package com.cloudera.cmf.service.sentry;

import com.cloudera.cmf.Constants;
import com.cloudera.cmf.model.DbHost;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.service.config.BooleanParamSpec;
import com.cloudera.cmf.service.config.ConfigFile;
import com.cloudera.cmf.service.config.ParamSpec;
import com.cloudera.cmf.service.config.PathListParamSpec;
import com.cloudera.cmf.service.config.ServiceConnectorParamSpec;
import com.cloudera.cmf.service.hdfs.HdfsParams;
import com.cloudera.cmf.service.impala.ImpalaParams;
import com.cloudera.cmf.service.upgrade.Oozie60Test;
import com.cloudera.cmf.service.zookeeper.ZooKeeperParams;
import com.cloudera.cmf.version.CdhReleases;
import com.cloudera.cmf.version.Release;
import com.cloudera.server.cmf.MockBaseTest;
import com.cloudera.server.cmf.MockTestCluster;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import java.util.Collection;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.mockito.Mockito;

/* loaded from: input_file:com/cloudera/cmf/service/sentry/SentryBaseTest.class */
public abstract class SentryBaseTest extends MockBaseTest {
    protected final Release HA_RELEASE = SentryServiceHandler.HA_SINCE.lowerEndpoint();
    protected static final boolean SENTRY_HA = true;
    protected static final boolean KERBEROS = true;
    protected static final boolean ZK_SECURE = true;
    protected static final boolean HDFS_SYNC = true;
    protected static final boolean EMIT_TICKET_CACHE = true;
    protected static final boolean USE_NEW_C6_1_PROCESSORS = true;

    protected MockTestCluster.Builder commonClusterBuilder() {
        return MockTestCluster.builder(this).hostCount(4).services(MockTestCluster.ZK_ST, "HDFS", MockTestCluster.YARN_ST, MockTestCluster.IMPALA_ST, MockTestCluster.OOZIE_ST, MockTestCluster.HUE_ST).roles("zookeeper1", "host1", MockTestCluster.ZKSERVER_RT).roles("zookeeper1", "host2", MockTestCluster.ZKSERVER_RT).roles("zookeeper1", "host3", MockTestCluster.ZKSERVER_RT).roles("hdfs1", "host1", MockTestCluster.NN_RT).roles("hdfs1", "host2", MockTestCluster.SNN_RT, MockTestCluster.DN_RT).roles("yarn1", "host1", MockTestCluster.RM_RT, MockTestCluster.JHS_RT).roles("impala1", "host1", MockTestCluster.IMPCATALOG_RT).roles("impala1", "host1", MockTestCluster.IMPSTATESTORE_RT).roles("impala1", "host2", MockTestCluster.IMPALAD_RT).roles(Oozie60Test.OOZIE, "host1", MockTestCluster.OOZIESERVER_RT).roles("hue1", "host1", MockTestCluster.HUESERVER_RT, MockTestCluster.KTRENEWER_RT);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public MockTestCluster.Builder basicSentryClusterBuilder(Release release) {
        return commonClusterBuilder().cdhVersion(release).additionalServices(MockTestCluster.HIVE_ST, MockTestCluster.SENTRY_ST).roles("hive1", "host1", MockTestCluster.HMS_RT, MockTestCluster.HS2_RT).roles("sentry1", "host1", MockTestCluster.SENTRYSERVER_RT);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public MockTestCluster.Builder basicComputeClusterBuilder(MockTestCluster mockTestCluster) {
        ImmutableSet of = ImmutableSet.of("HDFS", MockTestCluster.HIVE_ST, MockTestCluster.SENTRY_ST);
        MockTestCluster.Builder baseServices = commonClusterBuilder().cdhVersion(mockTestCluster.getCluster().getCdhVersion()).baseServices((Collection<DbService>) ImmutableSet.copyOf((Set) mockTestCluster.getAllServices().stream().filter(dbService -> {
            return of.contains(dbService.getServiceType());
        }).collect(Collectors.toSet())));
        if (mockTestCluster.getCluster().getCdhVersion().atLeast(CdhReleases.CDH6_2_0)) {
            baseServices.additionalServices(MockTestCluster.HES_ST).roles("hive_exec1", "host1", MockTestCluster.HS2_RT);
        }
        return baseServices;
    }

    @BeforeClass
    public static void setup() throws Exception {
        MockBaseTest.setupWithMinimalMockInvocationTracking();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setBasicConfigs(MockTestCluster mockTestCluster) {
        createConfig(mockTestCluster.getRole("hdfs1-host1-NAMENODE").getRoleConfigGroup(), (ParamSpec<PathListParamSpec>) HdfsParams.DFS_NAME_DIR_LIST, (PathListParamSpec) ImmutableList.of("/nn1"));
        ParamSpec<?> paramSpec = (ParamSpec) Mockito.mock(ParamSpec.class);
        Mockito.when(paramSpec.getTemplateName()).thenReturn("serverId");
        for (DbRole dbRole : mockTestCluster.getService("zookeeper1").getRolesWithType(MockTestCluster.ZKSERVER_RT)) {
            createConfigUnsafe(dbRole, paramSpec, dbRole.getId().toString());
        }
        createConfigUnsafe(mockTestCluster.getService("impala1"), (ParamSpec<?>) ImpalaParams.YARN_FOR_RM, (String) null);
        createConfig(mockTestCluster.getService("impala1"), (ParamSpec<ServiceConnectorParamSpec>) ImpalaParams.RANGER, (ServiceConnectorParamSpec) null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkClientConfigs(MockTestCluster mockTestCluster, MockTestCluster mockTestCluster2, boolean z, boolean z2) {
        if (mockTestCluster2.getAllServices().stream().anyMatch(dbService -> {
            return dbService.getServiceType().equals(MockTestCluster.HES_ST);
        })) {
            Map<String, String> mapConfigFileAsStrings = mapConfigFileAsStrings(getConfigFiles(mockTestCluster2.getRole("hive_exec1-host1-HIVESERVER2")).get("sentry-site.xml"));
            checkStandardKerberosSettings(mapConfigFileAsStrings, z2);
            checkClientConnectionSettings(mockTestCluster, mapConfigFileAsStrings, z);
        }
        Map<String, String> mapConfigFileAsStrings2 = mapConfigFileAsStrings(getConfigFiles(mockTestCluster2.getRole("impala1-host1-CATALOGSERVER")).get("impala-conf/sentry-site.xml"));
        checkStandardKerberosSettings(mapConfigFileAsStrings2, z2);
        checkClientConnectionSettings(mockTestCluster, mapConfigFileAsStrings2, z);
        Map<String, String> mapConfigFileAsStrings3 = mapConfigFileAsStrings(getConfigFiles(mockTestCluster2.getRole("impala1-host2-IMPALAD")).get("impala-conf/sentry-site.xml"));
        checkStandardKerberosSettings(mapConfigFileAsStrings3, z2);
        checkClientConnectionSettings(mockTestCluster, mapConfigFileAsStrings3, z);
        Map<String, String> mapConfigFileAsStrings4 = mapConfigFileAsStrings(getConfigFiles(mockTestCluster2.getRole("hue1-host1-HUE_SERVER")).get("sentry-conf/sentry-site.xml"));
        checkStandardKerberosSettings(mapConfigFileAsStrings4, z2);
        checkClientConnectionSettings(mockTestCluster, mapConfigFileAsStrings4, z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkConfigFiles(MockTestCluster mockTestCluster, boolean z, boolean z2, boolean z3, boolean z4, boolean z5) {
        DbHost host = mockTestCluster.getHost("host1");
        Release cdhVersion = mockTestCluster.getCluster().getCdhVersion();
        Map<String, String> mapConfigFileAsStrings = mapConfigFileAsStrings(getConfigFiles(mockTestCluster.getRole("sentry1-host1-SENTRY_SERVER")).get("sentry-site.xml"));
        Assert.assertEquals(host.getName(), mapConfigFileAsStrings.get("sentry.service.server.rpc-address"));
        Assert.assertEquals(((Long) SentryParams.SENTRY_SERVER_RPC_PORT.getDefaultValue(cdhVersion)).toString(), mapConfigFileAsStrings.get("sentry.service.server.rpc-port"));
        checkStandardKerberosSettings(mapConfigFileAsStrings, z2);
        if (z) {
            checkStandardConnectionSettings(mockTestCluster, mapConfigFileAsStrings, z, z3, false, "sentry");
        }
        String str = z5 ? "org.apache.sentry.api.service.thrift.SentryPolicyStoreProcessorFactory,org.apache.sentry.api.generic.thrift.SentryGenericPolicyProcessorFactory" : "org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessorFactory,org.apache.sentry.provider.db.generic.service.thrift.SentryGenericPolicyProcessorFactory";
        if (z4) {
            str = str + ",org.apache.sentry.hdfs.SentryHDFSServiceProcessorFactory";
        }
        Assert.assertEquals(str, mapConfigFileAsStrings.get("sentry.service.processor.factories"));
        Map<String, ConfigFile> configFiles = getConfigFiles(mockTestCluster.getRole("hive1-host1-HIVEMETASTORE"));
        Map<String, String> mapConfigFileAsStrings2 = mapConfigFileAsStrings(configFiles.get("hive-site.xml"));
        if (z4) {
            checkSettingsWithHdfsInKey(mockTestCluster, mapConfigFileAsStrings2, z, z2, z3, false, "hive");
            if (z) {
                Assert.assertNull(mapConfigFileAsStrings2.get("sentry.metastore.plugins"));
            } else if (!SentryServiceHandler.HA_SINCE.contains(cdhVersion)) {
                Assert.assertEquals("org.apache.sentry.hdfs.MetastorePlugin", mapConfigFileAsStrings2.get("sentry.metastore.plugins"));
            }
        } else {
            Assert.assertNull(mapConfigFileAsStrings2.get("sentry.hdfs.service.client.server.rpc-address"));
            Assert.assertNull(mapConfigFileAsStrings2.get("sentry.ha.enabled"));
            Assert.assertNull(mapConfigFileAsStrings2.get("sentry.metastore.plugins"));
        }
        Map<String, String> mapConfigFileAsStrings3 = mapConfigFileAsStrings(configFiles.get("sentry-site.xml"));
        checkStandardKerberosSettings(mapConfigFileAsStrings3, z2);
        checkClientConnectionSettings(mockTestCluster, mapConfigFileAsStrings3, z);
        checkClientConfigs(mockTestCluster, mockTestCluster, z, z2);
        if (z4) {
            Map<String, String> mapConfigFileAsStrings4 = mapConfigFileAsStrings(getConfigFiles(mockTestCluster.getRole("hdfs1-host1-NAMENODE")).get("hdfs-site.xml"));
            checkSettingsWithHdfsInKey(mockTestCluster, mapConfigFileAsStrings4, z, z2, z3, false, "hdfs");
            if (z2 && z) {
                Assert.assertEquals("sentry/_HOST@HADOOP.COM", mapConfigFileAsStrings4.get("sentry.service.server.principal"));
            } else {
                Assert.assertNull(mapConfigFileAsStrings4.get("sentry.service.server.principal"));
            }
        }
    }

    protected void checkClientConnectionSettings(MockTestCluster mockTestCluster, Map<String, String> map, boolean z) {
        checkClientConnectionSettings(mockTestCluster, map, z, "sentry.service.client.server");
    }

    protected void checkClientConnectionSettings(MockTestCluster mockTestCluster, Map<String, String> map, boolean z, String str) {
        Release cdhVersion = mockTestCluster.getCluster().getCdhVersion();
        String l = ((Long) SentryParams.SENTRY_SERVER_RPC_PORT.getDefaultValue(cdhVersion)).toString();
        DbHost host = mockTestCluster.getHost("host1");
        DbHost host2 = mockTestCluster.getHost("host2");
        if (z) {
            Assert.assertEquals(String.format("%s:%s,%s:%s", host.getName(), l, host2.getName(), l), map.get(str + ".rpc-addresses"));
            if (Constants.SERVICE_VERSIONS_PRIOR_TO_CDH6_0_0.contains(cdhVersion)) {
                Assert.assertTrue(host.getName().equals(map.get(new StringBuilder().append(str).append(".rpc-address").toString())) || host2.getName().equals(map.get(new StringBuilder().append(str).append(".rpc-address").toString())));
                Assert.assertEquals(l, map.get(str + ".rpc-port"));
                return;
            }
            return;
        }
        if (SentryServiceHandler.HA_SINCE.contains(cdhVersion)) {
            Assert.assertTrue(String.format("%s:%s", host.getName(), l).equals(map.get(new StringBuilder().append(str).append(".rpc-addresses").toString())) || String.format("%s:%s", host2.getName(), l).equals(map.get(new StringBuilder().append(str).append(".rpc-addresses").toString())));
        }
        if (Constants.SERVICE_VERSIONS_PRIOR_TO_CDH6_0_0.contains(cdhVersion)) {
            Assert.assertEquals(host.getName(), map.get(str + ".rpc-address"));
            Assert.assertEquals(l, map.get(str + ".rpc-port"));
        }
    }

    protected void checkStandardKerberosSettings(Map<String, String> map, boolean z) {
        if (!z) {
            Assert.assertEquals("none", map.get("sentry.service.security.mode"));
        } else {
            Assert.assertEquals("sentry/_HOST@HADOOP.COM", map.get("sentry.service.server.principal"));
            Assert.assertEquals("kerberos", map.get("sentry.service.security.mode"));
        }
    }

    protected void checkStandardConnectionSettings(MockTestCluster mockTestCluster, Map<String, String> map, boolean z, boolean z2, boolean z3, String str) {
        checkStandardConnectionSettings(mockTestCluster, map, z, z2, z3, str, false);
    }

    protected void checkStandardConnectionSettings(MockTestCluster mockTestCluster, Map<String, String> map, boolean z, boolean z2, boolean z3, String str, boolean z4) {
        DbHost host = mockTestCluster.getHost("host1");
        DbHost host2 = mockTestCluster.getHost("host2");
        DbHost host3 = mockTestCluster.getHost("host3");
        Release cdhVersion = mockTestCluster.getCluster().getCdhVersion();
        if (z) {
            Assert.assertEquals("/sentry", map.get("sentry.ha.zookeeper.namespace"));
            String l = ((Long) ZooKeeperParams.CLIENT_PORT.getDefaultValue(cdhVersion)).toString();
            Assert.assertEquals(String.format("%s:%s,%s:%s,%s:%s", host.getName(), l, host2.getName(), l, host3.getName(), l), map.get("sentry.ha.zookeeper.quorum"));
            if (z2) {
                Assert.assertEquals("true", map.get("sentry.ha.zookeeper.security"));
                Assert.assertEquals(str + "/_HOST@HADOOP.COM", map.get("sentry.zookeeper.client.principal"));
                Assert.assertEquals(str + ".keytab", map.get("sentry.zookeeper.client.keytab"));
            } else {
                Assert.assertEquals((Object) null, map.get("sentry.ha.zookeeper.security"));
            }
            if (z2 && z3) {
                Assert.assertEquals("true", map.get("sentry.zookeeper.client.ticketcache"));
            } else {
                Assert.assertEquals((Object) null, map.get("sentry.zookeeper.client.ticketcache"));
            }
        }
        if (z4) {
            Assert.assertEquals(host.getName(), map.get("sentry.service.server.rpc-address"));
            Assert.assertEquals(((Long) SentryParams.SENTRY_SERVER_RPC_PORT.getDefaultValue(cdhVersion)).toString(), map.get("sentry.service.server.rpc-port"));
        }
    }

    protected void checkSettingsWithHdfsInKey(MockTestCluster mockTestCluster, Map<String, String> map, boolean z, boolean z2, boolean z3, boolean z4, String str) {
        mockTestCluster.getHost("host1");
        if (z2) {
            Assert.assertEquals("sentry/_HOST@HADOOP.COM", map.get("sentry.hdfs.service.server.principal"));
            Assert.assertEquals("kerberos", map.get("sentry.hdfs.service.security.mode"));
        } else {
            Assert.assertEquals("none", map.get("sentry.hdfs.service.security.mode"));
        }
        checkClientConnectionSettings(mockTestCluster, map, z, "sentry.hdfs.service.client.server");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void enableHdfsSentrySync(MockTestCluster mockTestCluster) {
        DbService service = mockTestCluster.getService("hdfs1");
        createConfig(service, (ParamSpec<BooleanParamSpec>) HdfsParams.HDFS_SENTRY_SYNC_ENABLE, (BooleanParamSpec) true);
        createConfig(service, (ParamSpec<BooleanParamSpec>) HdfsParams.DFS_PERMISSIONS, (BooleanParamSpec) true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void disableZkSecurity(MockTestCluster mockTestCluster) {
        createConfig(mockTestCluster.getService("zookeeper1"), (ParamSpec<BooleanParamSpec>) ZooKeeperParams.ZOOKEEPER_ENABLE_SECURITY, (BooleanParamSpec) false);
    }
}
