package com.cloudera.cmf.service.hue;

import com.beust.jcommander.internal.Maps;
import com.cloudera.cmf.model.DbCluster;
import com.cloudera.cmf.model.DbHost;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.service.RoleHandler;
import com.cloudera.cmf.service.config.MetricsSourceConfigEvaluatorTest;
import com.cloudera.cmf.service.config.ParamSpec;
import com.cloudera.cmf.service.config.PathListParamSpec;
import com.cloudera.cmf.service.config.PrefixedPathListParamSpec;
import com.cloudera.cmf.service.config.StringEnumParamSpec;
import com.cloudera.cmf.service.hdfs.HdfsParams;
import com.cloudera.cmf.service.hue.HueServiceHandler;
import com.cloudera.cmf.service.upgrade.KeystoreIndexer70Test;
import com.cloudera.cmf.service.upgrade.Oozie60Test;
import com.cloudera.cmf.version.CdhReleases;
import com.cloudera.cmf.version.Release;
import com.cloudera.csd.CsdException;
import com.cloudera.csd.CsdTestUtils;
import com.cloudera.server.cmf.AbstractMockBaseTest;
import com.cloudera.server.cmf.MockBaseTest;
import com.cloudera.server.cmf.MockTestCluster;
import com.cloudera.server.common.KerberosAuthentication;
import com.google.common.collect.ImmutableList;
import java.util.Map;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:com/cloudera/cmf/service/hue/HueServerAndRenewerRoleHandlerTest.class */
public class HueServerAndRenewerRoleHandlerTest extends MockBaseTest {
    @BeforeClass
    public static void setup() {
        AbstractMockBaseTest.setup(true);
        setMinimizeMockInvocationTracking(true);
    }

    @Test
    public void testSolrDependencyWith2SolrServices() throws CsdException {
        installCsds(ImmutableList.of(CsdTestUtils.getTezBundle(), CsdTestUtils.getRangerC711Bundle()));
        MockTestCluster build = MockTestCluster.builder(this).cdhVersion(CdhReleases.CDH7_1_1).hostCount(2).services("HDFS", MockTestCluster.ZK_ST, MockTestCluster.YARN_ST, MockTestCluster.HIVE_ST, MockTestCluster.OOZIE_ST, MockTestCluster.HBASE_ST, MockTestCluster.IMPALA_ST, MockTestCluster.SOLR_ST, MockTestCluster.HUE_ST, MockTestCluster.TEZ_ST, MockTestCluster.HOT_ST, MockTestCluster.RANGER_ST).roles("hdfs1", "host1", MockTestCluster.NN_RT, MockTestCluster.DN_RT).roles("hdfs1", "host2", MockTestCluster.SNN_RT, MockTestCluster.DN_RT).roles("zookeeper1", "host1", MockTestCluster.ZKSERVER_RT).roles("yarn1", "host1", MockTestCluster.NM_RT, MockTestCluster.RM_RT, MockTestCluster.JHS_RT).roles("hive1", "host1", MockTestCluster.HMS_RT).roles(Oozie60Test.OOZIE, "host1", MockTestCluster.OOZIESERVER_RT).roles(KeystoreIndexer70Test.HBASE, "host1", MockTestCluster.HBMASTER_RT).roles("impala1", "host1", MockTestCluster.IMPALAD_RT, MockTestCluster.IMPSTATESTORE_RT, MockTestCluster.IMPCATALOG_RT).roles("solr1", "host1", MockTestCluster.SOLRSERVER_RT).roles("tez1", "host1", "GATEWAY").roles("tez1", "host2", "GATEWAY").roles("hive_on_tez1", "host1", MockTestCluster.HOT_HS2_RT).roles("hue1", "host1", MockTestCluster.HUESERVER_RT).roles("ranger1", "host1", MockTestCluster.RANGERADMIN_RT).roles("ranger1", "host1", MockTestCluster.RANGERUSERSYNC_RT).roles("ranger1", "host1", MockTestCluster.RANGERTAGSYNC_RT).build();
        build.addService(MockTestCluster.SOLR_ST);
        DbService service = build.getService("solr2");
        build.addRole("solr2", "host2", MockTestCluster.SOLRSERVER_RT);
        createConfigUnsafe(build.getService("ranger1"), "solr_service", service.getName());
        DbService service2 = build.getService("hdfs1");
        createConfig(service2, (ParamSpec<PathListParamSpec>) HdfsParams.DFS_NAME_DIR_LIST, (PathListParamSpec) ImmutableList.of("/namedir1"));
        createConfig(service2, (ParamSpec<PrefixedPathListParamSpec>) HdfsParams.DFS_DATA_DIR_LIST, (PrefixedPathListParamSpec) ImmutableList.of(new PrefixedPathListParamSpec.PrefixAndPath(MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, "/dfs/data/dir")));
        DbRole role = build.getRole("hue1", "host1", MockTestCluster.HUESERVER_RT);
        RoleHandler roleHandler = shr.getRoleHandler(role);
        Assert.assertNotNull(roleHandler.generateConfiguration(role, roleHandler.prepareConfiguration(role)));
    }

    @Test
    public void testPrincipalGenerationForMinimumSpnegoVersion() {
        DbCluster createCluster = createCluster((Long) 1L, "cluster", CdhReleases.CDH5_1_0);
        DbHost createHost = createHost(1L, "h1", "h1", createCluster);
        DbHost createHost2 = createHost(2L, "h2", "h2", createCluster);
        DbHost createHost3 = createHost(3L, "h3", "h3", createCluster);
        DbService createService = createService(1L, "Hue1", MockTestCluster.HUE_ST, createCluster);
        DbRole createRole = createRole((Long) 1L, HueServiceHandler.RoleNames.HUE_SERVER.name(), createHost, createService);
        DbRole createRole2 = createRole((Long) 2L, HueServiceHandler.RoleNames.KT_RENEWER.name(), createHost, createService);
        DbService createService2 = createService(1L, "Hue2", MockTestCluster.HUE_ST, createCluster);
        DbRole createRole3 = createRole((Long) 1L, HueServiceHandler.RoleNames.HUE_SERVER.name(), createHost2, createService2);
        DbRole createRole4 = createRole((Long) 2L, HueServiceHandler.RoleNames.KT_RENEWER.name(), createHost2, createService2);
        checkRequiredEnvVar(createRole, false);
        checkRequiredEnvVar(createRole3, false);
        checkPrincipalsCountPerRole(1, createRole, createRole2, createRole3, createRole4);
        checkForPrincipals(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "hue/h1@HADOOP.COM", createRole, createRole2);
        checkForPrincipals(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "hue/h2@HADOOP.COM", createRole3, createRole4);
        checkNonExistence(KerberosAuthentication.KERBEROS_HTTP_PRINCIPAL, createRole, createRole2, createRole3, createRole4);
        createConfig(createService, (ParamSpec<StringEnumParamSpec>) HueParams.AUTH_BACKEND, (StringEnumParamSpec) "desktop.auth.backend.SpnegoDjangoBackend");
        checkRequiredEnvVar(createRole, true);
        checkRequiredEnvVar(createRole3, false);
        checkPrincipalsCountPerRole(2, createRole, createRole2);
        checkPrincipalsCountPerRole(1, createRole3, createRole4);
        checkForPrincipals(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "hue/h1@HADOOP.COM", createRole, createRole2);
        checkForPrincipals(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "hue/h2@HADOOP.COM", createRole3, createRole4);
        checkForPrincipals(KerberosAuthentication.KERBEROS_HTTP_PRINCIPAL, "HTTP/h1@HADOOP.COM", createRole, createRole2);
        checkNonExistence(KerberosAuthentication.KERBEROS_HTTP_PRINCIPAL, createRole3, createRole4);
        DbRole createRole5 = createRole((Long) 5L, HueServiceHandler.RoleNames.HUE_SERVER.name(), createHost3, createService);
        DbRole createRole6 = createRole((Long) 6L, HueServiceHandler.RoleNames.KT_RENEWER.name(), createHost3, createService);
        checkRequiredEnvVar(createRole, true);
        checkRequiredEnvVar(createRole5, true);
        checkRequiredEnvVar(createRole3, false);
        checkPrincipalsCountPerRole(2, createRole, createRole2);
        checkPrincipalsCountPerRole(2, createRole5, createRole6);
        checkPrincipalsCountPerRole(1, createRole3, createRole4);
        checkForPrincipals(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "hue/h1@HADOOP.COM", createRole, createRole2);
        checkForPrincipals(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "hue/h3@HADOOP.COM", createRole5, createRole6);
        checkForPrincipals(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "hue/h2@HADOOP.COM", createRole3, createRole4);
        checkForPrincipals(KerberosAuthentication.KERBEROS_HTTP_PRINCIPAL, "HTTP/h1@HADOOP.COM", createRole, createRole2);
        checkForPrincipals(KerberosAuthentication.KERBEROS_HTTP_PRINCIPAL, "HTTP/h3@HADOOP.COM", createRole5, createRole6);
        checkNonExistence(KerberosAuthentication.KERBEROS_HTTP_PRINCIPAL, createRole3, createRole4);
    }

    @Test
    public void testPrincipalGenerationForMinimumLBVersion() {
        DbCluster createCluster = createCluster((Long) 1L, "cluster", (Release) HueLoadBalancerRoleHandler.SINCE.lowerEndpoint());
        DbHost createHost = createHost(1L, "h1", "h1", createCluster);
        DbHost createHost2 = createHost(2L, "h2", "h2", createCluster);
        DbHost createHost3 = createHost(3L, "h3", "h3", createCluster);
        DbService createService = createService(1L, "Hue1", MockTestCluster.HUE_ST, createCluster);
        DbRole createRole = createRole((Long) 1L, HueServiceHandler.RoleNames.HUE_SERVER.name(), createHost, createService);
        DbRole createRole2 = createRole((Long) 2L, HueServiceHandler.RoleNames.KT_RENEWER.name(), createHost, createService);
        DbService createService2 = createService(1L, "Hue2", MockTestCluster.HUE_ST, createCluster);
        DbRole createRole3 = createRole((Long) 1L, HueServiceHandler.RoleNames.HUE_SERVER.name(), createHost2, createService2);
        DbRole createRole4 = createRole((Long) 2L, HueServiceHandler.RoleNames.KT_RENEWER.name(), createHost2, createService2);
        checkRequiredEnvVar(createRole, false);
        checkRequiredEnvVar(createRole3, false);
        checkPrincipalsCountPerRole(1, createRole, createRole2, createRole3, createRole4);
        checkForPrincipals(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "hue/h1@HADOOP.COM", createRole, createRole2);
        checkForPrincipals(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "hue/h2@HADOOP.COM", createRole3, createRole4);
        checkNonExistence(KerberosAuthentication.KERBEROS_HTTP_PRINCIPAL, createRole, createRole2, createRole3, createRole4);
        createConfig(createService, (ParamSpec<StringEnumParamSpec>) HueParams.AUTH_BACKEND, (StringEnumParamSpec) "desktop.auth.backend.SpnegoDjangoBackend");
        checkRequiredEnvVar(createRole, true);
        checkRequiredEnvVar(createRole3, false);
        checkPrincipalsCountPerRole(2, createRole, createRole2);
        checkPrincipalsCountPerRole(1, createRole3, createRole4);
        checkForPrincipals(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "hue/h1@HADOOP.COM", createRole, createRole2);
        checkForPrincipals(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "hue/h2@HADOOP.COM", createRole3, createRole4);
        checkForPrincipals(KerberosAuthentication.KERBEROS_HTTP_PRINCIPAL, "HTTP/h1@HADOOP.COM", createRole, createRole2);
        checkNonExistence("loadbalancer_" + createHost.getName(), createRole, createRole2);
        createRole((Long) 3L, HueServiceHandler.RoleNames.HUE_LOAD_BALANCER.name(), createHost, createService);
        checkRequiredEnvVar(createRole, true);
        checkRequiredEnvVar(createRole3, false);
        checkPrincipalsCountPerRole(2, createRole, createRole2);
        checkPrincipalsCountPerRole(1, createRole3, createRole4);
        checkForPrincipals(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "hue/h1@HADOOP.COM", createRole, createRole2);
        checkForPrincipals(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "hue/h2@HADOOP.COM", createRole3, createRole4);
        checkForPrincipals("loadbalancer_" + createHost.getName(), "HTTP/h1@HADOOP.COM", createRole, createRole2);
        checkNonExistence(KerberosAuthentication.KERBEROS_HTTP_PRINCIPAL, createRole, createRole2);
        createRole((Long) 4L, HueServiceHandler.RoleNames.HUE_LOAD_BALANCER.name(), createHost2, createService);
        checkRequiredEnvVar(createRole, true);
        checkRequiredEnvVar(createRole3, false);
        checkPrincipalsCountPerRole(3, createRole, createRole2);
        checkPrincipalsCountPerRole(1, createRole3, createRole4);
        checkForPrincipals(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "hue/h1@HADOOP.COM", createRole, createRole2);
        checkForPrincipals(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "hue/h2@HADOOP.COM", createRole3, createRole4);
        checkForPrincipals("loadbalancer_" + createHost.getName(), "HTTP/h1@HADOOP.COM", createRole, createRole2);
        checkForPrincipals("loadbalancer_" + createHost2.getName(), "HTTP/h2@HADOOP.COM", createRole, createRole2);
        checkNonExistence(KerberosAuthentication.KERBEROS_HTTP_PRINCIPAL, createRole, createRole2);
        DbRole createRole5 = createRole((Long) 5L, HueServiceHandler.RoleNames.HUE_SERVER.name(), createHost3, createService);
        DbRole createRole6 = createRole((Long) 6L, HueServiceHandler.RoleNames.KT_RENEWER.name(), createHost3, createService);
        checkRequiredEnvVar(createRole, true);
        checkRequiredEnvVar(createRole5, true);
        checkRequiredEnvVar(createRole3, false);
        checkPrincipalsCountPerRole(3, createRole, createRole2);
        checkPrincipalsCountPerRole(4, createRole5, createRole6);
        checkPrincipalsCountPerRole(1, createRole3, createRole4);
        checkForPrincipals(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "hue/h1@HADOOP.COM", createRole, createRole2);
        checkForPrincipals(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "hue/h3@HADOOP.COM", createRole5, createRole6);
        checkForPrincipals(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "hue/h2@HADOOP.COM", createRole3, createRole4);
        checkForPrincipals("loadbalancer_" + createHost.getName(), "HTTP/h1@HADOOP.COM", createRole5, createRole6);
        checkForPrincipals("loadbalancer_" + createHost2.getName(), "HTTP/h2@HADOOP.COM", createRole5, createRole6);
        checkForPrincipals(KerberosAuthentication.KERBEROS_HTTP_PRINCIPAL, "HTTP/h3@HADOOP.COM", createRole5, createRole6);
    }

    private void checkRequiredEnvVar(DbRole dbRole, boolean z) {
        Map environmentForConcreteRole = shr.getRoleHandler(dbRole).getEnvironmentForConcreteRole(dbRole, Maps.newHashMap());
        if (z) {
            Assert.assertEquals("{{CMF_CONF_DIR}}/hue.keytab", environmentForConcreteRole.get("KRB5_KTNAME"));
        } else {
            Assert.assertNull(environmentForConcreteRole.get("KRB5_KTNAME"));
        }
    }

    private void checkForPrincipals(String str, String str2, DbRole... dbRoleArr) {
        for (DbRole dbRole : dbRoleArr) {
            Assert.assertEquals(str2, shr.getRoleHandler(dbRole).getRequiredPrincipals(dbRole, (String) null).get(str));
        }
    }

    private void checkNonExistence(String str, DbRole... dbRoleArr) {
        for (DbRole dbRole : dbRoleArr) {
            Assert.assertNull(shr.getRoleHandler(dbRole).getRequiredPrincipals(dbRole, (String) null).get(str));
        }
    }

    private void checkPrincipalsCountPerRole(int i, DbRole... dbRoleArr) {
        for (DbRole dbRole : dbRoleArr) {
            Assert.assertEquals(i, shr.getRoleHandler(dbRole).getRequiredPrincipals(dbRole, (String) null).size());
        }
    }
}
