package org.apache.hadoop.mapreduce;

import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.LocalFileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.mapred.JobConf;
import org.apache.hadoop.mapred.JobID;
import org.apache.hadoop.mapred.JobTracker;
import org.apache.hadoop.mapred.MiniMRCluster;
import org.apache.hadoop.mapred.Operation;
import org.apache.hadoop.mapred.QueueManagerTestUtils;
import org.apache.hadoop.mapreduce.JobStatus;
import org.apache.hadoop.security.UserGroupInformation;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/mapreduce/TestJobACLs.class */
public class TestJobACLs {
    private MiniMRCluster mr = null;
    private String jobSubmitter = "jobSubmitter";
    private String viewColleague = "viewColleague";
    private String modifyColleague = "modifyColleague";
    private String qAdmin = "qAdmin";
    static final Log LOG = LogFactory.getLog(TestJobACLs.class);
    private static final Path TEST_DIR = new Path(System.getProperty("test.build.data", "/tmp"), TestJobACLs.class.getCanonicalName() + "/completed-job-store");

    @Before
    public void setup() throws Exception {
        startCluster(false);
    }

    private void startCluster(boolean z) throws Exception {
        QueueManagerTestUtils.createQueuesConfigFile(new String[]{"default"}, new String[]{this.jobSubmitter}, new String[]{this.qAdmin});
        JobConf jobConf = new JobConf();
        jobConf.setBoolean("mapreduce.cluster.acls.enabled", true);
        LocalFileSystem local = FileSystem.getLocal(jobConf);
        if (!z) {
            local.delete(TEST_DIR, true);
        }
        jobConf.set("mapreduce.jobtracker.persist.jobstatus.dir", local.makeQualified(TEST_DIR).toString());
        jobConf.setBoolean("mapreduce.jobtracker.persist.jobstatus.active", true);
        jobConf.set("mapreduce.jobtracker.persist.jobstatus.hours", "1");
        this.mr = new MiniMRCluster(0, 0, 1, "file:///", 1, null, null, UserGroupInformation.getLoginUser(), jobConf);
    }

    @After
    public void tearDown() {
        QueueManagerTestUtils.deleteQueuesConfigFile();
        if (this.mr != null) {
            this.mr.shutdown();
        }
    }

    @Test
    public void testACLS() throws Exception {
        verifyACLViewJob();
        verifyACLModifyJob(this.modifyColleague);
        verifyACLModifyJob(this.qAdmin);
        verifyACLPersistence();
    }

    private void verifyACLViewJob() throws IOException, InterruptedException {
        JobConf createJobConf = this.mr.createJobConf();
        createJobConf.set("mapreduce.job.acl-view-job", this.viewColleague);
        Job submitJobAsUser = submitJobAsUser(createJobConf, this.jobSubmitter);
        JobID jobID = submitJobAsUser.getJobID();
        verifyViewJobAsUnauthorizedUser(createJobConf, jobID, this.modifyColleague);
        verifyViewJobAsAuthorizedUser(createJobConf, jobID, this.viewColleague);
        verifyViewJobAsAuthorizedUser(createJobConf, jobID, this.qAdmin);
        submitJobAsUser.killJob();
    }

    private Job submitJobAsUser(final Configuration configuration, String str) throws IOException, InterruptedException {
        Job job = (Job) UserGroupInformation.createUserForTesting(str, new String[0]).doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.mapreduce.TestJobACLs.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                SleepJob sleepJob = new SleepJob();
                sleepJob.setConf(configuration);
                sleepJob.getConf().setBoolean("mapreduce.job.committer.setup.cleanup.needed", false);
                Job createJob = sleepJob.createJob(1, 0, 60000L, 1, 1L, 1);
                createJob.submit();
                return createJob;
            }
        });
        JobTracker jobTracker = this.mr.getJobTrackerRunner().getJobTracker();
        jobTracker.initJob(jobTracker.getJob(JobID.downgrade(job.getJobID())));
        return job;
    }

    private void verifyViewJobAsAuthorizedUser(final Configuration configuration, final JobID jobID, String str) throws IOException, InterruptedException {
        UserGroupInformation.createUserForTesting(str, new String[0]).doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.mapreduce.TestJobACLs.2
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Job job = null;
                try {
                    job = new Cluster(configuration).getJob(jobID);
                } catch (Exception e) {
                    Assert.fail("Exception .." + e);
                }
                Assert.assertNotNull("Job " + jobID + " is not known to the JobTracker!", job);
                try {
                    job.getCounters();
                } catch (IOException e2) {
                    Assert.fail("Unexpected.. exception.. " + e2);
                }
                try {
                    job.getTaskReports(TaskType.JOB_CLEANUP);
                    return null;
                } catch (IOException e3) {
                    Assert.fail("Unexpected.. exception.. " + e3);
                    return null;
                }
            }
        });
    }

    private void verifyViewJobAsUnauthorizedUser(final Configuration configuration, final JobID jobID, String str) throws IOException, InterruptedException {
        UserGroupInformation.createUserForTesting(str, new String[0]).doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.mapreduce.TestJobACLs.3
            @Override // java.security.PrivilegedExceptionAction
            public Object run() {
                Job job = null;
                try {
                    job = new Cluster(configuration).getJob(jobID);
                } catch (Exception e) {
                    Assert.fail("Exception .." + e);
                }
                Assert.assertNotNull("Job " + jobID + " is not known to the JobTracker!", job);
                try {
                    job.getCounters();
                    Assert.fail("AccessControlException expected..");
                } catch (IOException e2) {
                    Assert.assertTrue(e2.getMessage().contains(" cannot perform operation " + JobACL.VIEW_JOB));
                } catch (InterruptedException e3) {
                    Assert.fail("Exception .. interrupted.." + e3);
                }
                try {
                    job.getTaskReports(TaskType.JOB_SETUP);
                    Assert.fail("AccessControlException expected..");
                    return null;
                } catch (IOException e4) {
                    Assert.assertTrue(e4.getMessage().contains(" cannot perform operation " + JobACL.VIEW_JOB));
                    return null;
                } catch (InterruptedException e5) {
                    Assert.fail("Exception .. interrupted.." + e5);
                    return null;
                }
            }
        });
    }

    private void verifyACLModifyJob(String str) throws IOException, InterruptedException, ClassNotFoundException {
        JobConf createJobConf = this.mr.createJobConf();
        createJobConf.set("mapreduce.job.acl-modify-job", this.modifyColleague);
        JobID jobID = submitJobAsUser(createJobConf, this.jobSubmitter).getJobID();
        verifyModifyJobAsUnauthorizedUser(createJobConf, jobID, this.viewColleague);
        verifyModifyJobAsAuthorizedUser(createJobConf, jobID, str);
    }

    private void verifyModifyJobAsAuthorizedUser(final Configuration configuration, final JobID jobID, String str) throws IOException, InterruptedException {
        UserGroupInformation.createUserForTesting(str, new String[0]).doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.mapreduce.TestJobACLs.4
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                Job job = null;
                try {
                    job = new Cluster(configuration).getJob(jobID);
                } catch (Exception e) {
                    Assert.fail("Exception .." + e);
                }
                Assert.assertNotNull("Job " + jobID + " is not known to the JobTracker!", job);
                try {
                    job.setPriority(JobPriority.HIGH);
                    Assert.assertEquals(job.getPriority(), JobPriority.HIGH);
                } catch (IOException e2) {
                    Assert.fail("Unexpected.. exception.. " + e2);
                }
                try {
                    job.killJob();
                    return null;
                } catch (IOException e3) {
                    Assert.fail("Unexpected.. exception.. " + e3);
                    return null;
                }
            }
        });
    }

    private void verifyModifyJobAsUnauthorizedUser(final Configuration configuration, final JobID jobID, String str) throws IOException, InterruptedException {
        UserGroupInformation.createUserForTesting(str, new String[0]).doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.mapreduce.TestJobACLs.5
            @Override // java.security.PrivilegedExceptionAction
            public Object run() {
                Job job = null;
                try {
                    job = new Cluster(configuration).getJob(jobID);
                } catch (Exception e) {
                    Assert.fail("Exception .." + e);
                }
                Assert.assertNotNull("Job " + jobID + " is not known to the JobTracker!", job);
                try {
                    job.killJob();
                    Assert.fail("AccessControlException expected..");
                } catch (IOException e2) {
                    Assert.assertTrue(e2.getMessage().contains(" cannot perform operation " + Operation.KILL_JOB));
                } catch (InterruptedException e3) {
                    Assert.fail("Exception .. interrupted.." + e3);
                }
                try {
                    job.setPriority(JobPriority.HIGH);
                    Assert.fail("AccessControlException expected..");
                    return null;
                } catch (IOException e4) {
                    Assert.assertTrue(e4.getMessage().contains(" cannot perform operation " + Operation.SET_JOB_PRIORITY));
                    return null;
                } catch (InterruptedException e5) {
                    Assert.fail("Exception .. interrupted.." + e5);
                    return null;
                }
            }
        });
    }

    private void verifyACLPersistence() throws Exception {
        JobConf createJobConf = this.mr.createJobConf();
        createJobConf.set("mapreduce.job.acl-view-job", this.viewColleague + " group2");
        Job submitJobAsUser = submitJobAsUser(createJobConf, this.jobSubmitter);
        final JobID jobID = submitJobAsUser.getJobID();
        submitJobAsUser.killJob();
        while (submitJobAsUser.getJobState() != JobStatus.State.KILLED) {
            LOG.info("Waiting for the job to be killed successfully..");
            Thread.sleep(200L);
        }
        tearDown();
        startCluster(true);
        final JobConf createJobConf2 = this.mr.createJobConf();
        verifyViewJobAsAuthorizedUser(createJobConf2, jobID, this.viewColleague);
        verifyViewJobAsAuthorizedUser(createJobConf2, jobID, this.qAdmin);
        UserGroupInformation.createUserForTesting(this.modifyColleague, new String[0]).doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.mapreduce.TestJobACLs.6
            @Override // java.security.PrivilegedExceptionAction
            public Object run() {
                Job job = null;
                try {
                    job = new Cluster(createJobConf2).getJob(jobID);
                } catch (Exception e) {
                    Assert.fail("Exception .." + e);
                }
                Assert.assertNotNull("Job " + jobID + " is not known to the JobTracker!", job);
                try {
                    job.getCounters();
                    Assert.fail("AccessControlException expected..");
                    return null;
                } catch (IOException e2) {
                    Assert.assertTrue(e2.getMessage().contains(" cannot perform operation " + Operation.VIEW_JOB_COUNTERS));
                    return null;
                } catch (InterruptedException e3) {
                    Assert.fail("Exception .. interrupted.." + e3);
                    return null;
                }
            }
        });
    }
}
