package com.cloudera.cmf.service.sentry;

import com.cloudera.cmf.VersionData;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.model.ServiceState;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.RoleHandler;
import com.cloudera.cmf.service.SecurityParams;
import com.cloudera.cmf.service.ServiceHandler;
import com.cloudera.cmf.service.TestUtils;
import com.cloudera.cmf.service.config.MetricsSourceConfigEvaluatorTest;
import com.cloudera.cmf.service.sentry.SentryServiceHandler;
import com.cloudera.cmf.version.CdhReleases;
import com.cloudera.cmf.version.Release;
import com.cloudera.enterprise.config.ZipUtil;
import com.cloudera.server.cmf.AbstractBaseTest;
import com.cloudera.server.cmf.CmfEmBaseTest;
import com.cloudera.server.cmf.MockTestCluster;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Lists;
import java.util.Map;
import org.junit.After;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Test;

/* loaded from: input_file:com/cloudera/cmf/service/sentry/SentryServiceTest.class */
public class SentryServiceTest extends CmfEmBaseTest {
    private static final String[] EXPECTED_SENTRY_SERVER_FILENAMES = {"sentry-site.xml", "core-site.xml", "sentry-log4j.properties"};
    private static final Release SENTRY_HA_SINCE = SentryServiceHandler.HA_SINCE.lowerEndpoint();

    public static void createClusterWithSentry(Release release, boolean z, boolean z2) {
        TestUtils.interpretCli(sdp, Lists.newArrayList(new String[]{"createcluster sentryTestCluster " + release.getVersion().toString(), "createservice sentry1 SENTRY sentryTestCluster", "createservice hdfs1 HDFS sentryTestCluster", "createservice zk1 ZOOKEEPER sentryTestCluster", "createhost host1 host1 1.1.1.1 /default", "createrole zs1 zk1 host1 SERVER", "createconfig dfs_name_dir_list /foo hdfs1 NAMENODE", "createconfig dataDir /tmp/foo zk1 SERVER", "createconfig serverId 1 zk1 zs1", "createrole nn1 hdfs1 host1 NAMENODE", "createrole dn1 hdfs1 host1 DATANODE", "createconfig hdfs_service hdfs1 sentry1", "createrole ss1 sentry1 host1 SENTRY_SERVER"}));
        if (z) {
            TestUtils.interpretCli(sdp, ImmutableList.of(TestUtils.createConfigString(SecurityParams.SECURE_AUTHENTICATION.getTemplateName(), "kerberos", "hdfs1", null), TestUtils.createConfigString(SecurityParams.SECURE_AUTHENTICATION.getTemplateName(), "kerberos", "hdfs1", null), "createconfig enableSecurity true zk1"));
        }
        if (z2) {
            TestUtils.interpretCli(sdp, ImmutableList.of("createhost host2 host2 2.2.2.2", "createconfig zookeeper_service zk1 sentry1", "createrole ss2 sentry1 host2 SENTRY_SERVER"));
        }
    }

    public static void setupSentryServiceWithSingleServerRole(String str) {
        TestUtils.interpretCli(sdp, Lists.newArrayList(new String[]{"createservice " + str + " SENTRY", "createrole name1 " + str + " host1 SENTRY_SERVER"}));
    }

    @After
    public void cleanup() {
        cleanDatabase();
    }

    @Test
    public void testConfigurationGeneration() throws Exception {
        createClusterWithSentry(CdhReleases.CDH5_1_0, false, false);
        testConfigurationGenerationHelper(false, false);
    }

    @Test
    public void testConfigurationGenerationSecure() throws Exception {
        createClusterWithSentry(CdhReleases.CDH5_1_0, true, false);
        testConfigurationGenerationHelper(true, false);
    }

    @Test
    public void testConfigurationGenerationHa() throws Exception {
        Assume.assumeTrue(isHaEnabledForRelease(SENTRY_HA_SINCE));
        createClusterWithSentry(SENTRY_HA_SINCE, false, true);
        testConfigurationGenerationHelper(false, true);
    }

    @Test
    public void testConfigurationGenerationSecureHa() throws Exception {
        Assume.assumeTrue(isHaEnabledForRelease(SENTRY_HA_SINCE));
        createClusterWithSentry(SENTRY_HA_SINCE, true, true);
        testConfigurationGenerationHelper(true, true);
    }

    @Test
    public void testSentryHaThreshold() {
        Assert.assertEquals(1L, shr.get(MockTestCluster.SENTRY_ST, CdhReleases.of(SENTRY_HA_SINCE.major(), SENTRY_HA_SINCE.minor() - 1, 0L)).getRoleHandler(SentryServiceHandler.RoleNames.SENTRY_SERVER.name()).getMaxInstanceCount());
        Assume.assumeTrue(isHaEnabledForRelease(SENTRY_HA_SINCE));
        Assert.assertEquals(2L, shr.get(MockTestCluster.SENTRY_ST, SENTRY_HA_SINCE).getRoleHandler(SentryServiceHandler.RoleNames.SENTRY_SERVER.name()).getMaxInstanceCount());
    }

    private boolean isHaEnabledForRelease(Release release) {
        return VersionData.getRelease().roundOff().getVersion().compareTo(release.roundDownMinor().getVersion()) >= 0;
    }

    private void testConfigurationGenerationHelper(final boolean z, final boolean z2) throws Exception {
        runInRollbackTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.service.sentry.SentryServiceTest.1
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                TestUtils.startService(cmfEntityManager, "hdfs1", SentryServiceTest.shr);
                DbService findServiceByName = cmfEntityManager.findServiceByName("sentry1");
                ServiceHandler serviceHandler = SentryServiceTest.shr.get(findServiceByName);
                Assert.assertEquals(ServiceState.STOPPED, serviceHandler.computeServiceState(findServiceByName));
                TestUtils.startService(cmfEntityManager, "sentry1", SentryServiceTest.shr);
                DbRole startRole = TestUtils.startRole(cmfEntityManager, "ss1");
                DbRole startRole2 = z2 ? TestUtils.startRole(cmfEntityManager, "ss2") : null;
                Assert.assertEquals(ServiceState.RUNNING, serviceHandler.computeServiceState(cmfEntityManager.findServiceByName("sentry1")));
                RoleHandler roleHandler = serviceHandler.getRoleHandler(SentryServiceHandler.RoleNames.SENTRY_SERVER.name());
                for (DbRole dbRole : new DbRole[]{startRole, startRole2}) {
                    if (dbRole == null) {
                        Assert.assertFalse(z2);
                    } else {
                        try {
                            Map unzip = ZipUtil.unzip(roleHandler.generateConfiguration(dbRole, roleHandler.prepareConfiguration(dbRole)));
                            for (String str : SentryServiceTest.EXPECTED_SENTRY_SERVER_FILENAMES) {
                                Assert.assertTrue("Sentry Server config missing file " + str, unzip.containsKey(str));
                            }
                            if (z) {
                                Assert.assertTrue("Sentry Server config missing file sentry.keytab", unzip.containsKey("sentry.keytab"));
                            }
                            String replaceAll = ((String) unzip.get("sentry-site.xml")).replaceAll("[\n ]+", MetricsSourceConfigEvaluatorTest.PLACE_HOLDER);
                            Assert.assertTrue(replaceAll, replaceAll.contains("<name>sentry.service.server.rpc-address</name>"));
                            Assert.assertTrue(replaceAll, replaceAll.contains("<name>sentry.service.server.rpc-port</name>"));
                            Assert.assertTrue(replaceAll, replaceAll.contains("<name>sentry.store.jdbc.url</name>"));
                            Assert.assertTrue(replaceAll, replaceAll.contains("<name>sentry.store.jdbc.driver</name>"));
                            Assert.assertTrue(replaceAll, replaceAll.contains("<name>sentry.service.security.mode</name>"));
                            Assert.assertTrue(replaceAll, replaceAll.contains("<name>sentry.service.admin.group</name>"));
                            Assert.assertTrue(replaceAll, replaceAll.contains("<name>sentry.service.allow.connect</name>"));
                            Assert.assertTrue(replaceAll, replaceAll.contains("<name>sentry.store.jdbc.password</name>"));
                            Assert.assertTrue(replaceAll, replaceAll.contains("<name>sentry.store.jdbc.user</name>"));
                            Assert.assertTrue(replaceAll, replaceAll.contains("<name>sentry.store.jdbc.url</name>"));
                            Assert.assertTrue(replaceAll, replaceAll.contains("<name>sentry.store.group.mapping</name>"));
                            if (z2) {
                                Assert.assertTrue(replaceAll, replaceAll.contains("<name>sentry.ha.zookeeper.namespace</name>"));
                                Assert.assertTrue(replaceAll, replaceAll.contains("<name>sentry.ha.zookeeper.quorum</name>"));
                                if (z) {
                                    Assert.assertTrue(replaceAll, replaceAll.contains("<name>sentry.ha.zookeeper.security</name><value>true</value>"));
                                }
                            }
                        } catch (Exception e) {
                            throw new RuntimeException(e);
                        }
                    }
                }
            }
        });
    }
}
