package org.apache.hadoop.yarn.server.timeline.security;

import java.io.IOException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.yarn.api.records.ApplicationAccessType;
import org.apache.hadoop.yarn.api.records.timeline.TimelineDomain;
import org.apache.hadoop.yarn.api.records.timeline.TimelineEntity;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.exceptions.YarnException;
import org.apache.hadoop.yarn.server.timeline.MemoryTimelineStore;
import org.apache.hadoop.yarn.server.timeline.TimelineStore;
import org.junit.Assert;
import org.junit.Test;

/* JADX WARN: Classes with same name are omitted:
  input_file:hadoop-yarn-server-applicationhistoryservice-2.10.0-tests.jar:org/apache/hadoop/yarn/server/timeline/security/TestTimelineACLsManager.class
 */
/* loaded from: input_file:test-classes/org/apache/hadoop/yarn/server/timeline/security/TestTimelineACLsManager.class */
public class TestTimelineACLsManager {
    private static TimelineDomain domain = new TimelineDomain();

    /* JADX WARN: Classes with same name are omitted:
      input_file:hadoop-yarn-server-applicationhistoryservice-2.10.0-tests.jar:org/apache/hadoop/yarn/server/timeline/security/TestTimelineACLsManager$TestTimelineStore.class
     */
    /* loaded from: input_file:test-classes/org/apache/hadoop/yarn/server/timeline/security/TestTimelineACLsManager$TestTimelineStore.class */
    private static class TestTimelineStore extends MemoryTimelineStore {
        private TestTimelineStore() {
        }

        @Override // org.apache.hadoop.yarn.server.timeline.MemoryTimelineStore, org.apache.hadoop.yarn.server.timeline.KeyValueBasedTimelineStore, org.apache.hadoop.yarn.server.timeline.TimelineReader
        public TimelineDomain getDomain(String str) throws IOException {
            if (str == null) {
                return null;
            }
            return TestTimelineACLsManager.domain;
        }
    }

    @Test
    public void testYarnACLsNotEnabledForEntity() throws Exception {
        YarnConfiguration yarnConfiguration = new YarnConfiguration();
        yarnConfiguration.setBoolean("yarn.acl.enable", false);
        TimelineACLsManager timelineACLsManager = new TimelineACLsManager(yarnConfiguration);
        timelineACLsManager.setTimelineStore(new TestTimelineStore());
        TimelineEntity timelineEntity = new TimelineEntity();
        timelineEntity.addPrimaryFilter(TimelineStore.SystemFilter.ENTITY_OWNER.toString(), "owner");
        timelineEntity.setDomainId("domain_id_1");
        Assert.assertTrue("Always true when ACLs are not enabled", timelineACLsManager.checkAccess(UserGroupInformation.createRemoteUser("user"), ApplicationAccessType.VIEW_APP, timelineEntity));
        Assert.assertTrue("Always true when ACLs are not enabled", timelineACLsManager.checkAccess(UserGroupInformation.createRemoteUser("user"), ApplicationAccessType.MODIFY_APP, timelineEntity));
    }

    @Test
    public void testYarnACLsEnabledForEntity() throws Exception {
        YarnConfiguration yarnConfiguration = new YarnConfiguration();
        yarnConfiguration.setBoolean("yarn.acl.enable", true);
        yarnConfiguration.set("yarn.admin.acl", "admin");
        TimelineACLsManager timelineACLsManager = new TimelineACLsManager(yarnConfiguration);
        timelineACLsManager.setTimelineStore(new TestTimelineStore());
        TimelineEntity timelineEntity = new TimelineEntity();
        timelineEntity.addPrimaryFilter(TimelineStore.SystemFilter.ENTITY_OWNER.toString(), "owner");
        timelineEntity.setDomainId("domain_id_1");
        Assert.assertTrue("Owner should be allowed to view", timelineACLsManager.checkAccess(UserGroupInformation.createRemoteUser("owner"), ApplicationAccessType.VIEW_APP, timelineEntity));
        Assert.assertTrue("Reader should be allowed to view", timelineACLsManager.checkAccess(UserGroupInformation.createRemoteUser("reader"), ApplicationAccessType.VIEW_APP, timelineEntity));
        Assert.assertFalse("Other shouldn't be allowed to view", timelineACLsManager.checkAccess(UserGroupInformation.createRemoteUser("other"), ApplicationAccessType.VIEW_APP, timelineEntity));
        Assert.assertTrue("Admin should be allowed to view", timelineACLsManager.checkAccess(UserGroupInformation.createRemoteUser("admin"), ApplicationAccessType.VIEW_APP, timelineEntity));
        Assert.assertTrue("Owner should be allowed to modify", timelineACLsManager.checkAccess(UserGroupInformation.createRemoteUser("owner"), ApplicationAccessType.MODIFY_APP, timelineEntity));
        Assert.assertTrue("Writer should be allowed to modify", timelineACLsManager.checkAccess(UserGroupInformation.createRemoteUser("writer"), ApplicationAccessType.MODIFY_APP, timelineEntity));
        Assert.assertFalse("Other shouldn't be allowed to modify", timelineACLsManager.checkAccess(UserGroupInformation.createRemoteUser("other"), ApplicationAccessType.MODIFY_APP, timelineEntity));
        Assert.assertTrue("Admin should be allowed to modify", timelineACLsManager.checkAccess(UserGroupInformation.createRemoteUser("admin"), ApplicationAccessType.MODIFY_APP, timelineEntity));
    }

    @Test
    public void testCorruptedOwnerInfoForEntity() throws Exception {
        YarnConfiguration yarnConfiguration = new YarnConfiguration();
        yarnConfiguration.setBoolean("yarn.acl.enable", true);
        yarnConfiguration.set("yarn.admin.acl", "owner");
        TimelineACLsManager timelineACLsManager = new TimelineACLsManager(yarnConfiguration);
        timelineACLsManager.setTimelineStore(new TestTimelineStore());
        try {
            timelineACLsManager.checkAccess(UserGroupInformation.createRemoteUser("owner"), ApplicationAccessType.VIEW_APP, new TimelineEntity());
            Assert.fail("Exception is expected");
        } catch (YarnException e) {
            Assert.assertTrue("It's not the exact expected exception", e.getMessage().contains("doesn't exist."));
        }
    }

    @Test
    public void testYarnACLsNotEnabledForDomain() throws Exception {
        YarnConfiguration yarnConfiguration = new YarnConfiguration();
        yarnConfiguration.setBoolean("yarn.acl.enable", false);
        TimelineACLsManager timelineACLsManager = new TimelineACLsManager(yarnConfiguration);
        TimelineDomain timelineDomain = new TimelineDomain();
        timelineDomain.setOwner("owner");
        Assert.assertTrue("Always true when ACLs are not enabled", timelineACLsManager.checkAccess(UserGroupInformation.createRemoteUser("user"), timelineDomain));
    }

    @Test
    public void testYarnACLsEnabledForDomain() throws Exception {
        YarnConfiguration yarnConfiguration = new YarnConfiguration();
        yarnConfiguration.setBoolean("yarn.acl.enable", true);
        yarnConfiguration.set("yarn.admin.acl", "admin");
        TimelineACLsManager timelineACLsManager = new TimelineACLsManager(yarnConfiguration);
        TimelineDomain timelineDomain = new TimelineDomain();
        timelineDomain.setOwner("owner");
        Assert.assertTrue("Owner should be allowed to access", timelineACLsManager.checkAccess(UserGroupInformation.createRemoteUser("owner"), timelineDomain));
        Assert.assertFalse("Other shouldn't be allowed to access", timelineACLsManager.checkAccess(UserGroupInformation.createRemoteUser("other"), timelineDomain));
        Assert.assertTrue("Admin should be allowed to access", timelineACLsManager.checkAccess(UserGroupInformation.createRemoteUser("admin"), timelineDomain));
    }

    @Test
    public void testCorruptedOwnerInfoForDomain() throws Exception {
        YarnConfiguration yarnConfiguration = new YarnConfiguration();
        yarnConfiguration.setBoolean("yarn.acl.enable", true);
        yarnConfiguration.set("yarn.admin.acl", "owner");
        try {
            new TimelineACLsManager(yarnConfiguration).checkAccess(UserGroupInformation.createRemoteUser("owner"), new TimelineDomain());
            Assert.fail("Exception is expected");
        } catch (YarnException e) {
            Assert.assertTrue("It's not the exact expected exception", e.getMessage().contains("is corrupted."));
        }
    }

    static {
        domain.setId("domain_id_1");
        domain.setOwner("owner");
        domain.setReaders("reader");
        domain.setWriters("writer");
    }
}
