package com.cloudera.cmf.service.config;

import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.service.config.KerberosPrincEvaluator;
import com.cloudera.cmf.service.hdfs.HdfsServiceHandler;
import com.cloudera.cmf.service.hive.HiveServiceHandler;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.cmf.version.CdhReleases;
import com.cloudera.server.cmf.MockBaseTest;
import com.cloudera.server.cmf.MockTestCluster;
import com.cloudera.server.common.KerberosAuthentication;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.RangeMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/cloudera/cmf/service/config/KerberosPrincEvaluatorTest.class */
public class KerberosPrincEvaluatorTest extends MockBaseTest {
    private static final String TEST_REALM = "KERBEROS_PRINC_EVALUATOR_TEST.COM";
    private static final String PRINC_PROP = "kerberos.princ.evaluator.test.principal";

    @Test
    public void testEvalPrincForCurrentRole() throws Exception {
        verifyEvalHmsPrinc(MockTestCluster.HIVE_ST, MockTestCluster.HMS_RT);
    }

    @Test
    public void testEvalPrincForDifferentRoleInSameService() throws Exception {
        verifyEvalHmsPrinc(MockTestCluster.HIVE_ST, MockTestCluster.HS2_RT);
    }

    @Test
    public void testEvalPrincForRoleInDependencyService() throws Exception {
        verifyEvalHmsPrinc(MockTestCluster.IMPALA_ST, MockTestCluster.IMPALAD_RT);
    }

    @Test
    public void testEvalPrincForOptionalRole() throws Exception {
        DbService service = setupCluster().getService("hdfs1");
        Assert.assertTrue(new KerberosPrincEvaluator((Set) null, "HDFS", HdfsServiceHandler.RoleNames.NFSGATEWAY, ImmutableMap.of(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, PRINC_PROP), (String) null).evaluateConfig(ConfigEvaluationContext.of(sdp, service, (DbRole) null, shr.getRoleHandler(service, HdfsServiceHandler.RoleNames.GATEWAY.name()))).isEmpty());
    }

    @Test
    public void testPrincOnlyFormat() throws Exception {
        setupCluster();
        List findRolesByType = this.em.findRolesByType(MockTestCluster.HIVE_ST, MockTestCluster.HMS_RT);
        Assert.assertEquals(1L, findRolesByType.size());
        DbRole dbRole = (DbRole) findRolesByType.get(0);
        List evaluateConfig = new KerberosPrincEvaluator((Set) null, ConfigLocator.getConfigLocator(MockTestCluster.HIVE_ST, HiveServiceHandler.RoleNames.HIVEMETASTORE.name()), ImmutableMap.of(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, PRINC_PROP), (String) null, (RangeMap) null, KerberosPrincEvaluator.PrincipalFormat.PRIMARY_ONLY).evaluateConfig(ConfigEvaluationContext.of(sdp, dbRole.getService(), dbRole, shr.getRoleHandler(dbRole), (Map) null));
        Assert.assertEquals(1L, evaluateConfig.size());
        EvaluatedConfig evaluatedConfig = (EvaluatedConfig) evaluateConfig.get(0);
        Assert.assertEquals(PRINC_PROP, evaluatedConfig.getName());
        Assert.assertEquals("hive", evaluatedConfig.getValue());
    }

    @Test
    public void testKerberosName() {
        KerberosPrincEvaluator.KerberosName kerberosName = new KerberosPrincEvaluator.KerberosName("foo/bar@realm");
        Assert.assertEquals("foo", kerberosName.getPrimary());
        Assert.assertEquals("bar", kerberosName.getInstance());
        Assert.assertEquals("realm", kerberosName.getRealm());
    }

    private void verifyEvalHmsPrinc(String str, String str2) throws Exception {
        MockTestCluster mockTestCluster = setupCluster();
        List findRolesByType = this.em.findRolesByType(str, str2);
        Assert.assertEquals(1L, findRolesByType.size());
        DbRole dbRole = (DbRole) findRolesByType.get(0);
        List evaluateConfig = new KerberosPrincEvaluator((Set) null, MockTestCluster.HIVE_ST, HiveServiceHandler.RoleNames.HIVEMETASTORE, ImmutableMap.of(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, PRINC_PROP), (String) null).evaluateConfig(ConfigEvaluationContext.of(sdp, dbRole.getService(), dbRole, shr.getRoleHandler(dbRole), (Map) null));
        Assert.assertEquals(1L, evaluateConfig.size());
        EvaluatedConfig evaluatedConfig = (EvaluatedConfig) evaluateConfig.get(0);
        DbRole role = mockTestCluster.getRole("hive1", "host3", MockTestCluster.HMS_RT);
        Assert.assertEquals(PRINC_PROP, evaluatedConfig.getName());
        Assert.assertEquals(String.format("hive/%s@%s", role.getHost().getName(), TEST_REALM), evaluatedConfig.getValue());
    }

    private MockTestCluster setupCluster() {
        deleteAllClusters();
        MockTestCluster build = MockTestCluster.builder(this).cdhVersion(CdhReleases.CDH5_6_0).hostCount(4).services("HDFS", MockTestCluster.YARN_ST, MockTestCluster.HIVE_ST, MockTestCluster.IMPALA_ST).roles("hdfs1", "host1", MockTestCluster.DN_RT).roles("hive1", "host2", MockTestCluster.HS2_RT).roles("hive1", "host3", MockTestCluster.HMS_RT).roles("impala1", "host4", MockTestCluster.IMPALAD_RT).enableKerberos(true).build();
        createScmConfig(ScmParams.SECURITY_REALM, TEST_REALM);
        return build;
    }
}
