package org.apache.hadoop.hbase.rsgroup;

import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.AuthUtil;
import org.apache.hadoop.hbase.HBaseClassTestRule;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.TableNotFoundException;
import org.apache.hadoop.hbase.client.ColumnFamilyDescriptorBuilder;
import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.TableDescriptorBuilder;
import org.apache.hadoop.hbase.master.HMaster;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.security.access.AccessControlClient;
import org.apache.hadoop.hbase.security.access.Permission;
import org.apache.hadoop.hbase.security.access.PermissionStorage;
import org.apache.hadoop.hbase.security.access.SecureTestUtil;
import org.apache.hadoop.hbase.testclassification.MediumTests;
import org.apache.hadoop.hbase.testclassification.SecurityTests;
import org.apache.hadoop.hbase.util.Bytes;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Category({SecurityTests.class, MediumTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/rsgroup/TestRSGroupsWithACL.class */
public class TestRSGroupsWithACL extends SecureTestUtil {
    private static Configuration conf;
    private static Connection systemUserConnection;
    private static User SUPERUSER;
    private static User USER_ADMIN;
    private static User USER_RW;
    private static User USER_RO;
    private static User USER_OWNER;
    private static User USER_CREATE;
    private static User USER_NONE;
    private static final String GROUP_ADMIN = "group_admin";
    private static final String GROUP_CREATE = "group_create";
    private static final String GROUP_READ = "group_read";
    private static final String GROUP_WRITE = "group_write";
    private static User USER_GROUP_ADMIN;
    private static User USER_GROUP_CREATE;
    private static User USER_GROUP_READ;
    private static User USER_GROUP_WRITE;
    private static RSGroupAdminEndpoint rsGroupAdminEndpoint;

    @ClassRule
    public static final HBaseClassTestRule CLASS_RULE = HBaseClassTestRule.forClass(TestRSGroupsWithACL.class);
    private static final Logger LOG = LoggerFactory.getLogger(TestRSGroupsWithACL.class);
    private static TableName TEST_TABLE = TableName.valueOf("testtable1");
    private static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
    private static byte[] TEST_FAMILY = Bytes.toBytes("f1");

    @BeforeClass
    public static void setupBeforeClass() throws Exception {
        conf = TEST_UTIL.getConfiguration();
        conf.set("hbase.master.loadbalancer.class", RSGroupBasedLoadBalancer.class.getName());
        enableSecurity(conf);
        verifyConfiguration(conf);
        configureRSGroupAdminEndpoint(conf);
        TEST_UTIL.startMiniCluster();
        HMaster master = TEST_UTIL.getHBaseCluster().getMaster();
        TEST_UTIL.waitFor(TestRSGroupsBase.WAIT_TIMEOUT, () -> {
            return master.isInitialized() && master.getLoadBalancer().isOnline();
        });
        rsGroupAdminEndpoint = TEST_UTIL.getMiniHBaseCluster().getMaster().getMasterCoprocessorHost().findCoprocessor(RSGroupAdminEndpoint.class.getName());
        TEST_UTIL.waitUntilAllRegionsAssigned(PermissionStorage.ACL_TABLE_NAME);
        TEST_UTIL.waitUntilAllRegionsAssigned(RSGroupInfoManagerImpl.RSGROUP_TABLE_NAME);
        TEST_UTIL.waitUntilNoRegionsInTransition();
        SUPERUSER = User.createUserForTesting(conf, "admin", new String[]{"supergroup"});
        USER_ADMIN = User.createUserForTesting(conf, "admin2", new String[0]);
        USER_RW = User.createUserForTesting(conf, "rwuser", new String[0]);
        USER_RO = User.createUserForTesting(conf, "rouser", new String[0]);
        USER_OWNER = User.createUserForTesting(conf, "owner", new String[0]);
        USER_CREATE = User.createUserForTesting(conf, "tbl_create", new String[0]);
        USER_NONE = User.createUserForTesting(conf, "nouser", new String[0]);
        USER_GROUP_ADMIN = User.createUserForTesting(conf, "user_group_admin", new String[]{GROUP_ADMIN});
        USER_GROUP_CREATE = User.createUserForTesting(conf, "user_group_create", new String[]{GROUP_CREATE});
        USER_GROUP_READ = User.createUserForTesting(conf, "user_group_read", new String[]{GROUP_READ});
        USER_GROUP_WRITE = User.createUserForTesting(conf, "user_group_write", new String[]{GROUP_WRITE});
        systemUserConnection = TEST_UTIL.getConnection();
        setUpTableAndUserPermissions();
    }

    /* JADX WARN: Type inference failed for: r2v3, types: [byte[], byte[][]] */
    private static void setUpTableAndUserPermissions() throws Exception {
        TableDescriptorBuilder newBuilder = TableDescriptorBuilder.newBuilder(TEST_TABLE);
        ColumnFamilyDescriptorBuilder newBuilder2 = ColumnFamilyDescriptorBuilder.newBuilder(TEST_FAMILY);
        newBuilder2.setMaxVersions(100);
        newBuilder.setColumnFamily(newBuilder2.build());
        newBuilder.setValue("OWNER", USER_OWNER.getShortName());
        createTable(TEST_UTIL, newBuilder.build(), new byte[]{Bytes.toBytes("s")});
        grantGlobal(TEST_UTIL, USER_ADMIN.getShortName(), new Permission.Action[]{Permission.Action.ADMIN, Permission.Action.CREATE, Permission.Action.READ, Permission.Action.WRITE});
        grantOnTable(TEST_UTIL, USER_RW.getShortName(), TEST_TABLE, TEST_FAMILY, null, new Permission.Action[]{Permission.Action.READ, Permission.Action.WRITE});
        grantOnTable(TEST_UTIL, USER_CREATE.getShortName(), TEST_TABLE, null, null, new Permission.Action[]{Permission.Action.CREATE, Permission.Action.READ, Permission.Action.WRITE});
        grantOnTable(TEST_UTIL, USER_RO.getShortName(), TEST_TABLE, TEST_FAMILY, null, new Permission.Action[]{Permission.Action.READ});
        grantGlobal(TEST_UTIL, AuthUtil.toGroupEntry(GROUP_ADMIN), new Permission.Action[]{Permission.Action.ADMIN});
        grantGlobal(TEST_UTIL, AuthUtil.toGroupEntry(GROUP_CREATE), new Permission.Action[]{Permission.Action.CREATE});
        grantGlobal(TEST_UTIL, AuthUtil.toGroupEntry(GROUP_READ), new Permission.Action[]{Permission.Action.READ});
        grantGlobal(TEST_UTIL, AuthUtil.toGroupEntry(GROUP_WRITE), new Permission.Action[]{Permission.Action.WRITE});
        Assert.assertEquals(4L, PermissionStorage.getTablePermissions(conf, TEST_TABLE).size());
        try {
            Assert.assertEquals(4L, AccessControlClient.getUserPermissions(systemUserConnection, TEST_TABLE.toString()).size());
        } catch (AssertionError e) {
            Assert.fail(e.getMessage());
        } catch (Throwable th) {
            LOG.error("error during call of AccessControlClient.getUserPermissions. ", th);
        }
    }

    private static void cleanUp() throws Exception {
        try {
            deleteTable(TEST_UTIL, TEST_TABLE);
        } catch (TableNotFoundException e) {
            LOG.info("Test deleted table " + TEST_TABLE);
        }
        Assert.assertEquals(0L, PermissionStorage.getTablePermissions(conf, TEST_TABLE).size());
        Assert.assertEquals(0L, PermissionStorage.getNamespacePermissions(conf, TEST_TABLE.getNamespaceAsString()).size());
    }

    @AfterClass
    public static void tearDownAfterClass() throws Exception {
        cleanUp();
        TEST_UTIL.shutdownMiniCluster();
    }

    private static void configureRSGroupAdminEndpoint(Configuration configuration) {
        String str = configuration.get("hbase.coprocessor.master.classes");
        String name = RSGroupAdminEndpoint.class.getName();
        if (str != null) {
            name = name + "," + str;
        }
        configuration.set("hbase.coprocessor.master.classes", name);
        configuration.set("hbase.master.loadbalancer.class", RSGroupBasedLoadBalancer.class.getName());
    }

    @Test
    public void testGetRSGroupInfo() throws Exception {
        SecureTestUtil.AccessTestAction accessTestAction = () -> {
            rsGroupAdminEndpoint.checkPermission("getRSGroupInfo");
            return null;
        };
        verifyAllowed(accessTestAction, new User[]{SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN});
        verifyDenied(accessTestAction, new User[]{USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE});
    }

    @Test
    public void testGetRSGroupInfoOfTable() throws Exception {
        SecureTestUtil.AccessTestAction accessTestAction = () -> {
            rsGroupAdminEndpoint.checkPermission("getRSGroupInfoOfTable");
            return null;
        };
        verifyAllowed(accessTestAction, new User[]{SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN});
        verifyDenied(accessTestAction, new User[]{USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE});
    }

    @Test
    public void testMoveServers() throws Exception {
        SecureTestUtil.AccessTestAction accessTestAction = () -> {
            rsGroupAdminEndpoint.checkPermission("moveServers");
            return null;
        };
        verifyAllowed(accessTestAction, new User[]{SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN});
        verifyDenied(accessTestAction, new User[]{USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE});
    }

    @Test
    public void testMoveTables() throws Exception {
        SecureTestUtil.AccessTestAction accessTestAction = () -> {
            rsGroupAdminEndpoint.checkPermission("moveTables");
            return null;
        };
        verifyAllowed(accessTestAction, new User[]{SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN});
        verifyDenied(accessTestAction, new User[]{USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE});
    }

    @Test
    public void testAddRSGroup() throws Exception {
        SecureTestUtil.AccessTestAction accessTestAction = () -> {
            rsGroupAdminEndpoint.checkPermission("addRSGroup");
            return null;
        };
        verifyAllowed(accessTestAction, new User[]{SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN});
        verifyDenied(accessTestAction, new User[]{USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE});
    }

    @Test
    public void testRemoveRSGroup() throws Exception {
        SecureTestUtil.AccessTestAction accessTestAction = () -> {
            rsGroupAdminEndpoint.checkPermission("removeRSGroup");
            return null;
        };
        verifyAllowed(accessTestAction, new User[]{SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN});
        verifyDenied(accessTestAction, new User[]{USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE});
    }

    @Test
    public void testBalanceRSGroup() throws Exception {
        SecureTestUtil.AccessTestAction accessTestAction = () -> {
            rsGroupAdminEndpoint.checkPermission("balanceRSGroup");
            return null;
        };
        verifyAllowed(accessTestAction, new User[]{SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN});
        verifyDenied(accessTestAction, new User[]{USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE});
    }

    @Test
    public void testListRSGroup() throws Exception {
        SecureTestUtil.AccessTestAction accessTestAction = () -> {
            rsGroupAdminEndpoint.checkPermission("listRSGroup");
            return null;
        };
        verifyAllowed(accessTestAction, new User[]{SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN});
        verifyDenied(accessTestAction, new User[]{USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE});
    }

    @Test
    public void testGetRSGroupInfoOfServer() throws Exception {
        SecureTestUtil.AccessTestAction accessTestAction = () -> {
            rsGroupAdminEndpoint.checkPermission("getRSGroupInfoOfServer");
            return null;
        };
        verifyAllowed(accessTestAction, new User[]{SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN});
        verifyDenied(accessTestAction, new User[]{USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE});
    }

    @Test
    public void testMoveServersAndTables() throws Exception {
        SecureTestUtil.AccessTestAction accessTestAction = () -> {
            rsGroupAdminEndpoint.checkPermission("moveServersAndTables");
            return null;
        };
        verifyAllowed(accessTestAction, new User[]{SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN});
        verifyDenied(accessTestAction, new User[]{USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE});
    }

    @Test
    public void testRenameRSGroup() throws Exception {
        SecureTestUtil.AccessTestAction accessTestAction = () -> {
            rsGroupAdminEndpoint.checkPermission("renameRSGroup");
            return null;
        };
        verifyAllowed(accessTestAction, new User[]{SUPERUSER, USER_ADMIN, USER_GROUP_ADMIN});
        verifyDenied(accessTestAction, new User[]{USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE, USER_GROUP_READ, USER_GROUP_WRITE, USER_GROUP_CREATE});
    }
}
