package org.apache.tez.common.security;

import com.google.common.collect.Sets;
import java.io.IOException;
import java.util.Collection;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.yarn.api.records.ApplicationAccessType;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/tez/common/security/TestACLManager.class */
public class TestACLManager {
    private static final Set<String> noGroups = Sets.newHashSet();

    @Test
    public void testCurrentUserACLChecks() {
        ACLManager aCLManager = new ACLManager("currentUser");
        Assert.assertFalse(aCLManager.checkAccess("user1", (Collection) null, ACLType.AM_VIEW_ACL));
        Assert.assertFalse(aCLManager.checkAccess("user1", (Collection) null, ACLType.AM_MODIFY_ACL));
        Assert.assertTrue(aCLManager.checkAccess("currentUser", (Collection) null, ACLType.AM_VIEW_ACL));
        Assert.assertTrue(aCLManager.checkAccess("currentUser", (Collection) null, ACLType.AM_MODIFY_ACL));
        ACLManager aCLManager2 = new ACLManager("currentUser", new Configuration(false));
        Assert.assertFalse(aCLManager2.checkAccess("user1", (Collection) null, ACLType.AM_VIEW_ACL));
        Assert.assertFalse(aCLManager2.checkAccess("user1", (Collection) null, ACLType.AM_MODIFY_ACL));
        Assert.assertTrue(aCLManager2.checkAccess("currentUser", (Collection) null, ACLType.AM_VIEW_ACL));
        Assert.assertTrue(aCLManager2.checkAccess("currentUser", (Collection) null, ACLType.AM_MODIFY_ACL));
        ACLManager aCLManager3 = new ACLManager(aCLManager2, "dagUser", new Configuration(false));
        Assert.assertFalse(aCLManager3.checkAccess("dagUser", (Collection) null, ACLType.AM_VIEW_ACL));
        Assert.assertFalse(aCLManager3.checkAccess("dagUser", (Collection) null, ACLType.AM_MODIFY_ACL));
        Assert.assertTrue(aCLManager3.checkAccess("dagUser", (Collection) null, ACLType.DAG_VIEW_ACL));
        Assert.assertTrue(aCLManager3.checkAccess("dagUser", (Collection) null, ACLType.DAG_MODIFY_ACL));
        Assert.assertFalse(aCLManager3.checkAccess("user1", (Collection) null, ACLType.DAG_VIEW_ACL));
        Assert.assertFalse(aCLManager3.checkAccess("user1", (Collection) null, ACLType.DAG_MODIFY_ACL));
    }

    @Test
    public void testOtherUserACLChecks() throws IOException {
        HashSet newHashSet = Sets.newHashSet(new String[]{"grp1", "grp2"});
        HashSet newHashSet2 = Sets.newHashSet(new String[]{"grp3", "grp4"});
        HashSet newHashSet3 = Sets.newHashSet(new String[]{"grp5", "grp6"});
        Configuration configuration = new Configuration(false);
        configuration.set("tez.am.view-acls", "user1,user4   grp3,grp4  ");
        configuration.set("tez.am.modify-acls", "user3  grp6,grp7");
        ACLManager aCLManager = new ACLManager("currentUser", configuration);
        Assert.assertTrue(aCLManager.checkAccess("currentUser", (Collection) null, ACLType.AM_VIEW_ACL));
        Assert.assertTrue(aCLManager.checkAccess("user1", newHashSet, ACLType.AM_VIEW_ACL));
        Assert.assertTrue(aCLManager.checkAccess("user2", newHashSet2, ACLType.AM_VIEW_ACL));
        Assert.assertFalse(aCLManager.checkAccess("user3", noGroups, ACLType.AM_VIEW_ACL));
        Assert.assertTrue(aCLManager.checkAccess("user4", noGroups, ACLType.AM_VIEW_ACL));
        Assert.assertFalse(aCLManager.checkAccess("user5", newHashSet3, ACLType.AM_VIEW_ACL));
        Assert.assertFalse(aCLManager.checkAccess("user6", noGroups, ACLType.AM_VIEW_ACL));
        Assert.assertTrue(aCLManager.checkAccess("currentUser", (Collection) null, ACLType.AM_MODIFY_ACL));
        Assert.assertFalse(aCLManager.checkAccess("user1", newHashSet, ACLType.AM_MODIFY_ACL));
        Assert.assertFalse(aCLManager.checkAccess("user2", newHashSet2, ACLType.AM_MODIFY_ACL));
        Assert.assertTrue(aCLManager.checkAccess("user3", noGroups, ACLType.AM_MODIFY_ACL));
        Assert.assertFalse(aCLManager.checkAccess("user4", noGroups, ACLType.AM_MODIFY_ACL));
        Assert.assertTrue(aCLManager.checkAccess("user5", newHashSet3, ACLType.AM_MODIFY_ACL));
        Assert.assertFalse(aCLManager.checkAccess("user6", noGroups, ACLType.AM_MODIFY_ACL));
    }

    @Test
    public void testNoGroupsACLChecks() throws IOException {
        HashSet newHashSet = Sets.newHashSet(new String[]{"grp1", "grp2"});
        HashSet newHashSet2 = Sets.newHashSet(new String[]{"grp3", "grp4"});
        HashSet newHashSet3 = Sets.newHashSet(new String[]{"grp5", "grp6"});
        Configuration configuration = new Configuration(false);
        configuration.set("tez.am.view-acls", "user1,user4 ");
        configuration.set("tez.am.modify-acls", "user3  ");
        ACLManager aCLManager = new ACLManager("currentUser", configuration);
        Assert.assertTrue(aCLManager.checkAccess("currentUser", (Collection) null, ACLType.AM_VIEW_ACL));
        Assert.assertTrue(aCLManager.checkAccess("user1", newHashSet, ACLType.AM_VIEW_ACL));
        Assert.assertFalse(aCLManager.checkAccess("user2", newHashSet2, ACLType.AM_VIEW_ACL));
        Assert.assertFalse(aCLManager.checkAccess("user3", noGroups, ACLType.AM_VIEW_ACL));
        Assert.assertTrue(aCLManager.checkAccess("user4", noGroups, ACLType.AM_VIEW_ACL));
        Assert.assertFalse(aCLManager.checkAccess("user5", newHashSet3, ACLType.AM_VIEW_ACL));
        Assert.assertFalse(aCLManager.checkAccess("user6", noGroups, ACLType.AM_VIEW_ACL));
        Assert.assertTrue(aCLManager.checkAccess("currentUser", (Collection) null, ACLType.AM_MODIFY_ACL));
        Assert.assertFalse(aCLManager.checkAccess("user1", newHashSet, ACLType.AM_MODIFY_ACL));
        Assert.assertFalse(aCLManager.checkAccess("user2", newHashSet2, ACLType.AM_MODIFY_ACL));
        Assert.assertTrue(aCLManager.checkAccess("user3", noGroups, ACLType.AM_MODIFY_ACL));
        Assert.assertFalse(aCLManager.checkAccess("user4", noGroups, ACLType.AM_MODIFY_ACL));
        Assert.assertFalse(aCLManager.checkAccess("user5", newHashSet3, ACLType.AM_MODIFY_ACL));
        Assert.assertFalse(aCLManager.checkAccess("user6", noGroups, ACLType.AM_MODIFY_ACL));
    }

    @Test
    public void checkAMACLs() throws IOException {
        HashSet newHashSet = Sets.newHashSet(new String[]{"grp1", "grp2"});
        HashSet newHashSet2 = Sets.newHashSet(new String[]{"grp3", "grp4"});
        HashSet newHashSet3 = Sets.newHashSet(new String[]{"grp5", "grp6"});
        Configuration configuration = new Configuration(false);
        configuration.set("tez.am.view-acls", "user1,user4,,   grp3,grp4  ");
        configuration.set("tez.am.modify-acls", "user3   grp6,grp7");
        ACLManager aCLManager = new ACLManager("currentUser", configuration);
        Assert.assertTrue(aCLManager.checkAMViewAccess("currentUser", (Collection) null));
        Assert.assertTrue(aCLManager.checkAMViewAccess("user1", newHashSet));
        Assert.assertTrue(aCLManager.checkAMViewAccess("user2", newHashSet2));
        Assert.assertFalse(aCLManager.checkAMViewAccess("user3", noGroups));
        Assert.assertTrue(aCLManager.checkAMViewAccess("user4", noGroups));
        Assert.assertFalse(aCLManager.checkAMViewAccess("user5", newHashSet3));
        Assert.assertFalse(aCLManager.checkAMViewAccess("user6", noGroups));
        Assert.assertTrue(aCLManager.checkAMModifyAccess("currentUser", (Collection) null));
        Assert.assertFalse(aCLManager.checkAMModifyAccess("user1", newHashSet));
        Assert.assertFalse(aCLManager.checkAMModifyAccess("user2", newHashSet2));
        Assert.assertTrue(aCLManager.checkAMModifyAccess("user3", noGroups));
        Assert.assertFalse(aCLManager.checkAMModifyAccess("user4", noGroups));
        Assert.assertTrue(aCLManager.checkAMModifyAccess("user5", newHashSet3));
        Assert.assertFalse(aCLManager.checkAMModifyAccess("user6", noGroups));
        Assert.assertTrue(aCLManager.checkDAGViewAccess("currentUser", (Collection) null));
        Assert.assertTrue(aCLManager.checkDAGViewAccess("user1", newHashSet));
        Assert.assertTrue(aCLManager.checkDAGViewAccess("user2", newHashSet2));
        Assert.assertFalse(aCLManager.checkDAGViewAccess("user3", noGroups));
        Assert.assertTrue(aCLManager.checkDAGViewAccess("user4", noGroups));
        Assert.assertFalse(aCLManager.checkDAGViewAccess("user5", newHashSet3));
        Assert.assertFalse(aCLManager.checkDAGViewAccess("user6", noGroups));
        Assert.assertTrue(aCLManager.checkDAGModifyAccess("currentUser", (Collection) null));
        Assert.assertFalse(aCLManager.checkDAGModifyAccess("user1", newHashSet));
        Assert.assertFalse(aCLManager.checkDAGModifyAccess("user2", newHashSet2));
        Assert.assertTrue(aCLManager.checkDAGModifyAccess("user3", noGroups));
        Assert.assertFalse(aCLManager.checkDAGModifyAccess("user4", noGroups));
        Assert.assertTrue(aCLManager.checkDAGModifyAccess("user5", newHashSet3));
        Assert.assertFalse(aCLManager.checkDAGModifyAccess("user6", noGroups));
    }

    @Test
    public void checkDAGACLs() throws IOException {
        HashSet newHashSet = Sets.newHashSet(new String[]{"grp1", "grp2"});
        HashSet newHashSet2 = Sets.newHashSet(new String[]{"grp3", "grp4"});
        HashSet newHashSet3 = Sets.newHashSet(new String[]{"grp5", "grp6"});
        Configuration configuration = new Configuration(false);
        configuration.set("tez.am.view-acls", "user1,user4,,   grp3,grp4  ");
        configuration.set("tez.am.modify-acls", "user3   grp6,grp7");
        configuration.set("tez.am.dag.view-acls", "user6,   grp5  ");
        configuration.set("tez.am.dag.modify-acls", "user6,user5 ");
        ACLManager aCLManager = new ACLManager(new ACLManager("currentUser", configuration), "dagUser", configuration);
        Assert.assertTrue(aCLManager.checkAMViewAccess("currentUser", (Collection) null));
        Assert.assertFalse(aCLManager.checkAMViewAccess("dagUser", (Collection) null));
        Assert.assertTrue(aCLManager.checkAMViewAccess("user1", newHashSet));
        Assert.assertTrue(aCLManager.checkAMViewAccess("user2", newHashSet2));
        Assert.assertFalse(aCLManager.checkAMViewAccess("user3", noGroups));
        Assert.assertTrue(aCLManager.checkAMViewAccess("user4", noGroups));
        Assert.assertFalse(aCLManager.checkAMViewAccess("user5", newHashSet3));
        Assert.assertFalse(aCLManager.checkAMViewAccess("user6", noGroups));
        Assert.assertTrue(aCLManager.checkAMModifyAccess("currentUser", (Collection) null));
        Assert.assertFalse(aCLManager.checkAMModifyAccess("dagUser", (Collection) null));
        Assert.assertFalse(aCLManager.checkAMModifyAccess("user1", newHashSet));
        Assert.assertFalse(aCLManager.checkAMModifyAccess("user2", newHashSet2));
        Assert.assertTrue(aCLManager.checkAMModifyAccess("user3", noGroups));
        Assert.assertFalse(aCLManager.checkAMModifyAccess("user4", noGroups));
        Assert.assertTrue(aCLManager.checkAMModifyAccess("user5", newHashSet3));
        Assert.assertFalse(aCLManager.checkAMModifyAccess("user6", noGroups));
        Assert.assertTrue(aCLManager.checkDAGViewAccess("currentUser", (Collection) null));
        Assert.assertTrue(aCLManager.checkDAGViewAccess("dagUser", (Collection) null));
        Assert.assertTrue(aCLManager.checkDAGViewAccess("user1", newHashSet));
        Assert.assertTrue(aCLManager.checkDAGViewAccess("user2", newHashSet2));
        Assert.assertFalse(aCLManager.checkDAGViewAccess("user3", noGroups));
        Assert.assertTrue(aCLManager.checkDAGViewAccess("user4", noGroups));
        Assert.assertTrue(aCLManager.checkDAGViewAccess("user5", newHashSet3));
        Assert.assertTrue(aCLManager.checkDAGViewAccess("user6", noGroups));
        Assert.assertTrue(aCLManager.checkDAGModifyAccess("currentUser", (Collection) null));
        Assert.assertTrue(aCLManager.checkDAGModifyAccess("dagUser", (Collection) null));
        Assert.assertFalse(aCLManager.checkDAGModifyAccess("user1", newHashSet));
        Assert.assertFalse(aCLManager.checkDAGModifyAccess("user2", newHashSet2));
        Assert.assertTrue(aCLManager.checkDAGModifyAccess("user3", noGroups));
        Assert.assertFalse(aCLManager.checkDAGModifyAccess("user4", noGroups));
        Assert.assertTrue(aCLManager.checkDAGModifyAccess("user5", newHashSet3));
        Assert.assertTrue(aCLManager.checkDAGModifyAccess("user6", noGroups));
    }

    @Test
    public void testWildCardCheck() {
        Configuration configuration = new Configuration(false);
        configuration.set("tez.am.view-acls", "   *  ");
        configuration.set("tez.am.modify-acls", "   * ");
        ACLManager aCLManager = new ACLManager("a1", configuration);
        Assert.assertTrue(aCLManager.checkAMViewAccess("a1", (Collection) null));
        Assert.assertTrue(aCLManager.checkAMViewAccess("u1", (Collection) null));
        Assert.assertTrue(aCLManager.checkAMModifyAccess("a1", (Collection) null));
        Assert.assertTrue(aCLManager.checkAMModifyAccess("u1", (Collection) null));
        Assert.assertTrue(aCLManager.checkDAGViewAccess("a1", (Collection) null));
        Assert.assertTrue(aCLManager.checkDAGViewAccess("u1", (Collection) null));
        Assert.assertTrue(aCLManager.checkDAGModifyAccess("a1", (Collection) null));
        Assert.assertTrue(aCLManager.checkDAGModifyAccess("u1", (Collection) null));
    }

    @Test
    public void testACLsDisabled() {
        Configuration configuration = new Configuration(false);
        configuration.setBoolean("tez.am.acls.enabled", false);
        configuration.set("tez.am.view-acls", "a2,u2  ");
        configuration.set("tez.am.modify-acls", "a2,u2 ");
        ACLManager aCLManager = new ACLManager("a1", configuration);
        Assert.assertTrue(aCLManager.checkAMViewAccess("a1", (Collection) null));
        Assert.assertTrue(aCLManager.checkAMViewAccess("u1", (Collection) null));
        Assert.assertTrue(aCLManager.checkAMModifyAccess("a1", (Collection) null));
        Assert.assertTrue(aCLManager.checkAMModifyAccess("u1", (Collection) null));
        Assert.assertTrue(aCLManager.checkDAGViewAccess("a1", (Collection) null));
        Assert.assertTrue(aCLManager.checkDAGViewAccess("u1", (Collection) null));
        Assert.assertTrue(aCLManager.checkDAGModifyAccess("a1", (Collection) null));
        Assert.assertTrue(aCLManager.checkDAGModifyAccess("u1", (Collection) null));
        ACLManager aCLManager2 = new ACLManager(aCLManager, "dagUser", (Configuration) null);
        Assert.assertTrue(aCLManager2.checkAMViewAccess("a1", (Collection) null));
        Assert.assertTrue(aCLManager2.checkAMViewAccess("u1", (Collection) null));
        Assert.assertTrue(aCLManager2.checkAMModifyAccess("a1", (Collection) null));
        Assert.assertTrue(aCLManager2.checkAMModifyAccess("u1", (Collection) null));
        Assert.assertTrue(aCLManager2.checkDAGViewAccess("a1", (Collection) null));
        Assert.assertTrue(aCLManager2.checkDAGViewAccess("u1", (Collection) null));
        Assert.assertTrue(aCLManager2.checkDAGModifyAccess("a1", (Collection) null));
        Assert.assertTrue(aCLManager2.checkDAGModifyAccess("u1", (Collection) null));
    }

    @Test
    public void testConvertToYARNACLs() {
        Configuration configuration = new Configuration(false);
        configuration.set("tez.am.view-acls", "user1,user4,,   grp3,grp4  ");
        configuration.set("tez.am.modify-acls", "   * ");
        Map yARNACls = new ACLManager("c1", configuration).toYARNACls();
        Assert.assertTrue(yARNACls.containsKey(ApplicationAccessType.VIEW_APP));
        Assert.assertEquals("c1,user1,user4 grp3,grp4", yARNACls.get(ApplicationAccessType.VIEW_APP));
        Assert.assertTrue(yARNACls.containsKey(ApplicationAccessType.MODIFY_APP));
        Assert.assertEquals("*", yARNACls.get(ApplicationAccessType.MODIFY_APP));
        configuration.set("tez.am.view-acls", "   grp3,grp4  ");
        Assert.assertEquals("c1 grp3,grp4", new ACLManager("c1", configuration).toYARNACls().get(ApplicationAccessType.VIEW_APP));
    }
}
