diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/SecureBulkLoadEndpoint.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/SecureBulkLoadEndpoint.java index be1275a..f665a47 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/SecureBulkLoadEndpoint.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/SecureBulkLoadEndpoint.java @@ -65,7 +65,9 @@ import java.math.BigInteger; import java.security.PrivilegedAction; import java.security.SecureRandom; import java.util.ArrayList; +import java.util.HashMap; import java.util.List; +import java.util.Map; /** * Coprocessor service for bulk loads in secure mode. @@ -258,9 +260,6 @@ public class SecureBulkLoadEndpoint extends SecureBulkLoadService fs = FileSystem.get(conf); for(Pair el: familyPaths) { Path p = new Path(el.getSecond()); - LOG.trace("Setting permission for: " + p); - fs.setPermission(p, PERM_ALL_ACCESS); - Path stageFamily = new Path(bulkToken, Bytes.toString(el.getFirst())); if(!fs.exists(stageFamily)) { fs.mkdirs(stageFamily); @@ -340,11 +339,13 @@ public class SecureBulkLoadEndpoint extends SecureBulkLoadService private Configuration conf; // Source filesystem private FileSystem srcFs = null; + private Map origPermissions = null; public SecureBulkLoadListener(FileSystem fs, String stagingDir, Configuration conf) { this.fs = fs; this.stagingDir = stagingDir; this.conf = conf; + this.origPermissions = new HashMap(); } @Override @@ -364,13 +365,15 @@ public class SecureBulkLoadEndpoint extends SecureBulkLoadService LOG.debug("Bulk-load file " + srcPath + " is on different filesystem than " + "the destination filesystem. Copying file over to destination staging dir."); FileUtil.copy(srcFs, p, fs, stageP, false, conf); - } - else { + } else { LOG.debug("Moving " + p + " to " + stageP); + FileStatus origFileStatus = fs.getFileStatus(p); + origPermissions.put(srcPath, origFileStatus.getPermission()); if(!fs.rename(p, stageP)) { throw new IOException("Failed to move HFile: " + p + " to " + stageP); } } + fs.setPermission(stageP, PERM_ALL_ACCESS); return stageP.toString(); } @@ -381,12 +384,23 @@ public class SecureBulkLoadEndpoint extends SecureBulkLoadService @Override public void failedBulkLoad(final byte[] family, final String srcPath) throws IOException { + if (!FSHDFSUtils.isSameHdfs(conf, srcFs, fs)) { + // files are copied so no need to move them back + return; + } Path p = new Path(srcPath); Path stageP = new Path(stagingDir, new Path(Bytes.toString(family), p.getName())); LOG.debug("Moving " + stageP + " back to " + p); if(!fs.rename(stageP, p)) throw new IOException("Failed to move HFile: " + stageP + " to " + p); + + // restore original permission + if (origPermissions.containsKey(srcPath)) { + fs.setPermission(p, origPermissions.get(srcPath)); + } else { + LOG.warn("Can't find previous permission for path=" + srcPath); + } } /**