package com.cloudera.cmf.security;

import com.cloudera.cmf.cluster.ConfigureForKerberosCmdArgs;
import com.cloudera.cmf.cluster.EnableKerberosCmdArgs;
import com.cloudera.cmf.command.CmdWorkCreationException;
import com.cloudera.cmf.command.flow.CmdStep;
import com.cloudera.cmf.command.flow.SeqCmdWork;
import com.cloudera.cmf.command.flow.work.ExecClusterCmdWork;
import com.cloudera.cmf.command.flow.work.ExecGlobalCmdWork;
import com.cloudera.cmf.model.DbCluster;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.security.EnableKerberosCommand;
import com.cloudera.cmf.service.SecurityParams;
import com.cloudera.cmf.service.config.ParamSpec;
import com.cloudera.cmf.service.config.PathListParamSpec;
import com.cloudera.cmf.service.config.StringEnumParamSpec;
import com.cloudera.cmf.service.hdfs.HdfsParams;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.cmf.service.upgrade.ClusterUpgradeCommandMockBasedTest;
import com.cloudera.cmf.version.CdhReleases;
import com.cloudera.cmf.version.Release;
import com.cloudera.csd.CsdTestUtils;
import com.cloudera.enterprise.I18nKey;
import com.cloudera.enterprise.I18nKeyTestHelper;
import com.cloudera.enterprise.MessageWithArgs;
import com.cloudera.server.cmf.AbstractMockBaseTest;
import com.cloudera.server.cmf.MockBaseTest;
import com.cloudera.server.cmf.MockTestCluster;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import java.util.Collection;
import java.util.Set;
import java.util.stream.Collectors;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:com/cloudera/cmf/security/EnableKerberosCommandTest.class */
public class EnableKerberosCommandTest extends MockBaseTest {
    private DbCluster cluster;
    private static final long CLUSTER_ID = 50001;
    private static final long HDFS_ID = 50001;

    @BeforeClass
    public static void setup() throws Exception {
        AbstractMockBaseTest.setup(CsdTestUtils.getInternalBundles("target/classes/csd"));
    }

    @Before
    public void setupCluster() {
        this.cluster = createCluster((Long) 50001L, "cluster", (Long) 5L);
        createService(50001L, "hdfs1", "HDFS", this.cluster);
    }

    private MockTestCluster setupSdxCluster(Release release) {
        MockTestCluster build = MockTestCluster.builder(this).hostCount(3).cdhVersion(release).services("HDFS", MockTestCluster.HIVE_ST, MockTestCluster.ATLAS_ST, MockTestCluster.RANGER_ST).roles("hdfs1", "host1", MockTestCluster.NN_RT, MockTestCluster.JN_RT).roles("hdfs1", "host2", MockTestCluster.NN_RT, MockTestCluster.JN_RT, MockTestCluster.DN_RT).roles("hdfs1", "host3", MockTestCluster.JN_RT, MockTestCluster.DN_RT).roles("hive1", "host2", MockTestCluster.HMS_RT).roles("atlas1", "host2", MockTestCluster.ATLASSERVER_RT).roles("atlas1", "host2", "GATEWAY").roles("ranger1", "host2", MockTestCluster.RANGERADMIN_RT).roles("ranger1", "host2", MockTestCluster.RANGERUSERSYNC_RT).build();
        createConfig(build.getRole("hdfs1-host1-NAMENODE").getRoleConfigGroup(), (ParamSpec<PathListParamSpec>) HdfsParams.DFS_NAME_DIR_LIST, (PathListParamSpec) ImmutableList.of("/data/foo"));
        return build;
    }

    @Test
    public void testConstructWork() {
        checkCmdSteps(false, true, true, true);
    }

    @Test
    public void testConstructWorkWithKrb5Conf() {
        checkCmdSteps(true, true, true, true);
    }

    @Test
    public void testConstructWorkNoClusterRestart() {
        checkCmdSteps(false, false, false, false);
    }

    private void checkCmdSteps(boolean z, boolean z2, boolean z3, boolean z4) {
        createScmConfig(ScmParams.KRB_MANAGE_KRB5_CONF, Boolean.valueOf(z));
        EnableKerberosCmdArgs enableKerberosCmdArgs = new EnableKerberosCmdArgs();
        enableKerberosCmdArgs.setDatanodeTranceiverPort(12345L);
        enableKerberosCmdArgs.setDatanodeWebPort(54321L);
        enableKerberosCmdArgs.setDeployClusterCC(z4);
        enableKerberosCmdArgs.setStartClusterAfter(z3);
        enableKerberosCmdArgs.setStopClusterBefore(z2);
        SeqCmdWork constructWork = new EnableKerberosCommand(sdp).constructWork(this.cluster, enableKerberosCmdArgs);
        int i = 6;
        if (!z) {
            i = 6 - 1;
        }
        if (!z2) {
            i--;
        }
        if (!z3) {
            i--;
        }
        if (!z4) {
            i--;
        }
        Assert.assertEquals(i, constructWork.getSteps().size());
        int i2 = 0;
        if (z2) {
            i2 = 0 + 1;
            checkClusterStep((CmdStep) constructWork.getSteps().get(0), "Stop");
        }
        if (z) {
            int i3 = i2;
            i2++;
            checkClusterStep((CmdStep) constructWork.getSteps().get(i3), "DeployClientConfigsOfCluster");
        }
        int i4 = i2;
        int i5 = i2 + 1;
        ExecClusterCmdWork work = ((CmdStep) constructWork.getSteps().get(i4)).getWork();
        Assert.assertEquals("ConfigureForKerberos", work.getCmdName());
        ConfigureForKerberosCmdArgs args = work.getArgs();
        Assert.assertEquals(args.getDatanodeTransceiverPort(), enableKerberosCmdArgs.getDatanodeTranceiverPort());
        Assert.assertEquals(args.getDatanodeWebPort(), enableKerberosCmdArgs.getDatanodeWebPort());
        int i6 = i5 + 1;
        SeqCmdWork work2 = ((CmdStep) constructWork.getSteps().get(i5)).getWork();
        Assert.assertEquals(2L, work2.getSteps().size());
        ExecGlobalCmdWork work3 = ((CmdStep) work2.getSteps().get(0)).getWork();
        Assert.assertEquals("GlobalWait", work3.getCommandName());
        Assert.assertEquals("GenerateCredentials", Iterables.getOnlyElement(work3.getArgs().getArgs()));
        ExecGlobalCmdWork work4 = ((CmdStep) work2.getSteps().get(1)).getWork();
        Assert.assertEquals("GenerateCredentials", work4.getCommandName());
        Assert.assertTrue(work4.getArgs().getArgs().isEmpty());
        if (z4) {
            i6++;
            checkClusterStep((CmdStep) constructWork.getSteps().get(i6), "DeployClusterClientConfig");
        }
        if (z3) {
            int i7 = i6;
            i6++;
            checkClusterStep((CmdStep) constructWork.getSteps().get(i7), "Start");
        }
        Assert.assertEquals(i6, constructWork.getSteps().size());
    }

    private void checkClusterStep(CmdStep cmdStep, String str) {
        Assert.assertEquals(str, cmdStep.getWork().getCmdName());
    }

    @Test
    public void testI18nKeys() {
        for (I18nKey i18nKey : EnableKerberosCommand.I18nKeys.values()) {
            I18nKeyTestHelper.t(i18nKey);
        }
    }

    @Test
    public void testUnavailable() {
        EnableKerberosCommand enableKerberosCommand = new EnableKerberosCommand(sdp);
        Assert.assertTrue(enableKerberosCommand.isAvailable(this.cluster));
        createConfig(this.em.findServiceByName("hdfs1"), (ParamSpec<StringEnumParamSpec>) SecurityParams.SECURE_AUTHENTICATION, (StringEnumParamSpec) "kerberos");
        Assert.assertFalse(enableKerberosCommand.isAvailable(this.cluster));
    }

    @Test
    public void testSparkKerberosError() {
        MockTestCluster build = MockTestCluster.builder(this).cdhVersion(CdhReleases.CDH5_3_0).services("HDFS", MockTestCluster.YARN_ST).build();
        EnableKerberosCommand enableKerberosCommand = new EnableKerberosCommand(sdp);
        EnableKerberosCmdArgs enableKerberosCmdArgs = new EnableKerberosCmdArgs();
        enableKerberosCmdArgs.setDatanodeTranceiverPort(12345L);
        enableKerberosCmdArgs.setDatanodeWebPort(23456L);
        enableKerberosCommand.constructWork(build.getCluster(), enableKerberosCmdArgs);
        ClusterUpgradeCommandMockBasedTest.registerAndAddSparkStandalone(build);
        try {
            enableKerberosCommand.constructWork(build.getCluster(), enableKerberosCmdArgs);
            Assert.fail("expected exception due to spark standalone and kerberos");
        } catch (CmdWorkCreationException e) {
            Assert.assertEquals(ImmutableList.of(MessageWithArgs.of(EnableKerberosCommand.I18nKeys.SPARK_STANDALONE_KERBEROS, new String[0])), e.getMsgs());
        }
    }

    @Test
    public void testAvailableKerberosWithHDFSKerb() {
        MockTestCluster mockTestCluster = setupSdxCluster(CdhReleases.CDH7_0_0);
        Set set = (Set) mockTestCluster.getAllServices().stream().filter(dbService -> {
            return dbService.getServiceType().equals("HDFS");
        }).collect(Collectors.toSet());
        Mockito.when(Boolean.valueOf(mockTestCluster.getCluster().isProxy())).thenReturn(true);
        MockTestCluster build = MockTestCluster.builder(this).services(MockTestCluster.HIVE_ST, "HDFS", MockTestCluster.YARN_ST, MockTestCluster.TEZ_ST, MockTestCluster.HOT_ST).roles("yarn1", "host1", MockTestCluster.JHS_RT, MockTestCluster.RM_RT).roles("hdfs1", "host1", MockTestCluster.NN_RT).roles("hdfs1", "host1", MockTestCluster.SNN_RT, MockTestCluster.DN_RT).roles("hive1", "host2", MockTestCluster.HMS_RT).roles("hive_on_tez1", "host1", MockTestCluster.HOT_HS2_RT).baseServices((Collection<DbService>) ImmutableSet.copyOf(set)).hostCount(2).build();
        createConfig(build.getService("hdfs1"), (ParamSpec<StringEnumParamSpec>) SecurityParams.SECURE_AUTHENTICATION, (StringEnumParamSpec) "kerberos");
        Assert.assertFalse(new EnableKerberosCommand(sdp).isAvailable(build.getCluster()));
    }

    @Test
    public void testAvailableKerberosWithHDFSNoKerb() {
        MockTestCluster mockTestCluster = setupSdxCluster(CdhReleases.CDH7_0_0);
        Set set = (Set) mockTestCluster.getAllServices().stream().filter(dbService -> {
            return dbService.getServiceType().equals("HDFS");
        }).collect(Collectors.toSet());
        Mockito.when(Boolean.valueOf(mockTestCluster.getCluster().isProxy())).thenReturn(true);
        Assert.assertTrue(new EnableKerberosCommand(sdp).isAvailable(MockTestCluster.builder(this).services(MockTestCluster.HIVE_ST, "HDFS", MockTestCluster.YARN_ST, MockTestCluster.TEZ_ST, MockTestCluster.HOT_ST).roles("yarn1", "host1", MockTestCluster.JHS_RT, MockTestCluster.RM_RT).roles("hdfs1", "host1", MockTestCluster.NN_RT).roles("hdfs1", "host1", MockTestCluster.SNN_RT, MockTestCluster.DN_RT).roles("hive1", "host2", MockTestCluster.HMS_RT).roles("hive_on_tez1", "host1", MockTestCluster.HOT_HS2_RT).baseServices((Collection<DbService>) ImmutableSet.copyOf(set)).hostCount(2).build().getCluster()));
    }

    @Test
    public void testAvailableKerberosWithCoreSettings() {
        MockTestCluster build = MockTestCluster.builder(this).services(MockTestCluster.HIVE_ST, MockTestCluster.CORE_ST, MockTestCluster.YARN_ST, MockTestCluster.TEZ_ST, MockTestCluster.HOT_ST, MockTestCluster.HUE_ST).roles("yarn1", "host1", MockTestCluster.JHS_RT, MockTestCluster.RM_RT).roles("hive1", "host2", MockTestCluster.HMS_RT).roles("hive_on_tez1", "host1", MockTestCluster.HOT_HS2_RT).roles("core_settings1", "host1", MockTestCluster.STORAGEOP_RT).roles("hue1", "host1", MockTestCluster.HUESERVER_RT).baseServices(setupSdxCluster(CdhReleases.CDH7_0_0).getAllServices()).hostCount(2).build();
        EnableKerberosCommand enableKerberosCommand = new EnableKerberosCommand(sdp);
        Assert.assertTrue(enableKerberosCommand.isAvailable(build.getCluster()));
        createConfig(build.getService("core_settings1"), (ParamSpec<StringEnumParamSpec>) SecurityParams.SECURE_AUTHENTICATION, (StringEnumParamSpec) "kerberos");
        Assert.assertFalse(enableKerberosCommand.isAvailable(build.getCluster()));
    }

    @Test
    public void testAvailableKerberosWithBaseHDFSKerb() {
        MockTestCluster mockTestCluster = setupSdxCluster(CdhReleases.CDH7_0_0);
        createConfig(mockTestCluster.getService("hdfs1"), (ParamSpec<StringEnumParamSpec>) SecurityParams.SECURE_AUTHENTICATION, (StringEnumParamSpec) "kerberos");
        Set set = (Set) mockTestCluster.getAllServices().stream().filter(dbService -> {
            return dbService.getServiceType().equals("HDFS");
        }).collect(Collectors.toSet());
        Mockito.when(Boolean.valueOf(mockTestCluster.getCluster().isProxy())).thenReturn(true);
        Assert.assertTrue(new EnableKerberosCommand(sdp).isAvailable(MockTestCluster.builder(this).services(MockTestCluster.HIVE_ST, "HDFS", MockTestCluster.YARN_ST, MockTestCluster.TEZ_ST, MockTestCluster.HOT_ST).roles("yarn1", "host1", MockTestCluster.JHS_RT, MockTestCluster.RM_RT).roles("hive1", "host2", MockTestCluster.HMS_RT).roles("hive_on_tez1", "host1", MockTestCluster.HOT_HS2_RT).roles("hdfs1", "host1", MockTestCluster.NN_RT).roles("hdfs1", "host1", MockTestCluster.SNN_RT, MockTestCluster.DN_RT).baseServices((Collection<DbService>) ImmutableSet.copyOf(set)).hostCount(2).build().getCluster()));
    }
}
