package org.apache.sentry.provider.db.generic.tools;

import com.google.common.collect.Sets;
import com.google.common.collect.Table;
import com.google.common.io.Files;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.apache.commons.io.FileUtils;
import org.apache.sentry.core.common.exception.SentryUserException;
import org.apache.sentry.provider.common.ProviderBackendContext;
import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceIntegrationBase;
import org.apache.sentry.provider.db.generic.service.thrift.TAuthorizable;
import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
import org.apache.sentry.provider.db.generic.service.thrift.TSentryRole;
import org.apache.sentry.provider.file.PolicyFile;
import org.apache.sentry.provider.file.SimpleFileProviderBackend;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/sentry/provider/db/generic/tools/TestPermissionsMigrationToolSolr.class */
public class TestPermissionsMigrationToolSolr extends SentryGenericServiceIntegrationBase {
    private File confDir;
    private File confPath;
    private String requestorName = "";
    private String service = "service1";

    @Before
    public void prepareForTest() throws Exception {
        this.confDir = Files.createTempDir();
        this.confPath = new File(this.confDir, "sentry-site.xml");
        if (this.confPath.createNewFile()) {
            FileOutputStream fileOutputStream = new FileOutputStream(this.confPath);
            conf.writeXml(fileOutputStream);
            fileOutputStream.close();
        }
        this.requestorName = clientUgi.getShortUserName();
        HashSet newHashSet = Sets.newHashSet(new String[]{"admin_group"});
        setLocalGroupMapping(this.requestorName, newHashSet);
        setLocalGroupMapping("admin_user", newHashSet);
        setLocalGroupMapping("dev", Sets.newHashSet(new String[]{"dev_group"}));
        setLocalGroupMapping("user", Sets.newHashSet(new String[]{"user_group"}));
        writePolicyFile();
    }

    @After
    public void clearTestData() throws Exception {
        FileUtils.deleteQuietly(this.confDir);
        Iterator it = this.client.listAllRoles(this.requestorName, "SOLR").iterator();
        while (it.hasNext()) {
            String roleName = ((TSentryRole) it.next()).getRoleName();
            Iterator it2 = this.client.listAllPrivilegesByRoleName(this.requestorName, roleName, "SOLR", this.service).iterator();
            while (it2.hasNext()) {
                this.client.revokePrivilege(this.requestorName, roleName, "SOLR", (TSentryPrivilege) it2.next());
            }
            this.client.dropRole(this.requestorName, roleName, "SOLR");
        }
    }

    @Test
    public void testPermissionsMigrationFromSentrySvc_v1() throws Exception {
        initializeSentryService();
        new PermissionsMigrationToolSolr().executeConfigTool(new String[]{"-s", "1.8.0", "-c", this.confPath.getAbsolutePath()});
        HashMap hashMap = new HashMap();
        hashMap.put("admin_role", Sets.newHashSet(new String[]{"admin_group"}));
        hashMap.put("dev_role", Sets.newHashSet(new String[]{"dev_group"}));
        hashMap.put("user_role", Sets.newHashSet(new String[]{"user_group"}));
        HashMap hashMap2 = new HashMap();
        hashMap2.put("admin_role", Sets.newHashSet(new String[]{"admin=collections->action=*", "admin=cores->action=*"}));
        hashMap2.put("dev_role", Sets.newHashSet(new String[]{"collection=*->action=*", "admin=collections->action=*", "admin=cores->action=*"}));
        hashMap2.put("user_role", Sets.newHashSet(new String[]{"collection=foo->action=*"}));
        verifySentryServiceState(hashMap, hashMap2);
    }

    @Test
    public void testPermissionsMigrationFromSentryPolicyFile_v1() throws Exception {
        Path initializeSentryPolicyFile = initializeSentryPolicyFile();
        Path path = Paths.get(this.confDir.getAbsolutePath(), "sentry-provider_migrated.ini");
        Assert.assertTrue(new PermissionsMigrationToolSolr().executeConfigTool(new String[]{"-s", "1.8.0", "-p", initializeSentryPolicyFile.toFile().getAbsolutePath(), "-o", path.toFile().getAbsolutePath()}));
        HashSet hashSet = new HashSet();
        hashSet.add("admin_group");
        hashSet.add("dev_group");
        hashSet.add("user_group");
        HashMap hashMap = new HashMap();
        hashMap.put("admin_role", Sets.newHashSet(new String[]{"admin=collections->action=*", "admin=cores->action=*"}));
        hashMap.put("dev_role", Sets.newHashSet(new String[]{"collection=*->action=*", "admin=collections->action=*", "admin=cores->action=*"}));
        hashMap.put("user_role", Sets.newHashSet(new String[]{"collection=foo->action=*"}));
        verifySentryPolicyFile(hashSet, hashMap, path);
    }

    @Test
    public void testPermissionsMigrationFromSentrySvc_v2() throws Exception {
        initializeSentryService();
        new PermissionsMigrationToolSolr().executeConfigTool(new String[]{"-s", "2.0.0", "-c", this.confPath.getAbsolutePath()});
        HashMap hashMap = new HashMap();
        hashMap.put("admin_role", Sets.newHashSet(new String[]{"admin_group"}));
        hashMap.put("dev_role", Sets.newHashSet(new String[]{"dev_group"}));
        hashMap.put("user_role", Sets.newHashSet(new String[]{"user_group"}));
        HashMap hashMap2 = new HashMap();
        hashMap2.put("admin_role", Sets.newHashSet(new String[]{"collection=admin->action=*"}));
        hashMap2.put("dev_role", Sets.newHashSet(new String[]{"collection=*->action=*"}));
        hashMap2.put("user_role", Sets.newHashSet(new String[]{"collection=foo->action=*"}));
        verifySentryServiceState(hashMap, hashMap2);
    }

    @Test
    public void testPermissionsMigrationFromSentryPolicyFile_v2() throws Exception {
        Path initializeSentryPolicyFile = initializeSentryPolicyFile();
        Path path = Paths.get(this.confDir.getAbsolutePath(), "sentry-provider_migrated.ini");
        Assert.assertTrue(new PermissionsMigrationToolSolr().executeConfigTool(new String[]{"-s", "2.0.0", "-p", initializeSentryPolicyFile.toFile().getAbsolutePath(), "-o", path.toFile().getAbsolutePath()}));
        HashSet hashSet = new HashSet();
        hashSet.add("admin_group");
        hashSet.add("dev_group");
        hashSet.add("user_group");
        HashMap hashMap = new HashMap();
        hashMap.put("admin_role", Sets.newHashSet(new String[]{"collection=admin->action=*"}));
        hashMap.put("dev_role", Sets.newHashSet(new String[]{"collection=*->action=*"}));
        hashMap.put("user_role", Sets.newHashSet(new String[]{"collection=foo->action=*"}));
        verifySentryPolicyFile(hashSet, hashMap, path);
    }

    @Test
    public void testDryRunOption() throws Exception {
        initializeSentryService();
        new PermissionsMigrationToolSolr().executeConfigTool(new String[]{"-s", "1.8.0", "-c", this.confPath.getAbsolutePath(), "--dry_run"});
        HashMap hashMap = new HashMap();
        hashMap.put("admin_role", Sets.newHashSet(new String[]{"admin_group"}));
        hashMap.put("dev_role", Sets.newHashSet(new String[]{"dev_group"}));
        hashMap.put("user_role", Sets.newHashSet(new String[]{"user_group"}));
        HashMap hashMap2 = new HashMap();
        hashMap2.put("admin_role", Sets.newHashSet(new String[]{"collection=admin->action=*"}));
        hashMap2.put("dev_role", Sets.newHashSet(new String[]{"collection=*->action=*"}));
        hashMap2.put("user_role", Sets.newHashSet(new String[]{"collection=foo->action=*"}));
        verifySentryServiceState(hashMap, hashMap2);
    }

    @Test
    public void testInvalidToolArguments() throws Exception {
        PermissionsMigrationToolSolr permissionsMigrationToolSolr = new PermissionsMigrationToolSolr();
        Assert.assertFalse("The execution should have failed due to missing source version", permissionsMigrationToolSolr.executeConfigTool(new String[]{"-c", this.confPath.getAbsolutePath()}));
        String[] strArr = {"-s", "1.8.0"};
        permissionsMigrationToolSolr.executeConfigTool(strArr);
        Assert.assertFalse("The execution should have failed due to missing Sentry config file (or policy file) path", permissionsMigrationToolSolr.executeConfigTool(strArr));
        String[] strArr2 = {"-s", "1.8.0", "-p", "/test/path"};
        permissionsMigrationToolSolr.executeConfigTool(strArr2);
        Assert.assertFalse("The execution should have failed due to missing Sentry config output file path", permissionsMigrationToolSolr.executeConfigTool(strArr2));
        String[] strArr3 = {"-s", "1.8.0", "-c", "/test/path1", "-p", "/test/path2"};
        permissionsMigrationToolSolr.executeConfigTool(strArr3);
        Assert.assertFalse("The execution should have failed due to providing both Sentry config file as well as policy file params", permissionsMigrationToolSolr.executeConfigTool(strArr3));
    }

    private void initializeSentryService() throws SentryUserException {
        this.client.createRoleIfNotExist(this.requestorName, "admin_role", "SOLR");
        this.client.grantRoleToGroups(this.requestorName, "admin_role", "SOLR", Sets.newHashSet(new String[]{"admin_group"}));
        this.client.createRoleIfNotExist(this.requestorName, "dev_role", "SOLR");
        this.client.grantRoleToGroups(this.requestorName, "dev_role", "SOLR", Sets.newHashSet(new String[]{"dev_group"}));
        this.client.createRoleIfNotExist(this.requestorName, "user_role", "SOLR");
        this.client.grantRoleToGroups(this.requestorName, "user_role", "SOLR", Sets.newHashSet(new String[]{"user_group"}));
        this.client.grantPrivilege(this.requestorName, "admin_role", "SOLR", new TSentryPrivilege("SOLR", "service1", Arrays.asList(new TAuthorizable("collection", "admin")), "*"));
        this.client.grantPrivilege(this.requestorName, "dev_role", "SOLR", new TSentryPrivilege("SOLR", "service1", Arrays.asList(new TAuthorizable("collection", "*")), "*"));
        this.client.grantPrivilege(this.requestorName, "user_role", "SOLR", new TSentryPrivilege("SOLR", "service1", Arrays.asList(new TAuthorizable("collection", "foo")), "*"));
    }

    private void verifySentryServiceState(Map<String, Set<String>> map, Map<String, Set<String>> map2) throws SentryUserException {
        Set<TSentryRole> listAllRoles = this.client.listAllRoles(this.requestorName, "SOLR");
        Assert.assertEquals("Unexpected number of roles", map.keySet().size(), listAllRoles.size());
        HashSet<String> hashSet = new HashSet();
        Iterator it = listAllRoles.iterator();
        while (it.hasNext()) {
            hashSet.add(((TSentryRole) it.next()).getRoleName());
        }
        for (String str : map.keySet()) {
            Assert.assertTrue("Didn't find expected role: " + str, hashSet.contains(str));
        }
        for (TSentryRole tSentryRole : listAllRoles) {
            Set<String> set = map.get(tSentryRole.getRoleName());
            Assert.assertEquals("Group size doesn't match for role: " + tSentryRole.getRoleName(), set.size(), tSentryRole.getGroups().size());
            Assert.assertTrue("Group does not contain all expected members for role: " + tSentryRole.getRoleName(), tSentryRole.getGroups().containsAll(set));
        }
        GenericPrivilegeConverter genericPrivilegeConverter = new GenericPrivilegeConverter("SOLR", this.service);
        for (String str2 : hashSet) {
            Set listAllPrivilegesByRoleName = this.client.listAllPrivilegesByRoleName(this.requestorName, str2, "SOLR", this.service);
            Set<String> set2 = map2.get(str2);
            Assert.assertEquals("Privilege set size doesn't match for role: " + str2 + " Actual permissions : " + listAllPrivilegesByRoleName, set2.size(), listAllPrivilegesByRoleName.size());
            HashSet hashSet2 = new HashSet();
            Iterator it2 = listAllPrivilegesByRoleName.iterator();
            while (it2.hasNext()) {
                hashSet2.add(genericPrivilegeConverter.toString((TSentryPrivilege) it2.next()).toLowerCase());
            }
            for (String str3 : set2) {
                Assert.assertTrue("Did not find expected privilege: " + str3 + " in " + hashSet2, hashSet2.contains(str3));
            }
        }
    }

    private Path initializeSentryPolicyFile() throws Exception {
        PolicyFile policyFile = new PolicyFile();
        policyFile.addRolesToGroup("admin_group", new String[]{"admin_role"});
        policyFile.addRolesToGroup("dev_group", new String[]{"dev_role"});
        policyFile.addRolesToGroup("user_group", new String[]{"user_role"});
        policyFile.addPermissionsToRole("admin_role", new String[]{"collection=admin->action=*"});
        policyFile.addPermissionsToRole("dev_role", new String[]{"collection=*->action=*"});
        policyFile.addPermissionsToRole("user_role", new String[]{"collection=foo->action=*"});
        Path path = Paths.get(this.confDir.getAbsolutePath(), "sentry-provider.ini");
        policyFile.write(path.toFile());
        return path;
    }

    private void verifySentryPolicyFile(Set<String> set, Map<String, Set<String>> map, Path path) throws IOException {
        SimpleFileProviderBackend simpleFileProviderBackend = new SimpleFileProviderBackend(conf, new org.apache.hadoop.fs.Path(path.toUri()));
        simpleFileProviderBackend.initialize(new ProviderBackendContext());
        Table groupRolePrivilegeTable = simpleFileProviderBackend.getGroupRolePrivilegeTable();
        Assert.assertEquals(set, groupRolePrivilegeTable.rowKeySet());
        Assert.assertEquals(map.keySet(), groupRolePrivilegeTable.columnKeySet());
        for (String str : groupRolePrivilegeTable.rowKeySet()) {
            for (String str2 : groupRolePrivilegeTable.columnKeySet()) {
                if (groupRolePrivilegeTable.contains(str, str2)) {
                    Assert.assertEquals(map.get(str2), (Set) groupRolePrivilegeTable.get(str, str2));
                }
            }
        }
    }
}
