package org.apache.sentry.provider.db.generic.service.persistent;

import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.hadoop.conf.Configuration;
import org.apache.sentry.core.common.BitFieldAction;
import org.apache.sentry.core.common.BitFieldActionFactory;
import org.apache.sentry.core.common.exception.SentryGrantDeniedException;
import org.apache.sentry.core.common.utils.PolicyFile;
import org.apache.sentry.core.model.search.Collection;
import org.apache.sentry.core.model.search.Field;
import org.apache.sentry.provider.db.generic.service.persistent.PrivilegeObject;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/sentry/provider/db/generic/service/persistent/TestPrivilegeOperatePersistence.class */
public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase {
    private static final String SEARCH = "solr";
    private static final String ADMIN_USER = "solr";
    private static final String GRANT_OPTION_USER = "user_grant_option";
    private static final String NO_GRANT_OPTION_USER = "user_no_grant_option";
    private static final String SERVICE = "service";
    private static final String COLLECTION_NAME = "collection1";
    private static final String NOT_COLLECTION_NAME = "not_collection1";
    private static final String FIELD_NAME = "field1";
    private static final String NOT_FIELD_NAME = "not_field1";
    private static final String[] GRANT_OPTION_GROUP = {"group_grant_option"};
    private static final String[] NO_GRANT_OPTION_GROUP = {"group_no_grant_option"};

    /* loaded from: input_file:org/apache/sentry/provider/db/generic/service/persistent/TestPrivilegeOperatePersistence$InvalidActionFactory.class */
    public static final class InvalidActionFactory {
    }

    /* loaded from: input_file:org/apache/sentry/provider/db/generic/service/persistent/TestPrivilegeOperatePersistence$MyComponentActionFactory.class */
    public static final class MyComponentActionFactory extends BitFieldActionFactory {

        /* loaded from: input_file:org/apache/sentry/provider/db/generic/service/persistent/TestPrivilegeOperatePersistence$MyComponentActionFactory$MyComponentAction.class */
        public static class MyComponentAction extends BitFieldAction {
            public MyComponentAction(String str) {
                this(MyComponentActionType.getActionByName(str));
            }

            public MyComponentAction(MyComponentActionType myComponentActionType) {
                super(myComponentActionType.name, myComponentActionType.code);
            }
        }

        /* loaded from: input_file:org/apache/sentry/provider/db/generic/service/persistent/TestPrivilegeOperatePersistence$MyComponentActionFactory$MyComponentActionType.class */
        public enum MyComponentActionType {
            FOO("foo", 1),
            BAR("bar", 2),
            QUERY("query", 4),
            ALL("*", (FOO.getCode() | BAR.getCode()) | QUERY.getCode());

            private String name;
            private int code;

            MyComponentActionType(String str, int i) {
                this.name = str;
                this.code = i;
            }

            public int getCode() {
                return this.code;
            }

            public String getName() {
                return this.name;
            }

            static MyComponentActionType getActionByName(String str) {
                for (MyComponentActionType myComponentActionType : values()) {
                    if (myComponentActionType.name.equalsIgnoreCase(str)) {
                        return myComponentActionType;
                    }
                }
                throw new RuntimeException("can't get MyComponentActionType by name:" + str);
            }

            static List<MyComponentActionType> getActionByCode(int i) {
                ArrayList newArrayList = Lists.newArrayList();
                for (MyComponentActionType myComponentActionType : values()) {
                    if ((myComponentActionType.code & i) == myComponentActionType.code && myComponentActionType != ALL) {
                        newArrayList.add(myComponentActionType);
                    }
                }
                if (newArrayList.isEmpty()) {
                    throw new RuntimeException("can't get sqoopActionType by code:" + i);
                }
                return newArrayList;
            }
        }

        public List<? extends BitFieldAction> getActionsByCode(int i) {
            ArrayList newArrayList = Lists.newArrayList();
            Iterator<MyComponentActionType> it = MyComponentActionType.getActionByCode(i).iterator();
            while (it.hasNext()) {
                newArrayList.add(new MyComponentAction(it.next()));
            }
            return newArrayList;
        }

        public BitFieldAction getActionByName(String str) {
            return "ALL".equalsIgnoreCase(str) ? new MyComponentAction(MyComponentActionType.ALL) : new MyComponentAction(str);
        }
    }

    @Before
    public void configure() throws Exception {
        policyFile = new PolicyFile();
        addGroupsToUser("solr", getAdminGroups());
        writePolicyFile();
    }

    @Test
    public void testGrantPrivilege() throws Exception {
        testGrantPrivilege(sentryStore, "solr");
    }

    @Test
    public void testGrantPrivilegeTwice() throws Exception {
        sentryStore.createRole("solr", "r1", "solr");
        PrivilegeObject build = new PrivilegeObject.Builder().setComponent("solr").setAction("query").setService(SERVICE).setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))).withGrantOption(true).build();
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build, "solr");
        Assert.assertEquals(1L, sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})).size());
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build, "solr");
        Assert.assertEquals(1L, sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})).size());
        PrivilegeObject build2 = new PrivilegeObject.Builder().setComponent("solr").setAction("query").setService(SERVICE).setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))).withGrantOption(false).build();
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build2, "solr");
        Assert.assertEquals(2L, sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})).size());
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build2, "solr");
        Assert.assertEquals(2L, sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})).size());
        PrivilegeObject build3 = new PrivilegeObject.Builder().setComponent("solr").setAction("query").setService(SERVICE).setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))).withGrantOption((Boolean) null).build();
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build3, "solr");
        Assert.assertEquals(3L, sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})).size());
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build3, "solr");
        Assert.assertEquals(3L, sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})).size());
    }

    @Test
    public void testGrantPrivilegeWithAllPrivilegeExist() throws Exception {
        PrivilegeObject build = new PrivilegeObject.Builder().setComponent("solr").setAction("*").setService(SERVICE).setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))).build();
        sentryStore.createRole("solr", "r1", "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build, "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})));
        sentryStore.alterRoleGrantPrivilege("solr", "r1", new PrivilegeObject.Builder(build).setAction("query").build(), "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})));
    }

    @Test
    public void testGrantALLPrivilegeWithOtherPrivilegesExist() throws Exception {
        PrivilegeObject build = new PrivilegeObject.Builder().setComponent("solr").setAction("query").setService(SERVICE).setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))).build();
        PrivilegeObject build2 = new PrivilegeObject.Builder(build).setAction("update").build();
        sentryStore.createRole("solr", "r1", "solr");
        sentryStore.createRole("solr", "r2", "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build, "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build2, "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build, build2}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})));
        sentryStore.alterRoleGrantPrivilege("solr", "r2", build, "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r2", build2, "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build, build2}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r2"})));
        PrivilegeObject build3 = new PrivilegeObject.Builder(build).setAction("*").build();
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build3, "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build3}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})));
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build, build2}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r2"})));
    }

    @Test
    public void testGrantRevokeCheckWithGrantOption() throws Exception {
        addGroupsToUser(GRANT_OPTION_USER, GRANT_OPTION_GROUP);
        addGroupsToUser(NO_GRANT_OPTION_USER, NO_GRANT_OPTION_GROUP);
        writePolicyFile();
        sentryStore.createRole("solr", "r1", "g1");
        sentryStore.createRole("solr", "r2", "g1");
        PrivilegeObject build = new PrivilegeObject.Builder().setComponent("solr").setAction("query").setService(SERVICE).setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))).withGrantOption(true).build();
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build, "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})));
        PrivilegeObject build2 = new PrivilegeObject.Builder().setComponent("solr").setAction("query").setService(SERVICE).setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))).withGrantOption(false).build();
        sentryStore.alterRoleGrantPrivilege("solr", "r2", build2, "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build2}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r2"})));
        sentryStore.alterRoleAddGroups("solr", "r1", Sets.newHashSet(GRANT_OPTION_GROUP), "g1");
        sentryStore.alterRoleAddGroups("solr", "r2", Sets.newHashSet(NO_GRANT_OPTION_GROUP), "g1");
        sentryStore.createRole("solr", "r3", "g1");
        try {
            sentryStore.alterRoleGrantPrivilege("solr", "r3", build, GRANT_OPTION_USER);
        } catch (SentryGrantDeniedException e) {
            Assert.fail("SentryGrantDeniedException shouldn't have been thrown");
        }
        try {
            sentryStore.alterRoleRevokePrivilege("solr", "r3", build, GRANT_OPTION_USER);
        } catch (SentryGrantDeniedException e2) {
            Assert.fail("SentryGrantDeniedException shouldn't have been thrown");
        }
        try {
            sentryStore.alterRoleGrantPrivilege("solr", "r3", build2, NO_GRANT_OPTION_USER);
            Assert.fail("SentryGrantDeniedException should have been thrown");
        } catch (SentryGrantDeniedException e3) {
        }
        try {
            sentryStore.alterRoleGrantPrivilege("solr", "r3", build2, NO_GRANT_OPTION_USER);
            Assert.fail("SentryGrantDeniedException should have been thrown");
        } catch (SentryGrantDeniedException e4) {
        }
    }

    @Test
    public void testGrantWithGrantOption() throws Exception {
        addGroupsToUser(GRANT_OPTION_USER, GRANT_OPTION_GROUP);
        addGroupsToUser(NO_GRANT_OPTION_USER, NO_GRANT_OPTION_GROUP);
        writePolicyFile();
        sentryStore.createRole("solr", "r1", "g1");
        PrivilegeObject build = new PrivilegeObject.Builder().setComponent("solr").setAction("query").setService(SERVICE).setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))).withGrantOption(true).build();
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build, "solr");
        sentryStore.alterRoleAddGroups("solr", "r1", Sets.newHashSet(GRANT_OPTION_GROUP), "g1");
        sentryStore.createRole("solr", "r2", "g1");
        sentryStore.alterRoleGrantPrivilege("solr", "r2", build, GRANT_OPTION_USER);
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r2"})));
    }

    @Test
    public void testRevokePrivilege() throws Exception {
        PrivilegeObject build = new PrivilegeObject.Builder().setComponent("solr").setAction("query").setService(SERVICE).setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME))).build();
        PrivilegeObject build2 = new PrivilegeObject.Builder(build).setAction("update").build();
        sentryStore.createRole("solr", "r1", "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build, "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build2, "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build, build2}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})));
        sentryStore.alterRoleRevokePrivilege("solr", "r1", build, "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build2}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})));
    }

    @Test
    public void testRevokeAllPrivilege() throws Exception {
        PrivilegeObject build = new PrivilegeObject.Builder().setComponent("solr").setAction("query").setService(SERVICE).setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME))).build();
        PrivilegeObject build2 = new PrivilegeObject.Builder(build).setAction("update").build();
        sentryStore.createRole("solr", "r1", "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build, "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build2, "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build, build2}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})));
        sentryStore.alterRoleRevokePrivilege("solr", "r1", new PrivilegeObject.Builder(build).setAction("*").build(), "solr");
        Assert.assertEquals(Sets.newHashSet(), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})));
    }

    @Test
    public void testRevokePrivilegeWithAllPrivilegeExist() throws Exception {
        PrivilegeObject build = new PrivilegeObject.Builder().setComponent("solr").setAction("*").setService(SERVICE).setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME))).build();
        sentryStore.createRole("solr", "r1", "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build, "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})));
        PrivilegeObject build2 = new PrivilegeObject.Builder(build).setAction("update").build();
        PrivilegeObject build3 = new PrivilegeObject.Builder(build).setAction("query").build();
        sentryStore.alterRoleRevokePrivilege("solr", "r1", build2, "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build3}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})));
    }

    @Test
    public void testRevokePrivilegeWithAllPrivilegesGranted() throws Exception {
        PrivilegeObject build = new PrivilegeObject.Builder().setComponent("solr").setAction("*").setService(SERVICE).setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME))).build();
        PrivilegeObject build2 = new PrivilegeObject.Builder(build).setAction("update").build();
        PrivilegeObject build3 = new PrivilegeObject.Builder(build).setAction("query").build();
        sentryStore.createRole("solr", "r1", "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build3, "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build3}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})));
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build2, "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build3, build2}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})));
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build, "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})));
        sentryStore.alterRoleRevokePrivilege("solr", "r1", build2, "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build3}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})));
    }

    @Test
    public void testRevokeParentPrivilegeWithChildsExist() throws Exception {
        PrivilegeObject build = new PrivilegeObject.Builder().setComponent("solr").setAction("update").setService(SERVICE).setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME))).build();
        PrivilegeObject build2 = new PrivilegeObject.Builder().setComponent("solr").setAction("query").setService(SERVICE).setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME))).build();
        PrivilegeObject build3 = new PrivilegeObject.Builder().setComponent("solr").setAction("query").setService(SERVICE).setAuthorizables(Arrays.asList(new Collection(NOT_COLLECTION_NAME))).build();
        sentryStore.createRole("solr", "r1", "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build, "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build2, "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build3, "solr");
        sentryStore.alterRoleRevokePrivilege("solr", "r1", new PrivilegeObject.Builder().setComponent("solr").setAction("*").setService(SERVICE).setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))).build(), "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build3}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})));
    }

    @Test
    public void testRevokeWithGrantOption() throws Exception {
        addGroupsToUser(GRANT_OPTION_USER, GRANT_OPTION_GROUP);
        addGroupsToUser(NO_GRANT_OPTION_USER, NO_GRANT_OPTION_GROUP);
        writePolicyFile();
        sentryStore.createRole("solr", "r1", "g1");
        PrivilegeObject build = new PrivilegeObject.Builder().setComponent("solr").setAction("query").setService(SERVICE).setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))).withGrantOption(true).build();
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build, "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})));
        sentryStore.alterRoleAddGroups("solr", "r1", Sets.newHashSet(GRANT_OPTION_GROUP), "g1");
        sentryStore.createRole("solr", "r2", "g1");
        sentryStore.alterRoleGrantPrivilege("solr", "r2", build, GRANT_OPTION_USER);
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r2"})));
        sentryStore.alterRoleRevokePrivilege("solr", "r2", build, GRANT_OPTION_USER);
        Assert.assertEquals(Sets.newHashSet(), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r2"})));
    }

    @Test
    public void testDropPrivilege() throws Exception {
        PrivilegeObject build = new PrivilegeObject.Builder().setComponent("solr").setAction("query").setService(SERVICE).setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME))).build();
        PrivilegeObject build2 = new PrivilegeObject.Builder(build).setAction("update").build();
        sentryStore.createRole("solr", "r1", "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build, "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build2, "solr");
        sentryStore.createRole("solr", "r2", "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r2", build, "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r2", build2, "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build, build2}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})));
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build, build2}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r2"})));
        sentryStore.dropPrivilege("solr", build, "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build2}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})));
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build2}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r2"})));
        sentryStore.dropPrivilege("solr", new PrivilegeObject.Builder(build).setAction("*").build(), "solr");
        Assert.assertEquals(Sets.newHashSet(), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})));
        Assert.assertEquals(Sets.newHashSet(), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r2"})));
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build, "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build2, "solr");
        sentryStore.dropPrivilege("solr", new PrivilegeObject.Builder().setComponent("solr").setAction("*").setService(SERVICE).setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))).build(), "solr");
        Assert.assertEquals(Sets.newHashSet(), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})));
    }

    @Test
    public void testRenamePrivilege() throws Exception {
        List asList = Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME));
        List asList2 = Arrays.asList(new Collection(COLLECTION_NAME), new Field(NOT_FIELD_NAME));
        PrivilegeObject build = new PrivilegeObject.Builder().setComponent("solr").setAction("query").setService(SERVICE).setAuthorizables(asList).build();
        PrivilegeObject build2 = new PrivilegeObject.Builder(build).setAction("update").build();
        PrivilegeObject build3 = new PrivilegeObject.Builder(build).setAction("*").build();
        PrivilegeObject build4 = new PrivilegeObject.Builder().setComponent("solr").setAction("query").setService(SERVICE).setAuthorizables(asList2).build();
        PrivilegeObject build5 = new PrivilegeObject.Builder(build4).setAction("update").build();
        PrivilegeObject build6 = new PrivilegeObject.Builder(build4).setAction("*").build();
        sentryStore.createRole("solr", "r1", "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build, "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build2, "solr");
        sentryStore.createRole("solr", "r2", "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r2", build3, "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build, build2}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})));
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build3}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r2"})));
        sentryStore.renamePrivilege("solr", SERVICE, asList, asList2, "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build4, build5}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})));
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build6}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r2"})));
        List asList3 = Arrays.asList(new Collection(NOT_COLLECTION_NAME), new Field(NOT_FIELD_NAME));
        PrivilegeObject build7 = new PrivilegeObject.Builder(build4).setAuthorizables(asList3).build();
        PrivilegeObject build8 = new PrivilegeObject.Builder(build5).setAuthorizables(asList3).build();
        PrivilegeObject build9 = new PrivilegeObject.Builder(build6).setAuthorizables(asList3).build();
        sentryStore.renamePrivilege("solr", SERVICE, Arrays.asList(new Collection(COLLECTION_NAME)), Arrays.asList(new Collection(NOT_COLLECTION_NAME)), "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build7, build8}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1"})));
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build9}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r2"})));
    }

    @Test
    public void testGetPrivilegesByRoleName() throws Exception {
        PrivilegeObject build = new PrivilegeObject.Builder().setComponent("solr").setAction("query").setService(SERVICE).setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))).build();
        sentryStore.createRole("solr", "r1", "g1");
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build, "solr");
        PrivilegeObject build2 = new PrivilegeObject.Builder().setComponent("solr").setAction("query").setService(SERVICE).setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))).build();
        sentryStore.createRole("solr", "r2", "g1");
        sentryStore.alterRoleGrantPrivilege("solr", "r2", build2, "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build, build2}), sentryStore.getPrivilegesByRole("solr", Sets.newHashSet(new String[]{"r1", "r2"})));
    }

    @Test
    public void testGetPrivilegesByProvider() throws Exception {
        PrivilegeObject build = new PrivilegeObject.Builder().setComponent("solr").setAction("query").setService("service1").setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))).build();
        PrivilegeObject build2 = new PrivilegeObject.Builder().setComponent("solr").setAction("update").setService("service1").setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME))).build();
        PrivilegeObject build3 = new PrivilegeObject.Builder().setComponent("solr").setAction("query").setService("service1").setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))).build();
        PrivilegeObject build4 = new PrivilegeObject.Builder().setComponent("solr").setAction("update").setService("service1").setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME))).build();
        sentryStore.createRole("solr", "r1", "solr");
        sentryStore.createRole("solr", "r2", "solr");
        sentryStore.createRole("solr", "r3", "solr");
        sentryStore.alterRoleAddGroups("solr", "r3", Sets.newHashSet(new String[]{"g3"}), "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build, "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build2, "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r2", build3, "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r3", build4, "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build2, build}), sentryStore.getPrivilegesByProvider("solr", "service1", Sets.newHashSet(new String[]{"r1"}), (Set) null, (List) null));
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build2, build, build3}), sentryStore.getPrivilegesByProvider("solr", "service1", Sets.newHashSet(new String[]{"r1", "r2"}), (Set) null, (List) null));
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build2, build, build3, build4}), sentryStore.getPrivilegesByProvider("solr", "service1", Sets.newHashSet(new String[]{"r1", "r2"}), Sets.newHashSet(new String[]{"g3"}), (List) null));
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build2, build4}), sentryStore.getPrivilegesByProvider("solr", "service1", Sets.newHashSet(new String[]{"r1", "r2"}), Sets.newHashSet(new String[]{"g3"}), Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME))));
    }

    @Test
    public void testGetPrivilegesByAuthorizable() throws Exception {
        PrivilegeObject build = new PrivilegeObject.Builder().setComponent("solr").setAction("query").setService("service1").setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))).build();
        PrivilegeObject build2 = new PrivilegeObject.Builder().setComponent("solr").setAction("update").setService("service1").setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME))).build();
        PrivilegeObject build3 = new PrivilegeObject.Builder().setComponent("solr").setAction("query").setService("service1").setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME))).build();
        PrivilegeObject build4 = new PrivilegeObject.Builder().setComponent("solr").setAction("update").setService("service1").setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME))).build();
        sentryStore.createRole("solr", "r1", "solr");
        sentryStore.createRole("solr", "r2", "solr");
        sentryStore.createRole("solr", "r3", "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build, "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r1", build2, "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r2", build3, "solr");
        sentryStore.alterRoleGrantPrivilege("solr", "r3", build4, "solr");
        Assert.assertEquals(0L, sentryStore.getPrivilegesByAuthorizable("solr", "service1", (Set) null, Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME))).size());
        Assert.assertEquals(1L, sentryStore.getPrivilegesByAuthorizable("solr", "service1", Sets.newHashSet(new String[]{"r1"}), Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME))).size());
        Assert.assertEquals(2L, sentryStore.getPrivilegesByAuthorizable("solr", "service1", Sets.newHashSet(new String[]{"r1"}), (List) null).size());
        Assert.assertEquals(2L, sentryStore.getPrivilegesByAuthorizable("solr", "service1", Sets.newHashSet(new String[]{"r1", "r2"}), (List) null).size());
        Assert.assertEquals(2L, sentryStore.getPrivilegesByAuthorizable("solr", "service1", Sets.newHashSet(new String[]{"r1", "r2", "r3"}), (List) null).size());
    }

    @Test(expected = Exception.class)
    public void testGrantPrivilegeExternalComponentMissingConf() throws Exception {
        testGrantPrivilege(sentryStore, "externalComponent");
    }

    @Test(expected = Exception.class)
    public void testGrantPrivilegeExternalComponentInvalidConf() throws Exception {
        Configuration configuration = new Configuration(conf);
        configuration.set(String.format("sentry.%s.action.factory", "mycomponent"), InvalidActionFactory.class.getName());
        testGrantPrivilege(new DelegateSentryStore(configuration), "mycomponent");
    }

    @Test
    public void testGrantPrivilegeExternalComponent() throws Exception {
        Configuration configuration = new Configuration(conf);
        configuration.set(String.format("sentry.%s.action.factory", "mycomponent"), MyComponentActionFactory.class.getName());
        testGrantPrivilege(new DelegateSentryStore(configuration), "mycomponent");
    }

    @Test
    public void testGrantPrivilegeExternalComponentCaseInsensitivity() throws Exception {
        Configuration configuration = new Configuration(conf);
        configuration.set(String.format("sentry.%s.action.factory", "mycomponent"), MyComponentActionFactory.class.getName());
        testGrantPrivilege(new DelegateSentryStore(configuration), "MyCoMpOnEnT");
    }

    private void testGrantPrivilege(SentryStoreLayer sentryStoreLayer, String str) throws Exception {
        PrivilegeObject build = new PrivilegeObject.Builder().setComponent(str).setAction("query").setService(SERVICE).setAuthorizables(Collections.singletonList(new Collection(COLLECTION_NAME))).withGrantOption((Boolean) null).build();
        sentryStoreLayer.createRole(str, "r1", "solr");
        sentryStoreLayer.alterRoleGrantPrivilege(str, "r1", build, "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build}), sentryStoreLayer.getPrivilegesByRole(str, Sets.newHashSet(new String[]{"r1"})));
        PrivilegeObject build2 = new PrivilegeObject.Builder().setComponent(str).setAction("query").setService(SERVICE).setAuthorizables(Collections.singletonList(new Collection(COLLECTION_NAME))).withGrantOption(true).build();
        sentryStoreLayer.alterRoleGrantPrivilege(str, "r1", build2, "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build, build2}), sentryStoreLayer.getPrivilegesByRole(str, Sets.newHashSet(new String[]{"r1"})));
        PrivilegeObject build3 = new PrivilegeObject.Builder().setComponent(str).setAction("query").setService(SERVICE).setAuthorizables(Collections.singletonList(new Collection(COLLECTION_NAME))).withGrantOption(false).build();
        sentryStoreLayer.alterRoleGrantPrivilege(str, "r1", build3, "solr");
        Assert.assertEquals(Sets.newHashSet(new PrivilegeObject[]{build, build2, build3}), sentryStoreLayer.getPrivilegesByRole(str, Sets.newHashSet(new String[]{"r1"})));
    }
}
