package com.cloudera.cmf.service.hive;

import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.AbstractServiceTest;
import com.cloudera.cmf.service.TestUtils;
import com.cloudera.cmf.service.ValidationContext;
import com.cloudera.cmf.service.config.ParamSpec;
import com.cloudera.cmf.service.impala.ImpalaParams;
import com.cloudera.cmf.version.CdhReleases;
import com.cloudera.enterprise.MessageWithArgs;
import com.cloudera.server.cmf.AbstractBaseTest;
import com.cloudera.server.cmf.MockTestCluster;
import com.google.common.collect.ImmutableList;
import java.util.Collections;
import java.util.List;
import org.junit.After;
import org.junit.Test;

/* loaded from: input_file:com/cloudera/cmf/service/hive/HiveSentryValidatorTest.class */
public class HiveSentryValidatorTest extends AbstractServiceTest {
    private static final String HIVE_SVC_NAME = "hive";
    private static final String HIVE_SERVER2_ROLE_NAME = "hs21";
    private static final String HIVE_SERVER2_ROLE_DISPLAY_NAME = "HiveServer2 (host1)";
    private static final String HDFS_SVC_NAME = "hdfs";
    private static final List<MessageWithArgs> EMPTY_LIST = Collections.emptyList();
    private static final ParamSpec<?> SENTRY_ENABLED = HiveParams.SENTRY_ENABLED;
    private static final ParamSpec<?> HS2_IMPERSONATE_USER = HiveParams.HS2_IMPERSONATE_USER;
    private static final ParamSpec<?> SENTRY_SERVER = HiveParams.SENTRY_SERVER;
    private static final ParamSpec<?> SENTRY_PROVIDER_RESOURCE = HiveParams.SENTRY_PROVIDER_RESOURCE;
    private static final HiveSentryValidator V = new HiveSentryValidator();

    @After
    public void cleanup() {
        cleanDatabase();
    }

    private void testHiveAuthEnabled(boolean z, boolean z2, boolean z3, final List<MessageWithArgs> list, final List<MessageWithArgs> list2, final List<MessageWithArgs> list3, final ParamSpec<?> paramSpec) {
        HiveServiceTest.createClusterWithHive(5L, CdhReleases.CDH5_1_0.getVersion().toString(), false, false, false, z2, false, true, false);
        TestUtils.interpretCli(sdp, ImmutableList.of(TestUtils.createConfigString(HiveParams.SENTRY_ENABLED.getTemplateName(), Boolean.toString(z), HIVE_SVC_NAME, null)));
        TestUtils.interpretCli(sdp, ImmutableList.of(TestUtils.createConfigString(HiveParams.HS2_IMPERSONATE_USER.getTemplateName(), Boolean.toString(z3), HIVE_SVC_NAME, HIVE_SERVER2_ROLE_NAME)));
        runInRollbackTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.service.hive.HiveSentryValidatorTest.1
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                HiveSentryValidatorTest.this.testServiceValidations(cmfEntityManager, HiveSentryValidatorTest.HIVE_SVC_NAME, paramSpec, HiveSentryValidatorTest.V, ValidationContext.Category.CONFIGURATION, list, list2, list3);
            }
        });
    }

    @Test
    public void testSentryFileEnabledAndImpersonationEnabled() {
        HiveSentryValidator hiveSentryValidator = V;
        testHiveAuthEnabled(true, false, true, EMPTY_LIST, ImmutableList.of(HiveSentryValidator.buildImpersonateValidationMessage(HIVE_SERVER2_ROLE_DISPLAY_NAME)), EMPTY_LIST, HS2_IMPERSONATE_USER);
    }

    @Test
    public void testSentryFileEnabledAndImpersonationDisabled() {
        testHiveAuthEnabled(true, false, false, EMPTY_LIST, EMPTY_LIST, EMPTY_LIST, SENTRY_ENABLED);
    }

    @Test
    public void testSentryDisabledAndImpersonationEnabled() {
        testHiveAuthEnabled(false, false, true, EMPTY_LIST, EMPTY_LIST, EMPTY_LIST, SENTRY_ENABLED);
    }

    @Test
    public void testSentryDisabledAndImpersonationDisabled() {
        testHiveAuthEnabled(false, false, false, EMPTY_LIST, EMPTY_LIST, EMPTY_LIST, SENTRY_ENABLED);
    }

    @Test
    public void testSentryDbEnabledAndImpersonationEnabled() {
        HiveSentryValidator hiveSentryValidator = V;
        testHiveAuthEnabled(false, true, true, ImmutableList.of(HiveSentryValidator.buildImpersonateValidationMessage(HIVE_SERVER2_ROLE_DISPLAY_NAME)), EMPTY_LIST, EMPTY_LIST, HS2_IMPERSONATE_USER);
    }

    @Test
    public void testSentryDbEnabledAndImpersonationDisabled() {
        testHiveAuthEnabled(false, true, false, EMPTY_LIST, EMPTY_LIST, EMPTY_LIST, SENTRY_ENABLED);
    }

    private void testSentryServiceAndPolicyFile(boolean z, boolean z2, boolean z3, final List<MessageWithArgs> list, final List<MessageWithArgs> list2, final List<MessageWithArgs> list3) {
        HiveServiceTest.createClusterWithHive(5L, z3 ? CdhReleases.CDH5_4_0.getVersion().toString() : CdhReleases.CDH5_1_0.getVersion().toString(), false, false, false, z2, z3, true, false);
        TestUtils.interpretCli(sdp, ImmutableList.of(TestUtils.createConfigString(HiveParams.SENTRY_ENABLED.getTemplateName(), Boolean.toString(z), HIVE_SVC_NAME, null), TestUtils.createConfigString(HiveParams.HS2_IMPERSONATE_USER.getTemplateName(), "false", HIVE_SVC_NAME, HIVE_SERVER2_ROLE_NAME), TestUtils.createConfigString("hive_sentry_server", "foo", HIVE_SVC_NAME, null), TestUtils.createConfigString("hive_sentry_provider_resource", "foo", HIVE_SVC_NAME, null)));
        runInRollbackTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.service.hive.HiveSentryValidatorTest.2
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                HiveSentryValidatorTest.this.testServiceValidations(cmfEntityManager, HiveSentryValidatorTest.HIVE_SVC_NAME, HiveSentryValidatorTest.SENTRY_ENABLED, HiveSentryValidatorTest.V, ValidationContext.Category.CONFIGURATION, list, list2, list3);
            }
        });
    }

    @Test
    public void testSentryServiceAndPolicyFileEnabled() {
        testSentryServiceAndPolicyFile(true, true, false, ImmutableList.of(MessageWithArgs.of("message.hive.sentry.service.validationFailure", new String[0])), EMPTY_LIST, EMPTY_LIST);
    }

    @Test
    public void testSentryServiceAndPolicyFileDisabled() {
        testSentryServiceAndPolicyFile(false, false, false, EMPTY_LIST, EMPTY_LIST, EMPTY_LIST);
    }

    @Test
    public void testSentryServiceEnabledAndPolicyFileDisabled() {
        testSentryServiceAndPolicyFile(true, false, false, EMPTY_LIST, EMPTY_LIST, EMPTY_LIST);
    }

    @Test
    public void testSentryServiceDisabledAndPolicyFileEnabled() {
        testSentryServiceAndPolicyFile(false, true, false, EMPTY_LIST, EMPTY_LIST, EMPTY_LIST);
    }

    @Test
    public void testWithUnSecureHdfsAndAuthEnabled() {
        HiveServiceTest.createClusterWithHive(5L);
        TestUtils.interpretCli(sdp, ImmutableList.of(TestUtils.createConfigString(HiveParams.SENTRY_ENABLED.getTemplateName(), "true", HIVE_SVC_NAME, null)));
        TestUtils.interpretCli(sdp, ImmutableList.of(TestUtils.createConfigString(HiveParams.HS2_IMPERSONATE_USER.getTemplateName(), "false", HIVE_SVC_NAME, HIVE_SERVER2_ROLE_NAME)));
        final ImmutableList of = ImmutableList.of(MessageWithArgs.of("message.hive.sentry.secureClusterValidator.validationWarning", new String[0]));
        runInRollbackTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.service.hive.HiveSentryValidatorTest.3
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                HiveSentryValidatorTest.this.testServiceValidations(cmfEntityManager, HiveSentryValidatorTest.HIVE_SVC_NAME, HiveSentryValidatorTest.SENTRY_ENABLED, HiveSentryValidatorTest.V, ValidationContext.Category.CONFIGURATION, HiveSentryValidatorTest.EMPTY_LIST, of, HiveSentryValidatorTest.EMPTY_LIST);
            }
        });
    }

    @Test
    public void testWithUnSecureHdfsAndAuthDisabled() {
        HiveServiceTest.createClusterWithHive(5L);
        TestUtils.interpretCli(sdp, ImmutableList.of(TestUtils.createConfigString(HiveParams.SENTRY_ENABLED.getTemplateName(), "false", HIVE_SVC_NAME, null)));
        TestUtils.interpretCli(sdp, ImmutableList.of(TestUtils.createConfigString(HiveParams.HS2_IMPERSONATE_USER.getTemplateName(), "false", HIVE_SVC_NAME, HIVE_SERVER2_ROLE_NAME)));
        runInRollbackTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.service.hive.HiveSentryValidatorTest.4
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                HiveSentryValidatorTest.this.testServiceValidations(cmfEntityManager, HiveSentryValidatorTest.HIVE_SVC_NAME, HiveSentryValidatorTest.SENTRY_ENABLED, HiveSentryValidatorTest.V, ValidationContext.Category.CONFIGURATION, HiveSentryValidatorTest.EMPTY_LIST, HiveSentryValidatorTest.EMPTY_LIST, HiveSentryValidatorTest.EMPTY_LIST);
            }
        });
    }

    private void testSentryParam(final ParamSpec<?> paramSpec, String str, final List<MessageWithArgs> list, final List<MessageWithArgs> list2, final List<MessageWithArgs> list3) {
        HiveServiceTest.createSecureClusterWithHive(5L);
        TestUtils.interpretCli(sdp, ImmutableList.of(TestUtils.createConfigString(HiveParams.SENTRY_ENABLED.getTemplateName(), "true", HIVE_SVC_NAME, null)));
        TestUtils.interpretCli(sdp, ImmutableList.of(TestUtils.createConfigString(HiveParams.HS2_IMPERSONATE_USER.getTemplateName(), "false", HIVE_SVC_NAME, HIVE_SERVER2_ROLE_NAME)));
        TestUtils.interpretCli(sdp, ImmutableList.of(TestUtils.createConfigString(paramSpec.getTemplateName(), str, HIVE_SVC_NAME, null)));
        runInRollbackTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.service.hive.HiveSentryValidatorTest.5
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                HiveSentryValidatorTest.this.testServiceValidations(cmfEntityManager, HiveSentryValidatorTest.HIVE_SVC_NAME, paramSpec, HiveSentryValidatorTest.V, ValidationContext.Category.CONFIGURATION, list, list2, list3);
            }
        });
    }

    @Test
    public void testEmptySentryPolicyFileParam() {
        testSentryParam(SENTRY_PROVIDER_RESOURCE, "\"\"", ImmutableList.of(MessageWithArgs.of("message.hive.sentry.policyFileName.validationFailure", new String[0])), EMPTY_LIST, EMPTY_LIST);
    }

    @Test
    public void testSentryPolicyFileParam() {
        testSentryParam(SENTRY_PROVIDER_RESOURCE, "foo", EMPTY_LIST, EMPTY_LIST, EMPTY_LIST);
    }

    @Test
    public void testEmptyServerNameFileParam() {
        testSentryParam(SENTRY_SERVER, "\"\"", ImmutableList.of(MessageWithArgs.of("message.hive.sentry.serverName.validationFailure", new String[0])), EMPTY_LIST, EMPTY_LIST);
    }

    @Test
    public void testServerNameParam() {
        testSentryParam(SENTRY_SERVER, "foo", EMPTY_LIST, EMPTY_LIST, EMPTY_LIST);
    }

    private void testSentryEnforcement(boolean z, boolean z2, boolean z3, boolean z4, final List<MessageWithArgs> list, final List<MessageWithArgs> list2, final List<MessageWithArgs> list3) {
        HiveServiceTest.createSecureClusterWithHive(5L);
        if (z2) {
            TestUtils.interpretCli(sdp, ImmutableList.of(TestUtils.createConfigString(HiveParams.HS2_IMPERSONATE_USER.getTemplateName(), "false", HIVE_SVC_NAME, HIVE_SERVER2_ROLE_NAME)));
        } else {
            TestUtils.interpretCli(sdp, ImmutableList.of(TestUtils.deleteRoleString(HIVE_SERVER2_ROLE_NAME)));
        }
        TestUtils.interpretCli(sdp, ImmutableList.of(TestUtils.createConfigString(HiveParams.SENTRY_ENABLED.getTemplateName(), Boolean.toString(z), HIVE_SVC_NAME, null)));
        if (z3) {
            TestUtils.interpretCli(sdp, ImmutableList.of(TestUtils.createServiceString("impala1", MockTestCluster.IMPALA_ST), TestUtils.createConfigString(ImpalaParams.HIVE.getTemplateName(), HIVE_SVC_NAME, "impala1", null), TestUtils.createConfigString(ImpalaParams.DFS_CONNECTOR.getTemplateName(), HDFS_SVC_NAME, "impala1", null)));
            TestUtils.interpretCli(sdp, ImmutableList.of(TestUtils.createConfigString(ImpalaParams.SENTRY_ENABLED.getTemplateName(), Boolean.toString(z4), "impala1", null)));
        }
        runInRollbackTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.service.hive.HiveSentryValidatorTest.6
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                HiveSentryValidatorTest.this.testServiceValidations(cmfEntityManager, HiveSentryValidatorTest.HIVE_SVC_NAME, HiveSentryValidatorTest.SENTRY_ENABLED, HiveSentryValidatorTest.V, ValidationContext.Category.CONFIGURATION, list, list2, list3);
            }
        });
    }

    @Test
    public void testEnforceAuthDisabledNoHs2NoImpala() {
        testSentryEnforcement(false, false, false, false, EMPTY_LIST, EMPTY_LIST, EMPTY_LIST);
    }

    @Test
    public void testEnforceAuthEnabledHs2NoImpala() {
        testSentryEnforcement(true, true, false, false, EMPTY_LIST, EMPTY_LIST, EMPTY_LIST);
    }

    @Test
    public void testEnforceAuthEnabledNoHs2NoImpala() {
        testSentryEnforcement(true, false, false, false, EMPTY_LIST, ImmutableList.of(MessageWithArgs.of("message.hive.sentry.enforcementValidator.validationWarning", new String[0])), EMPTY_LIST);
    }

    @Test
    public void testEnforceAuthEnabledNoHs2ImpalaSentryEnabled() {
        testSentryEnforcement(true, false, true, true, EMPTY_LIST, EMPTY_LIST, EMPTY_LIST);
    }

    @Test
    public void testEnforceAuthEnabledNoHs2ImpalaSentryDisabled() {
        testSentryEnforcement(true, false, true, false, EMPTY_LIST, ImmutableList.of(MessageWithArgs.of("message.hive.sentry.enforcementValidator.validationWarning", new String[0])), EMPTY_LIST);
    }
}
