package org.apache.drill.exec.impersonation;

import com.google.common.collect.Maps;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import org.apache.drill.exec.dotdrill.DotDrillType;
import org.apache.drill.exec.proto.UserBitShared;
import org.apache.drill.exec.rpc.RpcException;
import org.apache.drill.exec.rpc.user.security.testing.UserAuthenticatorTestImpl;
import org.apache.drill.exec.store.dfs.WorkspaceConfig;
import org.apache.drill.test.UserExceptionMatcher;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/drill/exec/impersonation/TestInboundImpersonation.class */
public class TestInboundImpersonation extends BaseTestImpersonation {
    public static final String OWNER_PASSWORD = "owner";
    public static final String TARGET_PASSWORD = "target";
    public static final String PROXY_PASSWORD = "proxy";
    public static final String OWNER = org1Users[0];
    public static final String TARGET_NAME = org1Users[1];
    public static final String DATA_GROUP = org1Groups[0];
    public static final String PROXY_NAME = org1Users[2];

    @BeforeClass
    public static void setup() throws Exception {
        startMiniDfsCluster(TestInboundImpersonation.class.getSimpleName());
        Properties cloneDefaultTestConfigProperties = cloneDefaultTestConfigProperties();
        cloneDefaultTestConfigProperties.setProperty("drill.exec.impersonation.enabled", Boolean.toString(true));
        cloneDefaultTestConfigProperties.setProperty("drill.exec.security.user.auth.enabled", Boolean.toString(true));
        cloneDefaultTestConfigProperties.setProperty("drill.exec.security.user.auth.impl", UserAuthenticatorTestImpl.TYPE);
        startDrillCluster(cloneDefaultTestConfigProperties);
        addMiniDfsBasedStorage(createTestWorkspaces());
        createTestData();
    }

    private static Map<String, WorkspaceConfig> createTestWorkspaces() throws Exception {
        HashMap newHashMap = Maps.newHashMap();
        createAndAddWorkspace(OWNER, getUserHome(OWNER), (short) 493, OWNER, DATA_GROUP, newHashMap);
        createAndAddWorkspace(PROXY_NAME, getUserHome(PROXY_NAME), (short) 493, PROXY_NAME, DATA_GROUP, newHashMap);
        return newHashMap;
    }

    private static void createTestData() throws Exception {
        updateClient(OWNER, OWNER_PASSWORD);
        test("USE " + getWSSchema(OWNER));
        test(String.format("CREATE TABLE %s as SELECT * FROM cp.`tpch/%s.parquet`;", "lineitem", "lineitem"));
        Path path = new Path(getUserHome(OWNER), "lineitem");
        fs.setOwner(path, OWNER, DATA_GROUP);
        fs.setPermission(path, new FsPermission((short) 448));
        test(String.format("ALTER SESSION SET `%s`='%o';", "new_view_default_permissions", (short) 488));
        test(String.format("CREATE VIEW %s.%s AS SELECT l_orderkey, l_partkey FROM %s.%s;", getWSSchema(OWNER), "u0_lineitem", getWSSchema(OWNER), "lineitem"));
        FileStatus fileStatus = fs.getFileStatus(new Path(getUserHome(OWNER), "u0_lineitem" + DotDrillType.VIEW.getEnding()));
        Assert.assertEquals(org1Groups[0], fileStatus.getGroup());
        Assert.assertEquals(OWNER, fileStatus.getOwner());
        Assert.assertEquals(488L, fileStatus.getPermission().toShort());
        updateClient(UserAuthenticatorTestImpl.PROCESS_USER, UserAuthenticatorTestImpl.PROCESS_USER_PASSWORD);
        test("ALTER SYSTEM SET `%s`='%s'", "exec.impersonation.inbound_policies", "[ { proxy_principals : { users: [\"" + PROXY_NAME + "\" ] },target_principals : { users : [\"" + TARGET_NAME + "\"] } } ]");
    }

    @AfterClass
    public static void tearDown() throws Exception {
        updateClient(UserAuthenticatorTestImpl.PROCESS_USER, UserAuthenticatorTestImpl.PROCESS_USER_PASSWORD);
        test("ALTER SYSTEM RESET `%s`", "exec.impersonation.inbound_policies");
    }

    @Test
    public void selectChainedView() throws Exception {
        Properties properties = new Properties();
        properties.setProperty("user", PROXY_NAME);
        properties.setProperty("password", PROXY_PASSWORD);
        properties.setProperty("impersonation_target", TARGET_NAME);
        updateClient(properties);
        testBuilder().sqlQuery("SELECT * FROM %s.u0_lineitem ORDER BY l_orderkey LIMIT 1", getWSSchema(OWNER)).ordered().baselineColumns("l_orderkey", "l_partkey").baselineValues(1, 1552).go();
    }

    @Test(expected = RpcException.class)
    public void unauthorizedTarget() throws Exception {
        String str = org2Users[0];
        Properties properties = new Properties();
        properties.setProperty("user", PROXY_NAME);
        properties.setProperty("password", PROXY_PASSWORD);
        properties.setProperty("impersonation_target", str);
        updateClient(properties);
    }

    @Test
    public void invalidPolicy() throws Exception {
        this.thrownException.expect(new UserExceptionMatcher(UserBitShared.DrillPBError.ErrorType.VALIDATION, "Invalid impersonation policies."));
        updateClient(UserAuthenticatorTestImpl.PROCESS_USER, UserAuthenticatorTestImpl.PROCESS_USER_PASSWORD);
        test("ALTER SYSTEM SET `%s`='%s'", "exec.impersonation.inbound_policies", "[ invalid json ]");
    }

    @Test
    public void invalidProxy() throws Exception {
        this.thrownException.expect(new UserExceptionMatcher(UserBitShared.DrillPBError.ErrorType.VALIDATION, "Proxy principals cannot have a wildcard entry."));
        updateClient(UserAuthenticatorTestImpl.PROCESS_USER, UserAuthenticatorTestImpl.PROCESS_USER_PASSWORD);
        test("ALTER SYSTEM SET `%s`='%s'", "exec.impersonation.inbound_policies", "[ { proxy_principals : { users: [\"*\" ] },target_principals : { users : [\"" + TARGET_NAME + "\"] } } ]");
    }
}
