package org.apache.sentry.api.service.thrift;

import com.codahale.metrics.Gauge;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Sets;
import java.util.Collections;
import java.util.Set;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.metastore.messaging.EventMessage;
import org.apache.sentry.api.common.Status;
import org.apache.sentry.core.common.exception.SentryInvalidInputException;
import org.apache.sentry.core.common.exception.SentrySiteConfigurationException;
import org.apache.sentry.core.common.exception.SentryThriftAPIMismatchException;
import org.apache.sentry.hdfs.Updateable;
import org.apache.sentry.provider.common.GroupMappingService;
import org.apache.sentry.provider.db.service.persistent.CounterWait;
import org.apache.sentry.provider.db.service.persistent.SentryStore;
import org.apache.sentry.service.common.SentryOwnerPrivilegeType;
import org.apache.sentry.service.common.ServiceConstants;
import org.apache.sentry.service.thrift.FullUpdateInitializerState;
import org.apache.sentry.service.thrift.SentryStateBank;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.class */
public class TestSentryPolicyStoreProcessor {
    private static final String DBNAME = "db1";
    private static final String TABLENAME = "table1";
    private static final String OWNER = "owner1";
    private Configuration conf;
    private static final SentryStore sentryStore = (SentryStore) Mockito.mock(SentryStore.class);
    private static final CounterWait counterWait = (CounterWait) Mockito.mock(CounterWait.class);
    private static final String ADMIN_GROUP = "admin_group";
    private static final String ADMIN_USER = "admin_user";
    private static final String NOT_ADMIN_USER = "not_admin_user";
    private static final String NOT_ADMIN_GROUP = "not_admin_group";

    /* loaded from: input_file:org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor$ExceptionInConstructorNotificationHandler.class */
    public static class ExceptionInConstructorNotificationHandler extends NotificationHandler {
        public ExceptionInConstructorNotificationHandler(Configuration configuration) throws Exception {
            super(configuration);
            throw new Exception();
        }
    }

    /* loaded from: input_file:org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor$MockGroupMapping.class */
    public static class MockGroupMapping implements GroupMappingService {
        public MockGroupMapping(Configuration configuration, String str) {
        }

        public Set<String> getGroups(String str) {
            return str.equalsIgnoreCase(TestSentryPolicyStoreProcessor.ADMIN_USER) ? Sets.newHashSet(new String[]{TestSentryPolicyStoreProcessor.ADMIN_GROUP}) : str.equalsIgnoreCase(TestSentryPolicyStoreProcessor.NOT_ADMIN_USER) ? Sets.newHashSet(new String[]{TestSentryPolicyStoreProcessor.NOT_ADMIN_GROUP}) : Collections.emptySet();
        }
    }

    /* loaded from: input_file:org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor$NoopNotificationHandler.class */
    public static class NoopNotificationHandler extends NotificationHandler {
        public NoopNotificationHandler(Configuration configuration) throws Exception {
            super(configuration);
        }
    }

    @Before
    public void setup() throws Exception {
        this.conf = new Configuration(true);
        this.conf.set("sentry.db.policy.store.owner.as.privilege", SentryOwnerPrivilegeType.ALL.toString());
        this.conf.set("sentry.service.admin.group", ADMIN_GROUP);
        this.conf.set("sentry.store.group.mapping", MockGroupMapping.class.getName());
        Mockito.when(sentryStore.getRoleCountGauge()).thenReturn(new Gauge<Long>() { // from class: org.apache.sentry.api.service.thrift.TestSentryPolicyStoreProcessor.1
            /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
            public Long m4getValue() {
                return 0L;
            }
        });
        Mockito.when(sentryStore.getPrivilegeCountGauge()).thenReturn(new Gauge<Long>() { // from class: org.apache.sentry.api.service.thrift.TestSentryPolicyStoreProcessor.2
            /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
            public Long m5getValue() {
                return 0L;
            }
        });
        Mockito.when(sentryStore.getGroupCountGauge()).thenReturn(new Gauge<Long>() { // from class: org.apache.sentry.api.service.thrift.TestSentryPolicyStoreProcessor.3
            /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
            public Long m6getValue() {
                return 0L;
            }
        });
        Mockito.when(sentryStore.getHMSWaitersCountGauge()).thenReturn(new Gauge<Integer>() { // from class: org.apache.sentry.api.service.thrift.TestSentryPolicyStoreProcessor.4
            /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
            public Integer m7getValue() {
                return 0;
            }
        });
        Mockito.when(sentryStore.getLastNotificationIdGauge()).thenReturn(new Gauge<Long>() { // from class: org.apache.sentry.api.service.thrift.TestSentryPolicyStoreProcessor.5
            /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
            public Long m8getValue() {
                return 0L;
            }
        });
        Mockito.when(sentryStore.getLastPathsSnapshotIdGauge()).thenReturn(new Gauge<Long>() { // from class: org.apache.sentry.api.service.thrift.TestSentryPolicyStoreProcessor.6
            /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
            public Long m9getValue() {
                return 0L;
            }
        });
        Mockito.when(sentryStore.getPermChangeIdGauge()).thenReturn(new Gauge<Long>() { // from class: org.apache.sentry.api.service.thrift.TestSentryPolicyStoreProcessor.7
            /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
            public Long m10getValue() {
                return 0L;
            }
        });
        Mockito.when(sentryStore.getPathChangeIdGauge()).thenReturn(new Gauge<Long>() { // from class: org.apache.sentry.api.service.thrift.TestSentryPolicyStoreProcessor.8
            /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
            public Long m11getValue() {
                return 0L;
            }
        });
        ((CounterWait) Mockito.doAnswer(invocationOnMock -> {
            return Long.valueOf(((Long) invocationOnMock.getArguments()[0]).longValue());
        }).when(counterWait)).waitFor(Mockito.anyLong());
        ((SentryStore) Mockito.doAnswer(invocationOnMock2 -> {
            return counterWait;
        }).when(sentryStore)).getCounterWait();
    }

    @After
    public void reset() {
        Mockito.reset(new SentryStore[]{sentryStore});
        Mockito.reset(new CounterWait[]{counterWait});
    }

    @Test(expected = SentrySiteConfigurationException.class)
    public void testConfigNotNotificationHandler() throws Exception {
        this.conf.set("sentry.policy.store.notification.handlers", Object.class.getName());
        SentryPolicyStoreProcessor.createHandlers(this.conf);
    }

    @Test(expected = SentrySiteConfigurationException.class)
    public void testConfigCannotCreateNotificationHandler() throws Exception {
        this.conf.set("sentry.policy.store.notification.handlers", ExceptionInConstructorNotificationHandler.class.getName());
        SentryPolicyStoreProcessor.createHandlers(this.conf);
    }

    @Test(expected = SentrySiteConfigurationException.class)
    public void testConfigNotAClassNotificationHandler() throws Exception {
        this.conf.set("sentry.policy.store.notification.handlers", "junk");
        SentryPolicyStoreProcessor.createHandlers(this.conf);
    }

    @Test
    public void testConfigMultipleNotificationHandlers() throws Exception {
        this.conf.set("sentry.policy.store.notification.handlers", NoopNotificationHandler.class.getName() + "," + NoopNotificationHandler.class.getName() + " " + NoopNotificationHandler.class.getName());
        Assert.assertEquals(3L, SentryPolicyStoreProcessor.createHandlers(this.conf).size());
    }

    @Test(expected = SentryThriftAPIMismatchException.class)
    public void testSentryThriftAPIMismatch() throws Exception {
        SentryPolicyStoreProcessor.validateClientVersion(1);
    }

    @Test
    public void testSentryThriftAPIMatchVersion() throws Exception {
        SentryPolicyStoreProcessor.validateClientVersion(2);
    }

    @Test
    public void testConstructOwnerPrivilege() throws Exception {
        this.conf.set("sentry.db.policy.store.owner.as.privilege", SentryOwnerPrivilegeType.NONE.toString());
        SentryPolicyStoreProcessor sentryPolicyStoreProcessor = new SentryPolicyStoreProcessor("SentryPolicyService", this.conf, sentryStore);
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable("server1");
        tSentryAuthorizable.setDb(DBNAME);
        tSentryAuthorizable.setTable("tb1");
        Assert.assertNull(sentryPolicyStoreProcessor.constructOwnerPrivilege(tSentryAuthorizable));
        this.conf.set("sentry.db.policy.store.owner.as.privilege", SentryOwnerPrivilegeType.ALL.toString());
        SentryPolicyStoreProcessor sentryPolicyStoreProcessor2 = new SentryPolicyStoreProcessor("SentryPolicyService", this.conf, sentryStore);
        TSentryAuthorizable tSentryAuthorizable2 = new TSentryAuthorizable("server1");
        tSentryAuthorizable2.setTable("tb1");
        Assert.assertNull(sentryPolicyStoreProcessor2.constructOwnerPrivilege(tSentryAuthorizable2));
        TSentryAuthorizable tSentryAuthorizable3 = new TSentryAuthorizable("server1");
        tSentryAuthorizable3.setDb(DBNAME);
        tSentryPrivilege.setServerName("server1");
        tSentryPrivilege.setDbName(DBNAME);
        tSentryPrivilege.setAction("OWNER");
        tSentryPrivilege.setPrivilegeScope("DATABASE");
        Assert.assertNotNull(sentryPolicyStoreProcessor2.constructOwnerPrivilege(tSentryAuthorizable3));
        Assert.assertEquals(tSentryPrivilege, sentryPolicyStoreProcessor2.constructOwnerPrivilege(tSentryAuthorizable3));
        TSentryAuthorizable tSentryAuthorizable4 = new TSentryAuthorizable("server1");
        tSentryAuthorizable4.setDb(DBNAME);
        tSentryAuthorizable4.setTable("tb1");
        tSentryPrivilege.setTableName("tb1");
        tSentryPrivilege.setPrivilegeScope("TABLE");
        Assert.assertNotNull(sentryPolicyStoreProcessor2.constructOwnerPrivilege(tSentryAuthorizable4));
        Assert.assertEquals(tSentryPrivilege, sentryPolicyStoreProcessor2.constructOwnerPrivilege(tSentryAuthorizable4));
        this.conf.set("sentry.db.policy.store.owner.as.privilege", SentryOwnerPrivilegeType.ALL_WITH_GRANT.toString());
        SentryPolicyStoreProcessor sentryPolicyStoreProcessor3 = new SentryPolicyStoreProcessor("SentryPolicyService", this.conf, sentryStore);
        TSentryAuthorizable tSentryAuthorizable5 = new TSentryAuthorizable("server1");
        tSentryAuthorizable5.setDb(DBNAME);
        tSentryAuthorizable5.setTable("tb1");
        tSentryPrivilege.setPrivilegeScope("TABLE");
        tSentryPrivilege.setGrantOption(TSentryGrantOption.TRUE);
        Assert.assertNotNull(sentryPolicyStoreProcessor3.constructOwnerPrivilege(tSentryAuthorizable5));
        Assert.assertEquals(tSentryPrivilege, sentryPolicyStoreProcessor3.constructOwnerPrivilege(tSentryAuthorizable5));
    }

    @Test
    public void testListPrivilegesByUserName() throws Exception {
        MockGroupMappingService.addUserGroupMapping("admin", Sets.newHashSet(new String[]{"admin"}));
        Configuration configuration = new Configuration();
        configuration.set("sentry.store.group.mapping", "org.apache.sentry.api.service.thrift.MockGroupMappingService");
        configuration.set("sentry.service.admin.group", "admin");
        SentryPolicyStoreProcessor sentryPolicyStoreProcessor = new SentryPolicyStoreProcessor("SentryPolicyService", configuration, sentryStore);
        TListSentryPrivilegesResponse list_sentry_privileges_by_user = sentryPolicyStoreProcessor.list_sentry_privileges_by_user(newPrivilegesRequest("admin", null, null));
        new TListSentryPrivilegesResponse().setStatus(Status.InvalidInput("principalName parameter must not be null", new SentryInvalidInputException("principalName parameter must not be null")));
        Assert.assertEquals(r0.getStatus().getValue(), list_sentry_privileges_by_user.getStatus().getValue());
        Mockito.when(sentryStore.getAllTSentryPrivilegesByUserName("user1")).thenReturn(Sets.newHashSet(new TSentryPrivilege[]{newSentryPrivilege("database", DBNAME, "t1", "*"), newSentryPrivilege("database", DBNAME, "t2", "*")}));
        TListSentryPrivilegesResponse list_sentry_privileges_by_user2 = sentryPolicyStoreProcessor.list_sentry_privileges_by_user(newPrivilegesRequest("admin", "user1", null));
        Assert.assertEquals(2L, list_sentry_privileges_by_user2.getPrivileges().size());
        Assert.assertEquals(Status.OK(), list_sentry_privileges_by_user2.getStatus());
        Assert.assertTrue("User should have ALL privileges in db1.t1", list_sentry_privileges_by_user2.getPrivileges().contains(newSentryPrivilege("database", DBNAME, "t1", "*")));
        Assert.assertTrue("User should have ALL privileges in db1.t2", list_sentry_privileges_by_user2.getPrivileges().contains(newSentryPrivilege("database", DBNAME, "t2", "*")));
        TListSentryPrivilegesResponse list_sentry_privileges_by_user3 = sentryPolicyStoreProcessor.list_sentry_privileges_by_user(newPrivilegesRequest("user1", "user1", null));
        Assert.assertEquals(2L, list_sentry_privileges_by_user3.getPrivileges().size());
        Assert.assertEquals(Status.OK(), list_sentry_privileges_by_user3.getStatus());
        Assert.assertTrue("User should have ALL privileges in db1.t1", list_sentry_privileges_by_user3.getPrivileges().contains(newSentryPrivilege("database", DBNAME, "t1", "*")));
        Assert.assertTrue("User should have ALL privileges in db1.t2", list_sentry_privileges_by_user3.getPrivileges().contains(newSentryPrivilege("database", DBNAME, "t2", "*")));
        TListSentryPrivilegesResponse list_sentry_privileges_by_user4 = sentryPolicyStoreProcessor.list_sentry_privileges_by_user(newPrivilegesRequest("user2", "user1", null));
        Assert.assertEquals(Status.ACCESS_DENIED.getCode(), list_sentry_privileges_by_user4.getStatus().getValue());
        Assert.assertNull(list_sentry_privileges_by_user4.getPrivileges());
        TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable();
        tSentryAuthorizable.setServer("server1");
        tSentryAuthorizable.setDb(DBNAME);
        tSentryAuthorizable.setTable("t1");
        Mockito.when(sentryStore.getTSentryPrivileges(ServiceConstants.SentryPrincipalType.USER, Sets.newHashSet(new String[]{"user1"}), tSentryAuthorizable)).thenReturn(Sets.newHashSet(new TSentryPrivilege[]{newSentryPrivilege("database", DBNAME, "t1", "*")}));
        TListSentryPrivilegesResponse list_sentry_privileges_by_user5 = sentryPolicyStoreProcessor.list_sentry_privileges_by_user(newPrivilegesRequest("user1", "user1", tSentryAuthorizable));
        Assert.assertEquals(1L, list_sentry_privileges_by_user5.getPrivileges().size());
        Assert.assertEquals(Status.OK(), list_sentry_privileges_by_user5.getStatus());
        Assert.assertTrue("User should have ALL privileges in db1.t1", list_sentry_privileges_by_user5.getPrivileges().contains(newSentryPrivilege("database", DBNAME, "t1", "*")));
    }

    private TListSentryPrivilegesRequest newPrivilegesRequest(String str, String str2, TSentryAuthorizable tSentryAuthorizable) {
        TListSentryPrivilegesRequest tListSentryPrivilegesRequest = new TListSentryPrivilegesRequest();
        tListSentryPrivilegesRequest.setRequestorUserName(str);
        tListSentryPrivilegesRequest.setPrincipalName(str2);
        tListSentryPrivilegesRequest.setAuthorizableHierarchy(tSentryAuthorizable);
        return tListSentryPrivilegesRequest;
    }

    private static TSentryPrivilege newSentryPrivilege(String str, String str2, String str3, String str4) {
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        tSentryPrivilege.setPrivilegeScope(str);
        tSentryPrivilege.setDbName(str2);
        tSentryPrivilege.setTableName(str3);
        tSentryPrivilege.setAction(str4);
        return tSentryPrivilege;
    }

    @Test
    public void testCreateTableEventProcessing() throws Exception {
        SentryPolicyStoreProcessor sentryPolicyStoreProcessor = new SentryPolicyStoreProcessor("SentryPolicyService", this.conf, sentryStore);
        TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable();
        tSentryAuthorizable.setDb(DBNAME);
        tSentryAuthorizable.setTable(TABLENAME);
        TSentryHmsEventNotification tSentryHmsEventNotification = new TSentryHmsEventNotification();
        tSentryHmsEventNotification.setId(1L);
        tSentryHmsEventNotification.setOwnerType(TSentryPrincipalType.ROLE);
        tSentryHmsEventNotification.setOwnerName(OWNER);
        tSentryHmsEventNotification.setAuthorizable(tSentryAuthorizable);
        tSentryHmsEventNotification.setEventType(EventMessage.EventType.CREATE_TABLE.toString());
        sentryPolicyStoreProcessor.sentry_notify_hms_event(tSentryHmsEventNotification);
        TSentryPrivilege constructOwnerPrivilege = sentryPolicyStoreProcessor.constructOwnerPrivilege(tSentryAuthorizable);
        ((SentryStore) Mockito.verify(sentryStore, Mockito.times(1))).alterSentryGrantOwnerPrivilege(OWNER, ServiceConstants.SentryPrincipalType.ROLE, constructOwnerPrivilege, (Updateable.Update) null);
        tSentryHmsEventNotification.setOwnerType(TSentryPrincipalType.USER);
        tSentryHmsEventNotification.setOwnerName(ADMIN_USER);
        sentryPolicyStoreProcessor.sentry_notify_hms_event(tSentryHmsEventNotification);
        ((SentryStore) Mockito.verify(sentryStore, Mockito.times(1))).alterSentryGrantOwnerPrivilege(ADMIN_USER, ServiceConstants.SentryPrincipalType.USER, constructOwnerPrivilege, (Updateable.Update) null);
        tSentryHmsEventNotification.setOwnerName(OWNER);
        tSentryHmsEventNotification.setOwnerType(TSentryPrincipalType.USER);
        sentryPolicyStoreProcessor.sentry_notify_hms_event(tSentryHmsEventNotification);
        ((SentryStore) Mockito.verify(sentryStore, Mockito.times(1))).alterSentryGrantOwnerPrivilege(OWNER, ServiceConstants.SentryPrincipalType.USER, constructOwnerPrivilege, (Updateable.Update) null);
    }

    @Test
    public void testCreateDatabaseEventProcessing() throws Exception {
        SentryPolicyStoreProcessor sentryPolicyStoreProcessor = new SentryPolicyStoreProcessor("SentryPolicyService", this.conf, sentryStore);
        TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable();
        tSentryAuthorizable.setDb(DBNAME);
        TSentryHmsEventNotification tSentryHmsEventNotification = new TSentryHmsEventNotification();
        tSentryHmsEventNotification.setId(1L);
        tSentryHmsEventNotification.setOwnerType(TSentryPrincipalType.ROLE);
        tSentryHmsEventNotification.setOwnerName(OWNER);
        tSentryHmsEventNotification.setAuthorizable(tSentryAuthorizable);
        tSentryHmsEventNotification.setEventType(EventMessage.EventType.CREATE_DATABASE.toString());
        sentryPolicyStoreProcessor.sentry_notify_hms_event(tSentryHmsEventNotification);
        TSentryPrivilege constructOwnerPrivilege = sentryPolicyStoreProcessor.constructOwnerPrivilege(tSentryAuthorizable);
        ((SentryStore) Mockito.verify(sentryStore, Mockito.times(1))).alterSentryGrantOwnerPrivilege(OWNER, ServiceConstants.SentryPrincipalType.ROLE, constructOwnerPrivilege, (Updateable.Update) null);
        tSentryHmsEventNotification.setOwnerType(TSentryPrincipalType.USER);
        sentryPolicyStoreProcessor.sentry_notify_hms_event(tSentryHmsEventNotification);
        ((SentryStore) Mockito.verify(sentryStore, Mockito.times(1))).alterSentryGrantOwnerPrivilege(OWNER, ServiceConstants.SentryPrincipalType.USER, constructOwnerPrivilege, (Updateable.Update) null);
        tSentryHmsEventNotification.setOwnerType(TSentryPrincipalType.USER);
        tSentryHmsEventNotification.setOwnerName(ADMIN_USER);
        sentryPolicyStoreProcessor.sentry_notify_hms_event(tSentryHmsEventNotification);
        ((SentryStore) Mockito.verify(sentryStore, Mockito.times(1))).alterSentryGrantOwnerPrivilege(ADMIN_USER, ServiceConstants.SentryPrincipalType.USER, constructOwnerPrivilege, (Updateable.Update) null);
    }

    @Test
    public void testNotificationSync() throws Exception {
        SentryPolicyStoreProcessor sentryPolicyStoreProcessor = new SentryPolicyStoreProcessor("SentryPolicyService", this.conf, sentryStore);
        TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable();
        tSentryAuthorizable.setDb(DBNAME);
        TSentryHmsEventNotification tSentryHmsEventNotification = new TSentryHmsEventNotification();
        tSentryHmsEventNotification.setId(1L);
        tSentryHmsEventNotification.setOwnerType(TSentryPrincipalType.ROLE);
        tSentryHmsEventNotification.setOwnerName(OWNER);
        tSentryHmsEventNotification.setAuthorizable(tSentryAuthorizable);
        tSentryHmsEventNotification.setEventType(EventMessage.EventType.CREATE_DATABASE.toString());
        sentryPolicyStoreProcessor.sentry_notify_hms_event(tSentryHmsEventNotification);
        ((SentryStore) Mockito.verify(sentryStore, Mockito.times(1))).getCounterWait();
        ((CounterWait) Mockito.verify(counterWait, Mockito.times(1))).waitFor(1L);
        SentryStateBank.enableState("FullUpdateInitializer", FullUpdateInitializerState.FULL_SNAPSHOT_INPROGRESS);
        sentryPolicyStoreProcessor.sentry_notify_hms_event(tSentryHmsEventNotification);
        Mockito.reset(new SentryStore[]{sentryStore});
        Mockito.reset(new CounterWait[]{counterWait});
        ((SentryStore) Mockito.verify(sentryStore, Mockito.times(0))).getCounterWait();
        ((CounterWait) Mockito.verify(counterWait, Mockito.times(0))).waitFor(1L);
    }

    @Test
    public void testAlterTableEventProcessing() throws Exception {
        this.conf.set("sentry.db.policy.store.owner.as.privilege", SentryOwnerPrivilegeType.ALL.toString());
        SentryPolicyStoreProcessor sentryPolicyStoreProcessor = new SentryPolicyStoreProcessor("SentryPolicyService", this.conf, sentryStore);
        TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable();
        tSentryAuthorizable.setDb(DBNAME);
        tSentryAuthorizable.setTable(TABLENAME);
        TSentryHmsEventNotification tSentryHmsEventNotification = new TSentryHmsEventNotification();
        tSentryHmsEventNotification.setId(1L);
        tSentryHmsEventNotification.setAuthorizable(tSentryAuthorizable);
        tSentryHmsEventNotification.setEventType(EventMessage.EventType.ALTER_TABLE.toString());
        tSentryHmsEventNotification.setOwnerType(TSentryPrincipalType.USER);
        tSentryHmsEventNotification.setOwnerName(ADMIN_USER);
        sentryPolicyStoreProcessor.sentry_notify_hms_event(tSentryHmsEventNotification);
        ((SentryStore) Mockito.verify(sentryStore, Mockito.times(1))).updateOwnerPrivilege((TSentryAuthorizable) Mockito.eq(tSentryAuthorizable), (String) Mockito.eq(ADMIN_USER), (ServiceConstants.SentryPrincipalType) Mockito.eq(ServiceConstants.SentryPrincipalType.USER), Mockito.anyList());
        tSentryHmsEventNotification.setOwnerType(TSentryPrincipalType.ROLE);
        tSentryHmsEventNotification.setOwnerName(OWNER);
        sentryPolicyStoreProcessor.sentry_notify_hms_event(tSentryHmsEventNotification);
        ((SentryStore) Mockito.verify(sentryStore, Mockito.times(1))).updateOwnerPrivilege((TSentryAuthorizable) Mockito.eq(tSentryAuthorizable), (String) Mockito.eq(OWNER), (ServiceConstants.SentryPrincipalType) Mockito.eq(ServiceConstants.SentryPrincipalType.ROLE), Mockito.anyList());
        tSentryHmsEventNotification.setOwnerType(TSentryPrincipalType.USER);
        sentryPolicyStoreProcessor.sentry_notify_hms_event(tSentryHmsEventNotification);
        ((SentryStore) Mockito.verify(sentryStore, Mockito.times(1))).updateOwnerPrivilege((TSentryAuthorizable) Mockito.eq(tSentryAuthorizable), (String) Mockito.eq(OWNER), (ServiceConstants.SentryPrincipalType) Mockito.eq(ServiceConstants.SentryPrincipalType.ROLE), Mockito.anyList());
    }

    @Test
    public void testListRolesPrivileges() throws Exception {
        MockGroupMappingService.addUserGroupMapping("admin", Sets.newHashSet(new String[]{"admin"}));
        Configuration configuration = new Configuration();
        configuration.set("sentry.store.group.mapping", MockGroupMappingService.class.getName());
        configuration.set("sentry.service.admin.group", "admin");
        SentryPolicyStoreProcessor sentryPolicyStoreProcessor = new SentryPolicyStoreProcessor("SentryPolicyService", configuration, sentryStore);
        TSentryPrivilegesRequest tSentryPrivilegesRequest = new TSentryPrivilegesRequest();
        tSentryPrivilegesRequest.setRequestorUserName("user1");
        Assert.assertEquals(Status.ACCESS_DENIED.getCode(), sentryPolicyStoreProcessor.list_roles_privileges(tSentryPrivilegesRequest).getStatus().getValue());
        tSentryPrivilegesRequest.setRequestorUserName("admin");
        Mockito.when(sentryStore.getAllRolesPrivileges()).thenReturn(Collections.emptyMap());
        TSentryPrivilegesResponse list_roles_privileges = sentryPolicyStoreProcessor.list_roles_privileges(tSentryPrivilegesRequest);
        Assert.assertEquals(Status.OK.getCode(), list_roles_privileges.getStatus().getValue());
        Assert.assertEquals(0L, list_roles_privileges.getPrivilegesMap().size());
        Mockito.when(sentryStore.getAllRolesPrivileges()).thenReturn(ImmutableMap.of("role1", Sets.newHashSet(new TSentryPrivilege[]{newSentryPrivilege("TABLE", DBNAME, "tbl1", "ALL"), newSentryPrivilege("DATABASE", DBNAME, "", "INSERT")}), "role2", Sets.newHashSet(new TSentryPrivilege[]{newSentryPrivilege("SERVER", "", "", "ALL")}), "role3", Sets.newHashSet()));
        Assert.assertEquals(Status.OK(), sentryPolicyStoreProcessor.list_roles_privileges(tSentryPrivilegesRequest).getStatus());
        Assert.assertEquals(3L, r0.getPrivilegesMap().size());
        Assert.assertEquals(2L, ((Set) r0.getPrivilegesMap().get("role1")).size());
        Assert.assertEquals(1L, ((Set) r0.getPrivilegesMap().get("role2")).size());
        Assert.assertEquals(0L, ((Set) r0.getPrivilegesMap().get("role3")).size());
    }

    @Test
    public void testListUsersPrivileges() throws Exception {
        MockGroupMappingService.addUserGroupMapping("admin", Sets.newHashSet(new String[]{"admin"}));
        Configuration configuration = new Configuration();
        configuration.set("sentry.store.group.mapping", MockGroupMappingService.class.getName());
        configuration.set("sentry.service.admin.group", "admin");
        SentryPolicyStoreProcessor sentryPolicyStoreProcessor = new SentryPolicyStoreProcessor("SentryPolicyService", configuration, sentryStore);
        TSentryPrivilegesRequest tSentryPrivilegesRequest = new TSentryPrivilegesRequest();
        tSentryPrivilegesRequest.setRequestorUserName("user1");
        Assert.assertEquals(Status.ACCESS_DENIED.getCode(), sentryPolicyStoreProcessor.list_users_privileges(tSentryPrivilegesRequest).getStatus().getValue());
        tSentryPrivilegesRequest.setRequestorUserName("admin");
        Mockito.when(sentryStore.getAllUsersPrivileges()).thenReturn(Collections.emptyMap());
        TSentryPrivilegesResponse list_users_privileges = sentryPolicyStoreProcessor.list_users_privileges(tSentryPrivilegesRequest);
        Assert.assertEquals(Status.OK.getCode(), list_users_privileges.getStatus().getValue());
        Assert.assertEquals(0L, list_users_privileges.getPrivilegesMap().size());
        Mockito.when(sentryStore.getAllUsersPrivileges()).thenReturn(ImmutableMap.of("user1", Sets.newHashSet(new TSentryPrivilege[]{newSentryPrivilege("TABLE", DBNAME, "tbl1", "ALL"), newSentryPrivilege("DATABASE", DBNAME, "", "INSERT")}), "user2", Sets.newHashSet(new TSentryPrivilege[]{newSentryPrivilege("SERVER", "", "", "ALL")}), "user3", Sets.newHashSet()));
        Assert.assertEquals(Status.OK(), sentryPolicyStoreProcessor.list_users_privileges(tSentryPrivilegesRequest).getStatus());
        Assert.assertEquals(3L, r0.getPrivilegesMap().size());
        Assert.assertEquals(2L, ((Set) r0.getPrivilegesMap().get("user1")).size());
        Assert.assertEquals(1L, ((Set) r0.getPrivilegesMap().get("user2")).size());
        Assert.assertEquals(0L, ((Set) r0.getPrivilegesMap().get("user3")).size());
    }
}
