package org.apache.hadoop.ozone.security.acl;

import java.util.Arrays;
import java.util.Collections;
import org.apache.hadoop.ozone.om.exceptions.OMException;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
import org.apache.hadoop.ozone.security.acl.OzoneObj;
import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
import org.apache.hadoop.security.UserGroupInformation;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/ozone/security/acl/TestOzoneAdministrators.class */
public class TestOzoneAdministrators {
    private static OzoneNativeAuthorizer nativeAuthorizer;

    @BeforeClass
    public static void setup() {
        nativeAuthorizer = new OzoneNativeAuthorizer();
    }

    @Test
    public void testCreateVolume() throws Exception {
        testAdminOperations(getTestVolumeobj("testvolume"), getUserRequestContext("testuser", IAccessAuthorizer.ACLType.CREATE));
    }

    @Test
    public void testListAllVolume() throws Exception {
        testAdminOperations(getTestVolumeobj("/"), getUserRequestContext("testuser", IAccessAuthorizer.ACLType.LIST));
    }

    private void testAdminOperations(OzoneObj ozoneObj, RequestContext requestContext) throws OMException {
        nativeAuthorizer.setOzoneAdmins(Collections.emptyList());
        Assert.assertFalse("empty admin list disallow anyone to perform admin operations", nativeAuthorizer.checkAccess(ozoneObj, requestContext));
        nativeAuthorizer.setOzoneAdmins(Collections.singletonList("*"));
        Assert.assertTrue("wildcard admin allows everyone to perform admin operations", nativeAuthorizer.checkAccess(ozoneObj, requestContext));
        nativeAuthorizer.setOzoneAdmins(Collections.singletonList("testuser"));
        Assert.assertTrue("matching admins are allowed to perform admin operations", nativeAuthorizer.checkAccess(ozoneObj, requestContext));
        nativeAuthorizer.setOzoneAdmins(Arrays.asList("testuser2", "testuser"));
        Assert.assertTrue("matching admins are allowed to perform admin operations", nativeAuthorizer.checkAccess(ozoneObj, requestContext));
        nativeAuthorizer.setOzoneAdmins(Arrays.asList("testuser2", "testuser3"));
        Assert.assertFalse("mismatching admins are not allowed perform admin operations", nativeAuthorizer.checkAccess(ozoneObj, requestContext));
    }

    private RequestContext getUserRequestContext(String str, IAccessAuthorizer.ACLType aCLType) {
        return RequestContext.newBuilder().setClientUgi(UserGroupInformation.createRemoteUser(str)).setAclType(IAccessAuthorizer.ACLIdentityType.USER).setAclRights(aCLType).build();
    }

    private OzoneObj getTestVolumeobj(String str) {
        return OzoneObjInfo.Builder.newBuilder().setResType(OzoneObj.ResourceType.VOLUME).setStoreType(OzoneObj.StoreType.OZONE).setVolumeName(str).build();
    }
}
