package org.apache.hadoop.ozone.om;

import java.util.UUID;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Request;
import javax.ws.rs.core.UriInfo;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.protocol.StorageType;
import org.apache.hadoop.hdfs.server.datanode.ObjectStoreHandler;
import org.apache.hadoop.ozone.MiniOzoneCluster;
import org.apache.hadoop.ozone.OzoneTestUtils;
import org.apache.hadoop.ozone.om.exceptions.OMException;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
import org.apache.hadoop.ozone.web.handlers.BucketArgs;
import org.apache.hadoop.ozone.web.handlers.KeyArgs;
import org.apache.hadoop.ozone.web.handlers.UserArgs;
import org.apache.hadoop.ozone.web.handlers.VolumeArgs;
import org.apache.hadoop.ozone.web.interfaces.StorageHandler;
import org.apache.hadoop.ozone.web.request.OzoneQuota;
import org.apache.hadoop.ozone.web.utils.OzoneUtils;
import org.apache.hadoop.test.GenericTestUtils;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;

/* loaded from: input_file:org/apache/hadoop/ozone/om/TestOmAcls.class */
public class TestOmAcls {
    private static MiniOzoneCluster cluster = null;
    private static StorageHandler storageHandler;
    private static UserArgs userArgs;
    private static OMMetrics omMetrics;
    private static OzoneConfiguration conf;
    private static String clusterId;
    private static String scmId;
    private static String omId;
    private static GenericTestUtils.LogCapturer logCapturer;

    @Rule
    public ExpectedException exception = ExpectedException.none();

    @BeforeClass
    public static void init() throws Exception {
        conf = new OzoneConfiguration();
        clusterId = UUID.randomUUID().toString();
        scmId = UUID.randomUUID().toString();
        omId = UUID.randomUUID().toString();
        conf.setBoolean("ozone.acl.enabled", true);
        conf.setInt("ozone.open.key.expire.threshold", 2);
        conf.setClass("ozone.acl.authorizer.class", OzoneAccessAuthrizerTest.class, IAccessAuthorizer.class);
        cluster = MiniOzoneCluster.newBuilder(conf).setClusterId(clusterId).setScmId(scmId).setOmId(omId).build();
        cluster.waitForClusterToBeReady();
        storageHandler = new ObjectStoreHandler(conf).getStorageHandler();
        userArgs = new UserArgs((String) null, OzoneUtils.getRequestID(), (String) null, (Request) null, (UriInfo) null, (HttpHeaders) null);
        omMetrics = cluster.getOzoneManager().getMetrics();
        logCapturer = GenericTestUtils.LogCapturer.captureLogs(OzoneManager.getLogger());
    }

    @AfterClass
    public static void shutdown() {
        if (cluster != null) {
            cluster.shutdown();
        }
    }

    @Test
    public void testOMAclsPermissionDenied() throws Exception {
        VolumeArgs volumeArgs = new VolumeArgs("Vol-testListVolumes-user-0-100", userArgs);
        volumeArgs.setUserName("testListVolumes-user-0");
        volumeArgs.setAdminName("testListVolumes-admin");
        volumeArgs.setQuota(new OzoneQuota(100, OzoneQuota.Units.GB));
        logCapturer.clearOutput();
        OzoneTestUtils.expectOmException(OMException.ResultCodes.PERMISSION_DENIED, () -> {
            storageHandler.createVolume(volumeArgs);
        });
        Assert.assertTrue(logCapturer.getOutput().contains("Only admin users are authorized to create Ozone"));
        BucketArgs bucketArgs = new BucketArgs("bucket1", volumeArgs);
        bucketArgs.setStorageType(StorageType.DISK);
        OzoneTestUtils.expectOmException(OMException.ResultCodes.PERMISSION_DENIED, () -> {
            storageHandler.createBucket(bucketArgs);
        });
        Assert.assertTrue(logCapturer.getOutput().contains("Only admin users are authorized to create Ozone"));
    }

    @Test
    public void testFailureInKeyOp() throws Exception {
        String str = "user" + RandomStringUtils.randomNumeric(5);
        String str2 = "admin" + RandomStringUtils.randomNumeric(5);
        VolumeArgs volumeArgs = new VolumeArgs(str, userArgs);
        volumeArgs.setUserName(str);
        volumeArgs.setAdminName(str2);
        volumeArgs.setQuota(new OzoneQuota(100, OzoneQuota.Units.GB));
        BucketArgs bucketArgs = new BucketArgs("bucket1", volumeArgs);
        bucketArgs.setStorageType(StorageType.DISK);
        logCapturer.clearOutput();
        KeyArgs keyArgs = new KeyArgs("testKey", bucketArgs);
        OzoneTestUtils.expectOmException(OMException.ResultCodes.PERMISSION_DENIED, () -> {
            storageHandler.newKeyWriter(keyArgs);
        });
        Assert.assertTrue(logCapturer.getOutput().contains("doesn't have WRITE permission to access key"));
    }
}
