package io.trino.plugin.atop;

import com.google.common.collect.ImmutableMap;
import com.google.common.io.Resources;
import io.trino.Session;
import io.trino.spi.security.AccessDeniedException;
import io.trino.spi.security.Identity;
import io.trino.testing.QueryRunner;
import io.trino.testing.TestingSession;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.attribute.FileAttribute;
import org.assertj.core.api.Assertions;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

/* loaded from: input_file:io/trino/plugin/atop/TestAtopSecurity.class */
public class TestAtopSecurity {
    private QueryRunner queryRunner;

    @BeforeClass
    public void setUp() throws Exception {
        this.queryRunner = LocalAtopQueryRunner.createQueryRunner(ImmutableMap.of("atop.security", "file", "security.config-file", new File(Resources.getResource(getClass(), "security.json").toURI()).getPath(), "atop.executable-path", Files.createTempFile(null, null, new FileAttribute[0]).toString()), TestingAtopFactory.class);
    }

    @AfterClass(alwaysRun = true)
    public void tearDown() {
        this.queryRunner.close();
        this.queryRunner = null;
    }

    @Test
    public void testAdminCanRead() {
        this.queryRunner.execute(getSession("admin"), "SELECT * FROM disks");
    }

    @Test
    public void testNonAdminCannotRead() {
        Session session = getSession("bob");
        Assertions.assertThatThrownBy(() -> {
            this.queryRunner.execute(session, "SELECT * FROM disks");
        }).isInstanceOf(AccessDeniedException.class).hasMessageMatching("Access Denied:.*");
    }

    private Session getSession(String str) {
        return TestingSession.testSessionBuilder().setCatalog(this.queryRunner.getDefaultSession().getCatalog()).setSchema(this.queryRunner.getDefaultSession().getSchema()).setIdentity(Identity.ofUser(str)).build();
    }
}
