package com.cloudera.cmf.service.config;

import com.cloudera.cmf.service.csd.components.FirstPartyCsdServiceTypes;
import com.cloudera.cmf.service.hdfs.HdfsParams;
import com.cloudera.cmf.version.CdhReleases;
import com.cloudera.csd.CsdBundle;
import com.cloudera.csd.CsdTestUtils;
import com.cloudera.server.cmf.AbstractMockBaseTest;
import com.cloudera.server.cmf.MockBaseTest;
import com.cloudera.server.cmf.MockTestCluster;
import com.cloudera.test.matchers.EvaluatedConfigMatchers;
import com.google.common.collect.ImmutableList;
import java.util.Collection;
import java.util.Map;
import org.hamcrest.CoreMatchers;
import org.hamcrest.Matcher;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:com/cloudera/cmf/service/config/KnoxIDBrokerEvaluatorsTest.class */
public class KnoxIDBrokerEvaluatorsTest extends MockBaseTest {
    @BeforeClass
    public static void setup() throws Exception {
        AbstractMockBaseTest.setup((Collection<CsdBundle>) ImmutableList.of(CsdTestUtils.getKnoxBundle()));
    }

    private MockTestCluster setupCluster(boolean z) {
        MockTestCluster build = MockTestCluster.builder(this).cdhVersion(CdhReleases.LATEST_CDH7_RELEASE).services("HDFS", "KNOX", "KNOX").roles("hdfs1", "host1", MockTestCluster.NN_RT, MockTestCluster.SNN_RT).roles("knox1", "host1", "KNOX_GATEWAY").roles("knox2", "host1", "IDBROKER").build();
        createConfig(build.getService("hdfs1"), (ParamSpec<PathListParamSpec>) HdfsParams.DFS_NAME_DIR_LIST, (PathListParamSpec) ImmutableList.of("/foo"));
        if (z) {
            createConfigUnsafe(build.getRole("knox2", "host1", "IDBROKER"), FirstPartyCsdServiceTypes.RoleTypes.IDBROKER_SSL_ENABLED.getTemplateName(), "true");
        }
        return build;
    }

    @Test
    public void testUnsecureClusterS3Connector() {
        testS3Configs(false);
    }

    @Test
    public void testUnsecureClusterADLSConnector() {
        testADLSConfigs(false);
    }

    @Test
    public void testSecureClusterS3Connector() {
        testS3Configs(true);
    }

    @Test
    public void testSecureClusterADLSConnector() {
        testADLSConfigs(true);
    }

    public void testSecureClusterGCSConnector() {
        testGCSConfigs(true);
    }

    public void testUnsecureClusterGCSConnector() {
        testGCSConfigs(false);
    }

    public void testS3Configs(boolean z) {
        MockTestCluster mockTestCluster = setupCluster(z);
        Assert.assertThat(generateConfigs(mockTestCluster.getRole("hdfs1", "host1", MockTestCluster.NN_RT), "core-site.xml"), CoreMatchers.allOf(EvaluatedConfigMatchers.configEquals("org.apache.knox.gateway.cloud.idbroker.s3a.IDBDelegationTokenBinding", "fs.s3a.delegation.token.binding"), EvaluatedConfigMatchers.configEquals((z ? "https" : "http") + "://mocktestcluster" + mockTestCluster.getCluster().getId() + "-host1:8444/gateway", "fs.s3a.ext.cab.address"), EvaluatedConfigMatchers.configEquals("dt", "fs.s3a.ext.cab.dt.path"), EvaluatedConfigMatchers.configEquals("aws-cab", "fs.s3a.ext.cab.path")));
    }

    public void testADLSConfigs(boolean z) {
        MockTestCluster mockTestCluster = setupCluster(z);
        Map<String, EvaluatedConfig> generateConfigs = generateConfigs(mockTestCluster.getRole("hdfs1", "host1", MockTestCluster.NN_RT), "core-site.xml");
        Matcher[] matcherArr = new Matcher[9];
        matcherArr[0] = EvaluatedConfigMatchers.configEquals("true", "fs.azure.enable.delegation.token");
        matcherArr[1] = EvaluatedConfigMatchers.configEquals("org.apache.knox.gateway.cloud.idbroker.abfs.AbfsIDBDelegationTokenManager", "fs.azure.delegation.token.provider.type");
        matcherArr[2] = EvaluatedConfigMatchers.configEquals("Custom", "fs.azure.account.auth.type");
        matcherArr[3] = EvaluatedConfigMatchers.configEquals("org.apache.knox.gateway.cloud.idbroker.abfs.AbfsIDBCredentialProvider", "fs.azure.account.oauth.provider.type");
        matcherArr[4] = EvaluatedConfigMatchers.configEquals((z ? "https" : "http") + "://mocktestcluster" + mockTestCluster.getCluster().getId() + "-host1:8444/gateway", "fs.azure.ext.cab.address");
        matcherArr[5] = EvaluatedConfigMatchers.configEquals("dt", "fs.azure.ext.cab.dt.path");
        matcherArr[6] = EvaluatedConfigMatchers.configEquals("azure-cab", "fs.azure.ext.cab.path");
        matcherArr[7] = EvaluatedConfigMatchers.configEquals("$superuser", "fs.azure.identity.transformer.service.principal.id");
        matcherArr[8] = EvaluatedConfigMatchers.configEquals("*", "fs.azure.identity.transformer.service.principal.substitution.list");
        Assert.assertThat(generateConfigs, CoreMatchers.allOf(matcherArr));
    }

    public void testGCSConfigs(boolean z) {
        MockTestCluster mockTestCluster = setupCluster(z);
        Assert.assertThat(generateConfigs(mockTestCluster.getRole("hdfs1", "host1", MockTestCluster.NN_RT), "core-site.xml"), CoreMatchers.allOf(EvaluatedConfigMatchers.configEquals("org.apache.knox.gateway.cloud.idbroker.google.CABDelegationTokenBinding", "fs.gs.delegation.token.binding"), EvaluatedConfigMatchers.configEquals((z ? "https" : "http") + "://mocktestcluster" + mockTestCluster.getCluster().getId() + "-host1:8444/gateway", "fs.gs.ext.cab.address"), EvaluatedConfigMatchers.configEquals("dt", "fs.gs.ext.cab.dt.path"), EvaluatedConfigMatchers.configEquals("gcp-cab", "fs.gs.ext.cab.path")));
    }
}
