package org.apache.sentry.provider.db.service.thrift;

import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.Authorizable;
import org.apache.sentry.core.common.exception.SentryAccessDeniedException;
import org.apache.sentry.core.model.db.AccessURI;
import org.apache.sentry.core.model.db.DBModelAuthorizable;
import org.apache.sentry.core.model.db.Database;
import org.apache.sentry.core.model.db.Server;
import org.apache.sentry.core.model.db.Table;
import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.class */
public class TestSentryServiceIntegration extends SentryServiceIntegrationBase {
    @Test
    public void testCreateDropShowRole() throws Exception {
        runTestAsSubject(new SentryServiceIntegrationBase.TestOperation() { // from class: org.apache.sentry.provider.db.service.thrift.TestSentryServiceIntegration.1
            @Override // org.apache.sentry.service.thrift.SentryServiceIntegrationBase.TestOperation
            public void runTestAsSubject() throws Exception {
                TestSentryServiceIntegration.this.setLocalGroupMapping("admin_user", Sets.newHashSet(new String[]{"admin_group"}));
                TestSentryServiceIntegration.this.writePolicyFile();
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "admin_r");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "admin_r");
                Set<TSentryRole> listAllRoles = TestSentryServiceIntegration.this.client.listAllRoles("admin_user");
                Assert.assertEquals("Incorrect number of roles", 1L, listAllRoles.size());
                for (TSentryRole tSentryRole : listAllRoles) {
                    Assert.assertTrue(tSentryRole.getRoleName(), tSentryRole.getRoleName().equalsIgnoreCase("admin_r"));
                }
                TestSentryServiceIntegration.this.client.dropRole("admin_user", "admin_r");
            }
        });
    }

    @Test
    public void testGranRevokePrivilegeOnTableForRole() throws Exception {
        runTestAsSubject(new SentryServiceIntegrationBase.TestOperation() { // from class: org.apache.sentry.provider.db.service.thrift.TestSentryServiceIntegration.2
            @Override // org.apache.sentry.service.thrift.SentryServiceIntegrationBase.TestOperation
            public void runTestAsSubject() throws Exception {
                TestSentryServiceIntegration.this.setLocalGroupMapping("admin_user", Sets.newHashSet(new String[]{"admin_group"}));
                TestSentryServiceIntegration.this.writePolicyFile();
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "admin_r1");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "admin_r1");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "admin_r1", "server", "db1", "table1", "ALL");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "admin_r1", "server", "db1", "table2", "ALL");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "admin_r1", "server", "db2", "table3", "ALL");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "admin_r1", "server", "db2", "table4", "ALL");
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "admin_r2");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "admin_r2");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "admin_r2", "server", "db1", "table1", "ALL");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "admin_r2", "server", "db1", "table2", "ALL");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "admin_r2", "server", "db2", "table3", "ALL");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "admin_r2", "server", "db2", "table4", "ALL");
                Assert.assertEquals("Privilege not assigned to role1 !!", 4L, TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r1").size());
                Assert.assertEquals("Privilege not assigned to role2 !!", 4L, TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r2").size());
                TestSentryServiceIntegration.this.client.revokeTablePrivilege("admin_user", "admin_r1", "server", "db1", "table1", "ALL");
                Assert.assertTrue("Privilege not correctly revoked !!", TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r1").size() == 3);
                Assert.assertTrue("Privilege not correctly revoked !!", TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r2").size() == 4);
                TestSentryServiceIntegration.this.client.revokeTablePrivilege("admin_user", "admin_r2", "server", "db1", "table1", "ALL");
                Assert.assertTrue("Privilege not correctly revoked !!", TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r2").size() == 3);
                Assert.assertTrue("Privilege not correctly revoked !!", TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r1").size() == 3);
                TestSentryServiceIntegration.this.client.revokeTablePrivilege("admin_user", "admin_r1", "server", "db1", "table2", "ALL");
                TestSentryServiceIntegration.this.client.revokeTablePrivilege("admin_user", "admin_r1", "server", "db2", "table3", "ALL");
                TestSentryServiceIntegration.this.client.revokeTablePrivilege("admin_user", "admin_r1", "server", "db2", "table4", "ALL");
                Assert.assertTrue("Privilege not correctly revoked !!", TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r1").size() == 0);
                TestSentryServiceIntegration.this.client.revokeTablePrivilege("admin_user", "admin_r2", "server", "db1", "table2", "ALL");
                TestSentryServiceIntegration.this.client.revokeTablePrivilege("admin_user", "admin_r2", "server", "db2", "table3", "ALL");
                TestSentryServiceIntegration.this.client.revokeTablePrivilege("admin_user", "admin_r2", "server", "db2", "table4", "ALL");
                Assert.assertTrue("Privilege not correctly revoked !!", TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r2").size() == 0);
            }
        });
    }

    @Test
    public void testAddDeleteRolesForUser() throws Exception {
        runTestAsSubject(new SentryServiceIntegrationBase.TestOperation() { // from class: org.apache.sentry.provider.db.service.thrift.TestSentryServiceIntegration.3
            @Override // org.apache.sentry.service.thrift.SentryServiceIntegrationBase.TestOperation
            public void runTestAsSubject() throws Exception {
                TestSentryServiceIntegration.this.setLocalGroupMapping("admin_user", Sets.newHashSet(new String[]{"admin_group"}));
                HashMap newHashMap = Maps.newHashMap();
                newHashMap.put("u1", Sets.newHashSet(new String[]{"g1"}));
                newHashMap.put("u2", Sets.newHashSet(new String[]{"g1"}));
                newHashMap.put("u3", Sets.newHashSet(new String[]{"g1", "g2"}));
                newHashMap.put("u4", Sets.newHashSet(new String[]{"g2", "g3"}));
                TestSentryServiceIntegration.this.setLocalGroupMapping("u1", Sets.newHashSet(new String[]{"g1"}));
                TestSentryServiceIntegration.this.setLocalGroupMapping("u2", Sets.newHashSet(new String[]{"g1"}));
                TestSentryServiceIntegration.this.setLocalGroupMapping("u3", Sets.newHashSet(new String[]{"g1", "g2"}));
                TestSentryServiceIntegration.this.setLocalGroupMapping("u4", Sets.newHashSet(new String[]{"g2", "g3"}));
                TestSentryServiceIntegration.this.writePolicyFile();
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "r1");
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "r2");
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "r3");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "r1");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "r2");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "r3");
                TestSentryServiceIntegration.this.client.grantRoleToGroup("admin_user", "g1", "r1");
                TestSentryServiceIntegration.this.client.grantRoleToUser("admin_user", "u2", "r2");
                TestSentryServiceIntegration.this.client.grantRoleToUser("admin_user", "u3", "r2");
                TestSentryServiceIntegration.this.client.grantRoleToUser("admin_user", "u2", "r3");
                TestSentryServiceIntegration.this.client.grantRoleToUsers("admin_user", "r3", Sets.newHashSet(new String[]{"u4"}));
                Assert.assertEquals(0L, TestSentryServiceIntegration.this.client.listRolesByUserName("admin_user", "u1").size());
                Set<TSentryRole> listRolesByUserName = TestSentryServiceIntegration.this.client.listRolesByUserName("admin_user", "u2");
                Assert.assertEquals(2L, listRolesByUserName.size());
                for (TSentryRole tSentryRole : listRolesByUserName) {
                    Assert.assertTrue("r2".equals(tSentryRole.getRoleName()) || "r3".equals(tSentryRole.getRoleName()));
                }
                Set listRolesByUserName2 = TestSentryServiceIntegration.this.client.listRolesByUserName("admin_user", "u3");
                Assert.assertEquals(1L, listRolesByUserName2.size());
                Iterator it = listRolesByUserName2.iterator();
                while (it.hasNext()) {
                    Assert.assertTrue("r2".equals(((TSentryRole) it.next()).getRoleName()));
                }
                Set listRolesByUserName3 = TestSentryServiceIntegration.this.client.listRolesByUserName("admin_user", "u4");
                Assert.assertEquals(1L, listRolesByUserName3.size());
                Iterator it2 = listRolesByUserName3.iterator();
                while (it2.hasNext()) {
                    Assert.assertTrue("r3".equals(((TSentryRole) it2.next()).getRoleName()));
                }
                Assert.assertEquals(1L, TestSentryServiceIntegration.this.client.listRolesByUserName("u3", "u3").size());
                try {
                    TestSentryServiceIntegration.this.client.listRolesByUserName("u3", "u2");
                    Assert.fail("SentryAccessDeniedException should be caught.");
                } catch (SentryAccessDeniedException e) {
                }
                try {
                    TestSentryServiceIntegration.this.client.listRolesByUserName("u3", "");
                    Assert.fail("SentryAccessDeniedException should be caught.");
                } catch (SentryAccessDeniedException e2) {
                }
                TestSentryServiceIntegration.this.client.revokeRoleFromUser("admin_user", "u2", "r3");
                TestSentryServiceIntegration.this.client.revokeRoleFromUsers("admin_user", "r3", Sets.newHashSet(new String[]{"u4"}));
                Set listRolesByUserName4 = TestSentryServiceIntegration.this.client.listRolesByUserName("admin_user", "u2");
                Assert.assertEquals(1L, listRolesByUserName4.size());
                Iterator it3 = listRolesByUserName4.iterator();
                while (it3.hasNext()) {
                    Assert.assertTrue("r2".equals(((TSentryRole) it3.next()).getRoleName()));
                }
                Assert.assertEquals(0L, TestSentryServiceIntegration.this.client.listRolesByUserName("admin_user", "u4").size());
            }
        });
    }

    @Test
    public void testGranRevokePrivilegeForRoleWithUG() throws Exception {
        runTestAsSubject(new SentryServiceIntegrationBase.TestOperation() { // from class: org.apache.sentry.provider.db.service.thrift.TestSentryServiceIntegration.4
            @Override // org.apache.sentry.service.thrift.SentryServiceIntegrationBase.TestOperation
            public void runTestAsSubject() throws Exception {
                TestSentryServiceIntegration.this.setLocalGroupMapping("admin_user", Sets.newHashSet(new String[]{"admin_group"}));
                HashMap newHashMap = Maps.newHashMap();
                newHashMap.put("u1_1", "g1");
                newHashMap.put("u1_2", "g1");
                newHashMap.put("u2_1", "g2");
                newHashMap.put("u2_2", "u2_1");
                HashSet newHashSet = Sets.newHashSet(new String[]{"g1"});
                TestSentryServiceIntegration.this.setLocalGroupMapping("u1_1", newHashSet);
                TestSentryServiceIntegration.this.setLocalGroupMapping("u1_2", newHashSet);
                HashSet newHashSet2 = Sets.newHashSet(new String[]{"g2"});
                TestSentryServiceIntegration.this.setLocalGroupMapping("u2_1", newHashSet2);
                TestSentryServiceIntegration.this.setLocalGroupMapping("u2_2", newHashSet2);
                TestSentryServiceIntegration.this.writePolicyFile();
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "r1");
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "r2");
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "r3");
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "r4");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "r1");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "r2");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "r3");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "r4");
                TestSentryServiceIntegration.this.client.grantRoleToGroup("admin_user", "g1", "r1");
                TestSentryServiceIntegration.this.client.grantRoleToGroup("admin_user", "g2", "r2");
                TestSentryServiceIntegration.this.client.grantRoleToUser("admin_user", "u1_1", "r3");
                TestSentryServiceIntegration.this.client.grantRoleToUsers("admin_user", "r4", Sets.newHashSet(new String[]{"u2_1"}));
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "r1", "server", "db1", "table1_1", "ALL");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "r1", "server", "db1", "table1_2", "ALL");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "r2", "server", "db1", "table2_1", "ALL");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "r2", "server", "db1", "table2_2", "ALL");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "r3", "server", "db1", "table3_1", "ALL");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "r3", "server", "db1", "table3_2", "ALL");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "r4", "server", "db1", "table4_1", "ALL");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "r4", "server", "db1", "table4_2", "ALL");
                Assert.assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet(new String[]{"server=server->db=db1->table=table1_1->action=all", "server=server->db=db1->table=table1_2->action=all"}), TestSentryServiceIntegration.this.client.listPrivilegesForProvider(Sets.newHashSet(new String[]{"g1"}), Sets.newHashSet(new String[]{""}), ActiveRoleSet.ALL, (Authorizable[]) null));
                Assert.assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet(new String[]{"server=server->db=db1->table=table1_1->action=all", "server=server->db=db1->table=table1_2->action=all"}), TestSentryServiceIntegration.this.client.listPrivilegesForProvider(Sets.newHashSet(new String[]{(String) newHashMap.get("u1_2")}), Sets.newHashSet(new String[]{"u1_2"}), ActiveRoleSet.ALL, (Authorizable[]) null));
                Assert.assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet(new String[]{"server=server->db=db1->table=table1_1->action=all", "server=server->db=db1->table=table1_2->action=all", "server=server->db=db1->table=table3_1->action=all", "server=server->db=db1->table=table3_2->action=all"}), TestSentryServiceIntegration.this.client.listPrivilegesForProvider(Sets.newHashSet(new String[]{(String) newHashMap.get("u1_1")}), Sets.newHashSet(new String[]{"u1_1"}), ActiveRoleSet.ALL, (Authorizable[]) null));
                Assert.assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet(new String[]{"server=server->db=db1->table=table1_1->action=all", "server=server->db=db1->table=table1_2->action=all", "server=server->db=db1->table=table3_1->action=all", "server=server->db=db1->table=table3_2->action=all"}), TestSentryServiceIntegration.this.client.listPrivilegesForProvider(Sets.newHashSet(new String[]{"g1"}), Sets.newHashSet(new String[]{"u1_1", "u1_2"}), ActiveRoleSet.ALL, (Authorizable[]) null));
                Assert.assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet(new String[]{"server=server->db=db1->table=table1_1->action=all", "server=server->db=db1->table=table1_2->action=all", "server=server->db=db1->table=table2_1->action=all", "server=server->db=db1->table=table2_2->action=all", "server=server->db=db1->table=table3_1->action=all", "server=server->db=db1->table=table3_2->action=all", "server=server->db=db1->table=table4_1->action=all", "server=server->db=db1->table=table4_2->action=all"}), TestSentryServiceIntegration.this.client.listPrivilegesForProvider(Sets.newHashSet(new String[]{"g1", "g2"}), Sets.newHashSet(new String[]{"u1_1", "u1_2", "u2_1", "u2_2"}), ActiveRoleSet.ALL, (Authorizable[]) null));
                TestSentryServiceIntegration.this.client.revokeRoleFromUser("admin_user", "u1_1", "r3");
                TestSentryServiceIntegration.this.client.revokeRoleFromUsers("admin_user", "r4", Sets.newHashSet(new String[]{"u2_1"}));
            }
        });
    }

    @Test
    public void testMultipleRolesSamePrivilege() throws Exception {
        runTestAsSubject(new SentryServiceIntegrationBase.TestOperation() { // from class: org.apache.sentry.provider.db.service.thrift.TestSentryServiceIntegration.5
            @Override // org.apache.sentry.service.thrift.SentryServiceIntegrationBase.TestOperation
            public void runTestAsSubject() throws Exception {
                TestSentryServiceIntegration.this.setLocalGroupMapping("admin_user", Sets.newHashSet(new String[]{"admin_group"}));
                TestSentryServiceIntegration.this.writePolicyFile();
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "admin_r1");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "admin_r1");
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "admin_r2");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "admin_r2");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "admin_r1", "server", "db", "table", "ALL");
                Assert.assertTrue("Privilege not assigned to role1 !!", TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r1").size() == 1);
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "admin_r2", "server", "db", "table", "ALL");
                Assert.assertTrue("Privilege not assigned to role2 !!", TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r2").size() == 1);
            }
        });
    }

    @Test
    public void testShowRoleGrant() throws Exception {
        runTestAsSubject(new SentryServiceIntegrationBase.TestOperation() { // from class: org.apache.sentry.provider.db.service.thrift.TestSentryServiceIntegration.6
            @Override // org.apache.sentry.service.thrift.SentryServiceIntegrationBase.TestOperation
            public void runTestAsSubject() throws Exception {
                TestSentryServiceIntegration.this.setLocalGroupMapping("admin_user", Sets.newHashSet(new String[]{"admin_group"}));
                TestSentryServiceIntegration.this.writePolicyFile();
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "admin_testdb");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "admin_testdb");
                Assert.assertEquals("Incorrect number of roles", 1L, TestSentryServiceIntegration.this.client.listAllRoles("admin_user").size());
                TestSentryServiceIntegration.this.client.grantRoleToGroup("admin_user", "group1", "admin_testdb");
                Set<TSentryRole> listRolesByGroupName = TestSentryServiceIntegration.this.client.listRolesByGroupName("admin_user", "group1");
                Assert.assertTrue(listRolesByGroupName.size() == 1);
                for (TSentryRole tSentryRole : listRolesByGroupName) {
                    Assert.assertTrue(tSentryRole.getRoleName(), tSentryRole.getRoleName().equalsIgnoreCase("admin_testdb"));
                    Assert.assertTrue(tSentryRole.getGroups().size() == 1);
                    for (TSentryGroup tSentryGroup : tSentryRole.getGroups()) {
                        Assert.assertTrue(tSentryGroup.getGroupName(), tSentryGroup.getGroupName().equalsIgnoreCase("group1"));
                    }
                }
                TestSentryServiceIntegration.this.client.dropRole("admin_user", "admin_testdb");
            }
        });
    }

    @Test
    public void testShowGrant() throws Exception {
        runTestAsSubject(new SentryServiceIntegrationBase.TestOperation() { // from class: org.apache.sentry.provider.db.service.thrift.TestSentryServiceIntegration.7
            @Override // org.apache.sentry.service.thrift.SentryServiceIntegrationBase.TestOperation
            public void runTestAsSubject() throws Exception {
                TestSentryServiceIntegration.this.setLocalGroupMapping("admin_user", Sets.newHashSet(new String[]{"admin_group"}));
                TestSentryServiceIntegration.this.writePolicyFile();
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "admin_testdb");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "admin_testdb");
                Assert.assertEquals("Incorrect number of roles", 1L, TestSentryServiceIntegration.this.client.listAllRoles("admin_user").size());
                TestSentryServiceIntegration.this.client.grantDatabasePrivilege("admin_user", "admin_testdb", "server1", "testDB", "*");
                Assert.assertTrue(TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_testdb").size() == 1);
                TestSentryServiceIntegration.this.client.revokeDatabasePrivilege("admin_user", "admin_testdb", "server1", "testDB", "*");
                TestSentryServiceIntegration.this.client.dropRole("admin_user", "admin_testdb");
            }
        });
    }

    @Test
    public void testUriWithEquals() throws Exception {
        runTestAsSubject(new SentryServiceIntegrationBase.TestOperation() { // from class: org.apache.sentry.provider.db.service.thrift.TestSentryServiceIntegration.8
            @Override // org.apache.sentry.service.thrift.SentryServiceIntegrationBase.TestOperation
            public void runTestAsSubject() throws Exception {
                TestSentryServiceIntegration.this.setLocalGroupMapping("admin_user", Sets.newHashSet(new String[]{"admin_group"}));
                TestSentryServiceIntegration.this.writePolicyFile();
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "admin_testdb");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "admin_testdb");
                Assert.assertEquals("Incorrect number of roles", 1L, TestSentryServiceIntegration.this.client.listAllRoles("admin_user").size());
                TestSentryServiceIntegration.this.client.grantURIPrivilege("admin_user", "admin_testdb", "server1", "file://u/w/h/t/partition=value/");
                Assert.assertTrue(TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_testdb").size() == 1);
                TestSentryServiceIntegration.this.client.revokeURIPrivilege("admin_user", "admin_testdb", "server1", "file://u/w/h/t/partition=value/");
                Assert.assertTrue(TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_testdb").size() == 0);
                TestSentryServiceIntegration.this.client.dropRole("admin_user", "admin_testdb");
            }
        });
    }

    @Test
    public void testSameGrantTwice() throws Exception {
        runTestAsSubject(new SentryServiceIntegrationBase.TestOperation() { // from class: org.apache.sentry.provider.db.service.thrift.TestSentryServiceIntegration.9
            @Override // org.apache.sentry.service.thrift.SentryServiceIntegrationBase.TestOperation
            public void runTestAsSubject() throws Exception {
                TestSentryServiceIntegration.this.setLocalGroupMapping("admin_user", Sets.newHashSet(new String[]{"admin_group"}));
                TestSentryServiceIntegration.this.writePolicyFile();
                TestSentryServiceIntegration.this.client.createRole("admin_user", "admin_r1");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "admin_r1", "server", "db1", "table1", "ALL");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "admin_r1", "server", "db1", "table1", "ALL");
                Assert.assertEquals(1L, TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r1").size());
            }
        });
    }

    @Test
    public void testGrantRevokeWithGrantOption() throws Exception {
        runTestAsSubject(new SentryServiceIntegrationBase.TestOperation() { // from class: org.apache.sentry.provider.db.service.thrift.TestSentryServiceIntegration.10
            @Override // org.apache.sentry.service.thrift.SentryServiceIntegrationBase.TestOperation
            public void runTestAsSubject() throws Exception {
                TestSentryServiceIntegration.this.setLocalGroupMapping("admin_user", Sets.newHashSet(new String[]{"admin_group"}));
                TestSentryServiceIntegration.this.writePolicyFile();
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "admin_r1");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "admin_r1");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "admin_r1", "server", "db1", "table1", "ALL", true);
                Assert.assertEquals(1L, TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r1").size());
                TestSentryServiceIntegration.this.client.revokeTablePrivilege("admin_user", "admin_r1", "server", "db1", "table1", "ALL", false);
                Assert.assertEquals(1L, TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r1").size());
                TestSentryServiceIntegration.this.client.revokeTablePrivilege("admin_user", "admin_r1", "server", "db1", "table1", "ALL", true);
                Assert.assertEquals(0L, TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r1").size());
            }
        });
    }

    @Test
    public void testGrantTwoPrivilegeDiffInGrantOption() throws Exception {
        runTestAsSubject(new SentryServiceIntegrationBase.TestOperation() { // from class: org.apache.sentry.provider.db.service.thrift.TestSentryServiceIntegration.11
            @Override // org.apache.sentry.service.thrift.SentryServiceIntegrationBase.TestOperation
            public void runTestAsSubject() throws Exception {
                TestSentryServiceIntegration.this.setLocalGroupMapping("admin_user", Sets.newHashSet(new String[]{"admin_group"}));
                TestSentryServiceIntegration.this.writePolicyFile();
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "admin_r1");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "admin_r1");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "admin_r1", "server", "db1", "table1", "ALL", true);
                Assert.assertEquals(1L, TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r1").size());
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "admin_r1", "server", "db1", "table1", "ALL", false);
                Assert.assertEquals(2L, TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r1").size());
                TestSentryServiceIntegration.this.client.revokeTablePrivilege("admin_user", "admin_r1", "server", "db1", "table1", "ALL", (Boolean) null);
                Assert.assertEquals(0L, TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r1").size());
            }
        });
    }

    @Test
    public void testGranRevokePrivilegeOnColumnForRole() throws Exception {
        runTestAsSubject(new SentryServiceIntegrationBase.TestOperation() { // from class: org.apache.sentry.provider.db.service.thrift.TestSentryServiceIntegration.12
            @Override // org.apache.sentry.service.thrift.SentryServiceIntegrationBase.TestOperation
            public void runTestAsSubject() throws Exception {
                TestSentryServiceIntegration.this.setLocalGroupMapping("admin_user", Sets.newHashSet(new String[]{"admin_group"}));
                TestSentryServiceIntegration.this.writePolicyFile();
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "admin_r1");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "admin_r1");
                TestSentryServiceIntegration.this.client.grantColumnPrivilege("admin_user", "admin_r1", "server", "db1", "table1", "col1", "ALL");
                TestSentryServiceIntegration.this.client.grantColumnPrivilege("admin_user", "admin_r1", "server", "db1", "table1", "col2", "ALL");
                TestSentryServiceIntegration.this.client.grantColumnPrivilege("admin_user", "admin_r1", "server", "db1", "table2", "col1", "ALL");
                TestSentryServiceIntegration.this.client.grantColumnPrivilege("admin_user", "admin_r1", "server", "db1", "table2", "col2", "ALL");
                TestSentryServiceIntegration.this.client.grantColumnPrivilege("admin_user", "admin_r1", "server", "db2", "table1", "col1", "ALL");
                TestSentryServiceIntegration.this.client.grantColumnPrivilege("admin_user", "admin_r1", "server", "db2", "table2", "col1", "ALL");
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "admin_r2");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "admin_r2");
                TestSentryServiceIntegration.this.client.grantColumnPrivilege("admin_user", "admin_r2", "server", "db1", "table1", "col1", "ALL");
                TestSentryServiceIntegration.this.client.grantColumnPrivilege("admin_user", "admin_r2", "server", "db1", "table1", "col2", "ALL");
                TestSentryServiceIntegration.this.client.grantColumnPrivilege("admin_user", "admin_r2", "server", "db1", "table2", "col1", "ALL");
                TestSentryServiceIntegration.this.client.grantColumnPrivilege("admin_user", "admin_r2", "server", "db1", "table2", "col2", "ALL");
                TestSentryServiceIntegration.this.client.grantColumnPrivilege("admin_user", "admin_r2", "server", "db2", "table1", "col1", "ALL");
                TestSentryServiceIntegration.this.client.grantColumnPrivilege("admin_user", "admin_r2", "server", "db2", "table2", "col1", "ALL");
                Assert.assertEquals("Privilege not assigned to role1 !!", 6L, TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r1").size());
                Assert.assertEquals("Privilege not assigned to role2 !!", 6L, TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r2").size());
                TestSentryServiceIntegration.this.client.revokeColumnPrivilege("admin_user", "admin_r1", "server", "db1", "table1", "col1", "ALL");
                Assert.assertTrue("Privilege not correctly revoked !!", TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r1").size() == 5);
                Assert.assertTrue("Privilege not correctly revoked !!", TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r2").size() == 6);
                TestSentryServiceIntegration.this.client.revokeTablePrivilege("admin_user", "admin_r2", "server", "db1", "table1", "ALL");
                Assert.assertTrue("Privilege not correctly revoked !!", TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r2").size() == 4);
                Assert.assertTrue("Privilege not correctly revoked !!", TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r1").size() == 5);
                TestSentryServiceIntegration.this.client.revokeDatabasePrivilege("admin_user", "admin_r1", "server", "db1", "ALL");
                Assert.assertTrue("Privilege not correctly revoked !!", TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r1").size() == 2);
                TestSentryServiceIntegration.this.client.revokeColumnPrivilege("admin_user", "admin_r1", "server", "db2", "table1", "col1", "ALL");
                TestSentryServiceIntegration.this.client.revokeColumnPrivilege("admin_user", "admin_r1", "server", "db2", "table2", "col1", "ALL");
                Assert.assertTrue("Privilege not correctly revoked !!", TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r1").size() == 0);
                TestSentryServiceIntegration.this.client.revokeColumnPrivilege("admin_user", "admin_r2", "server", "db1", "table2", "col1", "ALL");
                TestSentryServiceIntegration.this.client.revokeColumnPrivilege("admin_user", "admin_r2", "server", "db1", "table2", "col2", "ALL");
                TestSentryServiceIntegration.this.client.revokeColumnPrivilege("admin_user", "admin_r2", "server", "db2", "table1", "col1", "ALL");
                TestSentryServiceIntegration.this.client.revokeColumnPrivilege("admin_user", "admin_r2", "server", "db2", "table2", "col1", "ALL");
                Assert.assertTrue("Privilege not correctly revoked !!", TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r2").size() == 0);
            }
        });
    }

    @Test
    public void testListByAuthDB() throws Exception {
        runTestAsSubject(new SentryServiceIntegrationBase.TestOperation() { // from class: org.apache.sentry.provider.db.service.thrift.TestSentryServiceIntegration.13
            @Override // org.apache.sentry.service.thrift.SentryServiceIntegrationBase.TestOperation
            public void runTestAsSubject() throws Exception {
                HashSet newHashSet = Sets.newHashSet(new String[]{"admin_group"});
                HashSet newHashSet2 = Sets.newHashSet(new String[]{"role1", "role2"});
                HashSet newHashSet3 = Sets.newHashSet(new String[]{"group1", "group2"});
                TestSentryServiceIntegration.this.setLocalGroupMapping("admin_user", newHashSet);
                TestSentryServiceIntegration.this.setLocalGroupMapping("group1user", Sets.newHashSet(new String[]{"group1"}));
                TestSentryServiceIntegration.this.setLocalGroupMapping("group2user", Sets.newHashSet(new String[]{"group2"}));
                TestSentryServiceIntegration.this.setLocalGroupMapping("random", Sets.newHashSet(new String[]{"foo"}));
                TestSentryServiceIntegration.this.writePolicyFile();
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "role1");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "role1");
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "role2");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "role2");
                TSentryPrivilege grantDatabasePrivilege = TestSentryServiceIntegration.this.client.grantDatabasePrivilege("admin_user", "role1", "server1", "testDB", "select");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "role1", "server1", "testDB", "testTab", "*");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "role1", "server1", "testDB2", "testTab", "select");
                TestSentryServiceIntegration.this.client.grantURIPrivilege("admin_user", "role1", "server1", "hdfs:///fooUri");
                TestSentryServiceIntegration.this.client.grantRoleToGroup("admin_user", "group1", "role1");
                TSentryPrivilege grantDatabasePrivilege2 = TestSentryServiceIntegration.this.client.grantDatabasePrivilege("admin_user", "role2", "server1", "testDB", "*");
                TestSentryServiceIntegration.this.client.grantDatabasePrivilege("admin_user", "role2", "server1", "testDB2", "select");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "role2", "server1", "testDB2", "testTab", "*");
                TestSentryServiceIntegration.this.client.grantRoleToGroup("admin_user", "group2", "role2");
                TSentryPrivilegeMap tSentryPrivilegeMap = new TSentryPrivilegeMap(new TreeMap());
                tSentryPrivilegeMap.getPrivilegeMap().put("role1", Sets.newHashSet(new TSentryPrivilege[]{grantDatabasePrivilege}));
                tSentryPrivilegeMap.getPrivilegeMap().put("role2", Sets.newHashSet(new TSentryPrivilege[]{grantDatabasePrivilege2}));
                TreeMap newTreeMap = Maps.newTreeMap();
                ArrayList newArrayList = Lists.newArrayList(new DBModelAuthorizable[]{new Server("server1"), new Database("testDB")});
                newTreeMap.put(SentryPolicyServiceClientDefaultImpl.setupSentryAuthorizable(newArrayList), tSentryPrivilegeMap);
                HashSet newHashSet4 = Sets.newHashSet();
                newHashSet4.add(newArrayList);
                Assert.assertEquals(newTreeMap, TestSentryServiceIntegration.this.client.listPrivilegsbyAuthorizable("admin_user", newHashSet4, (Set) null, (ActiveRoleSet) null));
                Assert.assertEquals(newTreeMap, TestSentryServiceIntegration.this.client.listPrivilegsbyAuthorizable("admin_user", newHashSet4, (Set) null, new ActiveRoleSet(newHashSet2)));
                Assert.assertEquals(newTreeMap, TestSentryServiceIntegration.this.client.listPrivilegsbyAuthorizable("admin_user", newHashSet4, (Set) null, ActiveRoleSet.ALL));
                Assert.assertEquals(newTreeMap, TestSentryServiceIntegration.this.client.listPrivilegsbyAuthorizable("admin_user", newHashSet4, newHashSet3, (ActiveRoleSet) null));
                Assert.assertEquals(newTreeMap, TestSentryServiceIntegration.this.client.listPrivilegsbyAuthorizable("admin_user", newHashSet4, newHashSet3, new ActiveRoleSet(newHashSet2)));
                Assert.assertEquals(newTreeMap, TestSentryServiceIntegration.this.client.listPrivilegsbyAuthorizable("admin_user", newHashSet4, newHashSet3, ActiveRoleSet.ALL));
                Map listPrivilegsbyAuthorizable = TestSentryServiceIntegration.this.client.listPrivilegsbyAuthorizable("random", newHashSet4, new HashSet(), ActiveRoleSet.ALL);
                newTreeMap.clear();
                newTreeMap.put(SentryPolicyServiceClientDefaultImpl.setupSentryAuthorizable(newArrayList), new TSentryPrivilegeMap(new HashMap()));
                Assert.assertEquals(newTreeMap, listPrivilegsbyAuthorizable);
            }
        });
    }

    @Test
    public void testListByAuthTab() throws Exception {
        runTestAsSubject(new SentryServiceIntegrationBase.TestOperation() { // from class: org.apache.sentry.provider.db.service.thrift.TestSentryServiceIntegration.14
            @Override // org.apache.sentry.service.thrift.SentryServiceIntegrationBase.TestOperation
            public void runTestAsSubject() throws Exception {
                TestSentryServiceIntegration.this.setLocalGroupMapping("admin_user", Sets.newHashSet(new String[]{"admin_group"}));
                TestSentryServiceIntegration.this.writePolicyFile();
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "role1");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "role1");
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "role2");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "role2");
                TestSentryServiceIntegration.this.client.grantDatabasePrivilege("admin_user", "role1", "server1", "testDB", "select");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "role1", "server1", "testDB", "testTab", "*");
                TSentryPrivilege grantTablePrivilege = TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "role1", "server1", "testDB2", "testTab", "select");
                TestSentryServiceIntegration.this.client.grantDatabasePrivilege("admin_user", "role2", "server1", "testDB", "*");
                TestSentryServiceIntegration.this.client.grantDatabasePrivilege("admin_user", "role2", "server1", "testDB2", "select");
                TSentryPrivilege grantTablePrivilege2 = TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "role2", "server1", "testDB2", "testTab", "*");
                TestSentryServiceIntegration.this.client.grantURIPrivilege("admin_user", "role1", "server1", "hdfs:///fooUri");
                TSentryPrivilegeMap tSentryPrivilegeMap = new TSentryPrivilegeMap(new TreeMap());
                tSentryPrivilegeMap.getPrivilegeMap().put("role1", Sets.newHashSet(new TSentryPrivilege[]{grantTablePrivilege}));
                tSentryPrivilegeMap.getPrivilegeMap().put("role2", Sets.newHashSet(new TSentryPrivilege[]{grantTablePrivilege2}));
                TreeMap newTreeMap = Maps.newTreeMap();
                ArrayList newArrayList = Lists.newArrayList(new DBModelAuthorizable[]{new Server("server1"), new Database("testDB2"), new Table("testTab")});
                newTreeMap.put(SentryPolicyServiceClientDefaultImpl.setupSentryAuthorizable(newArrayList), tSentryPrivilegeMap);
                HashSet newHashSet = Sets.newHashSet();
                newHashSet.add(newArrayList);
                Assert.assertEquals(newTreeMap, TestSentryServiceIntegration.this.client.listPrivilegsbyAuthorizable("admin_user", newHashSet, (Set) null, (ActiveRoleSet) null));
            }
        });
    }

    @Test
    public void testListByAuthUri() throws Exception {
        runTestAsSubject(new SentryServiceIntegrationBase.TestOperation() { // from class: org.apache.sentry.provider.db.service.thrift.TestSentryServiceIntegration.15
            @Override // org.apache.sentry.service.thrift.SentryServiceIntegrationBase.TestOperation
            public void runTestAsSubject() throws Exception {
                TestSentryServiceIntegration.this.setLocalGroupMapping("admin_user", Sets.newHashSet(new String[]{"admin_group"}));
                TestSentryServiceIntegration.this.writePolicyFile();
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "role1");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "role1");
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "role2");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "role2");
                TestSentryServiceIntegration.this.client.grantDatabasePrivilege("admin_user", "role1", "server1", "testDB", "select");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "role1", "server1", "testDB", "testTab", "*");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "role1", "server1", "testDB2", "testTab", "select");
                TSentryPrivilege grantURIPrivilege = TestSentryServiceIntegration.this.client.grantURIPrivilege("admin_user", "role1", "server1", "hdfs:///fooUri");
                TestSentryServiceIntegration.this.client.grantDatabasePrivilege("admin_user", "role2", "server1", "testDB", "*");
                TestSentryServiceIntegration.this.client.grantDatabasePrivilege("admin_user", "role2", "server1", "testDB2", "select");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "role2", "server1", "testDB2", "testTab", "*");
                TSentryPrivilege grantURIPrivilege2 = TestSentryServiceIntegration.this.client.grantURIPrivilege("admin_user", "role2", "server1", "hdfs:///fooUri");
                TSentryPrivilegeMap tSentryPrivilegeMap = new TSentryPrivilegeMap(new TreeMap());
                tSentryPrivilegeMap.getPrivilegeMap().put("role1", Sets.newHashSet(new TSentryPrivilege[]{grantURIPrivilege}));
                tSentryPrivilegeMap.getPrivilegeMap().put("role2", Sets.newHashSet(new TSentryPrivilege[]{grantURIPrivilege2}));
                TreeMap newTreeMap = Maps.newTreeMap();
                ArrayList newArrayList = Lists.newArrayList(new DBModelAuthorizable[]{new Server("server1"), new AccessURI("hdfs:///fooUri")});
                newTreeMap.put(SentryPolicyServiceClientDefaultImpl.setupSentryAuthorizable(newArrayList), tSentryPrivilegeMap);
                HashSet newHashSet = Sets.newHashSet();
                newHashSet.add(newArrayList);
                Assert.assertEquals(newTreeMap, TestSentryServiceIntegration.this.client.listPrivilegsbyAuthorizable("admin_user", newHashSet, (Set) null, (ActiveRoleSet) null));
            }
        });
    }

    @Test
    public void testListByAuthTabForNonAdmin() throws Exception {
        runTestAsSubject(new SentryServiceIntegrationBase.TestOperation() { // from class: org.apache.sentry.provider.db.service.thrift.TestSentryServiceIntegration.16
            @Override // org.apache.sentry.service.thrift.SentryServiceIntegrationBase.TestOperation
            public void runTestAsSubject() throws Exception {
                HashSet newHashSet = Sets.newHashSet(new String[]{"admin_group"});
                HashSet newHashSet2 = Sets.newHashSet(new String[]{"group1"});
                HashSet newHashSet3 = Sets.newHashSet(new String[]{"group2"});
                TestSentryServiceIntegration.this.setLocalGroupMapping("admin_user", newHashSet);
                TestSentryServiceIntegration.this.setLocalGroupMapping("user1", newHashSet2);
                TestSentryServiceIntegration.this.writePolicyFile();
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "role1");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "role1");
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "role2");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "role2");
                TestSentryServiceIntegration.this.client.grantDatabasePrivilege("admin_user", "role1", "server1", "testDB", "select");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "role1", "server1", "testDB", "testTab", "*");
                TSentryPrivilege grantTablePrivilege = TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "role1", "server1", "testDB2", "testTab", "select");
                TestSentryServiceIntegration.this.client.grantRoleToGroup("admin_user", "group1", "role1");
                TestSentryServiceIntegration.this.client.grantDatabasePrivilege("admin_user", "role2", "server1", "testDB", "*");
                TestSentryServiceIntegration.this.client.grantDatabasePrivilege("admin_user", "role2", "server1", "testDB2", "select");
                TestSentryServiceIntegration.this.client.grantTablePrivilege("admin_user", "role2", "server1", "testDB2", "testTab", "*");
                TestSentryServiceIntegration.this.client.grantURIPrivilege("admin_user", "role1", "server1", "hdfs:///fooUri");
                TSentryPrivilegeMap tSentryPrivilegeMap = new TSentryPrivilegeMap(new TreeMap());
                tSentryPrivilegeMap.getPrivilegeMap().put("role1", Sets.newHashSet(new TSentryPrivilege[]{grantTablePrivilege}));
                TreeMap newTreeMap = Maps.newTreeMap();
                ArrayList newArrayList = Lists.newArrayList(new DBModelAuthorizable[]{new Server("server1"), new Database("testDB2"), new Table("testTab")});
                newTreeMap.put(SentryPolicyServiceClientDefaultImpl.setupSentryAuthorizable(newArrayList), tSentryPrivilegeMap);
                HashSet newHashSet4 = Sets.newHashSet();
                newHashSet4.add(newArrayList);
                Assert.assertEquals(newTreeMap, TestSentryServiceIntegration.this.client.listPrivilegsbyAuthorizable("user1", newHashSet4, (Set) null, (ActiveRoleSet) null));
                Assert.assertEquals(newTreeMap, TestSentryServiceIntegration.this.client.listPrivilegsbyAuthorizable("user1", newHashSet4, new HashSet(), (ActiveRoleSet) null));
                Assert.assertEquals(newTreeMap, TestSentryServiceIntegration.this.client.listPrivilegsbyAuthorizable("user1", newHashSet4, (Set) null, new ActiveRoleSet(true)));
                Assert.assertEquals(newTreeMap, TestSentryServiceIntegration.this.client.listPrivilegsbyAuthorizable("user1", newHashSet4, newHashSet2, (ActiveRoleSet) null));
                Assert.assertEquals(newTreeMap, TestSentryServiceIntegration.this.client.listPrivilegsbyAuthorizable("user1", newHashSet4, newHashSet2, new ActiveRoleSet(true)));
                Assert.assertEquals(newTreeMap, TestSentryServiceIntegration.this.client.listPrivilegsbyAuthorizable("user1", newHashSet4, (Set) null, new ActiveRoleSet(Sets.newHashSet(new String[]{"role1".toUpperCase()}))));
                try {
                    TestSentryServiceIntegration.this.client.listPrivilegsbyAuthorizable("user1", newHashSet4, newHashSet3, (ActiveRoleSet) null);
                    Assert.fail("listPrivilegsbyAuthorizable() should fail for user1 accessing group2");
                } catch (SentryAccessDeniedException e) {
                }
                try {
                    TestSentryServiceIntegration.this.client.listPrivilegsbyAuthorizable("user1", newHashSet4, (Set) null, new ActiveRoleSet(Sets.newHashSet(new String[]{"role2"})));
                    Assert.fail("listPrivilegsbyAuthorizable() should fail for user1 accessing role2");
                } catch (SentryAccessDeniedException e2) {
                }
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void checkBannedConfigVal(final String str, final String str2) throws Exception {
        runTestAsSubject(new SentryServiceIntegrationBase.TestOperation() { // from class: org.apache.sentry.provider.db.service.thrift.TestSentryServiceIntegration.17
            @Override // org.apache.sentry.service.thrift.SentryServiceIntegrationBase.TestOperation
            public void runTestAsSubject() throws Exception {
                try {
                    TestSentryServiceIntegration.this.client.getConfigValue(str, str2);
                    Assert.fail("Attempt to access " + str + " succeeded");
                } catch (SentryAccessDeniedException e) {
                    Assert.assertTrue(e.toString().contains("was denied"));
                    Assert.assertTrue(e.toString().contains(str));
                }
            }
        });
    }

    @Test
    public void testGetConfigVal() throws Exception {
        runTestAsSubject(new SentryServiceIntegrationBase.TestOperation() { // from class: org.apache.sentry.provider.db.service.thrift.TestSentryServiceIntegration.18
            @Override // org.apache.sentry.service.thrift.SentryServiceIntegrationBase.TestOperation
            public void runTestAsSubject() throws Exception {
                TestSentryServiceIntegration.this.setLocalGroupMapping("admin_user", Sets.newHashSet(new String[]{"admin_group"}));
                TestSentryServiceIntegration.this.writePolicyFile();
                Assert.assertEquals(TestSentryServiceIntegration.this.client.getConfigValue("sentry.service.admin.group", "xxx"), "admin_group");
                Assert.assertEquals(TestSentryServiceIntegration.this.client.getConfigValue("sentry.this.is.not.defined", "hello"), "hello");
                Assert.assertEquals(TestSentryServiceIntegration.this.client.getConfigValue("sentry.this.is.not.defined", (String) null), (Object) null);
                Assert.assertEquals(TestSentryServiceIntegration.this.client.getConfigValue("sentry.service.admin.group", (String) null), "admin_group");
                TestSentryServiceIntegration.this.checkBannedConfigVal("notsentry", "xxx");
                TestSentryServiceIntegration.this.checkBannedConfigVal("notsentry", null);
                TestSentryServiceIntegration.this.checkBannedConfigVal("sentry.xxx.jdbc.xxx", null);
                TestSentryServiceIntegration.this.checkBannedConfigVal("sentry.xxx.password", null);
                TestSentryServiceIntegration.this.checkBannedConfigVal("sentry.service.server.keytab", null);
            }
        });
    }

    @Test
    public void testGranRevokePrivilegeOnServerForRole() throws Exception {
        runTestAsSubject(new SentryServiceIntegrationBase.TestOperation() { // from class: org.apache.sentry.provider.db.service.thrift.TestSentryServiceIntegration.19
            @Override // org.apache.sentry.service.thrift.SentryServiceIntegrationBase.TestOperation
            public void runTestAsSubject() throws Exception {
                TestSentryServiceIntegration.this.setLocalGroupMapping("admin_user", Sets.newHashSet(new String[]{"admin_group"}));
                TestSentryServiceIntegration.this.writePolicyFile();
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "admin_r1");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "admin_r1");
                TestSentryServiceIntegration.this.client.grantServerPrivilege("admin_user", "admin_r1", "server", false);
                Assert.assertTrue("Privilege should be all:", ((TSentryPrivilege) TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r1").iterator().next()).getAction().equals("*"));
                TestSentryServiceIntegration.this.client.revokeServerPrivilege("admin_user", "admin_r1", "server", false);
                Assert.assertTrue("Privilege not correctly revoked !!", TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r1").size() == 0);
            }
        });
    }

    @Test
    public void testGranRevokePrivilegeWithoutAction() throws Exception {
        runTestAsSubject(new SentryServiceIntegrationBase.TestOperation() { // from class: org.apache.sentry.provider.db.service.thrift.TestSentryServiceIntegration.20
            @Override // org.apache.sentry.service.thrift.SentryServiceIntegrationBase.TestOperation
            public void runTestAsSubject() throws Exception {
                TestSentryServiceIntegration.this.setLocalGroupMapping("admin_user", Sets.newHashSet(new String[]{"admin_group"}));
                TestSentryServiceIntegration.this.writePolicyFile();
                TestSentryServiceIntegration.this.client.dropRoleIfExists("admin_user", "admin_r1");
                TestSentryServiceIntegration.this.client.createRole("admin_user", "admin_r1");
                TestSentryServiceIntegration.this.client.grantServerPrivilege("admin_user", "admin_r1", "server1", false);
                Assert.assertTrue("Privilege should be all:", ((TSentryPrivilege) TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r1").iterator().next()).getAction().equals("*"));
                TestSentryServiceIntegration.this.client.revokeServerPrivilege("admin_user", "admin_r1", "server1", "ALL", false);
                Assert.assertTrue("Privilege not correctly revoked !!", TestSentryServiceIntegration.this.client.listAllPrivilegesByRoleName("admin_user", "admin_r1").size() == 0);
            }
        });
    }
}
