package com.cloudera.cmf.service.config;

import com.cloudera.cmf.command.SvcCmdArgs;
import com.cloudera.cmf.model.DbProcess;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.service.config.PrefixedPathListParamSpec;
import com.cloudera.cmf.service.config.RangerPluginParams;
import com.cloudera.cmf.service.config.transform.CredentialProviderConfigTransform;
import com.cloudera.cmf.service.config.transform.CredentialProviderConfigTransformTest;
import com.cloudera.cmf.service.csd.components.FirstPartyCsdServiceTypes;
import com.cloudera.cmf.service.hdfs.HdfsParams;
import com.cloudera.cmf.service.hive.HiveParams;
import com.cloudera.cmf.service.impala.ImpalaParams;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.cmf.service.zookeeper.ZooKeeperParams;
import com.cloudera.cmf.version.CdhReleases;
import com.cloudera.cmf.version.Release;
import com.cloudera.csd.CsdBundle;
import com.cloudera.csd.CsdTestUtils;
import com.cloudera.server.cmf.AbstractMockBaseTest;
import com.cloudera.server.cmf.MockBaseTest;
import com.cloudera.server.cmf.MockTestCluster;
import com.cloudera.test.matchers.EvaluatedConfigMatchers;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Iterables;
import java.util.Collection;
import java.util.List;
import org.hamcrest.CoreMatchers;
import org.hamcrest.Matcher;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:com/cloudera/cmf/service/config/RangerPluginConfigGeneratorsTest.class */
public class RangerPluginConfigGeneratorsTest extends MockBaseTest {
    @BeforeClass
    public static void setup() throws Exception {
        ImmutableList of = ImmutableList.of(CsdTestUtils.getRangerBundle(), CsdTestUtils.getKafkaBundle(), CsdTestUtils.getRangerRmsBundle(), CsdTestUtils.getRangerC714Bundle(), CsdTestUtils.getRangerRms714Bundle(), CsdTestUtils.getKafkaC714Bundle(), CsdTestUtils.getKafkaC715Bundle(), CsdTestUtils.getRangerC715Bundle());
        AbstractMockBaseTest.setup((Collection<CsdBundle>) of);
        setMinimizeMockInvocationTracking(true);
        initMonitoringForCsd(of);
    }

    private MockTestCluster createCluster(boolean z) {
        MockTestCluster build = MockTestCluster.builder(this).cdhVersion(CdhReleases.LATEST_CDH7_RELEASE).services("HDFS", MockTestCluster.HIVE_ST, MockTestCluster.RANGER_ST, MockTestCluster.SOLR_ST, MockTestCluster.YARN_ST, MockTestCluster.ZK_ST, MockTestCluster.IMPALA_ST, MockTestCluster.KAFKA_ST).hostCount(3).roles("hdfs1", "host1", MockTestCluster.NN_RT, MockTestCluster.SNN_RT, MockTestCluster.DN_RT).roles("zookeeper1", "host1", MockTestCluster.ZKSERVER_RT).roles("solr1", "host1", MockTestCluster.SOLRSERVER_RT).roles("yarn1", "host1", MockTestCluster.RM_RT, MockTestCluster.NM_RT, MockTestCluster.JHS_RT).roles("hive1", "host1", MockTestCluster.HS2_RT, MockTestCluster.HMS_RT).roles("impala1", "host3", MockTestCluster.IMPALAD_RT, MockTestCluster.IMPCATALOG_RT, MockTestCluster.IMPSTATESTORE_RT).roles("kafka1", "host1", MockTestCluster.KAFKABROKER_RT).roles("kafka1", "host2", MockTestCluster.KAFKABROKER_RT).roles("kafka1", "host3", MockTestCluster.KAFKABROKER_RT).roles("ranger1", "host2", MockTestCluster.RANGERADMIN_RT).enableKerberos(z).build();
        DbService service = build.getService("hdfs1");
        createConfig(service, (ParamSpec<PathListParamSpec>) HdfsParams.DFS_NAME_DIR_LIST, (PathListParamSpec) ImmutableList.of("/namedir1"));
        createConfig(service, (ParamSpec<PrefixedPathListParamSpec>) HdfsParams.DFS_DATA_DIR_LIST, (PrefixedPathListParamSpec) ImmutableList.of(new PrefixedPathListParamSpec.PrefixAndPath(MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, "/dfs/data/dir")));
        createScmConfig(ScmParams.ENABLE_FAST_DIR_CREATE, true);
        createConfigUnsafe(build.getService("ranger1"), "ranger_database_host", "foo");
        createConfigUnsafe(build.getService("ranger1"), "ranger_database_password", "pass");
        return build;
    }

    private MockTestCluster createCluster(boolean z, Release release) {
        MockTestCluster build = MockTestCluster.builder(this).cdhVersion(release).services("HDFS", MockTestCluster.HIVE_ST, MockTestCluster.RANGER_ST, MockTestCluster.SOLR_ST, MockTestCluster.YARN_ST, MockTestCluster.ZK_ST, MockTestCluster.IMPALA_ST, MockTestCluster.KAFKA_ST).hostCount(3).roles("hdfs1", "host1", MockTestCluster.NN_RT, MockTestCluster.SNN_RT, MockTestCluster.DN_RT).roles("zookeeper1", "host1", MockTestCluster.ZKSERVER_RT).roles("solr1", "host1", MockTestCluster.SOLRSERVER_RT).roles("yarn1", "host1", MockTestCluster.RM_RT, MockTestCluster.NM_RT, MockTestCluster.JHS_RT).roles("hive1", "host1", MockTestCluster.HS2_RT, MockTestCluster.HMS_RT).roles("impala1", "host3", MockTestCluster.IMPALAD_RT, MockTestCluster.IMPCATALOG_RT, MockTestCluster.IMPSTATESTORE_RT).roles("kafka1", "host1", MockTestCluster.KAFKABROKER_RT).roles("kafka1", "host2", MockTestCluster.KAFKABROKER_RT).roles("kafka1", "host3", MockTestCluster.KAFKABROKER_RT).roles("ranger1", "host2", MockTestCluster.RANGERADMIN_RT).enableKerberos(z).build();
        DbService service = build.getService("hdfs1");
        createConfig(service, (ParamSpec<PathListParamSpec>) HdfsParams.DFS_NAME_DIR_LIST, (PathListParamSpec) ImmutableList.of("/namedir1"));
        createConfig(service, (ParamSpec<PrefixedPathListParamSpec>) HdfsParams.DFS_DATA_DIR_LIST, (PrefixedPathListParamSpec) ImmutableList.of(new PrefixedPathListParamSpec.PrefixAndPath(MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, "/dfs/data/dir")));
        createScmConfig(ScmParams.ENABLE_FAST_DIR_CREATE, true);
        createConfigUnsafe(build.getService("ranger1"), "ranger_database_host", "foo");
        createConfigUnsafe(build.getService("ranger1"), "ranger_database_password", "pass");
        return build;
    }

    @Test
    public void testSharedRepoNameGeneration() {
        Assert.assertEquals("cm_hive", RangerPluginConfigGenerators.getSharedRepoName(RangerPluginParams.PluginType.HIVE));
    }

    @Test
    public void testUnsecureCluster() {
        MockTestCluster createCluster = createCluster(false);
        DbService service = createCluster.getService("hive1");
        DbService service2 = createCluster.getService("ranger1");
        createConfig(service, (ParamSpec<ServiceConnectorParamSpec>) HiveParams.RANGER, (ServiceConnectorParamSpec) service2);
        DbRole role = createCluster.getRole("hive1", "host1", MockTestCluster.HS2_RT);
        DbRole role2 = createCluster.getRole("hive1", "host1", MockTestCluster.HMS_RT);
        String name = createCluster.getHost("host1").getName();
        String name2 = createCluster.getHost("host2").getName();
        Assert.assertThat(generateConfigs(role, "hive-site.xml"), CoreMatchers.allOf(EvaluatedConfigMatchers.configEquals("true", "hive.security.authorization.enabled"), EvaluatedConfigMatchers.configEquals("org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory", "hive.security.authorization.manager")));
        Assert.assertThat(generateConfigs(role2, "hive-site.xml"), CoreMatchers.allOf(EvaluatedConfigMatchers.configEquals("org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthorizer", "hive.metastore.pre.event.listeners"), EvaluatedConfigMatchers.configEquals("org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory", "hive.security.authorization.manager")));
        Assert.assertThat(generateConfigs(role, "ranger-hive-audit.xml"), CoreMatchers.allOf(EvaluatedConfigMatchers.configEquals("/ranger/audit/hive", "xasecure.audit.destination.hdfs.dir"), EvaluatedConfigMatchers.configEquals("/var/log/hive/audit/hdfs/spool", "xasecure.audit.destination.hdfs.batch.filespool.dir"), EvaluatedConfigMatchers.configEquals("/var/log/hive/audit/solr/spool", "xasecure.audit.destination.solr.batch.filespool.dir"), EvaluatedConfigMatchers.configEquals(String.format("%s:2181/solr", name), "xasecure.audit.destination.solr.zookeepers")));
        createConfigUnsafe(service2, FirstPartyCsdServiceTypes.RoleTypes.RANGER_HDFS_AUDIT_URL.getTemplateName(), "s3a://mybank/division9/group8/audits");
        Assert.assertThat(generateConfigs(role, "ranger-hive-audit.xml"), CoreMatchers.allOf(new Matcher[]{EvaluatedConfigMatchers.configEquals("s3a://mybank/division9/group8/audits/hive", "xasecure.audit.destination.hdfs.dir")}));
        createConfigUnsafe(service, (ParamSpec<?>) HiveParams.RANGER_AUDIT_HDFS_PATH, "s3a://custom/dir");
        Assert.assertThat(generateConfigs(role, "ranger-hive-audit.xml"), CoreMatchers.allOf(new Matcher[]{EvaluatedConfigMatchers.configEquals("s3a://custom/dir", "xasecure.audit.destination.hdfs.dir")}));
        Assert.assertThat(generateConfigs(role, "ranger-hive-security.xml"), CoreMatchers.allOf(EvaluatedConfigMatchers.configEquals(createCluster.getCluster().getDisplayName(), "ranger.plugin.hive.access.cluster.name"), EvaluatedConfigMatchers.configEquals("cm_hive", "ranger.plugin.hive.service.name"), EvaluatedConfigMatchers.configEquals(String.format("http://%s:6080/", name2), "ranger.plugin.hive.policy.rest.url"), EvaluatedConfigMatchers.configEquals("true", "xasecure.hive.update.xapolicies.on.grant.revoke")));
        createConfig(service, (ParamSpec<ParamSpec>) HiveParams.RANGER_SECURITY_SAFETY_VALVE, (ParamSpec) "<property><name>ranger.plugin.hive.service.name</name><value>hive_repo2</value></property>");
        Assert.assertThat(generateConfigs(role, "ranger-hive-security.xml"), EvaluatedConfigMatchers.configEquals("hive_repo2", "ranger.plugin.hive.service.name"));
        createConfig(service, (ParamSpec<ParamSpec>) HiveParams.RANGER_SECURITY_SAFETY_VALVE, (ParamSpec) "<property><name>ranger.plugin.hive.access.cluster.name</name><value>test_cluster1</value></property>");
        Assert.assertThat(generateConfigs(role, "ranger-hive-security.xml"), EvaluatedConfigMatchers.configEquals("test_cluster1", "ranger.plugin.hive.access.cluster.name"));
    }

    @Test
    public void testUnsecureImpalaCluster() {
        MockTestCluster createCluster = createCluster(false);
        DbService service = createCluster.getService("hive1");
        DbService service2 = createCluster.getService("impala1");
        DbService service3 = createCluster.getService("ranger1");
        createConfig(service, (ParamSpec<ServiceConnectorParamSpec>) HiveParams.RANGER, (ServiceConnectorParamSpec) service3);
        createConfig(service2, (ParamSpec<ServiceConnectorParamSpec>) ImpalaParams.RANGER, (ServiceConnectorParamSpec) service3);
        createConfig(service2, (ParamSpec<ServiceConnectorParamSpec>) ImpalaParams.HIVE, (ServiceConnectorParamSpec) service);
        DbRole role = createCluster.getRole("impala1", "host3", MockTestCluster.IMPALAD_RT);
        String name = createCluster.getHost("host1").getName();
        String name2 = createCluster.getHost("host2").getName();
        Assert.assertThat(generateConfigs(role, "hadoop-conf/ranger-hive-audit.xml"), CoreMatchers.allOf(EvaluatedConfigMatchers.configEquals("/ranger/audit/impala", "xasecure.audit.destination.hdfs.dir"), EvaluatedConfigMatchers.configEquals("/var/log/impala/audit/hdfs/spool", "xasecure.audit.destination.hdfs.batch.filespool.dir"), EvaluatedConfigMatchers.configEquals("/var/log/impala/audit/solr/spool", "xasecure.audit.destination.solr.batch.filespool.dir"), EvaluatedConfigMatchers.configEquals(String.format("%s:2181/solr", name), "xasecure.audit.destination.solr.zookeepers")));
        Assert.assertThat(generateConfigs(role, "hadoop-conf/ranger-hive-security.xml"), CoreMatchers.allOf(EvaluatedConfigMatchers.configEquals(createCluster.getCluster().getDisplayName(), "ranger.plugin.hive.access.cluster.name"), EvaluatedConfigMatchers.configEquals("cm_hive", "ranger.plugin.hive.service.name"), EvaluatedConfigMatchers.configEquals("/var/lib/ranger/impala/policy-cache", "ranger.plugin.hive.policy.cache.dir"), EvaluatedConfigMatchers.configEquals(String.format("http://%s:6080/", name2), "ranger.plugin.hive.policy.rest.url")));
        createConfig(service2, (ParamSpec<ParamSpec>) ImpalaParams.RANGER_SECURITY_SAFETY_VALVE, (ParamSpec) "<property><name>ranger.plugin.hive.service.name</name><value>hive_repo2</value></property>");
        Assert.assertThat(generateConfigs(role, "hadoop-conf/ranger-hive-security.xml"), EvaluatedConfigMatchers.configEquals("hive_repo2", "ranger.plugin.hive.service.name"));
        createConfig(service2, (ParamSpec<ParamSpec>) ImpalaParams.RANGER_SECURITY_SAFETY_VALVE, (ParamSpec) "<property><name>ranger.plugin.hive.access.cluster.name</name><value>test_cluster1</value></property>");
        Assert.assertThat(generateConfigs(role, "hadoop-conf/ranger-hive-security.xml"), EvaluatedConfigMatchers.configEquals("test_cluster1", "ranger.plugin.hive.access.cluster.name"));
    }

    @Test
    public void testUnsecureClusterHdfs() {
        MockTestCluster createCluster = createCluster(false);
        DbService service = createCluster.getService("hdfs1");
        createConfig(service, (ParamSpec<BooleanParamSpec>) HdfsParams.RANGER_AUTHORIZATION_ENABLE, (BooleanParamSpec) true);
        DbRole role = createCluster.getRole("hdfs1", "host1", MockTestCluster.NN_RT);
        String name = createCluster.getHost("host1").getName();
        String name2 = createCluster.getHost("host2").getName();
        Assert.assertThat(generateConfigs(role, "hdfs-site.xml"), CoreMatchers.allOf(EvaluatedConfigMatchers.configEquals("true", "dfs.permissions.enabled"), EvaluatedConfigMatchers.configEquals("org.apache.ranger.authorization.hadoop.RangerHdfsAuthorizer", "dfs.namenode.inode.attributes.provider.class")));
        Assert.assertThat(generateConfigs(role, "ranger-hdfs-audit.xml"), CoreMatchers.allOf(EvaluatedConfigMatchers.configEquals("/ranger/audit/hdfs", "xasecure.audit.destination.hdfs.dir"), EvaluatedConfigMatchers.configEquals("/var/log/hdfs/audit/hdfs/spool", "xasecure.audit.destination.hdfs.batch.filespool.dir"), EvaluatedConfigMatchers.configEquals("/var/log/hdfs/audit/solr/spool", "xasecure.audit.destination.solr.batch.filespool.dir"), EvaluatedConfigMatchers.configEquals(String.format("%s:2181/solr", name), "xasecure.audit.destination.solr.zookeepers")));
        Assert.assertThat(generateConfigs(role, "ranger-hdfs-security.xml"), CoreMatchers.allOf(EvaluatedConfigMatchers.configEquals(createCluster.getCluster().getDisplayName(), "ranger.plugin.hdfs.access.cluster.name"), EvaluatedConfigMatchers.configEquals("cm_hdfs", "ranger.plugin.hdfs.service.name"), EvaluatedConfigMatchers.configEquals(String.format("http://%s:6080/", name2), "ranger.plugin.hdfs.policy.rest.url")));
        createConfig(service, (ParamSpec<ParamSpec>) HdfsParams.RANGER_SECURITY_SAFETY_VALVE, (ParamSpec) "<property><name>ranger.plugin.hdfs.service.name</name><value>hdfs_repo2</value></property>");
        Assert.assertThat(generateConfigs(role, "ranger-hdfs-security.xml"), EvaluatedConfigMatchers.configEquals("hdfs_repo2", "ranger.plugin.hdfs.service.name"));
        createConfig(service, (ParamSpec<ParamSpec>) HdfsParams.RANGER_SECURITY_SAFETY_VALVE, (ParamSpec) "<property><name>ranger.plugin.hdfs.access.cluster.name</name><value>test_cluster1</value></property>");
        Assert.assertThat(generateConfigs(role, "ranger-hdfs-security.xml"), EvaluatedConfigMatchers.configEquals("test_cluster1", "ranger.plugin.hdfs.access.cluster.name"));
    }

    @Test
    public void testSecureClusterHdfs() {
        MockTestCluster createCluster = createCluster(true);
        DbService service = createCluster.getService("hdfs1");
        createConfig(service, (ParamSpec<BooleanParamSpec>) HdfsParams.RANGER_AUTHORIZATION_ENABLE, (BooleanParamSpec) true);
        createConfigUnsafe(createCluster.getRole("ranger1", "host2", MockTestCluster.RANGERADMIN_RT), FirstPartyCsdServiceTypes.RoleTypes.RANGER_ADMIN_SSL_ENABLED.getTemplateName(), "true");
        createConfig(service, (ParamSpec<ParamSpec>) HiveParams.RANGER_POLICY_MGR_SSL_SAFETY_VALVE, (ParamSpec) "<property><name>xasecure.policymgr.clientssl.keystore.type</name><value>apple</value></property>");
        createConfig(service, (ParamSpec<PathParamSpec>) HdfsParams.HDFS_NAMENODE_TRUSTSTORE_FILE, (PathParamSpec) "/etc/ts1.jks");
        createConfig(service, (ParamSpec<PasswordParamSpec>) HdfsParams.HDFS_NAMENODE_TRUSTSTORE_PASSWORD, (PasswordParamSpec) "hdfspass123");
        DbRole role = createCluster.getRole("hdfs1", "host1", MockTestCluster.NN_RT);
        Assert.assertThat(generateConfigs(role, "ranger-hdfs-security.xml"), CoreMatchers.allOf(EvaluatedConfigMatchers.configEquals(createCluster.getCluster().getDisplayName(), "ranger.plugin.hdfs.access.cluster.name"), EvaluatedConfigMatchers.configEquals("cm_hdfs", "ranger.plugin.hdfs.service.name"), EvaluatedConfigMatchers.configEquals(String.format("https://%s:6182/", createCluster.getHost("host2").getName()), "ranger.plugin.hdfs.policy.rest.url")));
        Assert.assertThat(generateConfigs(role, "ranger-hdfs-policymgr-ssl.xml"), CoreMatchers.allOf(EvaluatedConfigMatchers.configEquals("/etc/ts1.jks", "xasecure.policymgr.clientssl.truststore"), EvaluatedConfigMatchers.configEquals("hdfspass123", "sslTrustStore"), EvaluatedConfigMatchers.configEquals(new CredentialProviderConfigTransform("password", "jceks").keyStoreURI, "xasecure.policymgr.clientssl.truststore.credential.file")));
        Assert.assertThat(generateConfigs(role, "ranger-hdfs-policymgr-ssl.xml"), EvaluatedConfigMatchers.configEquals("apple", "xasecure.policymgr.clientssl.keystore.type"));
    }

    @Test
    public void testRangerRmsSecure714Cluster() {
        MockTestCluster createCluster = createCluster(true, CdhReleases.CDH7_1_4);
        DbService service = createCluster.getService("hdfs1");
        DbRole role = createCluster.getRole("hdfs1", "host1", MockTestCluster.NN_RT);
        createConfig(service, (ParamSpec<BooleanParamSpec>) HdfsParams.RANGER_AUTHORIZATION_ENABLE, (BooleanParamSpec) true);
        Assert.assertNull(generateConfigs(role, "ranger-hdfs-security.xml").get("ranger.plugin.hive.mapping.source.url"));
        createCluster.addService(MockTestCluster.RANGERRMS_ST, true, MockTestCluster.AutoDependencyLevel.ALL, true, CdhReleases.CDH7_1_4);
        createCluster.addRole("ranger_rms1", "host1", MockTestCluster.RANGERRMSSERVER_RT);
        String name = createCluster.getHost("host1").getName();
        Assert.assertThat(generateConfigs(role, "ranger-hdfs-security.xml"), CoreMatchers.allOf(new Matcher[]{EvaluatedConfigMatchers.configEquals(String.format("http://%s:8383/", name), "ranger.plugin.hive.mapping.source.url")}));
        createConfigUnsafe(createCluster.getRole("ranger_rms1", "host1", MockTestCluster.RANGERRMSSERVER_RT), FirstPartyCsdServiceTypes.RoleTypes.RANGER_RMS_SERVER_SSL_ENABLED.getTemplateName(), "true");
        Assert.assertThat(generateConfigs(role, "ranger-hdfs-security.xml"), CoreMatchers.allOf(new Matcher[]{EvaluatedConfigMatchers.configEquals(String.format("https://%s:8484/", name), "ranger.plugin.hive.mapping.source.url")}));
    }

    @Test
    public void testRangerRmsSecureCluster() {
        MockTestCluster createCluster = createCluster(true, CdhReleases.CDH7_1_5);
        DbService service = createCluster.getService("hdfs1");
        DbRole role = createCluster.getRole("hdfs1", "host1", MockTestCluster.NN_RT);
        createConfig(service, (ParamSpec<BooleanParamSpec>) HdfsParams.RANGER_AUTHORIZATION_ENABLE, (BooleanParamSpec) true);
        Assert.assertNull(generateConfigs(role, "ranger-hdfs-security.xml").get("ranger.plugin.hive.mapping.source.url"));
        createCluster.addService(MockTestCluster.RANGERRMS_ST, true, MockTestCluster.AutoDependencyLevel.ALL, true, CdhReleases.CDH7_1_5);
        createCluster.addRole("ranger_rms1", "host1", MockTestCluster.RANGERRMSSERVER_RT);
        String name = createCluster.getHost("host1").getName();
        Assert.assertThat(generateConfigs(role, "ranger-hdfs-security.xml"), CoreMatchers.allOf(new Matcher[]{EvaluatedConfigMatchers.configEquals(String.format("http://%s:8383/", name), "ranger.plugin.hdfs.mapping.source.url")}));
        createConfigUnsafe(createCluster.getRole("ranger_rms1", "host1", MockTestCluster.RANGERRMSSERVER_RT), FirstPartyCsdServiceTypes.RoleTypes.RANGER_RMS_SERVER_SSL_ENABLED.getTemplateName(), "true");
        Assert.assertThat(generateConfigs(role, "ranger-hdfs-security.xml"), CoreMatchers.allOf(new Matcher[]{EvaluatedConfigMatchers.configEquals(String.format("https://%s:8484/", name), "ranger.plugin.hdfs.mapping.source.url")}));
    }

    @Test
    public void testSecureHACluster() {
        MockTestCluster createCluster = createCluster(true);
        createCluster.addRole("ranger1", "host3", MockTestCluster.RANGERADMIN_RT);
        DbRole role = createCluster.getRole("hive1", "host1", MockTestCluster.HS2_RT);
        DbRole role2 = createCluster.getRole("hive1", "host1", MockTestCluster.HMS_RT);
        DbRole role3 = createCluster.getRole("ranger1", "host2", MockTestCluster.RANGERADMIN_RT);
        String name = createCluster.getHost("host2").getName();
        String name2 = createCluster.getHost("host3").getName();
        createConfigUnsafe(role3.getRoleConfigGroup(), FirstPartyCsdServiceTypes.RoleTypes.RANGER_ADMIN_SSL_ENABLED.getTemplateName(), "true");
        String format = String.format("https://%s:6182/,https://%s:6182/", name, name2);
        Assert.assertThat(generateConfigs(role, "ranger-hive-security.xml"), CoreMatchers.allOf(EvaluatedConfigMatchers.configEquals(format, "ranger.plugin.hive.policy.rest.url"), EvaluatedConfigMatchers.configEquals("ranger-hive-policymgr-ssl.xml", "ranger.plugin.hive.policy.rest.ssl.config.file")));
        Assert.assertThat(generateConfigs(role, "ranger-hive-audit.xml"), CoreMatchers.allOf(EvaluatedConfigMatchers.configEquals("com.sun.security.auth.module.Krb5LoginModule", "xasecure.audit.jaas.Client.loginModuleName"), EvaluatedConfigMatchers.configEquals("hive/_HOST@HADOOP.COM", "xasecure.audit.jaas.Client.option.principal")));
        Assert.assertThat(generateConfigs(role2, "ranger-hive-security.xml"), CoreMatchers.allOf(EvaluatedConfigMatchers.configEquals(format, "ranger.plugin.hive.policy.rest.url"), EvaluatedConfigMatchers.configEquals("ranger-hive-policymgr-ssl.xml", "ranger.plugin.hive.policy.rest.ssl.config.file")));
    }

    @Test
    public void testSecureLBCluster() {
        MockTestCluster createCluster = createCluster(true);
        DbService service = createCluster.getService("ranger1");
        DbRole role = createCluster.getRole("hive1", "host1", MockTestCluster.HS2_RT);
        String name = createCluster.getHost("host2").getName();
        Assert.assertThat(generateConfigs(role, "ranger-hive-security.xml"), CoreMatchers.allOf(new Matcher[]{EvaluatedConfigMatchers.configEquals(String.format("http://%s:6080/", name), "ranger.plugin.hive.policy.rest.url")}));
        createCluster.addRole("ranger1", "host3", MockTestCluster.RANGERADMIN_RT);
        Assert.assertThat(generateConfigs(role, "ranger-hive-security.xml"), CoreMatchers.allOf(new Matcher[]{EvaluatedConfigMatchers.configEquals(String.format("http://%s:6080/,http://%s:6080/", name, createCluster.getHost("host3").getName()), "ranger.plugin.hive.policy.rest.url")}));
        createConfigUnsafe(service, FirstPartyCsdServiceTypes.RoleTypes.RANGER_ADMIN_LOAD_BALANCER_URL.getTemplateName(), "http://load-balancer-host:5088");
        Assert.assertThat(generateConfigs(role, "ranger-hive-security.xml"), CoreMatchers.allOf(new Matcher[]{EvaluatedConfigMatchers.configEquals("http://load-balancer-host:5088", "ranger.plugin.hive.policy.rest.url")}));
    }

    @Test
    public void testAliasedPasswordEvaluator() {
        MockTestCluster createCluster = createCluster(false);
        DbService service = createCluster.getService("hive1");
        DbService service2 = createCluster.getService("ranger1");
        DbRole role = createCluster.getRole("ranger1", "host2", MockTestCluster.RANGERADMIN_RT);
        createConfig(service, (ParamSpec<ServiceConnectorParamSpec>) HiveParams.RANGER, (ServiceConnectorParamSpec) service2);
        createConfig(service, (ParamSpec<PathParamSpec>) HiveParams.HS2_TRUSTSTORE_FILE, (PathParamSpec) "/etc/some/file.jks");
        createConfig(service, (ParamSpec<PasswordParamSpec>) HiveParams.HS2_TRUSTSTORE_PASSWORD, (PasswordParamSpec) "ts_pass");
        createConfigUnsafe(role, FirstPartyCsdServiceTypes.RoleTypes.RANGER_ADMIN_SSL_ENABLED.getTemplateName(), "true");
        createConfigUnsafe(service, "role_jceks_password", "secretPass123");
        DbRole role2 = createCluster.getRole("hive1", "host1", MockTestCluster.HS2_RT);
        CredentialProviderConfigTransform credentialProviderConfigTransform = new CredentialProviderConfigTransform("password", "jceks");
        Assert.assertThat(generateConfigs(role2, "ranger-hive-policymgr-ssl.xml"), CoreMatchers.allOf(EvaluatedConfigMatchers.configEquals("/etc/some/file.jks", "xasecure.policymgr.clientssl.truststore"), EvaluatedConfigMatchers.configEquals(credentialProviderConfigTransform.keyStoreURI, "xasecure.policymgr.clientssl.truststore.credential.file"), EvaluatedConfigMatchers.configEquals("********", "sslTrustStore")));
        CredentialProviderConfigTransformTest.assertKeystore(credentialProviderConfigTransform, shr.getRoleHandler(role2).generateConfigFiles(ConfigEvaluationContext.of(sdp, role2)), ImmutableMap.of("sslTrustStore", "ts_pass"));
    }

    private void testCreateDirPath(MockTestCluster mockTestCluster, String str) {
        List argumentsAsList = ((DbProcess) Iterables.getOnlyElement(shr.executeCommand(mockTestCluster.getService("hive1"), "RangerPluginCreateAuditDir", SvcCmdArgs.of(new String[0])).getProcesses())).getArgumentsAsList();
        Assert.assertEquals(5L, argumentsAsList.size());
        Assert.assertEquals(str, argumentsAsList.get(1));
    }

    @Test
    public void testAuditCreateDir() {
        MockTestCluster createCluster = createCluster(false);
        DbService service = createCluster.getService("hive1");
        DbService service2 = createCluster.getService("ranger1");
        createConfig(service, (ParamSpec<ServiceConnectorParamSpec>) HiveParams.RANGER, (ServiceConnectorParamSpec) null);
        testCreateDirPath(createCluster, "hdfs://mocktestcluster" + createCluster.getCluster().getId() + "-host1:8020/ranger/audit/hive");
        createConfig(service, (ParamSpec<ServiceConnectorParamSpec>) HiveParams.RANGER, (ServiceConnectorParamSpec) service2);
        testCreateDirPath(createCluster, "hdfs://mocktestcluster" + createCluster.getCluster().getId() + "-host1:8020/ranger/audit/hive");
        createConfigUnsafe(service2, FirstPartyCsdServiceTypes.RoleTypes.RANGER_HDFS_AUDIT_URL.getTemplateName(), "s3a://mybank/division9/group8/audits");
        testCreateDirPath(createCluster, "s3a://mybank/division9/group8/audits/hive");
        createConfigUnsafe(service, (ParamSpec<?>) HiveParams.RANGER_AUDIT_HDFS_PATH, "${ranger_base_audit_url}/special/group");
        testCreateDirPath(createCluster, "s3a://mybank/division9/group8/audits/special/group");
        createConfigUnsafe(service, (ParamSpec<?>) HiveParams.RANGER_AUDIT_HDFS_PATH, "s3a://special/nosubgroup");
        testCreateDirPath(createCluster, "s3a://special/nosubgroup");
    }

    @Test
    public void testRangerAdminMakeProcess() {
        MockTestCluster createCluster = createCluster(true);
        Assert.assertNotNull(shr.getRoleHandler(createCluster.getService("ranger1"), MockTestCluster.RANGERADMIN_RT).makeProcess(createCluster.getRole("ranger1", "host2", MockTestCluster.RANGERADMIN_RT), ImmutableList.of()));
    }

    @Test
    public void testRangerKafkaAuditGenerationWithZkTls() {
        MockTestCluster createCluster = createCluster(false, CdhReleases.CDH7_1_4);
        DbService service = createCluster.getService("kafka1");
        createConfig(createCluster.getService("zookeeper1"), (ParamSpec<BooleanParamSpec>) ZooKeeperParams.ZOOKEEPER_TLS_ENABLED, (BooleanParamSpec) true);
        createConfigUnsafe(service, "zookeeper.secure.connection.enable", "true");
        Assert.assertThat(generateConfigs(createCluster.getRole("kafka1", "host1", MockTestCluster.KAFKABROKER_RT), "ranger-kafka-audit.xml"), EvaluatedConfigMatchers.configEquals(String.format("%s:2182/solr", createCluster.getHost("host1").getName()), "xasecure.audit.destination.solr.zookeepers"));
    }
}
