package org.apache.sentry.provider.db.generic.service.thrift;

import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.apache.log4j.Level;
import org.apache.sentry.provider.db.log.appender.AuditLoggerTestAppender;
import org.apache.sentry.provider.db.log.util.CommandUtil;
import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
import org.codehaus.jettison.json.JSONObject;
import org.hamcrest.core.Is;
import org.junit.After;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sentry/provider/db/generic/service/thrift/TestAuditLogForSentryGenericService.class */
public class TestAuditLogForSentryGenericService extends SentryServiceIntegrationBase {
    private SentryGenericServiceClient client;
    private static final String COMPONENT = "SQOOP";
    private static final Logger LOGGER = LoggerFactory.getLogger(TestAuditLogForSentryGenericService.class);

    @BeforeClass
    public static void setup() throws Exception {
        SentryServiceIntegrationBase.setup();
        org.apache.log4j.Logger logger = org.apache.log4j.Logger.getLogger("sentry.generic.authorization.ddl.logger");
        logger.addAppender(new AuditLoggerTestAppender());
        logger.setLevel(Level.INFO);
    }

    @Override // org.apache.sentry.service.thrift.SentryServiceIntegrationBase
    @After
    public void after() {
        try {
            runTestAsSubject(new SentryServiceIntegrationBase.TestOperation() { // from class: org.apache.sentry.provider.db.generic.service.thrift.TestAuditLogForSentryGenericService.1
                @Override // org.apache.sentry.service.thrift.SentryServiceIntegrationBase.TestOperation
                public void runTestAsSubject() throws Exception {
                    Iterator it = TestAuditLogForSentryGenericService.this.client.listAllRoles("admin_user", TestAuditLogForSentryGenericService.COMPONENT).iterator();
                    while (it.hasNext()) {
                        TestAuditLogForSentryGenericService.this.client.dropRole("admin_user", ((TSentryRole) it.next()).getRoleName(), TestAuditLogForSentryGenericService.COMPONENT);
                    }
                    if (TestAuditLogForSentryGenericService.this.client != null) {
                        TestAuditLogForSentryGenericService.this.client.close();
                    }
                }
            });
        } catch (Exception e) {
            LOGGER.warn("Exception happened after test case.", e);
        } finally {
            this.policyFilePath.delete();
        }
    }

    @Override // org.apache.sentry.service.thrift.SentryServiceIntegrationBase
    public void connectToSentryService() throws Exception {
        if (kerberos) {
            this.client = (SentryGenericServiceClient) clientUgi.doAs(new PrivilegedExceptionAction<SentryGenericServiceClient>() { // from class: org.apache.sentry.provider.db.generic.service.thrift.TestAuditLogForSentryGenericService.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public SentryGenericServiceClient run() throws Exception {
                    return SentryGenericServiceClientFactory.create(TestAuditLogForSentryGenericService.conf);
                }
            });
        } else {
            this.client = SentryGenericServiceClientFactory.create(conf);
        }
    }

    @Test
    public void testAuditLogForGenericModel() throws Exception {
        runTestAsSubject(new SentryServiceIntegrationBase.TestOperation() { // from class: org.apache.sentry.provider.db.generic.service.thrift.TestAuditLogForSentryGenericService.3
            @Override // org.apache.sentry.service.thrift.SentryServiceIntegrationBase.TestOperation
            public void runTestAsSubject() throws Exception {
                TestAuditLogForSentryGenericService.this.setLocalGroupMapping("admin_user", Sets.newHashSet(new String[]{"admin_group"}));
                TestAuditLogForSentryGenericService.this.writePolicyFile();
                TestAuditLogForSentryGenericService.this.client.createRole("admin_user", "admin_r", TestAuditLogForSentryGenericService.COMPONENT);
                HashMap hashMap = new HashMap();
                hashMap.put("operation", "CREATE_ROLE");
                hashMap.put("component", TestAuditLogForSentryGenericService.COMPONENT);
                hashMap.put("operationText", "CREATE ROLE admin_r");
                hashMap.put("allowed", "true");
                hashMap.put("ipAddress", null);
                TestAuditLogForSentryGenericService.this.assertAuditLog(hashMap);
                try {
                    TestAuditLogForSentryGenericService.this.client.createRole("admin_user", "admin_r", TestAuditLogForSentryGenericService.COMPONENT);
                    Assert.fail("Exception should have been thrown");
                } catch (Exception e) {
                    hashMap.clear();
                    hashMap.put("operation", "CREATE_ROLE");
                    hashMap.put("component", TestAuditLogForSentryGenericService.COMPONENT);
                    hashMap.put("operationText", "CREATE ROLE admin_r");
                    hashMap.put("allowed", "false");
                    hashMap.put("ipAddress", null);
                    TestAuditLogForSentryGenericService.this.assertAuditLog(hashMap);
                }
                TestAuditLogForSentryGenericService.this.client.grantRoleToGroups("admin_user", "admin_r", TestAuditLogForSentryGenericService.COMPONENT, Sets.newHashSet(new String[]{"g1"}));
                hashMap.clear();
                hashMap.put("operation", "ADD_ROLE_TO_GROUP");
                hashMap.put("component", TestAuditLogForSentryGenericService.COMPONENT);
                hashMap.put("operationText", "GRANT ROLE admin_r TO GROUP g1");
                hashMap.put("allowed", "true");
                hashMap.put("ipAddress", null);
                TestAuditLogForSentryGenericService.this.assertAuditLog(hashMap);
                try {
                    TestAuditLogForSentryGenericService.this.client.grantRoleToGroups("admin_user", "invalidRole", TestAuditLogForSentryGenericService.COMPONENT, Sets.newHashSet(new String[]{"g1"}));
                    Assert.fail("Exception should have been thrown");
                } catch (Exception e2) {
                    hashMap.clear();
                    hashMap.put("operation", "ADD_ROLE_TO_GROUP");
                    hashMap.put("component", TestAuditLogForSentryGenericService.COMPONENT);
                    hashMap.put("operationText", "GRANT ROLE invalidRole TO GROUP g1");
                    hashMap.put("allowed", "false");
                    hashMap.put("ipAddress", null);
                    TestAuditLogForSentryGenericService.this.assertAuditLog(hashMap);
                }
                TSentryPrivilege tSentryPrivilege = new TSentryPrivilege(TestAuditLogForSentryGenericService.COMPONENT, "sentryService", Lists.newArrayList(new TAuthorizable[]{new TAuthorizable("resourceType1", "resourceName1"), new TAuthorizable("resourceType2", "resourceName2")}), "all");
                TestAuditLogForSentryGenericService.this.client.grantPrivilege("admin_user", "admin_r", TestAuditLogForSentryGenericService.COMPONENT, tSentryPrivilege);
                hashMap.clear();
                hashMap.put("operation", "GRANT_PRIVILEGE");
                hashMap.put("component", TestAuditLogForSentryGenericService.COMPONENT);
                hashMap.put("operationText", "GRANT ALL ON resourceType1 resourceName1 resourceType2 resourceName2 TO ROLE admin_r");
                hashMap.put("allowed", "true");
                hashMap.put("ipAddress", null);
                TestAuditLogForSentryGenericService.this.assertAuditLog(hashMap);
                TSentryPrivilege tSentryPrivilege2 = new TSentryPrivilege(TestAuditLogForSentryGenericService.COMPONENT, "sentryService", Lists.newArrayList(new TAuthorizable[]{new TAuthorizable("resourceType1", "resourceName1")}), "invalidAction");
                try {
                    TestAuditLogForSentryGenericService.this.client.grantPrivilege("admin_user", "admin_r", TestAuditLogForSentryGenericService.COMPONENT, tSentryPrivilege2);
                    Assert.fail("Exception should have been thrown");
                } catch (Exception e3) {
                    hashMap.clear();
                    hashMap.put("operation", "GRANT_PRIVILEGE");
                    hashMap.put("component", TestAuditLogForSentryGenericService.COMPONENT);
                    hashMap.put("operationText", "GRANT INVALIDACTION ON resourceType1 resourceName1 TO ROLE admin_r");
                    hashMap.put("allowed", "false");
                    hashMap.put("ipAddress", null);
                    TestAuditLogForSentryGenericService.this.assertAuditLog(hashMap);
                }
                TestAuditLogForSentryGenericService.this.client.revokePrivilege("admin_user", "admin_r", TestAuditLogForSentryGenericService.COMPONENT, tSentryPrivilege);
                hashMap.clear();
                hashMap.put("operation", "REVOKE_PRIVILEGE");
                hashMap.put("component", TestAuditLogForSentryGenericService.COMPONENT);
                hashMap.put("operationText", "REVOKE ALL ON resourceType1 resourceName1 resourceType2 resourceName2 FROM ROLE admin_r");
                hashMap.put("allowed", "true");
                hashMap.put("ipAddress", null);
                TestAuditLogForSentryGenericService.this.assertAuditLog(hashMap);
                try {
                    TestAuditLogForSentryGenericService.this.client.revokePrivilege("admin_user", "invalidRole", TestAuditLogForSentryGenericService.COMPONENT, tSentryPrivilege2);
                    Assert.fail("Exception should have been thrown");
                } catch (Exception e4) {
                    hashMap.clear();
                    hashMap.put("operation", "REVOKE_PRIVILEGE");
                    hashMap.put("component", TestAuditLogForSentryGenericService.COMPONENT);
                    hashMap.put("operationText", "REVOKE INVALIDACTION ON resourceType1 resourceName1 FROM ROLE invalidRole");
                    hashMap.put("allowed", "false");
                    hashMap.put("ipAddress", null);
                    TestAuditLogForSentryGenericService.this.assertAuditLog(hashMap);
                }
                TestAuditLogForSentryGenericService.this.client.revokeRoleFromGroups("admin_user", "admin_r", TestAuditLogForSentryGenericService.COMPONENT, Sets.newHashSet(new String[]{"g1"}));
                hashMap.clear();
                hashMap.put("operation", "DELETE_ROLE_FROM_GROUP");
                hashMap.put("component", TestAuditLogForSentryGenericService.COMPONENT);
                hashMap.put("operationText", "REVOKE ROLE admin_r FROM GROUP g1");
                hashMap.put("allowed", "true");
                hashMap.put("ipAddress", null);
                TestAuditLogForSentryGenericService.this.assertAuditLog(hashMap);
                try {
                    TestAuditLogForSentryGenericService.this.client.revokeRoleFromGroups("admin_user", "invalidRole", TestAuditLogForSentryGenericService.COMPONENT, Sets.newHashSet(new String[]{"g1"}));
                    Assert.fail("Exception should have been thrown");
                } catch (Exception e5) {
                    hashMap.clear();
                    hashMap.put("operation", "DELETE_ROLE_FROM_GROUP");
                    hashMap.put("component", TestAuditLogForSentryGenericService.COMPONENT);
                    hashMap.put("operationText", "REVOKE ROLE invalidRole FROM GROUP g1");
                    hashMap.put("allowed", "false");
                    hashMap.put("ipAddress", null);
                    TestAuditLogForSentryGenericService.this.assertAuditLog(hashMap);
                }
                TestAuditLogForSentryGenericService.this.client.dropRole("admin_user", "admin_r", TestAuditLogForSentryGenericService.COMPONENT);
                hashMap.clear();
                hashMap.put("operation", "DROP_ROLE");
                hashMap.put("component", TestAuditLogForSentryGenericService.COMPONENT);
                hashMap.put("operationText", "DROP ROLE admin_r");
                hashMap.put("allowed", "true");
                hashMap.put("ipAddress", null);
                TestAuditLogForSentryGenericService.this.assertAuditLog(hashMap);
                try {
                    TestAuditLogForSentryGenericService.this.client.dropRole("admin_user", "admin_r", TestAuditLogForSentryGenericService.COMPONENT);
                    Assert.fail("Exception should have been thrown");
                } catch (Exception e6) {
                    hashMap.clear();
                    hashMap.put("operation", "DROP_ROLE");
                    hashMap.put("component", TestAuditLogForSentryGenericService.COMPONENT);
                    hashMap.put("operationText", "DROP ROLE admin_r");
                    hashMap.put("allowed", "false");
                    hashMap.put("ipAddress", null);
                    TestAuditLogForSentryGenericService.this.assertAuditLog(hashMap);
                }
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void assertAuditLog(Map<String, String> map) throws Exception {
        Assert.assertThat(AuditLoggerTestAppender.getLastLogLevel(), Is.is(Level.INFO));
        JSONObject jSONObject = new JSONObject(AuditLoggerTestAppender.getLastLogEvent());
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                String key = entry.getKey();
                if ("ipAddress".equals(key)) {
                    Assert.assertTrue(CommandUtil.assertIPInAuditLog(jSONObject.get(key).toString()));
                } else {
                    Assert.assertTrue(entry.getValue().equalsIgnoreCase(jSONObject.get(key).toString()));
                }
            }
        }
    }
}
