package org.apache.paimon.flink.procedure.privilege;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.apache.flink.table.api.TableEnvironment;
import org.apache.flink.types.Row;
import org.apache.flink.util.CloseableIterator;
import org.apache.paimon.flink.util.AbstractTestBase;
import org.apache.paimon.privilege.NoPrivilegeException;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.function.Executable;

/* loaded from: input_file:org/apache/paimon/flink/procedure/privilege/PrivilegeProcedureITCase.class */
public class PrivilegeProcedureITCase extends AbstractTestBase {
    private String path;

    @BeforeEach
    public void beforeEach() {
        this.path = getTempDirPath();
    }

    @Test
    public void testUserPrivileges() throws Exception {
        TableEnvironment build = tableEnvironmentBuilder().batchMode().build();
        build.executeSql(String.format("CREATE CATALOG mycat WITH (\n  'type' = 'paimon',\n  'warehouse' = '%s'\n)", this.path));
        build.executeSql("USE CATALOG mycat");
        build.executeSql("CREATE DATABASE mydb");
        build.executeSql("CREATE DATABASE mydb2");
        build.executeSql("CREATE TABLE mydb.T1 (\n  k INT,\n  v INT,\n  PRIMARY KEY (k) NOT ENFORCED\n)");
        build.executeSql("INSERT INTO mydb.T1 VALUES (1, 10), (2, 20), (3, 30)").await();
        build.executeSql("CALL sys.init_file_based_privilege('root-passwd')");
        build.executeSql(String.format("CREATE CATALOG anonymouscat WITH (\n  'type' = 'paimon',\n  'warehouse' = '%s'\n)", this.path));
        build.executeSql("USE CATALOG anonymouscat");
        assertNoPrivilege(() -> {
            build.executeSql("INSERT INTO mydb.T1 VALUES (1, 11), (2, 21)").await();
        });
        assertNoPrivilege(() -> {
            collect(build, "SELECT * FROM mydb.T1 ORDER BY k");
        });
        assertNoPrivilege(() -> {
            build.executeSql("CREATE TABLE mydb.S1 ( a INT, b INT )");
        });
        assertNoPrivilege(() -> {
            build.executeSql("DROP TABLE mydb.T1");
        });
        assertNoPrivilege(() -> {
            build.executeSql("ALTER TABLE mydb.T1 RENAME TO mydb.T2");
        });
        assertNoPrivilege(() -> {
            build.executeSql("CREATE DATABASE anotherdb");
        });
        assertNoPrivilege(() -> {
            build.executeSql("DROP DATABASE mydb CASCADE");
        });
        assertNoPrivilege(() -> {
            build.executeSql("CALL sys.create_privileged_user('test2', 'test2-passwd')");
        });
        build.executeSql(String.format("CREATE CATALOG rootcat WITH (\n  'type' = 'paimon',\n  'warehouse' = '%s',\n  'user' = 'root',\n  'password' = 'root-passwd'\n)", this.path));
        build.executeSql("USE CATALOG rootcat");
        build.executeSql("CREATE TABLE mydb2.T2 (\n  k INT,\n  v INT,\n  PRIMARY KEY (k) NOT ENFORCED\n)");
        build.executeSql("INSERT INTO mydb2.T2 VALUES (100, 1000), (200, 2000), (300, 3000)").await();
        build.executeSql("CALL sys.create_privileged_user('test', 'test-passwd')");
        build.executeSql("CALL sys.grant_privilege_to_user('test', 'CREATE_TABLE', 'mydb')");
        build.executeSql("CALL sys.grant_privilege_to_user('test', 'SELECT', 'mydb')");
        build.executeSql("CALL sys.grant_privilege_to_user('test', 'INSERT', 'mydb')");
        build.executeSql(String.format("CREATE CATALOG testcat WITH (\n  'type' = 'paimon',\n  'warehouse' = '%s',\n  'user' = 'test',\n  'password' = 'test-passwd'\n)", this.path));
        build.executeSql("USE CATALOG testcat");
        build.executeSql("INSERT INTO mydb.T1 VALUES (1, 12), (2, 22)").await();
        Assertions.assertThat(collect(build, "SELECT * FROM mydb.T1 ORDER BY k")).isEqualTo(Arrays.asList(Row.of(new Object[]{1, 12}), Row.of(new Object[]{2, 22}), Row.of(new Object[]{3, 30})));
        build.executeSql("CREATE TABLE mydb.S1 ( a INT, b INT )");
        build.executeSql("INSERT INTO mydb.S1 VALUES (1, 100), (2, 200), (3, 300)").await();
        Assertions.assertThat(collect(build, "SELECT * FROM mydb.S1 ORDER BY a")).isEqualTo(Arrays.asList(Row.of(new Object[]{1, 100}), Row.of(new Object[]{2, 200}), Row.of(new Object[]{3, 300})));
        assertNoPrivilege(() -> {
            build.executeSql("DROP TABLE mydb.T1");
        });
        assertNoPrivilege(() -> {
            build.executeSql("ALTER TABLE mydb.T1 RENAME TO mydb.T2");
        });
        assertNoPrivilege(() -> {
            build.executeSql("DROP TABLE mydb.S1");
        });
        assertNoPrivilege(() -> {
            build.executeSql("ALTER TABLE mydb.S1 RENAME TO mydb.S2");
        });
        assertNoPrivilege(() -> {
            build.executeSql("CREATE DATABASE anotherdb");
        });
        assertNoPrivilege(() -> {
            build.executeSql("DROP DATABASE mydb CASCADE");
        });
        assertNoPrivilege(() -> {
            build.executeSql("CALL sys.create_privileged_user('test2', 'test2-passwd')");
        });
        build.executeSql("USE CATALOG rootcat");
        build.executeSql("CALL sys.create_privileged_user('test2', 'test2-passwd')");
        build.executeSql("CALL sys.grant_privilege_to_user('test2', 'SELECT', 'mydb2')");
        build.executeSql("CALL sys.grant_privilege_to_user('test2', 'INSERT', 'mydb', 'T1')");
        build.executeSql("CALL sys.grant_privilege_to_user('test2', 'SELECT', 'mydb', 'S1')");
        build.executeSql("CALL sys.grant_privilege_to_user('test2', 'CREATE_DATABASE')");
        build.executeSql(String.format("CREATE CATALOG test2cat WITH (\n  'type' = 'paimon',\n  'warehouse' = '%s',\n  'user' = 'test2',\n  'password' = 'test2-passwd'\n)", this.path));
        build.executeSql("USE CATALOG test2cat");
        build.executeSql("INSERT INTO mydb.T1 VALUES (1, 13), (2, 23)").await();
        assertNoPrivilege(() -> {
            collect(build, "SELECT * FROM mydb.T1 ORDER BY k");
        });
        assertNoPrivilege(() -> {
            build.executeSql("CREATE TABLE mydb.S2 ( a INT, b INT )");
        });
        assertNoPrivilege(() -> {
            build.executeSql("INSERT INTO mydb.S1 VALUES (1, 100), (2, 200), (3, 300)").await();
        });
        Assertions.assertThat(collect(build, "SELECT * FROM mydb.S1 ORDER BY a")).isEqualTo(Arrays.asList(Row.of(new Object[]{1, 100}), Row.of(new Object[]{2, 200}), Row.of(new Object[]{3, 300})));
        assertNoPrivilege(() -> {
            build.executeSql("INSERT INTO mydb2.T2 VALUES (100, 1001), (200, 2001), (300, 3001)").await();
        });
        Assertions.assertThat(collect(build, "SELECT * FROM mydb2.T2 ORDER BY k")).isEqualTo(Arrays.asList(Row.of(new Object[]{100, 1000}), Row.of(new Object[]{200, 2000}), Row.of(new Object[]{300, 3000})));
        build.executeSql("CREATE DATABASE anotherdb");
        assertNoPrivilege(() -> {
            build.executeSql("DROP TABLE mydb.T1");
        });
        assertNoPrivilege(() -> {
            build.executeSql("ALTER TABLE mydb.T1 RENAME TO mydb.T2");
        });
        assertNoPrivilege(() -> {
            build.executeSql("DROP TABLE mydb.S1");
        });
        assertNoPrivilege(() -> {
            build.executeSql("ALTER TABLE mydb.S1 RENAME TO mydb.S2");
        });
        assertNoPrivilege(() -> {
            build.executeSql("DROP DATABASE mydb CASCADE");
        });
        assertNoPrivilege(() -> {
            build.executeSql("CALL sys.create_privileged_user('test3', 'test3-passwd')");
        });
        build.executeSql("USE CATALOG rootcat");
        Assertions.assertThat(collect(build, "SELECT * FROM mydb.T1 ORDER BY k")).isEqualTo(Arrays.asList(Row.of(new Object[]{1, 13}), Row.of(new Object[]{2, 23}), Row.of(new Object[]{3, 30})));
        build.executeSql("CALL sys.revoke_privilege_from_user('test2', 'SELECT')");
        build.executeSql("CALL sys.drop_privileged_user('test')");
        build.executeSql("USE CATALOG testcat");
        Assertions.assertThat((Exception) org.junit.jupiter.api.Assertions.assertThrows(Exception.class, () -> {
            collect(build, "SELECT * FROM mydb.T1 ORDER BY k");
        })).hasRootCauseMessage("User test not found, or password incorrect.");
        build.executeSql("USE CATALOG test2cat");
        assertNoPrivilege(() -> {
            collect(build, "SELECT * FROM mydb.S1 ORDER BY a");
        });
        assertNoPrivilege(() -> {
            collect(build, "SELECT * FROM mydb2.T2 ORDER BY k");
        });
        build.executeSql("INSERT INTO mydb.T1 VALUES (1, 14), (2, 24)").await();
        build.executeSql("USE CATALOG rootcat");
        Assertions.assertThat(collect(build, "SELECT * FROM mydb.T1 ORDER BY k")).isEqualTo(Arrays.asList(Row.of(new Object[]{1, 14}), Row.of(new Object[]{2, 24}), Row.of(new Object[]{3, 30})));
        build.executeSql("DROP DATABASE mydb CASCADE");
        build.executeSql("DROP DATABASE mydb2 CASCADE");
    }

    @Test
    public void testDropUser() throws Exception {
        TableEnvironment build = tableEnvironmentBuilder().batchMode().build();
        initializeSingleUserTest(build);
        build.executeSql("USE CATALOG rootcat");
        build.executeSql("CALL sys.drop_privileged_user('test')");
        build.executeSql("CALL sys.create_privileged_user('test', 'test-passwd')");
        build.executeSql("USE CATALOG testcat");
        assertNoPrivilege(() -> {
            collect(build, "SELECT * FROM mydb.T1 ORDER BY k");
        });
        assertNoPrivilege(() -> {
            build.executeSql("INSERT INTO mydb.T1 VALUES (1, 12), (2, 22)").await();
        });
    }

    @Test
    public void testDropObject() throws Exception {
        TableEnvironment build = tableEnvironmentBuilder().batchMode().build();
        initializeSingleUserTest(build);
        build.executeSql("USE CATALOG rootcat");
        build.executeSql("DROP TABLE mydb.T1");
        build.executeSql("CREATE TABLE mydb.T1 (\n  k INT,\n  v INT,\n  PRIMARY KEY (k) NOT ENFORCED\n)");
        build.executeSql("USE CATALOG testcat");
        assertNoPrivilege(() -> {
            collect(build, "SELECT * FROM mydb.T1 ORDER BY k");
        });
        assertNoPrivilege(() -> {
            build.executeSql("INSERT INTO mydb.T1 VALUES (1, 12), (2, 22)").await();
        });
    }

    @Test
    public void testRenameObject() throws Exception {
        TableEnvironment build = tableEnvironmentBuilder().batchMode().build();
        initializeSingleUserTest(build);
        build.executeSql("USE CATALOG rootcat");
        build.executeSql("ALTER TABLE mydb.T1 RENAME TO mydb.T2");
        build.executeSql("USE CATALOG testcat");
        Assertions.assertThat(collect(build, "SELECT * FROM mydb.T2 ORDER BY k")).isEqualTo(Arrays.asList(Row.of(new Object[]{1, 11}), Row.of(new Object[]{2, 21}), Row.of(new Object[]{3, 30})));
        build.executeSql("INSERT INTO mydb.T2 VALUES (1, 12), (2, 22)").await();
        Assertions.assertThat(collect(build, "SELECT * FROM mydb.T2 ORDER BY k")).isEqualTo(Arrays.asList(Row.of(new Object[]{1, 12}), Row.of(new Object[]{2, 22}), Row.of(new Object[]{3, 30})));
    }

    private void initializeSingleUserTest(TableEnvironment tableEnvironment) throws Exception {
        tableEnvironment.executeSql(String.format("CREATE CATALOG mycat WITH (\n  'type' = 'paimon',\n  'warehouse' = '%s'\n)", this.path));
        tableEnvironment.executeSql("USE CATALOG mycat");
        tableEnvironment.executeSql("CREATE DATABASE mydb");
        tableEnvironment.executeSql("CREATE TABLE mydb.T1 (\n  k INT,\n  v INT,\n  PRIMARY KEY (k) NOT ENFORCED\n)");
        tableEnvironment.executeSql("INSERT INTO mydb.T1 VALUES (1, 10), (2, 20), (3, 30)").await();
        tableEnvironment.executeSql("CALL sys.init_file_based_privilege('root-passwd')");
        tableEnvironment.executeSql(String.format("CREATE CATALOG rootcat WITH (\n  'type' = 'paimon',\n  'warehouse' = '%s',\n  'user' = 'root',\n  'password' = 'root-passwd'\n)", this.path));
        tableEnvironment.executeSql("USE CATALOG rootcat");
        tableEnvironment.executeSql("CALL sys.create_privileged_user('test', 'test-passwd')");
        tableEnvironment.executeSql("CALL sys.grant_privilege_to_user('test', 'SELECT', 'mydb', 'T1')");
        tableEnvironment.executeSql("CALL sys.grant_privilege_to_user('test', 'INSERT', 'mydb', 'T1')");
        tableEnvironment.executeSql(String.format("CREATE CATALOG testcat WITH (\n  'type' = 'paimon',\n  'warehouse' = '%s',\n  'user' = 'test',\n  'password' = 'test-passwd'\n)", this.path));
        tableEnvironment.executeSql("USE CATALOG testcat");
        Assertions.assertThat(collect(tableEnvironment, "SELECT * FROM mydb.T1 ORDER BY k")).isEqualTo(Arrays.asList(Row.of(new Object[]{1, 10}), Row.of(new Object[]{2, 20}), Row.of(new Object[]{3, 30})));
        tableEnvironment.executeSql("INSERT INTO mydb.T1 VALUES (1, 11), (2, 21)").await();
        Assertions.assertThat(collect(tableEnvironment, "SELECT * FROM mydb.T1 ORDER BY k")).isEqualTo(Arrays.asList(Row.of(new Object[]{1, 11}), Row.of(new Object[]{2, 21}), Row.of(new Object[]{3, 30})));
    }

    private List<Row> collect(TableEnvironment tableEnvironment, String str) throws Exception {
        ArrayList arrayList = new ArrayList();
        CloseableIterator collect = tableEnvironment.executeSql(str).collect();
        Throwable th = null;
        while (collect.hasNext()) {
            try {
                try {
                    arrayList.add(collect.next());
                } finally {
                }
            } catch (Throwable th2) {
                if (collect != null) {
                    if (th != null) {
                        try {
                            collect.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        collect.close();
                    }
                }
                throw th2;
            }
        }
        if (collect != null) {
            if (0 != 0) {
                try {
                    collect.close();
                } catch (Throwable th4) {
                    th.addSuppressed(th4);
                }
            } else {
                collect.close();
            }
        }
        return arrayList;
    }

    private void assertNoPrivilege(Executable executable) {
        Exception exc = (Exception) org.junit.jupiter.api.Assertions.assertThrows(Exception.class, executable);
        if (exc.getCause() != null) {
            Assertions.assertThat(exc).hasRootCauseInstanceOf(NoPrivilegeException.class);
        } else {
            Assertions.assertThat(exc).isInstanceOf(NoPrivilegeException.class);
        }
    }
}
