package com.cloudera.cmf.service.config;

import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.service.ServiceHandler;
import com.cloudera.cmf.service.ServiceHandlerRegistry;
import com.cloudera.cmf.service.config.PrefixedPathListParamSpec;
import com.cloudera.cmf.service.hadoopcommon.HadoopCommonHelpers;
import com.cloudera.cmf.service.hdfs.HdfsParams;
import com.cloudera.cmf.service.scm.ScmHandler;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.cmf.version.CdhReleases;
import com.cloudera.csd.CsdBundle;
import com.cloudera.csd.CsdTestUtils;
import com.cloudera.server.cmf.AbstractMockBaseTest;
import com.cloudera.server.cmf.MockBaseTest;
import com.cloudera.server.cmf.MockTestCluster;
import com.cloudera.test.matchers.EvaluatedConfigMatchers;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Maps;
import java.io.File;
import java.util.Collection;
import java.util.LinkedHashMap;
import org.apache.commons.lang.StringUtils;
import org.hamcrest.CoreMatchers;
import org.hamcrest.Matcher;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:com/cloudera/cmf/service/config/RangerAuthToLocalEvaluatorTest.class */
public class RangerAuthToLocalEvaluatorTest extends MockBaseTest {
    private static final String ECHO_KMS_ST = "ECHO_KMS";
    private static final String ECHO_KMS_SERVER = "ECHO_KMS_SERVER";
    private static final String RANGER_KMS_KTS_ST = "RANGER_KMS_KTS";
    private static final String RANGER_KMS_SERVER_KTS_RT = "RANGER_KMS_SERVER_KTS";
    private static ServiceHandler kmsHandler;

    @BeforeClass
    public static void setup() throws Exception {
        AbstractMockBaseTest.setup((Collection<CsdBundle>) ImmutableList.of(CsdTestUtils.getRangerBundle(), CsdTestUtils.getRangerKmsKtsBundle()));
        kmsHandler = CsdTestUtils.createServiceHandlerFromBundle(CsdTestUtils.createBundle(new File(CsdTestUtils.CSD_FILES_PATH, ECHO_KMS_ST)), sdp, CdhReleases.LATEST_CDH7_RELEASE);
    }

    private MockTestCluster createCluster(boolean z, boolean z2, boolean z3, boolean z4) throws ParamParseException {
        MockTestCluster build = MockTestCluster.builder(this).cdhVersion(CdhReleases.LATEST_CDH7_RELEASE).services("HDFS", MockTestCluster.HIVE_ST, MockTestCluster.SOLR_ST, MockTestCluster.YARN_ST, MockTestCluster.ZK_ST, MockTestCluster.IMPALA_ST).hostCount(3).roles("hdfs1", "host1", MockTestCluster.NN_RT, MockTestCluster.SNN_RT, MockTestCluster.DN_RT).roles("zookeeper1", "host1", MockTestCluster.ZKSERVER_RT).roles("solr1", "host1", MockTestCluster.SOLRSERVER_RT).roles("yarn1", "host1", MockTestCluster.RM_RT, MockTestCluster.NM_RT, MockTestCluster.JHS_RT).roles("hive1", "host1", MockTestCluster.HS2_RT, MockTestCluster.HMS_RT).roles("impala1", "host3", MockTestCluster.IMPALAD_RT, MockTestCluster.IMPCATALOG_RT, MockTestCluster.IMPSTATESTORE_RT).build();
        DbService service = build.getService("hdfs1");
        if (z) {
            build.addService(MockTestCluster.RANGER_ST);
            build.addRole("ranger1", "host2", MockTestCluster.RANGERADMIN_RT);
            build.addRole("ranger1", "host1", MockTestCluster.RANGERTAGSYNC_RT);
            build.addRole("ranger1", "host1", MockTestCluster.RANGERUSERSYNC_RT);
        }
        if (z2) {
            build.addService(ECHO_KMS_ST);
            build.addRole("echo_kms1", "host2", ECHO_KMS_SERVER);
            DbService service2 = build.getService("echo_kms1");
            Mockito.when(service2.getServiceType()).thenReturn(MockTestCluster.RANGERKMS_ST);
            ((ServiceHandlerRegistry) Mockito.doReturn(kmsHandler).when(sdp.getServiceHandlerRegistry())).get(service2);
        }
        if (z3) {
            build.addService("RANGER_KMS_KTS");
            build.addRole("ranger_kms_kts1", "host2", "RANGER_KMS_SERVER_KTS");
        }
        if (z4) {
            build.enableKerberos();
        }
        createConfig(service, (ParamSpec<PathListParamSpec>) HdfsParams.DFS_NAME_DIR_LIST, (PathListParamSpec) ImmutableList.of("/namedir1"));
        createConfig(service, (ParamSpec<PrefixedPathListParamSpec>) HdfsParams.DFS_DATA_DIR_LIST, (PrefixedPathListParamSpec) ImmutableList.of(new PrefixedPathListParamSpec.PrefixAndPath(MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, "/dfs/data/dir")));
        return build;
    }

    @Test
    public void testClusterKMS() throws ParamParseException {
        MockTestCluster createCluster = createCluster(true, true, false, true);
        String str = (String) ScmHandler.getScmConfigValue(ScmParams.SECURITY_REALM, this.em.getScmConfigProvider());
        LinkedHashMap newLinkedHashMap = Maps.newLinkedHashMap();
        newLinkedHashMap.put("ranger", "rangeradmin");
        newLinkedHashMap.put("rangertagsync", "rangertagsync");
        newLinkedHashMap.put("rangerusersync", "rangerusersync");
        newLinkedHashMap.put("keyadmin", "rangerkms");
        testRulesExist(StringUtils.join(HadoopCommonHelpers.makeAuthToLocalRulesRanger(str, newLinkedHashMap), "\n"), createCluster);
    }

    @Test
    public void testClusterKTS() throws ParamParseException {
        MockTestCluster createCluster = createCluster(true, false, true, true);
        String str = (String) ScmHandler.getScmConfigValue(ScmParams.SECURITY_REALM, this.em.getScmConfigProvider());
        LinkedHashMap newLinkedHashMap = Maps.newLinkedHashMap();
        newLinkedHashMap.put("ranger", "rangeradmin");
        newLinkedHashMap.put("rangertagsync", "rangertagsync");
        newLinkedHashMap.put("rangerusersync", "rangerusersync");
        newLinkedHashMap.put("keyadmin", "rangerkms");
        testRulesExist(StringUtils.join(HadoopCommonHelpers.makeAuthToLocalRulesRanger(str, newLinkedHashMap), "\n"), createCluster);
    }

    @Test
    public void testClusterRanger() throws ParamParseException {
        MockTestCluster createCluster = createCluster(true, false, false, true);
        DbService service = createCluster.getService("hdfs1");
        String str = (String) ScmHandler.getScmConfigValue(ScmParams.SECURITY_REALM, this.em.getScmConfigProvider());
        LinkedHashMap newLinkedHashMap = Maps.newLinkedHashMap();
        newLinkedHashMap.put("ranger", "rangeradmin");
        newLinkedHashMap.put("rangertagsync", "rangertagsync");
        newLinkedHashMap.put("rangerusersync", "rangerusersync");
        String join = StringUtils.join(HadoopCommonHelpers.makeAuthToLocalRulesRanger(str, newLinkedHashMap), "\n");
        testRulesExist(join, createCluster);
        createConfig(service, (ParamSpec<ParagraphParamSpec>) HdfsParams.EXTRA_AUTH_TO_LOCAL_RULES, (ParagraphParamSpec) MetricsSourceConfigEvaluatorTest.PLACE_HOLDER);
        testOnlyUserRulesExist(join, createCluster);
        createConfig(service, (ParamSpec<ParagraphParamSpec>) HdfsParams.EXTRA_AUTH_TO_LOCAL_RULES, (ParagraphParamSpec) ("{DEFAULT_RULES}\nRULE:[1:$1@$0](.*@HADOOP.COM)s/.*/test/"));
        testRulesExist(join.concat("\n").concat("RULE:[1:$1@$0](.*@HADOOP.COM)s/.*/test/"), createCluster);
    }

    @Test
    public void testClusterNoKerberos() throws ParamParseException {
        MockTestCluster createCluster = createCluster(true, false, false, false);
        String str = (String) ScmHandler.getScmConfigValue(ScmParams.SECURITY_REALM, this.em.getScmConfigProvider());
        LinkedHashMap newLinkedHashMap = Maps.newLinkedHashMap();
        newLinkedHashMap.put("ranger", "rangeradmin");
        newLinkedHashMap.put("rangertagsync", "rangertagsync");
        newLinkedHashMap.put("rangerusersync", "rangerusersync");
        newLinkedHashMap.put("keyadmin", "rangerkms");
        testOnlyUserRulesExist(StringUtils.join(HadoopCommonHelpers.makeAuthToLocalRulesRanger(str, newLinkedHashMap), "\n"), createCluster);
    }

    @Test
    public void testClusterKMSNoKerberos() throws ParamParseException {
        MockTestCluster createCluster = createCluster(true, true, false, false);
        String str = (String) ScmHandler.getScmConfigValue(ScmParams.SECURITY_REALM, this.em.getScmConfigProvider());
        LinkedHashMap newLinkedHashMap = Maps.newLinkedHashMap();
        newLinkedHashMap.put("ranger", "rangeradmin");
        newLinkedHashMap.put("rangertagsync", "rangertagsync");
        newLinkedHashMap.put("rangerusersync", "rangerusersync");
        newLinkedHashMap.put("keyadmin", "rangerkms");
        testOnlyUserRulesExist(StringUtils.join(HadoopCommonHelpers.makeAuthToLocalRulesRanger(str, newLinkedHashMap), "\n"), createCluster);
    }

    @Test
    public void testClusterKTSNoKerberos() throws ParamParseException {
        MockTestCluster createCluster = createCluster(true, false, true, false);
        String str = (String) ScmHandler.getScmConfigValue(ScmParams.SECURITY_REALM, this.em.getScmConfigProvider());
        LinkedHashMap newLinkedHashMap = Maps.newLinkedHashMap();
        newLinkedHashMap.put("ranger", "rangeradmin");
        newLinkedHashMap.put("rangertagsync", "rangertagsync");
        newLinkedHashMap.put("rangerusersync", "rangerusersync");
        newLinkedHashMap.put("keyadmin", "rangerkms");
        testOnlyUserRulesExist(StringUtils.join(HadoopCommonHelpers.makeAuthToLocalRulesRanger(str, newLinkedHashMap), "\n"), createCluster);
    }

    @Test
    public void testClusterNoRanger() throws ParamParseException {
        MockTestCluster createCluster = createCluster(false, false, false, false);
        String str = (String) ScmHandler.getScmConfigValue(ScmParams.SECURITY_REALM, this.em.getScmConfigProvider());
        LinkedHashMap newLinkedHashMap = Maps.newLinkedHashMap();
        newLinkedHashMap.put("ranger", "rangeradmin");
        newLinkedHashMap.put("rangertagsync", "rangertagsync");
        newLinkedHashMap.put("rangerusersync", "rangerusersync");
        newLinkedHashMap.put("keyadmin", "rangerkms");
        testOnlyUserRulesExist(StringUtils.join(HadoopCommonHelpers.makeAuthToLocalRulesRanger(str, newLinkedHashMap), "\n"), createCluster);
    }

    private void testRulesExist(String str, MockTestCluster mockTestCluster) {
        DbRole role = mockTestCluster.getRole("hdfs1", "host1", MockTestCluster.NN_RT);
        DbRole role2 = mockTestCluster.getRole("hdfs1", "host1", MockTestCluster.DN_RT);
        Assert.assertThat(generateConfigs(role, "core-site.xml"), CoreMatchers.allOf(new Matcher[]{EvaluatedConfigMatchers.configContains(str, "hadoop.security.auth_to_local")}));
        Assert.assertThat(generateConfigs(role2, "core-site.xml"), CoreMatchers.allOf(new Matcher[]{EvaluatedConfigMatchers.configContains(str, "hadoop.security.auth_to_local")}));
    }

    private void testRulesDontExist(String str, MockTestCluster mockTestCluster) {
        DbRole role = mockTestCluster.getRole("hdfs1", "host1", MockTestCluster.NN_RT);
        DbRole role2 = mockTestCluster.getRole("hdfs1", "host1", MockTestCluster.DN_RT);
        Assert.assertThat(generateConfigs(role, "core-site.xml"), CoreMatchers.not(EvaluatedConfigMatchers.configContains(str, "hadoop.security.auth_to_local")));
        Assert.assertThat(generateConfigs(role2, "core-site.xml"), CoreMatchers.not(EvaluatedConfigMatchers.configContains(str, "hadoop.security.auth_to_local")));
    }

    private void testOnlyUserRulesExist(String str, MockTestCluster mockTestCluster) {
        DbService service = mockTestCluster.getService("hdfs1");
        testRulesDontExist(str, mockTestCluster);
        createConfig(service, (ParamSpec<ParagraphParamSpec>) HdfsParams.EXTRA_AUTH_TO_LOCAL_RULES, (ParagraphParamSpec) "RULE:[1:$1@$0](.*@HADOOP.COM)s/.*/test/");
        testRulesExist("RULE:[1:$1@$0](.*@HADOOP.COM)s/.*/test/", mockTestCluster);
    }
}
