package co.cask.cdap.data2.datafabric.dataset.service;

import co.cask.cdap.api.Predicate;
import co.cask.cdap.api.common.HttpErrorStatusProvider;
import co.cask.cdap.api.dataset.DatasetProperties;
import co.cask.cdap.api.dataset.DatasetSpecification;
import co.cask.cdap.common.DatasetAlreadyExistsException;
import co.cask.cdap.common.DatasetNotFoundException;
import co.cask.cdap.common.DatasetTypeNotFoundException;
import co.cask.cdap.common.HandlerException;
import co.cask.cdap.common.NamespaceNotFoundException;
import co.cask.cdap.common.NotFoundException;
import co.cask.cdap.common.kerberos.OwnerAdmin;
import co.cask.cdap.common.namespace.NamespaceQueryAdmin;
import co.cask.cdap.data2.audit.AuditPublisher;
import co.cask.cdap.data2.audit.AuditPublishers;
import co.cask.cdap.data2.datafabric.dataset.DatasetsUtil;
import co.cask.cdap.data2.datafabric.dataset.instance.DatasetInstanceManager;
import co.cask.cdap.data2.datafabric.dataset.service.executor.DatasetAdminOpResponse;
import co.cask.cdap.data2.datafabric.dataset.service.executor.DatasetOpExecutor;
import co.cask.cdap.explore.client.ExploreFacade;
import co.cask.cdap.proto.DatasetInstanceConfiguration;
import co.cask.cdap.proto.DatasetMeta;
import co.cask.cdap.proto.DatasetTypeMeta;
import co.cask.cdap.proto.audit.AuditPayload;
import co.cask.cdap.proto.audit.AuditType;
import co.cask.cdap.proto.id.DatasetId;
import co.cask.cdap.proto.id.DatasetTypeId;
import co.cask.cdap.proto.id.EntityId;
import co.cask.cdap.proto.id.KerberosPrincipalId;
import co.cask.cdap.proto.id.NamespaceId;
import co.cask.cdap.proto.security.Action;
import co.cask.cdap.proto.security.Principal;
import co.cask.cdap.security.spi.authentication.AuthenticationContext;
import co.cask.cdap.security.spi.authorization.AuthorizationEnforcer;
import co.cask.cdap.security.spi.authorization.PrivilegesManager;
import co.cask.cdap.security.spi.authorization.UnauthorizedException;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import com.google.inject.Inject;
import java.util.Collection;
import java.util.EnumSet;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import javax.annotation.Nullable;
import org.jboss.netty.handler.codec.http.HttpResponseStatus;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:co/cask/cdap/data2/datafabric/dataset/service/DatasetInstanceService.class */
public class DatasetInstanceService {
    private static final Logger LOG = LoggerFactory.getLogger(DatasetInstanceService.class);
    private final DatasetTypeService typeService;
    private final DatasetInstanceManager instanceManager;
    private final DatasetOpExecutor opExecutorClient;
    private final ExploreFacade exploreFacade;
    private final NamespaceQueryAdmin namespaceQueryAdmin;
    private final OwnerAdmin ownerAdmin;
    private final LoadingCache<DatasetId, DatasetMeta> metaCache = CacheBuilder.newBuilder().build(new CacheLoader<DatasetId, DatasetMeta>() { // from class: co.cask.cdap.data2.datafabric.dataset.service.DatasetInstanceService.1
        public DatasetMeta load(DatasetId datasetId) throws Exception {
            return DatasetInstanceService.this.getFromMds(datasetId);
        }
    });
    private final AuthorizationEnforcer authorizationEnforcer;
    private final PrivilegesManager privilegesManager;
    private final AuthenticationContext authenticationContext;
    private AuditPublisher auditPublisher;

    @VisibleForTesting
    @Inject
    public DatasetInstanceService(DatasetTypeService datasetTypeService, DatasetInstanceManager datasetInstanceManager, DatasetOpExecutor datasetOpExecutor, ExploreFacade exploreFacade, NamespaceQueryAdmin namespaceQueryAdmin, OwnerAdmin ownerAdmin, AuthorizationEnforcer authorizationEnforcer, PrivilegesManager privilegesManager, AuthenticationContext authenticationContext) {
        this.opExecutorClient = datasetOpExecutor;
        this.typeService = datasetTypeService;
        this.instanceManager = datasetInstanceManager;
        this.exploreFacade = exploreFacade;
        this.namespaceQueryAdmin = namespaceQueryAdmin;
        this.ownerAdmin = ownerAdmin;
        this.authorizationEnforcer = authorizationEnforcer;
        this.privilegesManager = privilegesManager;
        this.authenticationContext = authenticationContext;
    }

    @VisibleForTesting
    @Inject(optional = true)
    public void setAuditPublisher(AuditPublisher auditPublisher) {
        this.auditPublisher = auditPublisher;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Collection<DatasetSpecification> list(final NamespaceId namespaceId) throws Exception {
        Principal principal = this.authenticationContext.getPrincipal();
        ensureNamespaceExists(namespaceId);
        Collection<DatasetSpecification> all = this.instanceManager.getAll(namespaceId);
        final Predicate createFilter = this.authorizationEnforcer.createFilter(principal);
        return Lists.newArrayList(Iterables.filter(all, new com.google.common.base.Predicate<DatasetSpecification>() { // from class: co.cask.cdap.data2.datafabric.dataset.service.DatasetInstanceService.2
            public boolean apply(DatasetSpecification datasetSpecification) {
                return createFilter.apply(namespaceId.dataset(datasetSpecification.getName()));
            }
        }));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DatasetMeta get(DatasetId datasetId, List<? extends EntityId> list) throws Exception {
        try {
            DatasetMeta datasetMeta = (DatasetMeta) this.metaCache.get(datasetId);
            ensureAccess(datasetId);
            return datasetMeta;
        } catch (ExecutionException e) {
            Throwable cause = e.getCause();
            if ((cause instanceof Exception) && (cause instanceof HttpErrorStatusProvider)) {
                throw ((Exception) cause);
            }
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public DatasetMeta getFromMds(DatasetId datasetId) throws Exception {
        DatasetSpecification datasetSpecification = this.instanceManager.get(datasetId);
        if (datasetSpecification == null) {
            throw new NotFoundException(datasetId);
        }
        DatasetSpecification fixOriginalProperties = DatasetsUtil.fixOriginalProperties(datasetSpecification);
        DatasetTypeId datasetType = datasetId.getParent().datasetType(fixOriginalProperties.getType());
        DatasetTypeMeta typeInfo = getTypeInfo(datasetId.getParent(), fixOriginalProperties.getType());
        if (typeInfo == null) {
            throw new NotFoundException(datasetType);
        }
        String str = null;
        if (!NamespaceId.SYSTEM.equals(datasetId.getNamespaceId())) {
            str = this.ownerAdmin.getOwnerPrincipal(datasetId);
        }
        return new DatasetMeta(fixOriginalProperties, typeInfo, (String) null, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Map<String, String> getOriginalProperties(DatasetId datasetId) throws Exception {
        DatasetSpecification datasetSpecification = this.instanceManager.get(datasetId);
        if (datasetSpecification == null) {
            throw new NotFoundException(datasetId);
        }
        ensureAccess(datasetId);
        return DatasetsUtil.fixOriginalProperties(datasetSpecification).getOriginalProperties();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void create(String str, String str2, DatasetInstanceConfiguration datasetInstanceConfiguration) throws Exception {
        NamespaceId namespaceId = ConversionHelpers.toNamespaceId(str);
        Principal principal = this.authenticationContext.getPrincipal();
        this.authorizationEnforcer.enforce(namespaceId, principal, Action.WRITE);
        ensureNamespaceExists(namespaceId);
        DatasetId datasetInstanceId = ConversionHelpers.toDatasetInstanceId(str, str2);
        if (this.instanceManager.get(datasetInstanceId) != null) {
            throw new DatasetAlreadyExistsException(datasetInstanceId);
        }
        DatasetTypeMeta typeInfo = getTypeInfo(namespaceId, datasetInstanceConfiguration.getTypeName());
        if (typeInfo == null) {
            throw new DatasetTypeNotFoundException(ConversionHelpers.toDatasetTypeId(namespaceId, datasetInstanceConfiguration.getTypeName()));
        }
        this.privilegesManager.revoke(datasetInstanceId);
        this.privilegesManager.grant(datasetInstanceId, principal, EnumSet.allOf(Action.class));
        LOG.info("Creating dataset {}.{}, type name: {}, properties: {}", new Object[]{str, str2, datasetInstanceConfiguration.getTypeName(), datasetInstanceConfiguration.getProperties()});
        try {
            String ownerPrincipal = datasetInstanceConfiguration.getOwnerPrincipal();
            if (ownerPrincipal != null) {
                this.ownerAdmin.add(datasetInstanceId, new KerberosPrincipalId(ownerPrincipal));
            }
            try {
                DatasetSpecification create = this.opExecutorClient.create(datasetInstanceId, typeInfo, DatasetProperties.builder().addAll(datasetInstanceConfiguration.getProperties()).setDescription(datasetInstanceConfiguration.getDescription()).build());
                this.instanceManager.add(namespaceId, create);
                this.metaCache.invalidate(datasetInstanceId);
                publishAudit(datasetInstanceId, AuditType.CREATE);
                enableExplore(datasetInstanceId, create, datasetInstanceConfiguration);
            } catch (Exception e) {
                this.ownerAdmin.delete(datasetInstanceId);
                throw e;
            }
        } catch (Exception e2) {
            this.privilegesManager.revoke(datasetInstanceId);
            throw e2;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void update(DatasetId datasetId, Map<String, String> map) throws Exception {
        ensureNamespaceExists(datasetId.getParent());
        DatasetSpecification datasetSpecification = this.instanceManager.get(datasetId);
        if (datasetSpecification == null) {
            throw new DatasetNotFoundException(datasetId);
        }
        LOG.info("Update dataset {}, properties: {}", datasetId.getEntityName(), ConversionHelpers.toJson(map));
        this.authorizationEnforcer.enforce(datasetId, this.authenticationContext.getPrincipal(), Action.ADMIN);
        DatasetTypeMeta typeInfo = getTypeInfo(datasetId.getParent(), datasetSpecification.getType());
        if (typeInfo == null) {
            throw new DatasetTypeNotFoundException(ConversionHelpers.toDatasetTypeId(datasetId.getParent(), datasetSpecification.getType()));
        }
        DatasetProperties of = DatasetProperties.of(map);
        DatasetSpecification update = this.opExecutorClient.update(datasetId, typeInfo, of, datasetSpecification);
        this.instanceManager.add(datasetId.getParent(), update);
        this.metaCache.invalidate(datasetId);
        updateExplore(datasetId, of, datasetSpecification, update);
        publishAudit(datasetId, AuditType.UPDATE);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void drop(DatasetId datasetId) throws Exception {
        ensureNamespaceExists(datasetId.getParent());
        DatasetSpecification datasetSpecification = this.instanceManager.get(datasetId);
        if (datasetSpecification == null) {
            throw new DatasetNotFoundException(datasetId);
        }
        this.authorizationEnforcer.enforce(datasetId, this.authenticationContext.getPrincipal(), Action.ADMIN);
        dropDataset(datasetId, datasetSpecification);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set<DatasetId> dropAll(NamespaceId namespaceId) throws Exception {
        ensureNamespaceExists(namespaceId);
        Principal principal = this.authenticationContext.getPrincipal();
        HashSet hashSet = new HashSet();
        for (DatasetSpecification datasetSpecification : this.instanceManager.getAll(namespaceId)) {
            try {
                DatasetId dataset = namespaceId.dataset(datasetSpecification.getName());
                this.authorizationEnforcer.enforce(dataset, principal, Action.ADMIN);
                dropDataset(dataset, datasetSpecification);
                hashSet.add(dataset);
            } catch (UnauthorizedException e) {
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DatasetAdminOpResponse executeAdmin(DatasetId datasetId, String str) throws Exception {
        ensureNamespaceExists(datasetId.getParent());
        Boolean bool = null;
        Principal principal = this.authenticationContext.getPrincipal();
        boolean z = -1;
        switch (str.hashCode()) {
            case -1289358244:
                if (str.equals("exists")) {
                    z = false;
                    break;
                }
                break;
            case -231171556:
                if (str.equals("upgrade")) {
                    z = 2;
                    break;
                }
                break;
            case 1852984678:
                if (str.equals("truncate")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                ensureAccess(datasetId);
                bool = Boolean.valueOf(this.opExecutorClient.exists(datasetId));
                break;
            case true:
                if (this.instanceManager.get(datasetId) != null) {
                    this.authorizationEnforcer.enforce(datasetId, principal, Action.ADMIN);
                    this.opExecutorClient.truncate(datasetId);
                    publishAudit(datasetId, AuditType.TRUNCATE);
                    break;
                } else {
                    throw new DatasetNotFoundException(datasetId);
                }
            case true:
                if (this.instanceManager.get(datasetId) != null) {
                    this.authorizationEnforcer.enforce(datasetId, principal, Action.ADMIN);
                    this.opExecutorClient.upgrade(datasetId);
                    publishAudit(datasetId, AuditType.UPDATE);
                    break;
                } else {
                    throw new DatasetNotFoundException(datasetId);
                }
            default:
                throw new HandlerException(HttpResponseStatus.NOT_FOUND, "Invalid admin operation: " + str);
        }
        return new DatasetAdminOpResponse(bool, null);
    }

    @Nullable
    private DatasetTypeMeta getTypeInfo(NamespaceId namespaceId, String str) throws Exception {
        try {
            return this.typeService.getType(ConversionHelpers.toDatasetTypeId(namespaceId, str));
        } catch (DatasetTypeNotFoundException e) {
            try {
                return this.typeService.getType(ConversionHelpers.toDatasetTypeId(NamespaceId.SYSTEM, str));
            } catch (DatasetTypeNotFoundException e2) {
                throw e;
            }
        }
    }

    private void dropDataset(DatasetId datasetId, DatasetSpecification datasetSpecification) throws Exception {
        LOG.info("Deleting dataset {}.{}", datasetId.getNamespace(), datasetId.getEntityName());
        disableExplore(datasetId, datasetSpecification);
        if (!this.instanceManager.delete(datasetId)) {
            throw new DatasetNotFoundException(datasetId);
        }
        this.metaCache.invalidate(datasetId);
        DatasetTypeMeta typeInfo = getTypeInfo(datasetId.getParent(), datasetSpecification.getType());
        if (typeInfo == null) {
            throw new DatasetNotFoundException(datasetId);
        }
        this.opExecutorClient.drop(datasetId, typeInfo, datasetSpecification);
        publishAudit(datasetId, AuditType.DELETE);
        this.privilegesManager.revoke(datasetId);
        this.ownerAdmin.delete(datasetId);
    }

    private void disableExplore(DatasetId datasetId, DatasetSpecification datasetSpecification) {
        try {
            this.exploreFacade.disableExploreDataset(datasetId, datasetSpecification);
        } catch (Exception e) {
            LOG.error("Cannot disable Explore for dataset instance {}", datasetId, e);
        }
    }

    private void enableExplore(DatasetId datasetId, DatasetSpecification datasetSpecification, DatasetInstanceConfiguration datasetInstanceConfiguration) {
        try {
            this.exploreFacade.enableExploreDataset(datasetId, datasetSpecification, false);
        } catch (Exception e) {
            LOG.error("Cannot enable Explore for dataset instance {} of type {} with properties {}", new Object[]{datasetId, datasetInstanceConfiguration.getTypeName(), datasetInstanceConfiguration.getProperties(), e});
        }
    }

    private void updateExplore(DatasetId datasetId, DatasetProperties datasetProperties, DatasetSpecification datasetSpecification, DatasetSpecification datasetSpecification2) {
        try {
            this.exploreFacade.updateExploreDataset(datasetId, datasetSpecification, datasetSpecification2);
        } catch (Exception e) {
            LOG.error("Cannot update Explore for dataset instance {} with old properties {} and new properties {}", new Object[]{datasetId, datasetSpecification.getOriginalProperties(), datasetProperties.getProperties(), e});
        }
    }

    private void ensureNamespaceExists(NamespaceId namespaceId) throws Exception {
        if (!NamespaceId.SYSTEM.equals(namespaceId) && !this.namespaceQueryAdmin.exists(namespaceId)) {
            throw new NamespaceNotFoundException(namespaceId);
        }
    }

    private void publishAudit(DatasetId datasetId, AuditType auditType) {
        AuditPublishers.publishAudit(this.auditPublisher, datasetId, auditType, AuditPayload.EMPTY_PAYLOAD);
    }

    private void ensureAccess(DatasetId datasetId) throws Exception {
        Principal principal = this.authenticationContext.getPrincipal();
        if (!this.authorizationEnforcer.createFilter(principal).apply(datasetId)) {
            throw new UnauthorizedException(principal, datasetId);
        }
    }
}
