package co.cask.cdap.metadata;

import co.cask.cdap.AllProgramsApp;
import co.cask.cdap.common.conf.CConfiguration;
import co.cask.cdap.common.test.AppJarHelper;
import co.cask.cdap.data2.metadata.dataset.SortInfo;
import co.cask.cdap.internal.AppFabricTestHelper;
import co.cask.cdap.internal.app.services.AppFabricServer;
import co.cask.cdap.proto.EntityScope;
import co.cask.cdap.proto.Id;
import co.cask.cdap.proto.element.EntityTypeSimpleName;
import co.cask.cdap.proto.id.NamespaceId;
import co.cask.cdap.proto.security.Action;
import co.cask.cdap.proto.security.Principal;
import co.cask.cdap.security.authorization.AuthorizerInstantiator;
import co.cask.cdap.security.authorization.InMemoryAuthorizer;
import co.cask.cdap.security.spi.authentication.SecurityRequestContext;
import co.cask.cdap.security.spi.authorization.Authorizer;
import com.google.inject.Injector;
import java.io.File;
import java.io.IOException;
import java.util.Collections;
import java.util.EnumSet;
import org.apache.twill.filesystem.LocalLocationFactory;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;

/* loaded from: input_file:co/cask/cdap/metadata/MetadataAdminAuthorizationTest.class */
public class MetadataAdminAuthorizationTest {

    @ClassRule
    public static final TemporaryFolder TEMPORARY_FOLDER = new TemporaryFolder();
    private static final Principal ALICE = new Principal("alice", Principal.PrincipalType.USER);
    private static CConfiguration cConf;
    private static MetadataAdmin metadataAdmin;
    private static Authorizer authorizer;
    private static AppFabricServer appFabricServer;

    @BeforeClass
    public static void setup() throws Exception {
        cConf = createCConf();
        Injector injector = AppFabricTestHelper.getInjector(cConf);
        metadataAdmin = (MetadataAdmin) injector.getInstance(MetadataAdmin.class);
        authorizer = ((AuthorizerInstantiator) injector.getInstance(AuthorizerInstantiator.class)).get();
        appFabricServer = (AppFabricServer) injector.getInstance(AppFabricServer.class);
        appFabricServer.startAndWait();
    }

    @Test
    public void testSearch() throws Exception {
        SecurityRequestContext.setUserId(ALICE.getName());
        authorizer.grant(NamespaceId.DEFAULT, ALICE, Collections.singleton(Action.WRITE));
        AppFabricTestHelper.deployApplication(Id.Namespace.DEFAULT, AllProgramsApp.class, "{}", cConf);
        EnumSet allOf = EnumSet.allOf(EntityTypeSimpleName.class);
        Assert.assertFalse(metadataAdmin.search(NamespaceId.DEFAULT.getNamespace(), "*", allOf, SortInfo.DEFAULT, 0, Integer.MAX_VALUE, 0, (String) null, false, EnumSet.allOf(EntityScope.class)).getResults().isEmpty());
        SecurityRequestContext.setUserId("bob");
        Assert.assertTrue(metadataAdmin.search(NamespaceId.DEFAULT.getNamespace(), "*", allOf, SortInfo.DEFAULT, 0, Integer.MAX_VALUE, 0, (String) null, false, EnumSet.allOf(EntityScope.class)).getResults().isEmpty());
    }

    @AfterClass
    public static void tearDown() {
        appFabricServer.stopAndWait();
    }

    private static CConfiguration createCConf() throws IOException {
        CConfiguration create = CConfiguration.create();
        create.setBoolean("security.enabled", true);
        create.setBoolean("security.authorization.enabled", true);
        create.setBoolean("kerberos.auth.enabled", false);
        create.setBoolean("security.authorization.cache.enabled", false);
        create.set("security.authorization.extension.jar.path", AppJarHelper.createDeploymentJar(new LocalLocationFactory(new File(TEMPORARY_FOLDER.newFolder().toURI())), InMemoryAuthorizer.class, new File[0]).toURI().getPath());
        return create;
    }
}
