL(other.getRestoreACL()); + } this.mergeUnknownFields(other.unknownFields); onChanged(); return this; @@ -45569,6 +45625,38 @@ public final class MasterProtos { onChanged(); return this; } + + private boolean restoreACL_ ; + /** + * optional bool restoreACL = 4 [default = false]; + */ + public boolean hasRestoreACL() { + return ((bitField0_ & 0x00000008) == 0x00000008); + } + /** + * optional bool restoreACL = 4 [default = false]; + */ + public boolean getRestoreACL() { + return restoreACL_; + } + /** + * optional bool restoreACL = 4 [default = false]; + */ + public Builder setRestoreACL(boolean value) { + bitField0_ |= 0x00000008; + restoreACL_ = value; + onChanged(); + return this; + } + /** + * optional bool restoreACL = 4 [default = false]; + */ + public Builder clearRestoreACL() { + bitField0_ = (bitField0_ & ~0x00000008); + restoreACL_ = false; + onChanged(); + return this; + } public final Builder setUnknownFields( final org.apache.hadoop.hbase.shaded.com.google.protobuf.UnknownFieldSet unknownFields) { return super.setUnknownFields(unknownFields); @@ -77796,259 +77884,260 @@ public final class MasterProtos { "base.pb.SnapshotDescription\"H\n\025DeleteSna" + "pshotRequest\022/\n\010snapshot\030\001 \002(\0132\035.hbase.p" + "b.SnapshotDescription\"\030\n\026DeleteSnapshotR", - "esponse\"s\n\026RestoreSnapshotRequest\022/\n\010sna" + - "pshot\030\001 \002(\0132\035.hbase.pb.SnapshotDescripti" + - "on\022\026\n\013nonce_group\030\002 \001(\004:\0010\022\020\n\005nonce\030\003 \001(" + - "\004:\0010\"*\n\027RestoreSnapshotResponse\022\017\n\007proc_" + - "id\030\001 \002(\004\"H\n\025IsSnapshotDoneRequest\022/\n\010sna" + - "pshot\030\001 \001(\0132\035.hbase.pb.SnapshotDescripti" + - "on\"^\n\026IsSnapshotDoneResponse\022\023\n\004done\030\001 \001" + - "(\010:\005false\022/\n\010snapshot\030\002 \001(\0132\035.hbase.pb.S" + - "napshotDescription\"O\n\034IsRestoreSnapshotD" + - "oneRequest\022/\n\010snapshot\030\001 \001(\0132\035.hbase.pb.", - "SnapshotDescription\"4\n\035IsRestoreSnapshot" + - "DoneResponse\022\023\n\004done\030\001 \001(\010:\005false\"F\n\033Get" + - "SchemaAlterStatusRequest\022\'\n\ntable_name\030\001" + - " \002(\0132\023.hbase.pb.TableName\"T\n\034GetSchemaAl" + - "terStatusResponse\022\035\n\025yet_to_update_regio" + - "ns\030\001 \001(\r\022\025\n\rtotal_regions\030\002 \001(\r\"\213\001\n\032GetT" + - "ableDescriptorsRequest\022(\n\013table_names\030\001 " + - "\003(\0132\023.hbase.pb.TableName\022\r\n\005regex\030\002 \001(\t\022" + - "!\n\022include_sys_tables\030\003 \001(\010:\005false\022\021\n\tna" + - "mespace\030\004 \001(\t\"J\n\033GetTableDescriptorsResp", - "onse\022+\n\014table_schema\030\001 \003(\0132\025.hbase.pb.Ta" + - "bleSchema\"[\n\024GetTableNamesRequest\022\r\n\005reg" + - "ex\030\001 \001(\t\022!\n\022include_sys_tables\030\002 \001(\010:\005fa" + - "lse\022\021\n\tnamespace\030\003 \001(\t\"A\n\025GetTableNamesR" + - "esponse\022(\n\013table_names\030\001 \003(\0132\023.hbase.pb." + - "TableName\"?\n\024GetTableStateRequest\022\'\n\ntab" + - "le_name\030\001 \002(\0132\023.hbase.pb.TableName\"B\n\025Ge" + - "tTableStateResponse\022)\n\013table_state\030\001 \002(\013" + - "2\024.hbase.pb.TableState\"\031\n\027GetClusterStat" + - "usRequest\"K\n\030GetClusterStatusResponse\022/\n", - "\016cluster_status\030\001 \002(\0132\027.hbase.pb.Cluster" + - "Status\"\030\n\026IsMasterRunningRequest\"4\n\027IsMa" + - "sterRunningResponse\022\031\n\021is_master_running" + - "\030\001 \002(\010\"I\n\024ExecProcedureRequest\0221\n\tproced" + - "ure\030\001 \002(\0132\036.hbase.pb.ProcedureDescriptio" + - "n\"F\n\025ExecProcedureResponse\022\030\n\020expected_t" + - "imeout\030\001 \001(\003\022\023\n\013return_data\030\002 \001(\014\"K\n\026IsP" + - "rocedureDoneRequest\0221\n\tprocedure\030\001 \001(\0132\036" + - ".hbase.pb.ProcedureDescription\"`\n\027IsProc" + - "edureDoneResponse\022\023\n\004done\030\001 \001(\010:\005false\0220", - "\n\010snapshot\030\002 \001(\0132\036.hbase.pb.ProcedureDes" + - "cription\",\n\031GetProcedureResultRequest\022\017\n" + - "\007proc_id\030\001 \002(\004\"\375\001\n\032GetProcedureResultRes" + - "ponse\0229\n\005state\030\001 \002(\0162*.hbase.pb.GetProce" + - "dureResultResponse.State\022\026\n\016submitted_ti" + - "me\030\002 \001(\004\022\023\n\013last_update\030\003 \001(\004\022\016\n\006result\030" + - "\004 \001(\014\0224\n\texception\030\005 \001(\0132!.hbase.pb.Fore" + - "ignExceptionMessage\"1\n\005State\022\r\n\tNOT_FOUN" + - "D\020\000\022\013\n\007RUNNING\020\001\022\014\n\010FINISHED\020\002\"M\n\025AbortP" + - "rocedureRequest\022\017\n\007proc_id\030\001 \002(\004\022#\n\025mayI", - "nterruptIfRunning\030\002 \001(\010:\004true\"6\n\026AbortPr" + - "ocedureResponse\022\034\n\024is_procedure_aborted\030" + - "\001 \002(\010\"\027\n\025ListProceduresRequest\"@\n\026ListPr" + - "oceduresResponse\022&\n\tprocedure\030\001 \003(\0132\023.hb" + - "ase.pb.Procedure\"\022\n\020ListLocksRequest\"5\n\021" + - "ListLocksResponse\022 \n\004lock\030\001 \003(\0132\022.hbase." + - "pb.LockInfo\"\315\001\n\017SetQuotaRequest\022\021\n\tuser_" + - "name\030\001 \001(\t\022\022\n\nuser_group\030\002 \001(\t\022\021\n\tnamesp" + - "ace\030\003 \001(\t\022\'\n\ntable_name\030\004 \001(\0132\023.hbase.pb" + - ".TableName\022\022\n\nremove_all\030\005 \001(\010\022\026\n\016bypass", - "_globals\030\006 \001(\010\022+\n\010throttle\030\007 \001(\0132\031.hbase" + - ".pb.ThrottleRequest\"\022\n\020SetQuotaResponse\"" + - "J\n\037MajorCompactionTimestampRequest\022\'\n\nta" + - "ble_name\030\001 \002(\0132\023.hbase.pb.TableName\"U\n(M" + - "ajorCompactionTimestampForRegionRequest\022" + - ")\n\006region\030\001 \002(\0132\031.hbase.pb.RegionSpecifi" + - "er\"@\n MajorCompactionTimestampResponse\022\034" + - "\n\024compaction_timestamp\030\001 \002(\003\"\035\n\033Security" + - "CapabilitiesRequest\"\354\001\n\034SecurityCapabili" + - "tiesResponse\022G\n\014capabilities\030\001 \003(\01621.hba", - "se.pb.SecurityCapabilitiesResponse.Capab" + - "ility\"\202\001\n\nCapability\022\031\n\025SIMPLE_AUTHENTIC" + - "ATION\020\000\022\031\n\025SECURE_AUTHENTICATION\020\001\022\021\n\rAU" + - "THORIZATION\020\002\022\026\n\022CELL_AUTHORIZATION\020\003\022\023\n" + - "\017CELL_VISIBILITY\020\004\"\"\n ListDrainingRegion" + - "ServersRequest\"N\n!ListDrainingRegionServ" + - "ersResponse\022)\n\013server_name\030\001 \003(\0132\024.hbase" + - ".pb.ServerName\"F\n\031DrainRegionServersRequ" + - "est\022)\n\013server_name\030\001 \003(\0132\024.hbase.pb.Serv" + - "erName\"\034\n\032DrainRegionServersResponse\"P\n#", - "RemoveDrainFromRegionServersRequest\022)\n\013s" + - "erver_name\030\001 \003(\0132\024.hbase.pb.ServerName\"&" + - "\n$RemoveDrainFromRegionServersResponse*(" + - "\n\020MasterSwitchType\022\t\n\005SPLIT\020\000\022\t\n\005MERGE\020\001" + - "2\2074\n\rMasterService\022e\n\024GetSchemaAlterStat" + - "us\022%.hbase.pb.GetSchemaAlterStatusReques" + - "t\032&.hbase.pb.GetSchemaAlterStatusRespons" + - "e\022b\n\023GetTableDescriptors\022$.hbase.pb.GetT" + - "ableDescriptorsRequest\032%.hbase.pb.GetTab" + - "leDescriptorsResponse\022P\n\rGetTableNames\022\036", - ".hbase.pb.GetTableNamesRequest\032\037.hbase.p" + - "b.GetTableNamesResponse\022Y\n\020GetClusterSta" + - "tus\022!.hbase.pb.GetClusterStatusRequest\032\"" + - ".hbase.pb.GetClusterStatusResponse\022V\n\017Is" + - "MasterRunning\022 .hbase.pb.IsMasterRunning" + - "Request\032!.hbase.pb.IsMasterRunningRespon" + - "se\022D\n\tAddColumn\022\032.hbase.pb.AddColumnRequ" + - "est\032\033.hbase.pb.AddColumnResponse\022M\n\014Dele" + - "teColumn\022\035.hbase.pb.DeleteColumnRequest\032" + - "\036.hbase.pb.DeleteColumnResponse\022M\n\014Modif", - "yColumn\022\035.hbase.pb.ModifyColumnRequest\032\036" + - ".hbase.pb.ModifyColumnResponse\022G\n\nMoveRe" + - "gion\022\033.hbase.pb.MoveRegionRequest\032\034.hbas" + - "e.pb.MoveRegionResponse\022\\\n\021MergeTableReg" + - "ions\022\".hbase.pb.MergeTableRegionsRequest" + - "\032#.hbase.pb.MergeTableRegionsResponse\022M\n" + - "\014AssignRegion\022\035.hbase.pb.AssignRegionReq" + - "uest\032\036.hbase.pb.AssignRegionResponse\022S\n\016" + - "UnassignRegion\022\037.hbase.pb.UnassignRegion" + - "Request\032 .hbase.pb.UnassignRegionRespons", - "e\022P\n\rOfflineRegion\022\036.hbase.pb.OfflineReg" + - "ionRequest\032\037.hbase.pb.OfflineRegionRespo" + - "nse\022J\n\013DeleteTable\022\034.hbase.pb.DeleteTabl" + - "eRequest\032\035.hbase.pb.DeleteTableResponse\022" + - "P\n\rtruncateTable\022\036.hbase.pb.TruncateTabl" + - "eRequest\032\037.hbase.pb.TruncateTableRespons" + - "e\022J\n\013EnableTable\022\034.hbase.pb.EnableTableR" + - "equest\032\035.hbase.pb.EnableTableResponse\022M\n" + - "\014DisableTable\022\035.hbase.pb.DisableTableReq" + - "uest\032\036.hbase.pb.DisableTableResponse\022J\n\013", - "ModifyTable\022\034.hbase.pb.ModifyTableReques" + - "t\032\035.hbase.pb.ModifyTableResponse\022J\n\013Crea" + - "teTable\022\034.hbase.pb.CreateTableRequest\032\035." + - "hbase.pb.CreateTableResponse\022A\n\010Shutdown" + - "\022\031.hbase.pb.ShutdownRequest\032\032.hbase.pb.S" + - "hutdownResponse\022G\n\nStopMaster\022\033.hbase.pb" + - ".StopMasterRequest\032\034.hbase.pb.StopMaster" + - "Response\022h\n\031IsMasterInMaintenanceMode\022$." + - "hbase.pb.IsInMaintenanceModeRequest\032%.hb" + - "ase.pb.IsInMaintenanceModeResponse\022>\n\007Ba", - "lance\022\030.hbase.pb.BalanceRequest\032\031.hbase." + - "pb.BalanceResponse\022_\n\022SetBalancerRunning" + - "\022#.hbase.pb.SetBalancerRunningRequest\032$." + - "hbase.pb.SetBalancerRunningResponse\022\\\n\021I" + - "sBalancerEnabled\022\".hbase.pb.IsBalancerEn" + - "abledRequest\032#.hbase.pb.IsBalancerEnable" + - "dResponse\022k\n\026SetSplitOrMergeEnabled\022\'.hb" + - "ase.pb.SetSplitOrMergeEnabledRequest\032(.h" + - "base.pb.SetSplitOrMergeEnabledResponse\022h" + - "\n\025IsSplitOrMergeEnabled\022&.hbase.pb.IsSpl", - "itOrMergeEnabledRequest\032\'.hbase.pb.IsSpl" + - "itOrMergeEnabledResponse\022D\n\tNormalize\022\032." + - "hbase.pb.NormalizeRequest\032\033.hbase.pb.Nor" + - "malizeResponse\022e\n\024SetNormalizerRunning\022%" + - ".hbase.pb.SetNormalizerRunningRequest\032&." + - "hbase.pb.SetNormalizerRunningResponse\022b\n" + - "\023IsNormalizerEnabled\022$.hbase.pb.IsNormal" + - "izerEnabledRequest\032%.hbase.pb.IsNormaliz" + - "erEnabledResponse\022S\n\016RunCatalogScan\022\037.hb" + - "ase.pb.RunCatalogScanRequest\032 .hbase.pb.", - "RunCatalogScanResponse\022e\n\024EnableCatalogJ" + - "anitor\022%.hbase.pb.EnableCatalogJanitorRe" + - "quest\032&.hbase.pb.EnableCatalogJanitorRes" + - "ponse\022n\n\027IsCatalogJanitorEnabled\022(.hbase" + - ".pb.IsCatalogJanitorEnabledRequest\032).hba" + - "se.pb.IsCatalogJanitorEnabledResponse\022V\n" + - "\017RunCleanerChore\022 .hbase.pb.RunCleanerCh" + - "oreRequest\032!.hbase.pb.RunCleanerChoreRes" + - "ponse\022k\n\026SetCleanerChoreRunning\022\'.hbase." + - "pb.SetCleanerChoreRunningRequest\032(.hbase", - ".pb.SetCleanerChoreRunningResponse\022h\n\025Is" + - "CleanerChoreEnabled\022&.hbase.pb.IsCleaner" + - "ChoreEnabledRequest\032\'.hbase.pb.IsCleaner" + - "ChoreEnabledResponse\022^\n\021ExecMasterServic" + - "e\022#.hbase.pb.CoprocessorServiceRequest\032$" + - ".hbase.pb.CoprocessorServiceResponse\022A\n\010" + - "Snapshot\022\031.hbase.pb.SnapshotRequest\032\032.hb" + - "ase.pb.SnapshotResponse\022h\n\025GetCompletedS" + - "napshots\022&.hbase.pb.GetCompletedSnapshot" + - "sRequest\032\'.hbase.pb.GetCompletedSnapshot", - "sResponse\022S\n\016DeleteSnapshot\022\037.hbase.pb.D" + - "eleteSnapshotRequest\032 .hbase.pb.DeleteSn" + - "apshotResponse\022S\n\016IsSnapshotDone\022\037.hbase" + - ".pb.IsSnapshotDoneRequest\032 .hbase.pb.IsS" + - "napshotDoneResponse\022V\n\017RestoreSnapshot\022 " + - ".hbase.pb.RestoreSnapshotRequest\032!.hbase" + - ".pb.RestoreSnapshotResponse\022P\n\rExecProce" + - "dure\022\036.hbase.pb.ExecProcedureRequest\032\037.h" + - "base.pb.ExecProcedureResponse\022W\n\024ExecPro" + - "cedureWithRet\022\036.hbase.pb.ExecProcedureRe", - "quest\032\037.hbase.pb.ExecProcedureResponse\022V" + - "\n\017IsProcedureDone\022 .hbase.pb.IsProcedure" + - "DoneRequest\032!.hbase.pb.IsProcedureDoneRe" + - "sponse\022V\n\017ModifyNamespace\022 .hbase.pb.Mod" + - "ifyNamespaceRequest\032!.hbase.pb.ModifyNam" + - "espaceResponse\022V\n\017CreateNamespace\022 .hbas" + - "e.pb.CreateNamespaceRequest\032!.hbase.pb.C" + - "reateNamespaceResponse\022V\n\017DeleteNamespac" + - "e\022 .hbase.pb.DeleteNamespaceRequest\032!.hb" + - "ase.pb.DeleteNamespaceResponse\022k\n\026GetNam", - "espaceDescriptor\022\'.hbase.pb.GetNamespace" + - "DescriptorRequest\032(.hbase.pb.GetNamespac" + - "eDescriptorResponse\022q\n\030ListNamespaceDesc" + - "riptors\022).hbase.pb.ListNamespaceDescript" + - "orsRequest\032*.hbase.pb.ListNamespaceDescr" + - "iptorsResponse\022\206\001\n\037ListTableDescriptorsB" + - "yNamespace\0220.hbase.pb.ListTableDescripto" + - "rsByNamespaceRequest\0321.hbase.pb.ListTabl" + - "eDescriptorsByNamespaceResponse\022t\n\031ListT" + - "ableNamesByNamespace\022*.hbase.pb.ListTabl", - "eNamesByNamespaceRequest\032+.hbase.pb.List" + - "TableNamesByNamespaceResponse\022P\n\rGetTabl" + - "eState\022\036.hbase.pb.GetTableStateRequest\032\037" + - ".hbase.pb.GetTableStateResponse\022A\n\010SetQu" + - "ota\022\031.hbase.pb.SetQuotaRequest\032\032.hbase.p" + - "b.SetQuotaResponse\022x\n\037getLastMajorCompac" + - "tionTimestamp\022).hbase.pb.MajorCompaction" + - "TimestampRequest\032*.hbase.pb.MajorCompact" + - "ionTimestampResponse\022\212\001\n(getLastMajorCom" + - "pactionTimestampForRegion\0222.hbase.pb.Maj", - "orCompactionTimestampForRegionRequest\032*." + - "hbase.pb.MajorCompactionTimestampRespons" + - "e\022_\n\022getProcedureResult\022#.hbase.pb.GetPr" + - "ocedureResultRequest\032$.hbase.pb.GetProce" + - "dureResultResponse\022h\n\027getSecurityCapabil" + - "ities\022%.hbase.pb.SecurityCapabilitiesReq" + - "uest\032&.hbase.pb.SecurityCapabilitiesResp" + - "onse\022S\n\016AbortProcedure\022\037.hbase.pb.AbortP" + - "rocedureRequest\032 .hbase.pb.AbortProcedur" + - "eResponse\022S\n\016ListProcedures\022\037.hbase.pb.L", - "istProceduresRequest\032 .hbase.pb.ListProc" + - "eduresResponse\022D\n\tListLocks\022\032.hbase.pb.L" + - "istLocksRequest\032\033.hbase.pb.ListLocksResp" + - "onse\022_\n\022AddReplicationPeer\022#.hbase.pb.Ad" + - "dReplicationPeerRequest\032$.hbase.pb.AddRe" + - "plicationPeerResponse\022h\n\025RemoveReplicati" + - "onPeer\022&.hbase.pb.RemoveReplicationPeerR" + - "equest\032\'.hbase.pb.RemoveReplicationPeerR" + - "esponse\022h\n\025EnableReplicationPeer\022&.hbase" + - ".pb.EnableReplicationPeerRequest\032\'.hbase", - ".pb.EnableReplicationPeerResponse\022k\n\026Dis" + - "ableReplicationPeer\022\'.hbase.pb.DisableRe" + - "plicationPeerRequest\032(.hbase.pb.DisableR" + - "eplicationPeerResponse\022q\n\030GetReplication" + - "PeerConfig\022).hbase.pb.GetReplicationPeer" + - "ConfigRequest\032*.hbase.pb.GetReplicationP" + - "eerConfigResponse\022z\n\033UpdateReplicationPe" + - "erConfig\022,.hbase.pb.UpdateReplicationPee" + - "rConfigRequest\032-.hbase.pb.UpdateReplicat" + - "ionPeerConfigResponse\022e\n\024ListReplication", - "Peers\022%.hbase.pb.ListReplicationPeersReq" + - "uest\032&.hbase.pb.ListReplicationPeersResp" + - "onse\022t\n\031listDrainingRegionServers\022*.hbas" + - "e.pb.ListDrainingRegionServersRequest\032+." + - "hbase.pb.ListDrainingRegionServersRespon" + - "se\022_\n\022drainRegionServers\022#.hbase.pb.Drai" + - "nRegionServersRequest\032$.hbase.pb.DrainRe" + - "gionServersResponse\022}\n\034removeDrainFromRe" + - "gionServers\022-.hbase.pb.RemoveDrainFromRe" + - "gionServersRequest\032..hbase.pb.RemoveDrai", - "nFromRegionServersResponseBI\n1org.apache" + - ".hadoop.hbase.shaded.protobuf.generatedB" + - "\014MasterProtosH\001\210\001\001\240\001\001" + "esponse\"\216\001\n\026RestoreSnapshotRequest\022/\n\010sn" + + "apshot\030\001 \002(\0132\035.hbase.pb.SnapshotDescript" + + "ion\022\026\n\013nonce_group\030\002 \001(\004:\0010\022\020\n\005nonce\030\003 \001" + + "(\004:\0010\022\031\n\nrestoreACL\030\004 \001(\010:\005false\"*\n\027Rest" + + "oreSnapshotResponse\022\017\n\007proc_id\030\001 \002(\004\"H\n\025" + + "IsSnapshotDoneRequest\022/\n\010snapshot\030\001 \001(\0132" + + "\035.hbase.pb.SnapshotDescription\"^\n\026IsSnap" + + "shotDoneResponse\022\023\n\004done\030\001 \001(\010:\005false\022/\n" + + "\010snapshot\030\002 \001(\0132\035.hbase.pb.SnapshotDescr" + + "iption\"O\n\034IsRestoreSnapshotDoneRequest\022/", + "\n\010snapshot\030\001 \001(\0132\035.hbase.pb.SnapshotDesc" + + "ription\"4\n\035IsRestoreSnapshotDoneResponse" + + "\022\023\n\004done\030\001 \001(\010:\005false\"F\n\033GetSchemaAlterS" + + "tatusRequest\022\'\n\ntable_name\030\001 \002(\0132\023.hbase" + + ".pb.TableName\"T\n\034GetSchemaAlterStatusRes" + + "ponse\022\035\n\025yet_to_update_regions\030\001 \001(\r\022\025\n\r" + + "total_regions\030\002 \001(\r\"\213\001\n\032GetTableDescript" + + "orsRequest\022(\n\013table_names\030\001 \003(\0132\023.hbase." + + "pb.TableName\022\r\n\005regex\030\002 \001(\t\022!\n\022include_s" + + "ys_tables\030\003 \001(\010:\005false\022\021\n\tnamespace\030\004 \001(", + "\t\"J\n\033GetTableDescriptorsResponse\022+\n\014tabl" + + "e_schema\030\001 \003(\0132\025.hbase.pb.TableSchema\"[\n" + + "\024GetTableNamesRequest\022\r\n\005regex\030\001 \001(\t\022!\n\022" + + "include_sys_tables\030\002 \001(\010:\005false\022\021\n\tnames" + + "pace\030\003 \001(\t\"A\n\025GetTableNamesResponse\022(\n\013t" + + "able_names\030\001 \003(\0132\023.hbase.pb.TableName\"?\n" + + "\024GetTableStateRequest\022\'\n\ntable_name\030\001 \002(" + + "\0132\023.hbase.pb.TableName\"B\n\025GetTableStateR" + + "esponse\022)\n\013table_state\030\001 \002(\0132\024.hbase.pb." + + "TableState\"\031\n\027GetClusterStatusRequest\"K\n", + "\030GetClusterStatusResponse\022/\n\016cluster_sta" + + "tus\030\001 \002(\0132\027.hbase.pb.ClusterStatus\"\030\n\026Is" + + "MasterRunningRequest\"4\n\027IsMasterRunningR" + + "esponse\022\031\n\021is_master_running\030\001 \002(\010\"I\n\024Ex" + + "ecProcedureRequest\0221\n\tprocedure\030\001 \002(\0132\036." + + "hbase.pb.ProcedureDescription\"F\n\025ExecPro" + + "cedureResponse\022\030\n\020expected_timeout\030\001 \001(\003" + + "\022\023\n\013return_data\030\002 \001(\014\"K\n\026IsProcedureDone" + + "Request\0221\n\tprocedure\030\001 \001(\0132\036.hbase.pb.Pr" + + "ocedureDescription\"`\n\027IsProcedureDoneRes", + "ponse\022\023\n\004done\030\001 \001(\010:\005false\0220\n\010snapshot\030\002" + + " \001(\0132\036.hbase.pb.ProcedureDescription\",\n\031" + + "GetProcedureResultRequest\022\017\n\007proc_id\030\001 \002" + + "(\004\"\375\001\n\032GetProcedureResultResponse\0229\n\005sta" + + "te\030\001 \002(\0162*.hbase.pb.GetProcedureResultRe" + + "sponse.State\022\026\n\016submitted_time\030\002 \001(\004\022\023\n\013" + + "last_update\030\003 \001(\004\022\016\n\006result\030\004 \001(\014\0224\n\texc" + + "eption\030\005 \001(\0132!.hbase.pb.ForeignException" + + "Message\"1\n\005State\022\r\n\tNOT_FOUND\020\000\022\013\n\007RUNNI" + + "NG\020\001\022\014\n\010FINISHED\020\002\"M\n\025AbortProcedureRequ", + "est\022\017\n\007proc_id\030\001 \002(\004\022#\n\025mayInterruptIfRu" + + "nning\030\002 \001(\010:\004true\"6\n\026AbortProcedureRespo" + + "nse\022\034\n\024is_procedure_aborted\030\001 \002(\010\"\027\n\025Lis" + + "tProceduresRequest\"@\n\026ListProceduresResp" + + "onse\022&\n\tprocedure\030\001 \003(\0132\023.hbase.pb.Proce" + + "dure\"\022\n\020ListLocksRequest\"5\n\021ListLocksRes" + + "ponse\022 \n\004lock\030\001 \003(\0132\022.hbase.pb.LockInfo\"" + + "\315\001\n\017SetQuotaRequest\022\021\n\tuser_name\030\001 \001(\t\022\022" + + "\n\nuser_group\030\002 \001(\t\022\021\n\tnamespace\030\003 \001(\t\022\'\n" + + "\ntable_name\030\004 \001(\0132\023.hbase.pb.TableName\022\022", + "\n\nremove_all\030\005 \001(\010\022\026\n\016bypass_globals\030\006 \001" + + "(\010\022+\n\010throttle\030\007 \001(\0132\031.hbase.pb.Throttle" + + "Request\"\022\n\020SetQuotaResponse\"J\n\037MajorComp" + + "actionTimestampRequest\022\'\n\ntable_name\030\001 \002" + + "(\0132\023.hbase.pb.TableName\"U\n(MajorCompacti" + + "onTimestampForRegionRequest\022)\n\006region\030\001 " + + "\002(\0132\031.hbase.pb.RegionSpecifier\"@\n MajorC" + + "ompactionTimestampResponse\022\034\n\024compaction" + + "_timestamp\030\001 \002(\003\"\035\n\033SecurityCapabilities" + + "Request\"\354\001\n\034SecurityCapabilitiesResponse", + "\022G\n\014capabilities\030\001 \003(\01621.hbase.pb.Securi" + + "tyCapabilitiesResponse.Capability\"\202\001\n\nCa" + + "pability\022\031\n\025SIMPLE_AUTHENTICATION\020\000\022\031\n\025S" + + "ECURE_AUTHENTICATION\020\001\022\021\n\rAUTHORIZATION\020" + + "\002\022\026\n\022CELL_AUTHORIZATION\020\003\022\023\n\017CELL_VISIBI" + + "LITY\020\004\"\"\n ListDrainingRegionServersReque" + + "st\"N\n!ListDrainingRegionServersResponse\022" + + ")\n\013server_name\030\001 \003(\0132\024.hbase.pb.ServerNa" + + "me\"F\n\031DrainRegionServersRequest\022)\n\013serve" + + "r_name\030\001 \003(\0132\024.hbase.pb.ServerName\"\034\n\032Dr", + "ainRegionServersResponse\"P\n#RemoveDrainF" + + "romRegionServersRequest\022)\n\013server_name\030\001" + + " \003(\0132\024.hbase.pb.ServerName\"&\n$RemoveDrai" + + "nFromRegionServersResponse*(\n\020MasterSwit" + + "chType\022\t\n\005SPLIT\020\000\022\t\n\005MERGE\020\0012\2074\n\rMasterS" + + "ervice\022e\n\024GetSchemaAlterStatus\022%.hbase.p" + + "b.GetSchemaAlterStatusRequest\032&.hbase.pb" + + ".GetSchemaAlterStatusResponse\022b\n\023GetTabl" + + "eDescriptors\022$.hbase.pb.GetTableDescript" + + "orsRequest\032%.hbase.pb.GetTableDescriptor", + "sResponse\022P\n\rGetTableNames\022\036.hbase.pb.Ge" + + "tTableNamesRequest\032\037.hbase.pb.GetTableNa" + + "mesResponse\022Y\n\020GetClusterStatus\022!.hbase." + + "pb.GetClusterStatusRequest\032\".hbase.pb.Ge" + + "tClusterStatusResponse\022V\n\017IsMasterRunnin" + + "g\022 .hbase.pb.IsMasterRunningRequest\032!.hb" + + "ase.pb.IsMasterRunningResponse\022D\n\tAddCol" + + "umn\022\032.hbase.pb.AddColumnRequest\032\033.hbase." + + "pb.AddColumnResponse\022M\n\014DeleteColumn\022\035.h" + + "base.pb.DeleteColumnRequest\032\036.hbase.pb.D", + "eleteColumnResponse\022M\n\014ModifyColumn\022\035.hb" + + "ase.pb.ModifyColumnRequest\032\036.hbase.pb.Mo" + + "difyColumnResponse\022G\n\nMoveRegion\022\033.hbase" + + ".pb.MoveRegionRequest\032\034.hbase.pb.MoveReg" + + "ionResponse\022\\\n\021MergeTableRegions\022\".hbase" + + ".pb.MergeTableRegionsRequest\032#.hbase.pb." + + "MergeTableRegionsResponse\022M\n\014AssignRegio" + + "n\022\035.hbase.pb.AssignRegionRequest\032\036.hbase" + + ".pb.AssignRegionResponse\022S\n\016UnassignRegi" + + "on\022\037.hbase.pb.UnassignRegionRequest\032 .hb", + "ase.pb.UnassignRegionResponse\022P\n\rOffline" + + "Region\022\036.hbase.pb.OfflineRegionRequest\032\037" + + ".hbase.pb.OfflineRegionResponse\022J\n\013Delet" + + "eTable\022\034.hbase.pb.DeleteTableRequest\032\035.h" + + "base.pb.DeleteTableResponse\022P\n\rtruncateT" + + "able\022\036.hbase.pb.TruncateTableRequest\032\037.h" + + "base.pb.TruncateTableResponse\022J\n\013EnableT" + + "able\022\034.hbase.pb.EnableTableRequest\032\035.hba" + + "se.pb.EnableTableResponse\022M\n\014DisableTabl" + + "e\022\035.hbase.pb.DisableTableRequest\032\036.hbase", + ".pb.DisableTableResponse\022J\n\013ModifyTable\022" + + "\034.hbase.pb.ModifyTableRequest\032\035.hbase.pb" + + ".ModifyTableResponse\022J\n\013CreateTable\022\034.hb" + + "ase.pb.CreateTableRequest\032\035.hbase.pb.Cre" + + "ateTableResponse\022A\n\010Shutdown\022\031.hbase.pb." + + "ShutdownRequest\032\032.hbase.pb.ShutdownRespo" + + "nse\022G\n\nStopMaster\022\033.hbase.pb.StopMasterR" + + "equest\032\034.hbase.pb.StopMasterResponse\022h\n\031" + + "IsMasterInMaintenanceMode\022$.hbase.pb.IsI" + + "nMaintenanceModeRequest\032%.hbase.pb.IsInM", + "aintenanceModeResponse\022>\n\007Balance\022\030.hbas" + + "e.pb.BalanceRequest\032\031.hbase.pb.BalanceRe" + + "sponse\022_\n\022SetBalancerRunning\022#.hbase.pb." + + "SetBalancerRunningRequest\032$.hbase.pb.Set" + + "BalancerRunningResponse\022\\\n\021IsBalancerEna" + + "bled\022\".hbase.pb.IsBalancerEnabledRequest" + + "\032#.hbase.pb.IsBalancerEnabledResponse\022k\n" + + "\026SetSplitOrMergeEnabled\022\'.hbase.pb.SetSp" + + "litOrMergeEnabledRequest\032(.hbase.pb.SetS" + + "plitOrMergeEnabledResponse\022h\n\025IsSplitOrM", + "ergeEnabled\022&.hbase.pb.IsSplitOrMergeEna" + + "bledRequest\032\'.hbase.pb.IsSplitOrMergeEna" + + "bledResponse\022D\n\tNormalize\022\032.hbase.pb.Nor" + + "malizeRequest\032\033.hbase.pb.NormalizeRespon" + + "se\022e\n\024SetNormalizerRunning\022%.hbase.pb.Se" + + "tNormalizerRunningRequest\032&.hbase.pb.Set" + + "NormalizerRunningResponse\022b\n\023IsNormalize" + + "rEnabled\022$.hbase.pb.IsNormalizerEnabledR" + + "equest\032%.hbase.pb.IsNormalizerEnabledRes" + + "ponse\022S\n\016RunCatalogScan\022\037.hbase.pb.RunCa", + "talogScanRequest\032 .hbase.pb.RunCatalogSc" + + "anResponse\022e\n\024EnableCatalogJanitor\022%.hba" + + "se.pb.EnableCatalogJanitorRequest\032&.hbas" + + "e.pb.EnableCatalogJanitorResponse\022n\n\027IsC" + + "atalogJanitorEnabled\022(.hbase.pb.IsCatalo" + + "gJanitorEnabledRequest\032).hbase.pb.IsCata" + + "logJanitorEnabledResponse\022V\n\017RunCleanerC" + + "hore\022 .hbase.pb.RunCleanerChoreRequest\032!" + + ".hbase.pb.RunCleanerChoreResponse\022k\n\026Set" + + "CleanerChoreRunning\022\'.hbase.pb.SetCleane", + "rChoreRunningRequest\032(.hbase.pb.SetClean" + + "erChoreRunningResponse\022h\n\025IsCleanerChore" + + "Enabled\022&.hbase.pb.IsCleanerChoreEnabled" + + "Request\032\'.hbase.pb.IsCleanerChoreEnabled" + + "Response\022^\n\021ExecMasterService\022#.hbase.pb" + + ".CoprocessorServiceRequest\032$.hbase.pb.Co" + + "processorServiceResponse\022A\n\010Snapshot\022\031.h" + + "base.pb.SnapshotRequest\032\032.hbase.pb.Snaps" + + "hotResponse\022h\n\025GetCompletedSnapshots\022&.h" + + "base.pb.GetCompletedSnapshotsRequest\032\'.h", + "base.pb.GetCompletedSnapshotsResponse\022S\n" + + "\016DeleteSnapshot\022\037.hbase.pb.DeleteSnapsho" + + "tRequest\032 .hbase.pb.DeleteSnapshotRespon" + + "se\022S\n\016IsSnapshotDone\022\037.hbase.pb.IsSnapsh" + + "otDoneRequest\032 .hbase.pb.IsSnapshotDoneR" + + "esponse\022V\n\017RestoreSnapshot\022 .hbase.pb.Re" + + "storeSnapshotRequest\032!.hbase.pb.RestoreS" + + "napshotResponse\022P\n\rExecProcedure\022\036.hbase" + + ".pb.ExecProcedureRequest\032\037.hbase.pb.Exec" + + "ProcedureResponse\022W\n\024ExecProcedureWithRe", + "t\022\036.hbase.pb.ExecProcedureRequest\032\037.hbas" + + "e.pb.ExecProcedureResponse\022V\n\017IsProcedur" + + "eDone\022 .hbase.pb.IsProcedureDoneRequest\032" + + "!.hbase.pb.IsProcedureDoneResponse\022V\n\017Mo" + + "difyNamespace\022 .hbase.pb.ModifyNamespace" + + "Request\032!.hbase.pb.ModifyNamespaceRespon" + + "se\022V\n\017CreateNamespace\022 .hbase.pb.CreateN" + + "amespaceRequest\032!.hbase.pb.CreateNamespa" + + "ceResponse\022V\n\017DeleteNamespace\022 .hbase.pb" + + ".DeleteNamespaceRequest\032!.hbase.pb.Delet", + "eNamespaceResponse\022k\n\026GetNamespaceDescri" + + "ptor\022\'.hbase.pb.GetNamespaceDescriptorRe" + + "quest\032(.hbase.pb.GetNamespaceDescriptorR" + + "esponse\022q\n\030ListNamespaceDescriptors\022).hb" + + "ase.pb.ListNamespaceDescriptorsRequest\032*" + + ".hbase.pb.ListNamespaceDescriptorsRespon" + + "se\022\206\001\n\037ListTableDescriptorsByNamespace\0220" + + ".hbase.pb.ListTableDescriptorsByNamespac" + + "eRequest\0321.hbase.pb.ListTableDescriptors" + + "ByNamespaceResponse\022t\n\031ListTableNamesByN", + "amespace\022*.hbase.pb.ListTableNamesByName" + + "spaceRequest\032+.hbase.pb.ListTableNamesBy" + + "NamespaceResponse\022P\n\rGetTableState\022\036.hba" + + "se.pb.GetTableStateRequest\032\037.hbase.pb.Ge" + + "tTableStateResponse\022A\n\010SetQuota\022\031.hbase." + + "pb.SetQuotaRequest\032\032.hbase.pb.SetQuotaRe" + + "sponse\022x\n\037getLastMajorCompactionTimestam" + + "p\022).hbase.pb.MajorCompactionTimestampReq" + + "uest\032*.hbase.pb.MajorCompactionTimestamp" + + "Response\022\212\001\n(getLastMajorCompactionTimes", + "tampForRegion\0222.hbase.pb.MajorCompaction" + + "TimestampForRegionRequest\032*.hbase.pb.Maj" + + "orCompactionTimestampResponse\022_\n\022getProc" + + "edureResult\022#.hbase.pb.GetProcedureResul" + + "tRequest\032$.hbase.pb.GetProcedureResultRe" + + "sponse\022h\n\027getSecurityCapabilities\022%.hbas" + + "e.pb.SecurityCapabilitiesRequest\032&.hbase" + + ".pb.SecurityCapabilitiesResponse\022S\n\016Abor" + + "tProcedure\022\037.hbase.pb.AbortProcedureRequ" + + "est\032 .hbase.pb.AbortProcedureResponse\022S\n", + "\016ListProcedures\022\037.hbase.pb.ListProcedure" + + "sRequest\032 .hbase.pb.ListProceduresRespon" + + "se\022D\n\tListLocks\022\032.hbase.pb.ListLocksRequ" + + "est\032\033.hbase.pb.ListLocksResponse\022_\n\022AddR" + + "eplicationPeer\022#.hbase.pb.AddReplication" + + "PeerRequest\032$.hbase.pb.AddReplicationPee" + + "rResponse\022h\n\025RemoveReplicationPeer\022&.hba" + + "se.pb.RemoveReplicationPeerRequest\032\'.hba" + + "se.pb.RemoveReplicationPeerResponse\022h\n\025E" + + "nableReplicationPeer\022&.hbase.pb.EnableRe", + "plicationPeerRequest\032\'.hbase.pb.EnableRe" + + "plicationPeerResponse\022k\n\026DisableReplicat" + + "ionPeer\022\'.hbase.pb.DisableReplicationPee" + + "rRequest\032(.hbase.pb.DisableReplicationPe" + + "erResponse\022q\n\030GetReplicationPeerConfig\022)" + + ".hbase.pb.GetReplicationPeerConfigReques" + + "t\032*.hbase.pb.GetReplicationPeerConfigRes" + + "ponse\022z\n\033UpdateReplicationPeerConfig\022,.h" + + "base.pb.UpdateReplicationPeerConfigReque" + + "st\032-.hbase.pb.UpdateReplicationPeerConfi", + "gResponse\022e\n\024ListReplicationPeers\022%.hbas" + + "e.pb.ListReplicationPeersRequest\032&.hbase" + + ".pb.ListReplicationPeersResponse\022t\n\031list" + + "DrainingRegionServers\022*.hbase.pb.ListDra" + + "iningRegionServersRequest\032+.hbase.pb.Lis" + + "tDrainingRegionServersResponse\022_\n\022drainR" + + "egionServers\022#.hbase.pb.DrainRegionServe" + + "rsRequest\032$.hbase.pb.DrainRegionServersR" + + "esponse\022}\n\034removeDrainFromRegionServers\022" + + "-.hbase.pb.RemoveDrainFromRegionServersR", + "equest\032..hbase.pb.RemoveDrainFromRegionS" + + "erversResponseBI\n1org.apache.hadoop.hbas" + + "e.shaded.protobuf.generatedB\014MasterProto" + + "sH\001\210\001\001\240\001\001" }; org.apache.hadoop.hbase.shaded.com.google.protobuf.Descriptors.FileDescriptor.InternalDescriptorAssigner assigner = new org.apache.hadoop.hbase.shaded.com.google.protobuf.Descriptors.FileDescriptor. InternalDescriptorAssigner() { @@ -78567,7 +78656,7 @@ public final class MasterProtos { internal_static_hbase_pb_RestoreSnapshotRequest_fieldAccessorTable = new org.apache.hadoop.hbase.shaded.com.google.protobuf.GeneratedMessageV3.FieldAccessorTable( internal_static_hbase_pb_RestoreSnapshotRequest_descriptor, - new java.lang.String[] { "Snapshot", "NonceGroup", "Nonce", }); + new java.lang.String[] { "Snapshot", "NonceGroup", "Nonce", "RestoreACL", }); internal_static_hbase_pb_RestoreSnapshotResponse_descriptor = getDescriptor().getMessageTypes().get(83); internal_static_hbase_pb_RestoreSnapshotResponse_fieldAccessorTable = new http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-protocol-shaded/src/main/protobuf/Master.proto ---------------------------------------------------------------------- diff --git a/hbase-protocol-shaded/src/main/protobuf/Master.proto b/hbase-protocol-shaded/src/main/protobuf/Master.proto index 0c3da02..bd4f696 100644 --- a/hbase-protocol-shaded/src/main/protobuf/Master.proto +++ b/hbase-protocol-shaded/src/main/protobuf/Master.proto @@ -405,6 +405,7 @@ message RestoreSnapshotRequest { required SnapshotDescription snapshot = 1; optional uint64 nonce_group = 2 [default = 0]; optional uint64 nonce = 3 [default = 0]; + optional bool restoreACL = 4 [default = false]; } message RestoreSnapshotResponse { http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java index 762dda0..82aaf20 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java @@ -2309,7 +2309,7 @@ public class HMaster extends HRegionServer implements MasterServices { } public long restoreSnapshot(final SnapshotDescription snapshotDesc, - final long nonceGroup, final long nonce) throws IOException { + final long nonceGroup, final long nonce, final boolean restoreAcl) throws IOException { checkInitialized(); getSnapshotManager().checkSnapshotSupport(); @@ -2321,7 +2321,8 @@ public class HMaster extends HRegionServer implements MasterServices { new MasterProcedureUtil.NonceProcedureRunnable(this, nonceGroup, nonce) { @Override protected void run() throws IOException { - setProcId(getSnapshotManager().restoreOrCloneSnapshot(snapshotDesc, getNonceKey())); + setProcId( + getSnapshotManager().restoreOrCloneSnapshot(snapshotDesc, getNonceKey(), restoreAcl)); } @Override http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java index 40c4a71..219960b 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/MasterRpcServices.java @@ -1221,8 +1221,8 @@ public class MasterRpcServices extends RSRpcServices public RestoreSnapshotResponse restoreSnapshot(RpcController controller, RestoreSnapshotRequest request) throws ServiceException { try { - long procId = master.restoreSnapshot(request.getSnapshot(), - request.getNonceGroup(), request.getNonce()); + long procId = master.restoreSnapshot(request.getSnapshot(), request.getNonceGroup(), + request.getNonce(), request.getRestoreACL()); return RestoreSnapshotResponse.newBuilder().setProcId(procId).build(); } catch (ForeignException e) { throw new ServiceException(e.getCause()); http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/CloneSnapshotProcedure.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/CloneSnapshotProcedure.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/CloneSnapshotProcedure.java index 347d01d..8b74c43 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/CloneSnapshotProcedure.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/procedure/CloneSnapshotProcedure.java @@ -69,6 +69,7 @@ public class CloneSnapshotProcedure private HTableDescriptor hTableDescriptor; private SnapshotDescription snapshot; + private boolean restoreAcl; private List newRegions = null; private Map > parentsToChildrenPairMap = new HashMap<>(); @@ -83,6 +84,11 @@ public class CloneSnapshotProcedure public CloneSnapshotProcedure() { } + public CloneSnapshotProcedure(final MasterProcedureEnv env, + final HTableDescriptor hTableDescriptor, final SnapshotDescription snapshot) { + this(env, hTableDescriptor, snapshot, false); + } + /** * Constructor * @param env MasterProcedureEnv @@ -90,10 +96,12 @@ public class CloneSnapshotProcedure * @param snapshot snapshot to clone from */ public CloneSnapshotProcedure(final MasterProcedureEnv env, - final HTableDescriptor hTableDescriptor, final SnapshotDescription snapshot) { + final HTableDescriptor hTableDescriptor, final SnapshotDescription snapshot, + final boolean restoreAcl) { super(env); this.hTableDescriptor = hTableDescriptor; this.snapshot = snapshot; + this.restoreAcl = restoreAcl; getMonitorStatus(); } @@ -109,6 +117,16 @@ public class CloneSnapshotProcedure return monitorStatus; } + private void restoreSnapshotAcl(MasterProcedureEnv env) throws IOException { + Configuration conf = env.getMasterServices().getConfiguration(); + if (restoreAcl && SnapshotDescriptionUtils.isSecurityAvailable(conf)) { + MasterFileSystem fileSystemManager = env.getMasterServices().getMasterFileSystem(); + SnapshotDescriptionUtils.grantSnapshotAcl( + SnapshotDescriptionUtils.getCompletedSnapshotDir(snapshot, fileSystemManager.getRootDir()), + fileSystemManager.getFileSystem(), hTableDescriptor.getTableName(), conf); + } + } + @Override protected Flow executeFromState(final MasterProcedureEnv env, final CloneSnapshotState state) throws InterruptedException { @@ -143,6 +161,7 @@ public class CloneSnapshotProcedure case CLONE_SNAPSHOT_POST_OPERATION: postCloneSnapshot(env); + restoreSnapshotAcl(env); MetricsSnapshot metricsSnapshot = new MetricsSnapshot(); metricsSnapshot.addSnapshotClone( getMonitorStatus().getCompletionTimestamp() - getMonitorStatus().getStartTime()); http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java index 55d58e0..6825745 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java @@ -680,7 +680,7 @@ public class SnapshotManager extends MasterProcedureManager implements Stoppable */ private long cloneSnapshot(final SnapshotDescription reqSnapshot, final TableName tableName, final SnapshotDescription snapshot, final HTableDescriptor snapshotTableDesc, - final NonceKey nonceKey) throws IOException { + final NonceKey nonceKey, final boolean restoreAcl) throws IOException { MasterCoprocessorHost cpHost = master.getMasterCoprocessorHost(); HTableDescriptor htd = new HTableDescriptor(tableName, snapshotTableDesc); if (cpHost != null) { @@ -688,7 +688,7 @@ public class SnapshotManager extends MasterProcedureManager implements Stoppable } long procId; try { - procId = cloneSnapshot(snapshot, htd, nonceKey); + procId = cloneSnapshot(snapshot, htd, nonceKey, restoreAcl); } catch (IOException e) { LOG.error("Exception occurred while cloning the snapshot " + snapshot.getName() + " as table " + tableName.getNameAsString(), e); @@ -712,7 +712,7 @@ public class SnapshotManager extends MasterProcedureManager implements Stoppable * @return procId the ID of the clone snapshot procedure */ synchronized long cloneSnapshot(final SnapshotDescription snapshot, - final HTableDescriptor hTableDescriptor, final NonceKey nonceKey) + final HTableDescriptor hTableDescriptor, final NonceKey nonceKey, final boolean restoreAcl) throws HBaseSnapshotException { TableName tableName = hTableDescriptor.getTableName(); @@ -728,8 +728,8 @@ public class SnapshotManager extends MasterProcedureManager implements Stoppable try { long procId = master.getMasterProcedureExecutor().submitProcedure( - new CloneSnapshotProcedure( - master.getMasterProcedureExecutor().getEnvironment(), hTableDescriptor, snapshot), + new CloneSnapshotProcedure(master.getMasterProcedureExecutor().getEnvironment(), + hTableDescriptor, snapshot, restoreAcl), nonceKey); this.restoreTableToProcIdMap.put(tableName, procId); return procId; @@ -747,8 +747,8 @@ public class SnapshotManager extends MasterProcedureManager implements Stoppable * @param nonceKey unique identifier to prevent duplicated RPC * @throws IOException */ - public long restoreOrCloneSnapshot(final SnapshotDescription reqSnapshot, final NonceKey nonceKey) - throws IOException { + public long restoreOrCloneSnapshot(final SnapshotDescription reqSnapshot, final NonceKey nonceKey, + final boolean restoreAcl) throws IOException { FileSystem fs = master.getMasterFileSystem().getFileSystem(); Path snapshotDir = SnapshotDescriptionUtils.getCompletedSnapshotDir(reqSnapshot, rootDir); @@ -779,7 +779,8 @@ public class SnapshotManager extends MasterProcedureManager implements Stoppable if (MetaTableAccessor.tableExists(master.getConnection(), tableName)) { procId = restoreSnapshot(reqSnapshot, tableName, snapshot, snapshotTableDesc, nonceKey); } else { - procId = cloneSnapshot(reqSnapshot, tableName, snapshot, snapshotTableDesc, nonceKey); + procId = + cloneSnapshot(reqSnapshot, tableName, snapshot, snapshotTableDesc, nonceKey, restoreAcl); } return procId; } http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/TakeSnapshotHandler.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/TakeSnapshotHandler.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/TakeSnapshotHandler.java index 123758f..e117211 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/TakeSnapshotHandler.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/TakeSnapshotHandler.java @@ -169,6 +169,9 @@ public abstract class TakeSnapshotHandler extends EventHandler implements Snapsh snapshotManifest.addTableDescriptor(this.htd); monitor.rethrowException(); + // write down the table acl info in the working directory. + SnapshotDescriptionUtils.writeTableAclInfo(snapshot, workingDir, fs, conf); + List> regionsAndLocations; if (TableName.META_TABLE_NAME.equals(snapshotTable)) { regionsAndLocations = new MetaTableLocator().getMetaRegionsAndLocations( http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java index c1aad93..b719eba 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java @@ -461,7 +461,7 @@ public class AccessControlLists { return allPerms; } - static ListMultimap getTablePermissions(Configuration conf, + public static ListMultimap getTablePermissions(Configuration conf, TableName tableName) throws IOException { return getPermissions(conf, tableName != null ? tableName.getName() : null, null); } http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-server/src/main/java/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.java index 0a482d8..afa6d91 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/snapshot/SnapshotDescriptionUtils.java @@ -19,22 +19,33 @@ package org.apache.hadoop.hbase.snapshot; import java.io.FileNotFoundException; import java.io.IOException; +import java.security.PrivilegedExceptionAction; import java.util.Collections; +import java.util.Map.Entry; +import com.google.common.collect.ListMultimap; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.FSDataInputStream; import org.apache.hadoop.fs.FSDataOutputStream; +import org.apache.hadoop.fs.FileStatus; import org.apache.hadoop.fs.FileSystem; import org.apache.hadoop.fs.Path; import org.apache.hadoop.fs.permission.FsPermission; import org.apache.hadoop.hbase.HConstants; +import org.apache.hadoop.hbase.TableName; import org.apache.hadoop.hbase.classification.InterfaceAudience; +import org.apache.hadoop.hbase.client.Admin; +import org.apache.hadoop.hbase.client.Connection; +import org.apache.hadoop.hbase.client.ConnectionFactory; +import org.apache.hadoop.hbase.exceptions.DeserializationException; +import org.apache.hadoop.hbase.security.access.AccessControlClient; +import org.apache.hadoop.hbase.security.access.AccessControlLists; +import org.apache.hadoop.hbase.security.access.TablePermission; import org.apache.hadoop.hbase.shaded.protobuf.ProtobufUtil; import org.apache.hadoop.hbase.shaded.protobuf.generated.HBaseProtos.SnapshotDescription; import org.apache.hadoop.hbase.security.User; -import org.apache.hadoop.hbase.snapshot.SnapshotManifestV2; import org.apache.hadoop.hbase.util.EnvironmentEdgeManager; import org.apache.hadoop.hbase.util.FSUtils; @@ -54,6 +65,7 @@ import org.apache.hadoop.hbase.util.FSUtils; * * 
  * /hbase/.snapshots/completed
+ *                   .aclinfo               <--- TablePermission of the origin table
  *                   .snapshotinfo          <--- Description of the snapshot
  *                   .tableinfo             <--- Copy of the tableinfo
  *                    /.logs
@@ -98,6 +110,7 @@ public final class SnapshotDescriptionUtils {
   public static final int SNAPSHOT_LAYOUT_VERSION = SnapshotManifestV2.DESCRIPTOR_VERSION;
 
   // snapshot directory constants
+  public static final String ACLINFO_FILE = ".aclinfo";
   /**
    * The file contains the snapshot basic information and it is under the directory of a snapshot.
    */
@@ -366,4 +379,86 @@ public final class SnapshotDescriptionUtils {
     if (!snapshot.hasOwner()) return false;
     return snapshot.getOwner().equals(user.getShortName());
   }
+
+  public static boolean isSecurityAvailable(Configuration conf) throws IOException {
+    try (Connection conn = ConnectionFactory.createConnection(conf)) {
+      try (Admin admin = conn.getAdmin()) {
+        return admin.tableExists(AccessControlLists.ACL_TABLE_NAME);
+      }
+    }
+  }
+
+  public static void writeTableAclInfo(SnapshotDescription snapshot, Path workingDir, FileSystem fs,
+      Configuration conf) throws IOException {
+    if (!isSecurityAvailable(conf)) {
+      LOG.warn("security feature is not available, skip saving .aclinfo file.");
+      return;
+    }
+
+    Path aclInfo = new Path(workingDir, SnapshotDescriptionUtils.ACLINFO_FILE);
+    ListMultimap perms =
+        User.runAsLoginUser(new PrivilegedExceptionAction>() {
+          @Override
+          public ListMultimap run() throws Exception {
+            return AccessControlLists.getTablePermissions(conf,
+              TableName.valueOf(snapshot.getTable()));
+          }
+        });
+    byte[] permBytes = AccessControlLists.writePermissionsAsBytes(perms, conf);
+    FsPermission fsPermission =
+        FSUtils.getFilePermissions(fs, fs.getConf(), HConstants.DATA_FILE_UMASK_KEY);
+    try {
+      FSDataOutputStream out = FSUtils.create(fs, aclInfo, fsPermission, true);
+      try {
+        LOG.debug("write .aclinfo into file, .aclinfo path: " + aclInfo + ", fsPermission: "
+            + fsPermission);
+        out.write(permBytes);
+      } finally {
+        out.close();
+      }
+    } catch (IOException e) {
+      LOG.error("write table acl info file failed: ", e);
+      // if we get an exception, try to remove the snapshot info
+      if (fs.exists(aclInfo) && !fs.delete(aclInfo, false)) {
+        String msg = "Couldn't delete table acl info file: " + aclInfo;
+        LOG.error(msg);
+        throw new IOException(msg);
+      }
+      throw e;
+    }
+  }
+
+  public static void grantSnapshotAcl(Path snapshotDir, FileSystem fs, TableName tableName,
+      Configuration conf) throws IOException {
+    Path aclInfo = new Path(snapshotDir, SnapshotDescriptionUtils.ACLINFO_FILE);
+    if (!fs.exists(aclInfo)) {
+      throw new FileNotFoundException(".aclinfo is not found: " + aclInfo);
+    }
+
+    FSDataInputStream in = null;
+    try (Connection conn = ConnectionFactory.createConnection(conf)) {
+      in = fs.open(aclInfo);
+      FileStatus status = fs.getFileStatus(aclInfo);
+      byte[] bytes = new byte[Math.toIntExact(status.getLen())];
+      int len = in.read(bytes);
+      if (len != status.getLen()) {
+        throw new IOException("read .aclinfo error, length does not match. file size: "
+            + status.getLen() + ", read length: " + len);
+      }
+      ListMultimap perms = AccessControlLists.readPermissions(bytes, conf);
+      for (Entry e : perms.entries()) {
+        String user = e.getKey();
+        TablePermission perm = e.getValue();
+        perm.setTableName(tableName);
+        AccessControlClient.grant(conn, perm.getTableName(), user, perm.getFamily(),
+          perm.getQualifier(), perm.getActions());
+      }
+    } catch (DeserializationException e) {
+      throw new IOException("deserialize .aclinfo bytes to object failed: ", e);
+    } catch (Throwable throwable) {
+      throw new IOException("grant .aclinfo permissions into table failed: ", throwable);
+    } finally {
+      if (in != null) in.close();
+    }
+  }
 }

http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-server/src/test/java/org/apache/hadoop/hbase/client/TestSnapshotWithAcl.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/client/TestSnapshotWithAcl.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/client/TestSnapshotWithAcl.java
new file mode 100644
index 0000000..6ece355
--- /dev/null
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/client/TestSnapshotWithAcl.java
@@ -0,0 +1,203 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.hbase.client;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.hbase.HBaseTestingUtility;
+import org.apache.hadoop.hbase.HColumnDescriptor;
+import org.apache.hadoop.hbase.HTableDescriptor;
+import org.apache.hadoop.hbase.TableName;
+import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
+import org.apache.hadoop.hbase.security.User;
+import org.apache.hadoop.hbase.security.access.AccessControlConstants;
+import org.apache.hadoop.hbase.security.access.AccessController;
+import org.apache.hadoop.hbase.security.access.Permission;
+import org.apache.hadoop.hbase.security.access.SecureTestUtil;
+import org.apache.hadoop.hbase.testclassification.ClientTests;
+import org.apache.hadoop.hbase.testclassification.MediumTests;
+import org.apache.hadoop.hbase.util.Bytes;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import java.io.IOException;
+
+@Category({ MediumTests.class, ClientTests.class })
+public class TestSnapshotWithAcl extends SecureTestUtil {
+
+  public TableName TEST_TABLE = TableName.valueOf("TestSnapshotWithAcl");
+
+  private static final int ROW_COUNT = 30000;
+
+  private static byte[] TEST_FAMILY = Bytes.toBytes("f1");
+  private static byte[] TEST_QUALIFIER = Bytes.toBytes("cq");
+  private static byte[] TEST_ROW = Bytes.toBytes("r1");
+  private static HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
+  private static Configuration conf;
+  private static HBaseAdmin admin = null;
+
+  // user is table owner. will have all permissions on table
+  private static User USER_OWNER;
+  // user with rw permissions on column family.
+  private static User USER_RW;
+  // user with read-only permissions
+  private static User USER_RO;
+  // user with none permissions
+  private static User USER_NONE;
+
+  static class AccessReadAction implements AccessTestAction {
+
+    private TableName tableName;
+
+    public AccessReadAction(TableName tableName) {
+      this.tableName = tableName;
+    }
+
+    @Override
+    public Object run() throws Exception {
+      Get g = new Get(TEST_ROW);
+      g.addFamily(TEST_FAMILY);
+      try (Connection conn = ConnectionFactory.createConnection(conf)) {
+        try (Table t = conn.getTable(tableName)) {
+          t.get(g);
+        }
+      }
+      return null;
+    }
+  };
+
+  static class AccessWriteAction implements AccessTestAction {
+    private TableName tableName;
+
+    public AccessWriteAction(TableName tableName) {
+      this.tableName = tableName;
+    }
+
+    @Override
+    public Object run() throws Exception {
+      Put p = new Put(TEST_ROW);
+      p.addColumn(TEST_FAMILY, TEST_QUALIFIER, Bytes.toBytes(1));
+      try (Connection conn = ConnectionFactory.createConnection(conf)) {
+        try (Table t = conn.getTable(tableName)) {
+          t.put(p);
+        }
+      }
+      return null;
+    }
+  }
+
+
+  @BeforeClass
+  public static void setupBeforeClass() throws Exception {
+    conf = TEST_UTIL.getConfiguration();
+    // Enable security
+    enableSecurity(conf);
+    conf.set(CoprocessorHost.REGION_COPROCESSOR_CONF_KEY, AccessController.class.getName());
+    // Verify enableSecurity sets up what we require
+    verifyConfiguration(conf);
+    // Enable EXEC permission checking
+    conf.setBoolean(AccessControlConstants.EXEC_PERMISSION_CHECKS_KEY, true);
+    TEST_UTIL.startMiniCluster();
+
+    USER_OWNER = User.createUserForTesting(conf, "owner", new String[0]);
+    USER_RW = User.createUserForTesting(conf, "rwuser", new String[0]);
+    USER_RO = User.createUserForTesting(conf, "rouser", new String[0]);
+    USER_NONE = User.createUserForTesting(conf, "usernone", new String[0]);
+  }
+
+  @Before
+  public void setUp() throws Exception {
+    admin = TEST_UTIL.getHBaseAdmin();
+    HTableDescriptor htd = new HTableDescriptor(TEST_TABLE);
+    HColumnDescriptor hcd = new HColumnDescriptor(TEST_FAMILY);
+    hcd.setMaxVersions(100);
+    htd.addFamily(hcd);
+    htd.setOwner(USER_OWNER);
+    admin.createTable(htd, new byte[][] { Bytes.toBytes("s") });
+    TEST_UTIL.waitTableEnabled(TEST_TABLE);
+
+    grantOnTable(TEST_UTIL, USER_RW.getShortName(), TEST_TABLE, TEST_FAMILY, null,
+            Permission.Action.READ, Permission.Action.WRITE);
+
+    grantOnTable(TEST_UTIL, USER_RO.getShortName(), TEST_TABLE, TEST_FAMILY, null,
+            Permission.Action.READ);
+  }
+
+  private void loadData() throws IOException {
+    try (Connection conn = ConnectionFactory.createConnection(conf)) {
+      try (Table t = conn.getTable(TEST_TABLE)) {
+        for (int i = 0; i < ROW_COUNT; i++) {
+          Put put = new Put(Bytes.toBytes(i));
+          put.addColumn(TEST_FAMILY, TEST_QUALIFIER, Bytes.toBytes(i));
+          t.put(put);
+        }
+      }
+    }
+  }
+
+  @AfterClass
+  public static void tearDownAfterClass() throws Exception {
+    TEST_UTIL.shutdownMiniCluster();
+  }
+
+  private void verifyRows(TableName tableName) throws IOException {
+    try (Connection conn = ConnectionFactory.createConnection(conf)) {
+      try (Table t = conn.getTable(tableName)) {
+        try (ResultScanner scanner = t.getScanner(new Scan())) {
+          Result result;
+          int rowCount = 0;
+          while ((result = scanner.next()) != null) {
+            byte[] value = result.getValue(TEST_FAMILY, TEST_QUALIFIER);
+            Assert.assertArrayEquals(value, Bytes.toBytes(rowCount++));
+          }
+          Assert.assertEquals(rowCount, ROW_COUNT);
+        }
+      }
+    }
+  }
+
+  @Test
+  public void testRestoreSnapshot() throws Exception {
+    verifyAllowed(new AccessReadAction(TEST_TABLE), USER_OWNER, USER_RO, USER_RW);
+    verifyDenied(new AccessWriteAction(TEST_TABLE), USER_RO, USER_NONE);
+
+    loadData();
+    verifyRows(TEST_TABLE);
+
+    String snapshotName1 = "testSnapshot1";
+    admin.snapshot(snapshotName1, TEST_TABLE);
+
+    // clone snapshot with restoreAcl true.
+    TableName tableName1 = TableName.valueOf("tableName1");
+    admin.cloneSnapshot(snapshotName1, tableName1, true);
+    verifyRows(tableName1);
+    verifyAllowed(new AccessReadAction(tableName1), USER_OWNER, USER_RO, USER_RW);
+    verifyDenied(new AccessWriteAction(tableName1), USER_RO, USER_NONE);
+
+    // clone snapshot with restoreAcl false.
+    TableName tableName2 = TableName.valueOf("tableName2");
+    admin.cloneSnapshot(snapshotName1, tableName2, false);
+    verifyRows(tableName2);
+    verifyAllowed(new AccessReadAction(tableName2), USER_OWNER);
+    verifyDenied(new AccessWriteAction(tableName2), USER_RO, USER_RW, USER_NONE);
+  }
+}

http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
index 1dd1c3a..1d1a936 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/SecureTestUtil.java
@@ -167,7 +167,7 @@ public class SecureTestUtil {
    * To indicate the action was not allowed, either throw an AccessDeniedException
    * or return an empty list of KeyValues.
    */
-  static interface AccessTestAction extends PrivilegedExceptionAction { }
+  protected static interface AccessTestAction extends PrivilegedExceptionAction { }
 
   /** This fails only in case of ADE or empty list for any of the actions. */
   public static void verifyAllowed(User user, AccessTestAction... actions) throws Exception {

http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-shell/src/main/ruby/hbase/admin.rb
----------------------------------------------------------------------
diff --git a/hbase-shell/src/main/ruby/hbase/admin.rb b/hbase-shell/src/main/ruby/hbase/admin.rb
index 2db89b7..b16c868 100644
--- a/hbase-shell/src/main/ruby/hbase/admin.rb
+++ b/hbase-shell/src/main/ruby/hbase/admin.rb
@@ -978,8 +978,8 @@ module Hbase
 
     #----------------------------------------------------------------------------------------------
     # Create a new table by cloning the snapshot content
-    def clone_snapshot(snapshot_name, table)
-      @admin.cloneSnapshot(snapshot_name, TableName.valueOf(table))
+    def clone_snapshot(snapshot_name, table, restore_acl = false)
+      @admin.cloneSnapshot(snapshot_name, TableName.valueOf(table), restore_acl)
     end
 
     #----------------------------------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-shell/src/main/ruby/hbase_constants.rb
----------------------------------------------------------------------
diff --git a/hbase-shell/src/main/ruby/hbase_constants.rb b/hbase-shell/src/main/ruby/hbase_constants.rb
index 55ae9e7..52819c0 100644
--- a/hbase-shell/src/main/ruby/hbase_constants.rb
+++ b/hbase-shell/src/main/ruby/hbase_constants.rb
@@ -83,6 +83,7 @@ module HBaseConstants
   DATA = 'DATA'
   SERVER_NAME = 'SERVER_NAME'
   LOCALITY_THRESHOLD = 'LOCALITY_THRESHOLD'
+  RESTORE_ACL = 'RESTORE_ACL'
 
   # Load constants from hbase java API
   def self.promote_constants(constants)

http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-shell/src/main/ruby/shell/commands/clone_snapshot.rb
----------------------------------------------------------------------
diff --git a/hbase-shell/src/main/ruby/shell/commands/clone_snapshot.rb b/hbase-shell/src/main/ruby/shell/commands/clone_snapshot.rb
index c57e87f..f95c652 100644
--- a/hbase-shell/src/main/ruby/shell/commands/clone_snapshot.rb
+++ b/hbase-shell/src/main/ruby/shell/commands/clone_snapshot.rb
@@ -28,11 +28,18 @@ And writing on the newly created table will not influence the snapshot data.
 Examples:
   hbase> clone_snapshot 'snapshotName', 'tableName'
   hbase> clone_snapshot 'snapshotName', 'namespace:tableName'
+
+Following command will restore all acl from origin snapshot table into the
+newly created table.
+
+  hbase> clone_snapshot 'snapshotName', 'namespace:tableName', {RESTORE_ACL=>true}
 EOF
       end
 
-      def command(snapshot_name, table)
-        admin.clone_snapshot(snapshot_name, table)
+      def command(snapshot_name, table, args = {})
+        raise(ArgumentError, "Arguments should be a Hash") unless args.kind_of?(Hash)
+        restore_acl = args.delete(RESTORE_ACL) || false
+        admin.clone_snapshot(snapshot_name, table, restore_acl)
       end
 
       def handle_exceptions(cause, *args)

http://git-wip-us.apache.org/repos/asf/hbase/blob/951b23a4/hbase-shell/src/test/java/org/apache/hadoop/hbase/client/TestReplicationShell.java
----------------------------------------------------------------------
diff --git a/hbase-shell/src/test/java/org/apache/hadoop/hbase/client/TestReplicationShell.java b/hbase-shell/src/test/java/org/apache/hadoop/hbase/client/TestReplicationShell.java
index 04fbc7a..4279d89 100644
--- a/hbase-shell/src/test/java/org/apache/hadoop/hbase/client/TestReplicationShell.java
+++ b/hbase-shell/src/test/java/org/apache/hadoop/hbase/client/TestReplicationShell.java
@@ -23,7 +23,6 @@ import org.apache.hadoop.hbase.testclassification.ClientTests;
 import org.apache.hadoop.hbase.testclassification.LargeTests;
 import org.jruby.embed.PathType;
 import org.junit.Test;
-import org.junit.Ignore;
 import org.junit.experimental.categories.Category;
 
 @Category({ ClientTests.class, LargeTests.class })