package org.apache.hadoop.ozone.om;

import java.util.UUID;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.ozone.MiniOzoneCluster;
import org.apache.hadoop.ozone.OzoneTestUtils;
import org.apache.hadoop.ozone.TestDataUtil;
import org.apache.hadoop.ozone.client.OzoneBucket;
import org.apache.hadoop.ozone.client.OzoneVolume;
import org.apache.hadoop.ozone.om.exceptions.OMException;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
import org.apache.hadoop.ozone.security.acl.IOzoneObj;
import org.apache.hadoop.ozone.security.acl.RequestContext;
import org.apache.hadoop.test.GenericTestUtils;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.junit.rules.Timeout;

/* loaded from: input_file:org/apache/hadoop/ozone/om/TestOmAcls.class */
public class TestOmAcls {
    private static boolean aclAllow = true;
    private static MiniOzoneCluster cluster = null;
    private static OMMetrics omMetrics;
    private static OzoneConfiguration conf;
    private static String clusterId;
    private static String scmId;
    private static String omId;
    private static GenericTestUtils.LogCapturer logCapturer;

    @Rule
    public Timeout timeout = new Timeout(300000);

    @Rule
    public ExpectedException exception = ExpectedException.none();

    /* loaded from: input_file:org/apache/hadoop/ozone/om/TestOmAcls$OzoneAccessAuthorizerTest.class */
    static class OzoneAccessAuthorizerTest implements IAccessAuthorizer {
        OzoneAccessAuthorizerTest() {
        }

        public boolean checkAccess(IOzoneObj iOzoneObj, RequestContext requestContext) {
            return TestOmAcls.aclAllow;
        }
    }

    @BeforeClass
    public static void init() throws Exception {
        conf = new OzoneConfiguration();
        clusterId = UUID.randomUUID().toString();
        scmId = UUID.randomUUID().toString();
        omId = UUID.randomUUID().toString();
        conf.setBoolean("ozone.acl.enabled", true);
        conf.setInt("ozone.open.key.expire.threshold", 2);
        conf.setClass("ozone.acl.authorizer.class", OzoneAccessAuthorizerTest.class, IAccessAuthorizer.class);
        conf.setStrings("ozone.administrators", new String[]{"*"});
        cluster = MiniOzoneCluster.newBuilder(conf).setClusterId(clusterId).setScmId(scmId).setOmId(omId).build();
        cluster.waitForClusterToBeReady();
        omMetrics = cluster.getOzoneManager().getMetrics();
        logCapturer = GenericTestUtils.LogCapturer.captureLogs(OzoneManager.getLogger());
    }

    @AfterClass
    public static void shutdown() {
        if (cluster != null) {
            cluster.shutdown();
        }
    }

    @Test
    public void testBucketCreationPermissionDenied() throws Exception {
        aclAllow = true;
        String lowerCase = RandomStringUtils.randomAlphabetic(5).toLowerCase();
        String lowerCase2 = RandomStringUtils.randomAlphabetic(5).toLowerCase();
        cluster.getClient().getObjectStore().createVolume(lowerCase);
        OzoneVolume volume = cluster.getClient().getObjectStore().getVolume(lowerCase);
        aclAllow = false;
        OzoneTestUtils.expectOmException(OMException.ResultCodes.PERMISSION_DENIED, () -> {
            volume.createBucket(lowerCase2);
        });
        Assert.assertTrue(logCapturer.getOutput().contains("doesn't have CREATE permission to access bucket"));
    }

    @Test
    public void testFailureInKeyOp() throws Exception {
        aclAllow = true;
        OzoneBucket createVolumeAndBucket = TestDataUtil.createVolumeAndBucket(cluster);
        logCapturer.clearOutput();
        aclAllow = false;
        OzoneTestUtils.expectOmException(OMException.ResultCodes.PERMISSION_DENIED, () -> {
            TestDataUtil.createKey(createVolumeAndBucket, "testKey", "testcontent");
        });
        Assert.assertTrue(logCapturer.getOutput().contains("doesn't have CREATE permission to access key"));
    }
}
