package com.cloudera.cmf.service.objectstore;

import com.cloudera.cmf.model.DbExternalAccountType;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.service.ConnectorContext;
import com.cloudera.cmf.service.Validation;
import com.cloudera.cmf.service.ValidationContext;
import com.cloudera.cmf.service.config.EnumParamSpec;
import com.cloudera.cmf.service.config.ExternalAccountParamSpec;
import com.cloudera.cmf.service.config.ParamSpec;
import com.cloudera.cmf.service.config.ServiceConnectorParamSpec;
import com.cloudera.cmf.service.hdfs.HdfsParams;
import com.cloudera.cmf.service.hive.HiveParams;
import com.cloudera.cmf.service.impala.ImpalaParams;
import com.cloudera.cmf.service.objectstore.s3.S3Params;
import com.cloudera.cmf.version.CdhReleases;
import com.cloudera.cmf.version.Release;
import com.cloudera.csd.CsdBundle;
import com.cloudera.csd.CsdTestUtils;
import com.cloudera.server.cmf.AbstractMockBaseTest;
import com.cloudera.server.cmf.MockBaseTest;
import com.cloudera.server.cmf.MockTestCluster;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;
import java.util.Collection;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:com/cloudera/cmf/service/objectstore/SecurityServiceRequiredByObjectStoreValidatorTest.class */
public class SecurityServiceRequiredByObjectStoreValidatorTest extends MockBaseTest {
    private static final Release RELEASE = CdhReleases.CDH5_11_0;
    private static final Release RELEASE_CDH7 = CdhReleases.CDH7_1_1;
    private DbService impala;
    private DbService s3Service;
    private DbService hive;
    private SecurityServiceRequiredByObjectStoreValidator validator = new SecurityServiceRequiredByObjectStoreValidator(ImpalaParams.SENTRY, "Impala on S3 with access keys", "sentry_required_for_impala_on_s3_with_access_keys_validator");
    private SecurityServiceRequiredByObjectStoreValidator impalaRangerValidator = new SecurityServiceRequiredByObjectStoreValidator(ImpalaParams.RANGER, "Impala on S3 with access keys", "ranger_required_for_impala_on_s3_with_access_keys_validator");
    private SecurityServiceRequiredByObjectStoreValidator hiveRangerValidator = new SecurityServiceRequiredByObjectStoreValidator(HiveParams.RANGER, "Hive on S3 with access keys", "ranger_required_for_hive_on_s3_with_access_keys_validator");

    @BeforeClass
    public static void setup() throws Exception {
        AbstractMockBaseTest.setup((Collection<CsdBundle>) ImmutableList.of(CsdTestUtils.getRangerC711Bundle()));
    }

    private void setupCluster(boolean z, boolean z2) {
        MockTestCluster build = MockTestCluster.builder(this).cdhVersion(RELEASE).services(MockTestCluster.IMPALA_ST, "HDFS").hostCount(2).roles("hdfs1", "host1", MockTestCluster.NN_RT, MockTestCluster.DN_RT).roles("impala1", "host2", MockTestCluster.IMPALAD_RT, MockTestCluster.IMPCATALOG_RT, MockTestCluster.IMPSTATESTORE_RT).build();
        this.impala = build.getService("impala1");
        DbService service = build.getService("hdfs1");
        createConfig(this.impala, (ParamSpec<ServiceConnectorParamSpec>) ImpalaParams.DFS_CONNECTOR, (ServiceConnectorParamSpec) service);
        if (z) {
            build.addService(MockTestCluster.S3_ST);
            this.s3Service = build.getService("aws_s31");
            createConfig(service, (ParamSpec<ServiceConnectorParamSpec>) HdfsParams.OBJECT_STORE_CONNECTOR, (ServiceConnectorParamSpec) this.s3Service);
        }
        if (z2) {
            build.addService(MockTestCluster.SENTRY_ST);
            build.addRole("sentry1", "host1", MockTestCluster.SENTRYSERVER_RT);
            createConfig(this.impala, (ParamSpec<ServiceConnectorParamSpec>) ImpalaParams.SENTRY, (ServiceConnectorParamSpec) build.getService("sentry1"));
        }
    }

    private void setupImpalaCDH7Cluster(boolean z, boolean z2, boolean z3) {
        MockTestCluster build = MockTestCluster.builder(this).cdhVersion(RELEASE_CDH7).services(MockTestCluster.IMPALA_ST, "HDFS").hostCount(2).roles("hdfs1", "host1", MockTestCluster.NN_RT, MockTestCluster.DN_RT).roles("impala1", "host2", MockTestCluster.IMPALAD_RT, MockTestCluster.IMPCATALOG_RT, MockTestCluster.IMPSTATESTORE_RT).build();
        this.impala = build.getService("impala1");
        DbService service = build.getService("hdfs1");
        createConfig(this.impala, (ParamSpec<ServiceConnectorParamSpec>) ImpalaParams.DFS_CONNECTOR, (ServiceConnectorParamSpec) service);
        if (z) {
            build.addService(MockTestCluster.S3_ST);
            this.s3Service = build.getService("aws_s31");
            createConfig(service, (ParamSpec<ServiceConnectorParamSpec>) HdfsParams.OBJECT_STORE_CONNECTOR, (ServiceConnectorParamSpec) this.s3Service);
        }
        if (z2) {
            build.addService(MockTestCluster.RANGER_ST);
            build.addRole("ranger1", "host1", MockTestCluster.RANGERADMIN_RT);
            if (z3) {
                createConfig(this.impala, (ParamSpec<ServiceConnectorParamSpec>) ImpalaParams.RANGER, (ServiceConnectorParamSpec) build.getService("ranger1"));
            } else {
                createConfig(this.impala, (ParamSpec<ServiceConnectorParamSpec>) ImpalaParams.RANGER, (ServiceConnectorParamSpec) null);
            }
        }
    }

    private void setupHiveCDH7Cluster(boolean z, boolean z2, boolean z3) {
        MockTestCluster build = MockTestCluster.builder(this).cdhVersion(RELEASE_CDH7).services(MockTestCluster.HIVE_ST, "HDFS").hostCount(2).roles("hdfs1", "host1", MockTestCluster.NN_RT, MockTestCluster.DN_RT).roles("hive1", "host2", MockTestCluster.HMS_RT).build();
        this.hive = build.getService("hive1");
        DbService service = build.getService("hdfs1");
        createConfig(this.hive, (ParamSpec<ServiceConnectorParamSpec>) HiveParams.DFS_CONNECTOR, (ServiceConnectorParamSpec) service);
        if (z) {
            build.addService(MockTestCluster.S3_ST);
            this.s3Service = build.getService("aws_s31");
            createConfig(service, (ParamSpec<ServiceConnectorParamSpec>) HdfsParams.OBJECT_STORE_CONNECTOR, (ServiceConnectorParamSpec) this.s3Service);
        }
        if (z2) {
            build.addService(MockTestCluster.RANGER_ST);
            build.addRole("ranger1", "host1", MockTestCluster.RANGERADMIN_RT);
            if (z3) {
                createConfig(this.hive, (ParamSpec<ServiceConnectorParamSpec>) HiveParams.RANGER, (ServiceConnectorParamSpec) build.getService("ranger1"));
            } else {
                createConfig(this.hive, (ParamSpec<ServiceConnectorParamSpec>) HiveParams.RANGER, (ServiceConnectorParamSpec) null);
            }
        }
    }

    private void setupAccount(DbExternalAccountType dbExternalAccountType) {
        createConfig(this.s3Service, (ParamSpec<ExternalAccountParamSpec>) S3Params.ACCOUNT, (ExternalAccountParamSpec) createExternalAccount(2L, "accessKey1Acct", dbExternalAccountType).getName());
    }

    @Test
    public void testImpalaS3WithSentry() {
        setupCluster(true, true);
        setupAccount(DbExternalAccountType.AWS_ACCESS_KEY_AUTH);
        Assert.assertEquals(this.validator.makeDependencyFoundMessage(shr, RELEASE, ConnectorContext.of(this.s3Service)), ((Validation) Iterables.getOnlyElement(this.validator.validate(shr, ValidationContext.of(this.impala)))).getMessageWithArgs());
    }

    @Test
    public void testImpalaS3WithSentryOnIamAccountType() {
        setupCluster(true, true);
        setupAccount(DbExternalAccountType.AWS_IAM_ROLES_AUTH);
        Assert.assertEquals(ImmutableList.of(), this.validator.validate(shr, ValidationContext.of(this.impala)));
    }

    @Test
    public void testImpalaS3WithSentryNoObjectStore() {
        setupCluster(false, true);
        Assert.assertEquals(ImmutableList.of(), this.validator.validate(shr, ValidationContext.of(this.impala)));
    }

    @Test
    public void testImpalaS3WithoutSentryNoObjectStore() {
        setupCluster(false, false);
        Assert.assertEquals(ImmutableList.of(), this.validator.validate(shr, ValidationContext.of(this.impala)));
    }

    @Test
    public void testImpalaS3WithoutSentryOnKeysAccount() {
        setupCluster(true, false);
        setupAccount(DbExternalAccountType.AWS_ACCESS_KEY_AUTH);
        createConfig(this.s3Service, (ParamSpec<EnumParamSpec>) S3Params.KEY_DISTRIBUTION, (EnumParamSpec) null);
        Assert.assertEquals(this.validator.makeDependencyMissingMessage(shr, RELEASE, ConnectorContext.of(this.s3Service)), ((Validation) Iterables.getOnlyElement(this.validator.validate(shr, ValidationContext.of(this.impala)))).getMessageWithArgs());
    }

    @Test
    public void testImpalaS3WithoutSentryOnKeysAccount_Secure() {
        setupCluster(true, false);
        setupAccount(DbExternalAccountType.AWS_ACCESS_KEY_AUTH);
        createConfig(this.s3Service, (ParamSpec<EnumParamSpec>) S3Params.KEY_DISTRIBUTION, (EnumParamSpec) KeyDistributionPolicy.SECURE);
        Assert.assertEquals(this.validator.makeDependencyMissingMessage(shr, RELEASE, ConnectorContext.of(this.s3Service)), ((Validation) Iterables.getOnlyElement(this.validator.validate(shr, ValidationContext.of(this.impala)))).getMessageWithArgs());
    }

    @Test
    public void testImpalaS3WithoutSentryOnKeysAccount_Unsecure() {
        setupCluster(true, false);
        setupAccount(DbExternalAccountType.AWS_ACCESS_KEY_AUTH);
        createConfig(this.s3Service, (ParamSpec<EnumParamSpec>) S3Params.KEY_DISTRIBUTION, (EnumParamSpec) KeyDistributionPolicy.UNSECURE);
        Assert.assertEquals(ImmutableList.of(), this.validator.validate(shr, ValidationContext.of(this.impala)));
    }

    @Test
    public void testImpalaS3WithoutSentryOnIamAccount() {
        setupCluster(true, false);
        setupAccount(DbExternalAccountType.AWS_IAM_ROLES_AUTH);
        Assert.assertEquals(ImmutableList.of(), this.validator.validate(shr, ValidationContext.of(this.impala)));
    }

    @Test
    public void testImpalaS3WithRanger() {
        setupImpalaCDH7Cluster(true, true, true);
        setupAccount(DbExternalAccountType.AWS_ACCESS_KEY_AUTH);
        Assert.assertEquals(this.impalaRangerValidator.makeDependencyFoundMessage(shr, RELEASE_CDH7, ConnectorContext.of(this.s3Service)), ((Validation) Iterables.getOnlyElement(this.impalaRangerValidator.validate(shr, ValidationContext.of(this.impala)))).getMessageWithArgs());
    }

    @Test
    public void testImpalaS3WithoutRangerDependency() {
        setupImpalaCDH7Cluster(true, true, false);
        setupAccount(DbExternalAccountType.AWS_ACCESS_KEY_AUTH);
        Assert.assertEquals(this.impalaRangerValidator.makeDependencyMissingMessage(shr, RELEASE_CDH7, ConnectorContext.of(this.s3Service)), ((Validation) Iterables.getOnlyElement(this.impalaRangerValidator.validate(shr, ValidationContext.of(this.impala)))).getMessageWithArgs());
    }

    @Test
    public void testImpalaS3WithRangerOnIamAccountType() {
        setupImpalaCDH7Cluster(true, true, true);
        setupAccount(DbExternalAccountType.AWS_IAM_ROLES_AUTH);
        Assert.assertEquals(ImmutableList.of(), this.impalaRangerValidator.validate(shr, ValidationContext.of(this.impala)));
    }

    @Test
    public void testImpalaS3WithRangerNoObjectStore() {
        setupImpalaCDH7Cluster(false, true, true);
        Assert.assertEquals(ImmutableList.of(), this.impalaRangerValidator.validate(shr, ValidationContext.of(this.impala)));
    }

    @Test
    public void testImpalaS3WithoutRangerNoObjectStore() {
        setupImpalaCDH7Cluster(false, false, false);
        Assert.assertEquals(ImmutableList.of(), this.impalaRangerValidator.validate(shr, ValidationContext.of(this.impala)));
    }

    @Test
    public void testImpalaS3WithoutRangerOnKeysAccount() {
        setupImpalaCDH7Cluster(true, false, false);
        setupAccount(DbExternalAccountType.AWS_ACCESS_KEY_AUTH);
        createConfig(this.s3Service, (ParamSpec<EnumParamSpec>) S3Params.KEY_DISTRIBUTION, (EnumParamSpec) null);
        Assert.assertEquals(this.impalaRangerValidator.makeDependencyMissingMessage(shr, RELEASE_CDH7, ConnectorContext.of(this.s3Service)), ((Validation) Iterables.getOnlyElement(this.impalaRangerValidator.validate(shr, ValidationContext.of(this.impala)))).getMessageWithArgs());
    }

    @Test
    public void testImpalaS3WithoutRangerOnKeysAccount_Secure() {
        setupImpalaCDH7Cluster(true, false, false);
        setupAccount(DbExternalAccountType.AWS_ACCESS_KEY_AUTH);
        createConfig(this.s3Service, (ParamSpec<EnumParamSpec>) S3Params.KEY_DISTRIBUTION, (EnumParamSpec) KeyDistributionPolicy.SECURE);
        Assert.assertEquals(this.impalaRangerValidator.makeDependencyMissingMessage(shr, RELEASE_CDH7, ConnectorContext.of(this.s3Service)), ((Validation) Iterables.getOnlyElement(this.impalaRangerValidator.validate(shr, ValidationContext.of(this.impala)))).getMessageWithArgs());
    }

    @Test
    public void testImpalaS3WithoutRangerOnKeysAccount_Unsecure() {
        setupImpalaCDH7Cluster(true, false, false);
        setupAccount(DbExternalAccountType.AWS_ACCESS_KEY_AUTH);
        createConfig(this.s3Service, (ParamSpec<EnumParamSpec>) S3Params.KEY_DISTRIBUTION, (EnumParamSpec) KeyDistributionPolicy.UNSECURE);
        Assert.assertEquals(ImmutableList.of(), this.impalaRangerValidator.validate(shr, ValidationContext.of(this.impala)));
    }

    @Test
    public void testImpalaS3WithoutRangerOnIamAccount() {
        setupImpalaCDH7Cluster(true, false, false);
        setupAccount(DbExternalAccountType.AWS_IAM_ROLES_AUTH);
        Assert.assertEquals(ImmutableList.of(), this.impalaRangerValidator.validate(shr, ValidationContext.of(this.impala)));
    }

    @Test
    public void testHiveS3WithRanger() {
        setupHiveCDH7Cluster(true, true, true);
        setupAccount(DbExternalAccountType.AWS_ACCESS_KEY_AUTH);
        Assert.assertEquals(this.hiveRangerValidator.makeDependencyFoundMessage(shr, RELEASE_CDH7, ConnectorContext.of(this.s3Service)), ((Validation) Iterables.getOnlyElement(this.hiveRangerValidator.validate(shr, ValidationContext.of(this.hive)))).getMessageWithArgs());
    }
}
